last executing test programs:

1m49.919601036s ago: executing program 3 (id=1160):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$kcm(0x11, 0x3, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0)
r6 = socket$unix(0x1, 0x5, 0x0)
recvmmsg(r6, &(0x7f0000002780)=[{{0x0, 0x0, 0x0}, 0x60000000}], 0x1, 0x2002, 0x0)
writev(r2, &(0x7f0000000980)=[{&(0x7f0000000340)="b500063aba497a5bd84e8855cca628db3582a1923af24576630ff03deb3688a182c86d8eebbbc0c6f7410ec010d795e99744b72b6867ee89fe6e3364965fc9aff5ebaeee87ea464e0c8a4b2ad17228546b9bc92b77b3df864d47530e38ef3b530443d1600aa43d2f55d1e70b43de3e380db11bced96452da07d97fe48071193e1d509466a7219e5cb07770cca1dd9b", 0x8f}, {&(0x7f0000000700)="0610b73a78dc52d9613edb90c5165a035813a5ecd8819021b3db52305341a81d33baf86909895c2f33712a593ad739e58cb51875e6539feba664ffdc22164eebf06060aa93122990e695d43f75463138a5911d38b85f1680d1cb32be85dcb4811ee0d304c591e8d71aa2736f7cd1b160130edcba64b0776fc856a1f39e8afb9f21b51697ffb7a37f209f5ef79e0a02a042993bdd5c0e27613467c97e5e19bbebfefd3d77f522cd645813e6a42908f6f58724c5d5bdece4cf38d5237063fa473744140d8d500d6d6be67f3e64c237975b1a56d05eab2dc5e92e1ab952", 0xdc}, {&(0x7f0000000800)="af5026ee90ca5a5009b2a971938f0376bb56e99fae3f6b5deeca051316e4a55369c502a49a232a146fc543d30c55b0c52609458e140e58974bc12a0bf136ffda3ea1c9c4fa67fcab253f421d5f80694c123da3a60370280299c20c087ce1f710b90ca9d603d07c4c3b884e9788beaaf2ef6f87e11fc04eccf393915e566fdf96df885717bf6d054d4bf62e039340ab4d807ed6196bcf3982032eadc38392035f54f0520dcb79982ac90b22e28707a6824e7b430c3aa8f67e2d0bf16c99f765d1f2e27ed6ecdafd6125cf64a87e2fa1dbd4", 0xd1}, {&(0x7f0000000900)="8425b8502d1559d9c9e23d6888d0d91975faa4903cfd43d7760019fa4d72fe5e87e9295bf5c0b226673ff8b939ee544916d40e3cb6271a5041f30a763f3d3be1ae56c29c5fc9c281067d26482ee6bf508d373dda91536065ddc5d99002574deceae92fb55f9996b5fc60c04b8f5280f96d9a5ca0ea59f91a47443a42ac9eab", 0x7f}], 0x4)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
timer_create(0x4, &(0x7f0000000b80)={0x0, 0x6, 0x2, @thr={&(0x7f0000000080)="22baff48a51fb3cb745f81f3bc08292b32715e86f90026c259fb13272e316f21246ccae3eef32e44ef41fe270126495e56d4e8c9803b764022f42c68b6755807fe5bcce9eb0909c8f31e1983d02e0bfe059d569273afdbee9f4dd18764c2e031e2e0289e7684ffb68e4cf07e32f101232d5ae322f9b56d6f45150e8f6b", &(0x7f0000000a80)="559b939e7b96ac947d26711458939e377500fbb81c0388965d3f8da97c941faac4724299fcd22a32a525fb70701df099af5aaef5743d7bb3d7d12426f572b067aa0f731bcf52ab940d791c0c126677d1c9d70d11d41764db3df7569b9cdfd8fa7833f81c66e523dfa49a6045ce04134ba2f416ea92d38c3b385c7ac5803ca217af600e48715180c546643b66cc86915961c70e680da7c44eee9f74f0b9ffdb3581e23684903e8e3bd0b2935fe9583d615823470884b8b728abecec23674344a9dec021fb0624e27ab0"}}, &(0x7f0000000bc0))
sendmsg$nl_route_sched(r8, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000640)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r10, {0x0, 0x4}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x4, 0xffffff00, 0x4, 0xc31, 0x7}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000010}, 0x4)
setsockopt$sock_attach_bpf(r2, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r2, &(0x7f0000000280)={&(0x7f0000000440)=@xdp={0x2c, 0x0, r7, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200000214000e00002fb96dffff1144ee163cddcb000000800000827600000000000000", 0x26}, {&(0x7f00000004c0)="f058050000007f8f", 0x8}], 0x2}, 0x5)

1m49.837680498s ago: executing program 3 (id=1162):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001ac0)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd27, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0x4}, {}, {0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}]}}]}, 0x40}, 0x1, 0xf0ffffffffffff, 0x0, 0x10}, 0x8000)

1m49.780592824s ago: executing program 3 (id=1164):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x3, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000240)=0xe0, 0x4)
sendmmsg$inet6(r0, &(0x7f0000003480)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000440)="c364d4545db94c8681c46eef4fb158d73ecdc0da8720b47d8e1b6535e0749cfb82b36440d89a39f6111ba8998c9a8213962b94e2e5ed83b4c9ab54710a7705ce6486df854e1bec1916102401a1482afbcfbf44a874360856db2ed2607ea082f0dae092b86f2b4c39e2d60041e8b1082d8941399467d64c1dccf068e3aebee93cdca05f5f3b191ab1ec655b47d63effea357d616cafd7f7a34457d4a14f836ceec3ed", 0xa2}, {&(0x7f0000000500)="5f660911deb10730fcc5b89ea7ecf18cadeba53e78e405ae6d4c5813dd4e511a28aaa85a60f1ecc1061d0c5f0148429fb4044b079a3e8f11d0e6380adc31c49846802fe0391316d35d84c79fd5dcfc5a5c42b7967dda76bca16f15140e34cbfed8621912367e7a551220f23a73658094ebb82984b847253f42d71af1f5341ad0bfb7842527758acea124e7f4e0e6de2defee3548", 0x94}, {&(0x7f00000035c0)="e997c7f0348602a7aaec78d1bbe054e883b69dc6f11c250576490468b0b0c6936025ccac17aee818175edeaf61ba0c250f30da63a2", 0x35}, {&(0x7f0000000280)="564d950d9a89f710915cfed01f56e4a35ba85375e94914214211dc024349e2eb81a0d763e14e3fc9dab73ba3ecf8e8a27683df5ad5a808211dce", 0x3a}], 0x4}}, {{0x0, 0x0, &(0x7f0000001800)=[{&(0x7f00000005c0)="aa1d1e207312ecc6a9d61f3c0d604ba54482666ac89a80b86f471bea2eb312eaa2361a554e486c3c21f5fb10b3bf8349cb7130f8a2921e02e3e5de8a71150984e38e7800caa417ad5fec1fd7c8a65bc284c542cd1cf15fdd9aa0b2d399ae3a02196b6ab067d0d01c3b0b294c53ac765bde928e8775307559612ac67083bec3d0852d1e9f1645b8fc0a79d7897038ccdb6dcbc6efed99ab2b5c1606aedcd49044a729422383aa147094fbb338c990df5c1d213ebb1f9847e0418922cf31076eb9ed74054fe01104b30a6330a15cd97fdaba88a80886", 0xd5}, {&(0x7f00000006c0)="300007acea054ab5bf575df83459250d7f4ea52e44beab7c863aabe50b3257d10e7d8b45e768bf59ac9ff8da0ee5db4dfe26fc1e966bff1e1901f2bf70f77fda89968055d16cc755b622336d9ac460385616340d77db9eb8281a1a2004bb95c44fff444c2adc6a2ba42b631cbaa9af2a62e42d212a251a548c7ecc08129a8b4fb83b1de4700f278aa3bdd859a07a75267d6f7caf2ef6f1f2999646e06c0840e5314a3ff54a2c0f8f6e151109dd88516894d49046056e77ec543d7544de581cd3eeffadf15a2ff05101954050be8ebd93203dfde4dccbc2c68d36ba770d1b7205a51bfe5ae2b509b017fd75273fd5360dd15dae27457b0bd76a9d3a98b006ddb1cab94b48b8bbb82f3b7595ce18b79c03619e044103389b584f494f6d8a9057f62cd632488aec122166d04ecc271d0f5a14576077c6883f233bfadec2b5c6217f39f70f9e941a4a59f3c20913dc3f4c9f4f7d1159534d4a49b16e6edc8b7aba6ca4f0f21c6cd596e8fa2a788d8e99ed72f034ab92f1d39ba4c937630af81d7258c514ccc229a4fac471aa9e401afe613426d7782a44bbb56b0d0928a0f42032e56e995aab6241e09328b3ec9529d84461db2c5af2b5ce76da009e0eb39bfb8b354d725f015c0ef35a7bcc3e3fe9f6067cbf0ed77698b5f2751643625c421e6c5733d210979316cedc31f7e72148dd38ad10ce6751075911e843a685eb57b42f973897ce32e6084b9104893d50dd6803e82ba242bb81859625fa02658367c3e2f81a684ce015937d4282916cd2189f01ecf1df0ffbd969483042a48b6e656efe50e33626927e34412d97404abfd3ba792be269986c7813f404e29ccb90d57cfe7c9f5629fc5f9e0209a00f67a335b0883abb4a1e37db18521d22a61084c0e66afbf07b7a93fab02c4843c21272f0d46a717fc132622d28c314c664690e379ad9eacba62d49970b116b8e4176c264545989fca3a6d18701f908ae42d4f051be9c93611f7885cf1ffa1a0663bac85c4a26ee1a7b94892676637fd847d451da7446beb7dcf24886bf3f9533ef9d03d7b745e9c7b0823e8d8408677278d8532988c269f84fc4b27d16e87ffe54af6374a91cc36cc8ded3a05ef5a0cf79cd1ca9fa3bf1e8d9949ceb72d798ba3a53231125570336174d29acd7590a793c0979ee8aa4a607ef3af2b1e319602eb8cbca439c7cd0ae925e6c0e8a0baccbd2d9fac5b16c43e52db251273042307a786ae347717f601aa3982c35faf65152f07df1348ca6b510ee93a823ee39b8ed717337a1cf407f5251f2401b3ad368432184c8381153a3698e5fc77c7782b7d6d077454d83392967dd008096e154c3dafc1d023d1fc1fe79efc013a71deaf43326d063893e318cc80cb269586bc3c452696eb2e5cfa3eb02e63dbd2e203bd5297788ef503ba96c962f0737043b2b4d9e5b8f9224099cb382215ce47f6d18301b5f0d012c6dea9e9552427981f3f0e91d0c084a5e00de6a36ccc93ae293b9706c0eb9b612af76fb00bf4f2c51dde8eddb1c9795427d7d8bd546aee13f7ab4", 0x447}], 0x2}}, {{0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000001b40)='0', 0x1}], 0x1, 0x0, 0x0, 0x1c05}}], 0x3, 0x4c800)

1m49.672811936s ago: executing program 3 (id=1167):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{0x54000, 0xf000, 0xa, 0x1, 0x83, 0x6, 0xa, 0x4e, 0x0, 0x5, 0x6, 0x1}, {0x8000000, 0xffff1000, 0x3, 0x5, 0x2, 0x8, 0xd, 0x3, 0x7, 0x7, 0x8, 0x1}, {0x4000, 0x0, 0xd, 0x7, 0x81, 0x1, 0x7, 0xf, 0x8, 0x6, 0x3}, {0xeeef0000, 0xd5dd0000, 0xe, 0x2, 0x1, 0x3, 0xc, 0x0, 0x1, 0x6, 0x5, 0x9}, {0x100002, 0x6000, 0x9, 0x0, 0x80, 0xee, 0x0, 0x7, 0x7c, 0x0, 0x12, 0x9}, {0x8000000, 0x200000, 0x4, 0x1, 0x6, 0x4, 0x1, 0x1, 0x6, 0x86, 0xff, 0x2}, {0x1919c000, 0xeeee0000, 0xc, 0x7, 0x7, 0x3, 0x1d, 0x47, 0x30, 0x2, 0x8, 0xe1}, {0xf000, 0x2, 0xc, 0xf8, 0xfd, 0xb, 0x12, 0x44, 0x3, 0x8, 0x5, 0xce}, {0x5000, 0x7}, {0x6000, 0xdc}, 0x80000035, 0x0, 0x0, 0x40, 0xb, 0x1000, 0xdddd1000, [0x5, 0x8001, 0x40000000000006]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = socket(0x10, 0x3, 0x0) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r4=>0xffffffffffffffff}) (async)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async)
get_mempolicy(0x0, 0x0, 0x2, &(0x7f0000240000/0x1000)=nil, 0x3) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x16, 0x4, &(0x7f00000001c0)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0xc4}]}, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'sit0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newqdisc={0x50, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x20, 0x2, {{0x0, 0x5, 0x0, 0x386561e9, 0x4000000}, [@TCA_NETEM_DELAY_DIST={0x4, 0xd}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x8080)

1m49.349491457s ago: executing program 3 (id=1169):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000022c0)=@newtfilter={0x94, 0x2c, 0xd27, 0x170bd2b, 0x2, {0x0, 0x0, 0x0, r3, {0x0, 0x10}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a9}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x1003d1, 0x3, 0x20000000, 0x6, 0x6}, 0x68}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0xc804}, 0x2)
close(r1)
socket$unix(0x1, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @random="af75355d1696"})
r4 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r4, 0x107, 0xf, &(0x7f0000000600), 0x4)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$kcm(r4, &(0x7f0000000280)={&(0x7f00000001c0)=@xdp={0x2c, 0x0, r6, 0x1c}, 0x80, &(0x7f0000000cc0)=[{&(0x7f00000002c0)="27030260dc0f24000e00003c000c34000000ff880000000200000003125ce882cbf490d908f1523f000000032d9c2740e260a09c6911cda856d5ea9a141b", 0x3e}], 0x1}, 0x8bb3a301eb085f)

1m49.280665725s ago: executing program 3 (id=1170):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) (async)
bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e)
listen(r0, 0x0) (async)
listen(r0, 0x0)
mount$9p_unix(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x800000, &(0x7f0000007a80)=ANY=[@ANYBLOB="7472616e733d756e69782c002749983a021d15c723cb239bc9588c73576547755c784baec8962289182cde04e83226c1b549f230b1b90e466d5a9e454cff3918ed967e3564b1ea9ceb6161f17cf75bdd02255c6bfe8265ec90792b90f9acc0634be4465e5f36b13cbb0b9fd05077a5e67772f4a80aba336f58538767e583032cd0b6253c48537b4ec421f59d6ba5acc5df5300aea08068a8f41e02721d18c5c007fdeb64b38a25c4951422617b81cb624ffcef5c81c86117ee464c91dc1cafc7892a8ec563aa411bbf5cbaa809ad3e4fae6445962ceb83c67dce6b592cc2a18055f5e5b6cdbb471e4904f322db1ad384069129fca83f0b5ef7b8"]) (async)
mount$9p_unix(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x800000, &(0x7f0000007a80)=ANY=[@ANYBLOB="7472616e733d756e69782c002749983a021d15c723cb239bc9588c73576547755c784baec8962289182cde04e83226c1b549f230b1b90e466d5a9e454cff3918ed967e3564b1ea9ceb6161f17cf75bdd02255c6bfe8265ec90792b90f9acc0634be4465e5f36b13cbb0b9fd05077a5e67772f4a80aba336f58538767e583032cd0b6253c48537b4ec421f59d6ba5acc5df5300aea08068a8f41e02721d18c5c007fdeb64b38a25c4951422617b81cb624ffcef5c81c86117ee464c91dc1cafc7892a8ec563aa411bbf5cbaa809ad3e4fae6445962ceb83c67dce6b592cc2a18055f5e5b6cdbb471e4904f322db1ad384069129fca83f0b5ef7b8"])
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r2=>0x0})
connect$can_bcm(r1, &(0x7f00000000c0)={0x1d, r2}, 0x10)
sendmsg$can_bcm(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000019300)=ANY=[@ANYBLOB="0100"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0)
close(r1) (async)
close(r1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x80000000, 0x20000006, 0x4d, 0x6, 0x5d, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0xd, 0x7, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8c, 0x6, 0xffff, 0x0, 0x5, 0x4, 0x8008, 0x400, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x7], [0x10000007, 0x9, 0x8000012f, 0x2008004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2c0, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f2e, 0xd, 0x4e2, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0x81, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x7, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xca, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x3c484551], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x93a, 0x5, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x2000004, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0xfffffff9, 0xfffff000, 0x10000, 0x0, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x5, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r4=>0x0})
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) (async)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl(r5, 0xfffff000, &(0x7f0000000000))
recvmmsg(r0, &(0x7f00000076c0)=[{{&(0x7f0000000200)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private2}}}, 0x80, &(0x7f0000001a80)=[{&(0x7f0000000280)=""/119, 0x77}, {&(0x7f0000000380)=""/88, 0x58}, {&(0x7f0000000880)=""/44, 0x2c}, {&(0x7f00000008c0)=""/10, 0xa}, {&(0x7f0000000900)=""/136, 0x88}, {&(0x7f00000009c0)=""/57, 0x39}, {&(0x7f0000000a00)=""/4096, 0x1000}, {&(0x7f0000001a00)=""/97, 0x61}], 0x8, &(0x7f0000001b00)=""/190, 0xbe}, 0x7}, {{&(0x7f0000001bc0)=@pptp={0x18, 0x2, {0x0, @multicast2}}, 0x80, &(0x7f0000001e80)=[{&(0x7f0000001c40)=""/73, 0x49}, {&(0x7f0000001cc0)=""/49, 0x31}, {&(0x7f0000001d00)=""/77, 0x4d}, {&(0x7f0000001d80)=""/211, 0xd3}], 0x4, &(0x7f0000001ec0)=""/16, 0x10}, 0xfffffffb}, {{&(0x7f0000001f00)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000020c0)=[{&(0x7f0000001f80)=""/7, 0x7}, {&(0x7f0000001fc0)=""/206, 0xce}], 0x2, &(0x7f0000002100)=""/21, 0x15}, 0x1000}, {{&(0x7f0000002140)=@nfc, 0x80, &(0x7f00000044c0)=[{&(0x7f00000021c0)=""/33, 0x21}, {&(0x7f0000002200)=""/88, 0x58}, {&(0x7f0000002280)=""/191, 0xbf}, {&(0x7f0000002340)=""/4096, 0x1000}, {&(0x7f0000003340)=""/47, 0x2f}, {&(0x7f0000003380)=""/89, 0x59}, {&(0x7f0000003400)=""/4096, 0x1000}, {&(0x7f0000004400)=""/142, 0x8e}], 0x8, &(0x7f0000004540)=""/228, 0xe4}, 0x3bf3}, {{&(0x7f0000004640)=@x25, 0x80, &(0x7f0000004740)=[{&(0x7f00000046c0)=""/84, 0x54}], 0x1, &(0x7f0000004780)=""/33, 0x21}, 0x7fffffff}, {{0x0, 0x0, &(0x7f0000005800)=[{&(0x7f00000047c0)}, {&(0x7f0000004800)=""/4096, 0x1000}], 0x2}, 0x2}, {{&(0x7f0000005840)=@pptp={0x18, 0x2, {0x0, @private}}, 0x80, &(0x7f0000006c40)=[{&(0x7f00000058c0)=""/247, 0xf7}, {&(0x7f00000059c0)=""/4096, 0x1000}, {&(0x7f00000069c0)=""/162, 0xa2}, {&(0x7f0000006a80)=""/2, 0x2}, {&(0x7f0000006ac0)=""/154, 0x9a}, {&(0x7f0000006b80)=""/39, 0x27}, {&(0x7f0000006bc0)=""/120, 0x78}], 0x7}, 0x8}, {{0x0, 0x0, &(0x7f00000070c0)=[{&(0x7f0000006cc0)=""/28, 0x1c}, {&(0x7f0000006d00)}, {&(0x7f0000006d40)=""/95, 0x5f}, {&(0x7f0000006dc0)=""/183, 0xb7}, {&(0x7f0000006e80)=""/227, 0xe3}, {&(0x7f0000006f80)}, {&(0x7f0000006fc0)=""/221, 0xdd}], 0x7, &(0x7f0000007140)=""/247, 0xf7}, 0x4}, {{&(0x7f0000007240)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast2}}, 0x80, &(0x7f0000007300)=[{&(0x7f00000072c0)=""/45, 0x2d}], 0x1, &(0x7f0000007340)=""/243, 0xf3}, 0x5}, {{&(0x7f0000007440)=@un=@abs, 0x80, &(0x7f0000007a40)=[{&(0x7f00000074c0)=""/181, 0xb5}, {&(0x7f0000007940)=""/221, 0xdd}], 0x2, &(0x7f00000075c0)=""/236, 0xec}, 0x3}], 0xa, 0x40, 0x0) (async)
recvmmsg(r0, &(0x7f00000076c0)=[{{&(0x7f0000000200)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private2}}}, 0x80, &(0x7f0000001a80)=[{&(0x7f0000000280)=""/119, 0x77}, {&(0x7f0000000380)=""/88, 0x58}, {&(0x7f0000000880)=""/44, 0x2c}, {&(0x7f00000008c0)=""/10, 0xa}, {&(0x7f0000000900)=""/136, 0x88}, {&(0x7f00000009c0)=""/57, 0x39}, {&(0x7f0000000a00)=""/4096, 0x1000}, {&(0x7f0000001a00)=""/97, 0x61}], 0x8, &(0x7f0000001b00)=""/190, 0xbe}, 0x7}, {{&(0x7f0000001bc0)=@pptp={0x18, 0x2, {0x0, @multicast2}}, 0x80, &(0x7f0000001e80)=[{&(0x7f0000001c40)=""/73, 0x49}, {&(0x7f0000001cc0)=""/49, 0x31}, {&(0x7f0000001d00)=""/77, 0x4d}, {&(0x7f0000001d80)=""/211, 0xd3}], 0x4, &(0x7f0000001ec0)=""/16, 0x10}, 0xfffffffb}, {{&(0x7f0000001f00)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000020c0)=[{&(0x7f0000001f80)=""/7, 0x7}, {&(0x7f0000001fc0)=""/206, 0xce}], 0x2, &(0x7f0000002100)=""/21, 0x15}, 0x1000}, {{&(0x7f0000002140)=@nfc, 0x80, &(0x7f00000044c0)=[{&(0x7f00000021c0)=""/33, 0x21}, {&(0x7f0000002200)=""/88, 0x58}, {&(0x7f0000002280)=""/191, 0xbf}, {&(0x7f0000002340)=""/4096, 0x1000}, {&(0x7f0000003340)=""/47, 0x2f}, {&(0x7f0000003380)=""/89, 0x59}, {&(0x7f0000003400)=""/4096, 0x1000}, {&(0x7f0000004400)=""/142, 0x8e}], 0x8, &(0x7f0000004540)=""/228, 0xe4}, 0x3bf3}, {{&(0x7f0000004640)=@x25, 0x80, &(0x7f0000004740)=[{&(0x7f00000046c0)=""/84, 0x54}], 0x1, &(0x7f0000004780)=""/33, 0x21}, 0x7fffffff}, {{0x0, 0x0, &(0x7f0000005800)=[{&(0x7f00000047c0)}, {&(0x7f0000004800)=""/4096, 0x1000}], 0x2}, 0x2}, {{&(0x7f0000005840)=@pptp={0x18, 0x2, {0x0, @private}}, 0x80, &(0x7f0000006c40)=[{&(0x7f00000058c0)=""/247, 0xf7}, {&(0x7f00000059c0)=""/4096, 0x1000}, {&(0x7f00000069c0)=""/162, 0xa2}, {&(0x7f0000006a80)=""/2, 0x2}, {&(0x7f0000006ac0)=""/154, 0x9a}, {&(0x7f0000006b80)=""/39, 0x27}, {&(0x7f0000006bc0)=""/120, 0x78}], 0x7}, 0x8}, {{0x0, 0x0, &(0x7f00000070c0)=[{&(0x7f0000006cc0)=""/28, 0x1c}, {&(0x7f0000006d00)}, {&(0x7f0000006d40)=""/95, 0x5f}, {&(0x7f0000006dc0)=""/183, 0xb7}, {&(0x7f0000006e80)=""/227, 0xe3}, {&(0x7f0000006f80)}, {&(0x7f0000006fc0)=""/221, 0xdd}], 0x7, &(0x7f0000007140)=""/247, 0xf7}, 0x4}, {{&(0x7f0000007240)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast2}}, 0x80, &(0x7f0000007300)=[{&(0x7f00000072c0)=""/45, 0x2d}], 0x1, &(0x7f0000007340)=""/243, 0xf3}, 0x5}, {{&(0x7f0000007440)=@un=@abs, 0x80, &(0x7f0000007a40)=[{&(0x7f00000074c0)=""/181, 0xb5}, {&(0x7f0000007940)=""/221, 0xdd}], 0x2, &(0x7f00000075c0)=""/236, 0xec}, 0x3}], 0xa, 0x40, 0x0)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='minix\x00', 0x200000, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r3, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r4, 0x0, 0x97, 0x8000000}) (async)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r3, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r4, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000140)={0x28, 0x2, r4, 0x0, &(0x7f0000ff6000/0xa000)=nil, 0xa000, 0x1})
r6 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_CONN_TIMEOUT(r6, 0x10f, 0x82, &(0x7f0000000040)=0x5, 0x4)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f00000000c0)={0x48, 0x2, r4}) (async)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f00000000c0)={0x48, 0x2, r4})

1m47.441936989s ago: executing program 1 (id=1211):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000003c0)='GPL\x00'}, 0x94)
sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x400c4)
r1 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10)
syz_emit_ethernet(0x74, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x73, 0x0, @private=0x300, @multicast1}, {0x0, 0x0, 0xfffffe9a, 0x0, @gue={{0x2}}}}}}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0x50, 0x0, &(0x7f0000000000)="ff", 0x0, 0x36, 0x503, 0x0, 0x700, 0x0, 0x0, 0x2, 0xffff80fe}, 0x50)

1m47.440006931s ago: executing program 1 (id=1212):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$COMEDI_SUBDINFO(0xffffffffffffffff, 0x80486402, &(0x7f0000000080))
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000000c0)={r2, 0xe0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10)
r3 = getpid()
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)

1m47.190678245s ago: executing program 1 (id=1215):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2}, 0x10)
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000010000380140001007465616d3000000000000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014"], 0xfc}}, 0x0)
writev(r0, &(0x7f00000006c0)=[{&(0x7f0000000440)="2e9b3d0007e03dd65193dfb6c575963f8864", 0x12}, {&(0x7f0000000100)="31020002", 0x4}, {&(0x7f0000000a80)='h?\x00W', 0x4}, {&(0x7f0000000240)="a492ce3ffd9311d70350150000000000000016e60000007ac2e63520350af1585bb6d74eb1f3eb39e27f898d33694ba4", 0x30}], 0x4)

1m47.020426598s ago: executing program 1 (id=1217):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x104)
accept4(r0, &(0x7f0000000300)=@pppol2tpv3in6={0x18, 0x1, {0x0, <r1=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, &(0x7f0000000380)=0x80, 0x100000)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000040)='./file0\x00')
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x4, 0x70bd2b, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x10, 0x1c201}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MAX_AGE={0x8, 0x3, 0xd}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x10)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r2, &(0x7f0000000080)={0xa, 0x0, 0x7, @remote, 0x0, 0x4}, 0x20)
r3 = fsopen(&(0x7f0000000000)='gfs2\x00', 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x200a})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
r6 = fsopen(&(0x7f0000000280)='proc\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000ac0)='gid', &(0x7f0000000440)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r7 = dup3(r5, r4, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
fsconfig$FSCONFIG_SET_PATH(r3, 0x3, &(0x7f00000000c0)='.+!:\x00', &(0x7f0000000100)='./file0\x00', r7)
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r8, @ANYBLOB=',rootmo\b\x00\x00\x00\x00\x00\x00>y0000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
sendmsg(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000440)="45d94d52a98d4908726ae5c6224144dd37392669f6a41a9d3eadda17a9a56c0bed361684d5e928a58363711c4fa9339f1830425ed916a9e2f6d47a2864db18e3b2f3979528309e05a9840fcf49f4a48efa440ffd5cadce6cb8f19e8eb1f8f7661a6c448f79178002bcb1cbf1c71b19a322eb1bc2822f3a8f001b5c3d6bc1312df08545d7b73b40c9e2de8cd9c81f9139a5db8532d322dd474956c0be6bdd54c6040622893c0000af0a300a4f9dfbb32f1411a19fd0b67eb44785bc68abf443", 0xbf}], 0x1, 0x0, 0x0, 0x11000000}, 0x0)
modify_ldt$write(0x1, &(0x7f0000000180)={0x94, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1}, 0x10)
r9 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r9)
ptrace$setregs(0xd, r9, 0x0, &(0x7f0000000540))
ptrace$cont(0x20, r9, 0x0, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0xb)
r10 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r10, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xe, 0x2}, 0xe)

1m46.930356683s ago: executing program 1 (id=1219):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000002780)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="14f3915a08853ef1a0de288500024004008ed6d5c3cbd18200000009ddff"], 0x14}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000080)={0x0, 0xdfffffff, 0x1000, 0x5, 0x1}, 0x20)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000300), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r4=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
write$binfmt_elf64(r6, &(0x7f0000000180)=ANY=[], 0x78)
sendfile(r5, r6, &(0x7f00000001c0), 0x8)
syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010026bd7000fcdbdf250200000008000100", @ANYRES32=r4], 0x1c}}, 0x840)
write$nci(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="710509"], 0x3f)

1m46.511061686s ago: executing program 1 (id=1226):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2}, 0x10)
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000010000380140001007465616d3000000000000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014"], 0xfc}}, 0x0)
writev(r0, &(0x7f00000006c0)=[{&(0x7f0000000440)="2e9b3d0007e03dd65193dfb6c575963f8864", 0x12}, {&(0x7f0000000100)="31020002", 0x4}, {&(0x7f0000000a80)='h?\x00W', 0x4}, {&(0x7f0000000240)="a492ce3ffd932fd70350000000000000000016e60000007ac2e63520350af1585bb6d74eb1f3eb39e27f898d33694ba4", 0x30}], 0x4)

1m46.44588585s ago: executing program 32 (id=1226):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2}, 0x10)
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000010000380140001007465616d3000000000000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014"], 0xfc}}, 0x0)
writev(r0, &(0x7f00000006c0)=[{&(0x7f0000000440)="2e9b3d0007e03dd65193dfb6c575963f8864", 0x12}, {&(0x7f0000000100)="31020002", 0x4}, {&(0x7f0000000a80)='h?\x00W', 0x4}, {&(0x7f0000000240)="a492ce3ffd932fd70350000000000000000016e60000007ac2e63520350af1585bb6d74eb1f3eb39e27f898d33694ba4", 0x30}], 0x4)

1m34.308479338s ago: executing program 33 (id=1170):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) (async)
bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e)
listen(r0, 0x0) (async)
listen(r0, 0x0)
mount$9p_unix(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x800000, &(0x7f0000007a80)=ANY=[@ANYBLOB="7472616e733d756e69782c002749983a021d15c723cb239bc9588c73576547755c784baec8962289182cde04e83226c1b549f230b1b90e466d5a9e454cff3918ed967e3564b1ea9ceb6161f17cf75bdd02255c6bfe8265ec90792b90f9acc0634be4465e5f36b13cbb0b9fd05077a5e67772f4a80aba336f58538767e583032cd0b6253c48537b4ec421f59d6ba5acc5df5300aea08068a8f41e02721d18c5c007fdeb64b38a25c4951422617b81cb624ffcef5c81c86117ee464c91dc1cafc7892a8ec563aa411bbf5cbaa809ad3e4fae6445962ceb83c67dce6b592cc2a18055f5e5b6cdbb471e4904f322db1ad384069129fca83f0b5ef7b8"]) (async)
mount$9p_unix(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x800000, &(0x7f0000007a80)=ANY=[@ANYBLOB="7472616e733d756e69782c002749983a021d15c723cb239bc9588c73576547755c784baec8962289182cde04e83226c1b549f230b1b90e466d5a9e454cff3918ed967e3564b1ea9ceb6161f17cf75bdd02255c6bfe8265ec90792b90f9acc0634be4465e5f36b13cbb0b9fd05077a5e67772f4a80aba336f58538767e583032cd0b6253c48537b4ec421f59d6ba5acc5df5300aea08068a8f41e02721d18c5c007fdeb64b38a25c4951422617b81cb624ffcef5c81c86117ee464c91dc1cafc7892a8ec563aa411bbf5cbaa809ad3e4fae6445962ceb83c67dce6b592cc2a18055f5e5b6cdbb471e4904f322db1ad384069129fca83f0b5ef7b8"])
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r2=>0x0})
connect$can_bcm(r1, &(0x7f00000000c0)={0x1d, r2}, 0x10)
sendmsg$can_bcm(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000019300)=ANY=[@ANYBLOB="0100"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0)
close(r1) (async)
close(r1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x80000000, 0x20000006, 0x4d, 0x6, 0x5d, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0xd, 0x7, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8c, 0x6, 0xffff, 0x0, 0x5, 0x4, 0x8008, 0x400, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x7], [0x10000007, 0x9, 0x8000012f, 0x2008004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2c0, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f2e, 0xd, 0x4e2, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0x81, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x7, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xca, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x3c484551], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x93a, 0x5, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x2000004, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0xfffffff9, 0xfffff000, 0x10000, 0x0, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x5, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r4=>0x0})
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) (async)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl(r5, 0xfffff000, &(0x7f0000000000))
recvmmsg(r0, &(0x7f00000076c0)=[{{&(0x7f0000000200)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private2}}}, 0x80, &(0x7f0000001a80)=[{&(0x7f0000000280)=""/119, 0x77}, {&(0x7f0000000380)=""/88, 0x58}, {&(0x7f0000000880)=""/44, 0x2c}, {&(0x7f00000008c0)=""/10, 0xa}, {&(0x7f0000000900)=""/136, 0x88}, {&(0x7f00000009c0)=""/57, 0x39}, {&(0x7f0000000a00)=""/4096, 0x1000}, {&(0x7f0000001a00)=""/97, 0x61}], 0x8, &(0x7f0000001b00)=""/190, 0xbe}, 0x7}, {{&(0x7f0000001bc0)=@pptp={0x18, 0x2, {0x0, @multicast2}}, 0x80, &(0x7f0000001e80)=[{&(0x7f0000001c40)=""/73, 0x49}, {&(0x7f0000001cc0)=""/49, 0x31}, {&(0x7f0000001d00)=""/77, 0x4d}, {&(0x7f0000001d80)=""/211, 0xd3}], 0x4, &(0x7f0000001ec0)=""/16, 0x10}, 0xfffffffb}, {{&(0x7f0000001f00)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000020c0)=[{&(0x7f0000001f80)=""/7, 0x7}, {&(0x7f0000001fc0)=""/206, 0xce}], 0x2, &(0x7f0000002100)=""/21, 0x15}, 0x1000}, {{&(0x7f0000002140)=@nfc, 0x80, &(0x7f00000044c0)=[{&(0x7f00000021c0)=""/33, 0x21}, {&(0x7f0000002200)=""/88, 0x58}, {&(0x7f0000002280)=""/191, 0xbf}, {&(0x7f0000002340)=""/4096, 0x1000}, {&(0x7f0000003340)=""/47, 0x2f}, {&(0x7f0000003380)=""/89, 0x59}, {&(0x7f0000003400)=""/4096, 0x1000}, {&(0x7f0000004400)=""/142, 0x8e}], 0x8, &(0x7f0000004540)=""/228, 0xe4}, 0x3bf3}, {{&(0x7f0000004640)=@x25, 0x80, &(0x7f0000004740)=[{&(0x7f00000046c0)=""/84, 0x54}], 0x1, &(0x7f0000004780)=""/33, 0x21}, 0x7fffffff}, {{0x0, 0x0, &(0x7f0000005800)=[{&(0x7f00000047c0)}, {&(0x7f0000004800)=""/4096, 0x1000}], 0x2}, 0x2}, {{&(0x7f0000005840)=@pptp={0x18, 0x2, {0x0, @private}}, 0x80, &(0x7f0000006c40)=[{&(0x7f00000058c0)=""/247, 0xf7}, {&(0x7f00000059c0)=""/4096, 0x1000}, {&(0x7f00000069c0)=""/162, 0xa2}, {&(0x7f0000006a80)=""/2, 0x2}, {&(0x7f0000006ac0)=""/154, 0x9a}, {&(0x7f0000006b80)=""/39, 0x27}, {&(0x7f0000006bc0)=""/120, 0x78}], 0x7}, 0x8}, {{0x0, 0x0, &(0x7f00000070c0)=[{&(0x7f0000006cc0)=""/28, 0x1c}, {&(0x7f0000006d00)}, {&(0x7f0000006d40)=""/95, 0x5f}, {&(0x7f0000006dc0)=""/183, 0xb7}, {&(0x7f0000006e80)=""/227, 0xe3}, {&(0x7f0000006f80)}, {&(0x7f0000006fc0)=""/221, 0xdd}], 0x7, &(0x7f0000007140)=""/247, 0xf7}, 0x4}, {{&(0x7f0000007240)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast2}}, 0x80, &(0x7f0000007300)=[{&(0x7f00000072c0)=""/45, 0x2d}], 0x1, &(0x7f0000007340)=""/243, 0xf3}, 0x5}, {{&(0x7f0000007440)=@un=@abs, 0x80, &(0x7f0000007a40)=[{&(0x7f00000074c0)=""/181, 0xb5}, {&(0x7f0000007940)=""/221, 0xdd}], 0x2, &(0x7f00000075c0)=""/236, 0xec}, 0x3}], 0xa, 0x40, 0x0) (async)
recvmmsg(r0, &(0x7f00000076c0)=[{{&(0x7f0000000200)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private2}}}, 0x80, &(0x7f0000001a80)=[{&(0x7f0000000280)=""/119, 0x77}, {&(0x7f0000000380)=""/88, 0x58}, {&(0x7f0000000880)=""/44, 0x2c}, {&(0x7f00000008c0)=""/10, 0xa}, {&(0x7f0000000900)=""/136, 0x88}, {&(0x7f00000009c0)=""/57, 0x39}, {&(0x7f0000000a00)=""/4096, 0x1000}, {&(0x7f0000001a00)=""/97, 0x61}], 0x8, &(0x7f0000001b00)=""/190, 0xbe}, 0x7}, {{&(0x7f0000001bc0)=@pptp={0x18, 0x2, {0x0, @multicast2}}, 0x80, &(0x7f0000001e80)=[{&(0x7f0000001c40)=""/73, 0x49}, {&(0x7f0000001cc0)=""/49, 0x31}, {&(0x7f0000001d00)=""/77, 0x4d}, {&(0x7f0000001d80)=""/211, 0xd3}], 0x4, &(0x7f0000001ec0)=""/16, 0x10}, 0xfffffffb}, {{&(0x7f0000001f00)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000020c0)=[{&(0x7f0000001f80)=""/7, 0x7}, {&(0x7f0000001fc0)=""/206, 0xce}], 0x2, &(0x7f0000002100)=""/21, 0x15}, 0x1000}, {{&(0x7f0000002140)=@nfc, 0x80, &(0x7f00000044c0)=[{&(0x7f00000021c0)=""/33, 0x21}, {&(0x7f0000002200)=""/88, 0x58}, {&(0x7f0000002280)=""/191, 0xbf}, {&(0x7f0000002340)=""/4096, 0x1000}, {&(0x7f0000003340)=""/47, 0x2f}, {&(0x7f0000003380)=""/89, 0x59}, {&(0x7f0000003400)=""/4096, 0x1000}, {&(0x7f0000004400)=""/142, 0x8e}], 0x8, &(0x7f0000004540)=""/228, 0xe4}, 0x3bf3}, {{&(0x7f0000004640)=@x25, 0x80, &(0x7f0000004740)=[{&(0x7f00000046c0)=""/84, 0x54}], 0x1, &(0x7f0000004780)=""/33, 0x21}, 0x7fffffff}, {{0x0, 0x0, &(0x7f0000005800)=[{&(0x7f00000047c0)}, {&(0x7f0000004800)=""/4096, 0x1000}], 0x2}, 0x2}, {{&(0x7f0000005840)=@pptp={0x18, 0x2, {0x0, @private}}, 0x80, &(0x7f0000006c40)=[{&(0x7f00000058c0)=""/247, 0xf7}, {&(0x7f00000059c0)=""/4096, 0x1000}, {&(0x7f00000069c0)=""/162, 0xa2}, {&(0x7f0000006a80)=""/2, 0x2}, {&(0x7f0000006ac0)=""/154, 0x9a}, {&(0x7f0000006b80)=""/39, 0x27}, {&(0x7f0000006bc0)=""/120, 0x78}], 0x7}, 0x8}, {{0x0, 0x0, &(0x7f00000070c0)=[{&(0x7f0000006cc0)=""/28, 0x1c}, {&(0x7f0000006d00)}, {&(0x7f0000006d40)=""/95, 0x5f}, {&(0x7f0000006dc0)=""/183, 0xb7}, {&(0x7f0000006e80)=""/227, 0xe3}, {&(0x7f0000006f80)}, {&(0x7f0000006fc0)=""/221, 0xdd}], 0x7, &(0x7f0000007140)=""/247, 0xf7}, 0x4}, {{&(0x7f0000007240)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast2}}, 0x80, &(0x7f0000007300)=[{&(0x7f00000072c0)=""/45, 0x2d}], 0x1, &(0x7f0000007340)=""/243, 0xf3}, 0x5}, {{&(0x7f0000007440)=@un=@abs, 0x80, &(0x7f0000007a40)=[{&(0x7f00000074c0)=""/181, 0xb5}, {&(0x7f0000007940)=""/221, 0xdd}], 0x2, &(0x7f00000075c0)=""/236, 0xec}, 0x3}], 0xa, 0x40, 0x0)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='minix\x00', 0x200000, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r3, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r4, 0x0, 0x97, 0x8000000}) (async)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r3, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r4, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000140)={0x28, 0x2, r4, 0x0, &(0x7f0000ff6000/0xa000)=nil, 0xa000, 0x1})
r6 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_CONN_TIMEOUT(r6, 0x10f, 0x82, &(0x7f0000000040)=0x5, 0x4)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f00000000c0)={0x48, 0x2, r4}) (async)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f00000000c0)={0x48, 0x2, r4})

2.587574017s ago: executing program 5 (id=2516):
r0 = socket(0x10, 0x80002, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000100)={0x2, @pix_mp={0x3, 0x0, 0x3231564e, 0x0, 0x3, [{0x101, 0x9fb}, {0xb, 0x4}, {0x6, 0x1}, {0x3, 0x7fffffff}, {0x1, 0x8}, {0x7ff, 0x2007}, {0x7, 0x8}, {0x6, 0x2d19}], 0x1, 0x0, 0x0, 0x2, 0x1}})
newfstatat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x800)
bind$alg(0xffffffffffffffff, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160-generic\x00'}, 0x58)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280140010"], 0x48}}, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)

2.587028542s ago: executing program 5 (id=2518):
r0 = socket$netlink(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, 0x0, 0x4000000)
socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_inet_SIOCGIFBRDADDR(r1, 0x8919, &(0x7f0000000180)={'sit0\x00'})
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x8040}, 0x44000)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={0x0, 0xffffffffffffff8a}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056842bb002552d215f6", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e00000018000280140011"], 0x48}}, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x4924b68, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000880)=ANY=[@ANYRES8=r3], 0x78}, 0x1, 0x0, 0x0, 0x88d1}, 0x40)

2.51001019s ago: executing program 2 (id=2520):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="8f", 0x1}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x8094)
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x31, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4}}}]}]}, 0x48}}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0b00000000010000000100000900000001"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000), &(0x7f00000002c0), 0x8, r2}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)="00f7580200bec124954500d7b79726d8f54177d262cab6cdea49fc56cb308bde8559dde9bfb70d6ea0ecbd726e96319b23bf37b273aa5c3c9e89f07d31613fb0a9b225bbd356cd21b1fe2c1ff1f37ffa2ec0bf324b0849ccaddb340317fd4260a08fbcc71c7de6cda4cb098923968aa271024e2cf1fd279835d7f7d1c9a65b4dfb497027ee74fc863eea479b5f18f60c85dea9cb049ae15baa04a34bd7771112c1f4dc233eac213a86b802", 0x0, 0x7, r2}, 0x38)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r3)
sendmsg$DEVLINK_CMD_RATE_SET(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)={0x34, r4, 0x1, 0x0, 0x0, {0x2a}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4001}, 0x40040c0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00')
exit(0x7)
statx(r5, 0x0, 0x1000, 0x10, 0x0)
dup2(r0, r0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x581, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x4d4f7}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_INTERVAL={0x8, 0x7, 0x7}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4042}, 0x0)

2.509278385s ago: executing program 5 (id=2521):
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000280)="d25a9850", 0x4, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000001c0), 0x600, 0x0)
syz_usb_connect(0x3, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000002140)={0x2020, 0x0, 0x0, <r5=>0x0}, 0x2020)
quotactl_fd$Q_GETQUOTA(r3, 0x2a3db04f32c89ada, r5, &(0x7f0000000500))
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x90004)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
ppoll(&(0x7f00000000c0)=[{r4, 0x60}], 0x1, 0x0, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r2, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0x14, 0x6, 0x1, 0x301, 0x0, 0x0, {0x2, 0x0, 0x2}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x4000)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)

1.61006774s ago: executing program 2 (id=2527):
r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0xfffffffd, 0x490420, 0x2}}, 0x50)
syz_fuse_handle_req(r1, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0xc3b, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = syz_open_dev$dvb_dvr(&(0x7f00000000c0), 0xb, 0x10001)
ioctl$DVB_DVR_DMX_EXPBUF(r3, 0xc00c6f3e, &(0x7f0000000100)={0xb78a, 0x80000, r0})
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x1a)
ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000380)=ANY=[])

1.310539905s ago: executing program 0 (id=2530):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[<r1=>0x0], &(0x7f0000000180)=[<r2=>0x0], 0x0, 0x0, 0x1, 0x1})
r3 = socket(0x10, 0x803, 0x4)
syz_genetlink_get_family_id$batadv(&(0x7f0000000200), r3)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000280)=[r1, r2], 0x2, 0x0, 0x0, <r4=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb=0x1}, 0x94)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000580)={&(0x7f0000000480)=[0x0, 0x0, <r5=>0x0], 0x0, 0x0, 0x0, 0x3})
ioctl$DRM_IOCTL_MODE_SETCRTC(r4, 0xc06864a2, &(0x7f00000005c0)={0x0, 0x0, r1, r5, 0xf8, 0x8, 0x7ff, 0x3, {0x8, 0x8, 0x0, 0x5, 0x0, 0x2, 0x1, 0x1, 0x0, 0xffff, 0x8, 0x7c0, 0xffffffff, 0x77, "ba9a42184edc4097e01b52f22e2cbb318719fb31f6699332292cc81f89f07580"}})
r6 = socket(0x10, 0x3, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000240)={'veth0_virt_wifi\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0xe, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}, 0x1, 0x0, 0x0, 0x4004040}, 0x20000000)
r9 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), r4)
sendmsg$IPVS_CMD_GET_DEST(r6, &(0x7f0000000840)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000800)={&(0x7f0000000640)={0x1a0, r9, 0x0, 0x70bd26, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x30, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0xb}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x30, 0x15}}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x43}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x67}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x458}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}, @IPVS_CMD_ATTR_DAEMON={0x44, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ipvlan1\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_vlan\x00'}]}, @IPVS_CMD_ATTR_SERVICE={0x4c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0xc, 0x1}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x5}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x65a7}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@rand_addr=' \x01\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x73}]}, @IPVS_CMD_ATTR_DAEMON={0x60, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @local}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x3ff}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @private2={0xfc, 0x2, '\x00', 0x1}}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'vlan0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0xc}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x6}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}]}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast1}]}, @IPVS_CMD_ATTR_SERVICE={0x34, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'lblc\x00'}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0xa, 0x6, 'lblcr\x00'}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x1}, 0x4000000)

1.310297052s ago: executing program 2 (id=2531):
r0 = socket(0x1e, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x4000, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
umount2(&(0x7f00000001c0)='./file0\x00', 0x1)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
openat$ocfs2_control(0xffffff9c, &(0x7f0000000040), 0x20000, 0x0)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, 0x0, &(0x7f0000000080))

1.267854197s ago: executing program 2 (id=2533):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2}, 0x10)
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000010000380140001007465616d3000000000000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014"], 0xfc}}, 0x0)
writev(r0, &(0x7f00000006c0)=[{&(0x7f0000000440)="2e9b3d0007e03dd65193dfb6c575963f8864", 0x12}, {&(0x7f0000000100)="31020002", 0x4}, {&(0x7f0000000a80)='h?\x00W', 0x4}, {&(0x7f0000000240)="a492ce3ffd9311d70350000000000000000030e60000007ac2e63520350af1585bb6d74eb1f3eb39e27f898d33694ba4", 0x30}], 0x4)

1.267705972s ago: executing program 0 (id=2534):
r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f00000000c0), 0x4440, 0x0)
ioctl$CDROMREADTOCENTRY(r0, 0x5306, &(0x7f0000000180)={0x0, 0x0, 0x5, 0x1, @msf={0x4, 0x2, 0x7}, 0x2})
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000040)=0x90000)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40402, 0x0)
ioctl$TUNSETVNETHDRSZ(r2, 0x400454d8, &(0x7f0000000080)=0x1)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000240)={@hyper})
ioctl$BTRFS_IOC_SNAP_CREATE(r2, 0x50009401, &(0x7f0000000400)={{r0}, "3b4dbdef1f5b7a52574c04120e6105a1c1b2d7277b052ad0eb5e0c90bc47a5b30ecf9c50e2c19510407fc18a5133dedc310b95b759614c210ff4917f270fd6b32f8ab8b7076cb64fda040c994918dd8f361e7bbca78a6583b08a8b465dfbc68b39300c78b208f96440fbe53c9ab240050ef0435019be7d67f92607fa2a38d8945d8c94e60b451c628554790bf367970af8557000a2d5ee5ce7e668786edc5cdc002d17d42bec0ad844502560eda91f97c30e13e20c366cbbbf6bb9f0ba8ecc17b62b430034667fb9c44604da2ee7e2a83b7b50c80d67432f791f0ed4f3bf0c8c7a49cc135b8867723751c09e551e25ddd3b6201b719005b6b0b84a76d530e5af40de6e3a9379fbe2c02eb7db24cf5895e285147a94f2a04673680a3704f7567b0ac59306ab3323b63cc0f66e02c7f8fa5050a4482c8ac051ae8f94ce3d5d38d4ced9ec85c3b1c4effe37ff78b517d321a3aaaa57c6e0503918b07d12c774277087b7c6d210beb6eaf3df9a97273f454f58e3827286bc1bb5888073862a2a609056a3b772fbda896d6c3d0782bea468cb8003f1fc07b1b21e149887b3fb8ad5642aef8f12612a97c5ccedc69052843923839902fc72d90459ca88a219cd9538c4e106ff072b17aeb5eb23e867349158fd1ae60f4878c2f25930b53cad91efef291e423ab6e082faaffc80f99bd4572457667a5000a526d5256fafe90111ba3d9ea2783348015ae411b42fbdd72cb0faeb65c78343a8c20eba9df3cac412d361ca0dfb80994b3b51d4dc3fbbafda54534148b1a41cc77d066d38d8117a99728fe12138c1c61d8e012a17df248ee86274e2f63596e99126c699ff188942a7fdcf0e6e619ac9b34132a7861dc28b73cc15e9235edf41d73b8fa249ff6f57deccf3541ef53364331ccc5c344a0ac4ba0806929cec5a11d447fb9862fdbc2f919558975638baf868bd018c222032d0cbd91a0c83a6ac369dc7ad484f5833248b180f73538f11b5056b3d4555afc43ccc0e9a46b4255618c5a87ea7dbf21d129f0c25b68aaecd1b8d952478ada9c02f1529fae87e8f43dd8ccedee29564f96777313424847e4f7cedb0ff1a769410d6aa305201acb65b407f6e16a47d6d1f7766f9c8b016a9c8b7aa277bd301a2cdf8acf57c9c465dc38d018f6acbf4eb13af6ee7e1ce8b14c400a52fef3ebff8766698be506397425332572344b2e26255fabfcd12b5c1647029628d0886c8b6f3ad120093b29383db2fbc5387a50f9054c783c94720aeb6658b75fbf2cb62406e711ed6c644a4c33d60eff46d7aecc9194822f3dcd56b89721dc29837facf6176724665b7fc42009081d8b8f71a3d9f33f944f24aa1c44978bdf553b2a127eaef5a64d1686856d60298712021c6c5c835ee662d9ef1ea6c9751f24e16eae4e275dcb708d7a6b97caad4cc3fb33811355cbcb9ea8d25d80ea1a4082494abcf5cf54becb154b7bd877ac155f109c9a218aedd6ce2f53407abbd86572d2301c765d45409bff6e39726f141799d80ab883d505fe89b1e9bdf8114a410fc3f664bed86e807923e4849db156a267a555feda8fa8821d65cf3dbcb8b558d3b34f8e2a03a81abbab8787d44a818eb7147a679927a068173cba0ad131d276a0e2864e5cb402f1cd70b90d252d32c087b692aa373ba07e4aeb8e87c668a5beef11e8559115801ab96d5d30a027204448832361259a31d6f1673265ddcc943c20b607d37002ba6c55adc6d00a48b50f884f5fba09741ce275825875e8a3b35b43e7d5511cf8df0f76dbf3bde447d6b99eee778e8a111077110a02ddf73751392ceccd65943052896d4f711cb85453e6cb56ce30402808064fc24a847cf3d7f2d93365e7867557aec0729a9595ec4832fd6d5fef3e47874602f75819165417ed69e152e55496c6588e2849d2a235fa072efded5cb4555fd193bb7c2c69957021a2595cbf4fd7ea4b873d709a9370b0ac3a3e0b1650218a07b746bcf2145fc533f67454848478a26fbfd1012fe71a11eb6d4d91c4ff87bae16fda696a59652785cf8ba28231ad953c535114f2bd099e17e33a401e8af0c17cebd4c96377b2bd5914d0ffaed0506b61e02c807a9390b86974ab0700e8cc8af700d7b8a24652f004bea4f573b0f095fa4ed9cca4b9bea2a2a22b9691f2a17afe3d4422ac451624004d1e8b7da5e14586c280ce22e6ff44dcc89e809768c3c491be075bc5b44423a921e5794cdf35de452cd647b7e4968afa04e59fc27ae55bba78af91316f0afb6d245c0b9e169c02f7c38d52efd3c3a0ebd89d72663b205265016075cabccc767c4069bae31c09142ae6df2754a415badf423ee37e4a2dbeb87ada7dfb566be6237e7a4a7163a56215f715702f5128676f0c012cd8598a672c21a98f0931216b21bf53b250ad6e082415445ef72ba0079f3b157a7d01da2fa292228ec1ab625261db32b86a12231b7d18736c9dbe0941747d8f3888d680b872aeaa3761bc7607694bfaf963c4ebbe4867c9d4dddf791377cb415f3caf617ee0d5cd61830d5f7d91c48a7137a772cc246b9a74d2c3755a6c93607fa107e7b836ee04e6abff7b3b7592c072009a23302a4f74d7560e6943bbe8719f82b0ec2843d7754c205b97f1ced1ea46acbb49e4d2967c6d758945c48a5b9bea85bf370323f1c66b4a17250ccdc895f306969db9bfa4727d2e1f10b331d31ea9fb1b141f53ed3163a4487c088402b82679e3a1dc7f2b057013d79e9ed380ce5988c8faeb650d4f3e96836915c1406ef6717f1fe2f5546b8c313f3b288a2f9ca076a60d4fabef8170c88cabc1b9f887d4ca54fc15a6e012cd22426c1e9cafd649188bac2ac2b3c56570fd733d37e8c213ccf178f07853afca1e8bce6174b6ddbfe8fb7fdd1e12c1342e33070ee3036dd380da449dc231fac02e9c9b6760cc04a8fc3868ffa80934fdfc8580ce6f4d830f50016349a8636e8f8a3cb7e4a010a9c16acd151a30f1f8172da8fe7e0250edf5507356e6672d9429f5ef0e4a93fa788c395e36482216b918a29bad460198d7098066f4bdd5b4cfe942496c01c56c593d6bca6b3f67c6f048316242b9d5274c5b8930e9693c3a24e9583ac3661d69927a916f4f6c552ebc46ef1ed30bc33f9c6c7024dbf2bee2603f025a2454fe6eb2c531a1d184e455ca26390db5a778f3da8fcc7fba28368b06d614de377b03e8dc062ef813a480815e1e139e289f9d06fa57bcbdfdb221e833f4c6a954d2394915aa6d5768a51221e2b90b3fe6f010c8692e6d56f3a3e25271c85fce4a9639f88dead56af9f73ff4b0bc7b80ff0d42a3846ecb2f43e6082b65c2bbf5c7053bfe861be5d0c9e5e842aad03c004411209b1a0d96568b6d81fad6c5f696cc763943b01aa4c1e237cc349f2727556ca01f2e6bb033bc1a6ab3bc8b8bec27e619e962188801682f3b9bdaab6be8cd74d19485ee69c78f0a857eecae56469ab5fea256b6cf0c75593d30b1765544e02c924807a04f35eb5411f2c19c31c024e35d675f1a222ba737fff4754dba563756f22d9461b96bcf5b812966d2f84559b0e77a87adc59ae09f1e0567eebb2e80e6cb8dcc1f55f9c0c492df960171e5b23cfc205b607310b79952cf7116ca782fbf2612984f97198d3a5e097dae13e83668711fbd78dfd47a96af8373d33a550b9ff48ec1dd483fd170a0d752b1e2fed7af8bad28ecacfa675a06a9dd80e6c02f230efe0e02431d6ec14239981cb95c0a61b8c80e5b02f906239970532f0508fd95af79972730e4e96fb469b704bdb3b2bcdd7c13c767e8acabc273e8ba78117cf645576c71788974a1d7af0a6a35a890a224f23e574936ec993b777703cc0f3508b85f804c1742535bc05ad4db7c44433ac08cb083e99d7c337638bbea3ecd7d6ae4f63e58aa9920650db4b46e9ff3b2392c5e76c1cd83c70eb35829af046a8803960ec6d327067459db483a4136e5f1f6f4251036a0b5392d29c18bece080c8cdf02bbcc7e0a7fcaa58452fa02924ac84ad94d56d7138eb021eb3c3a3e7219dddd174ea3d355f9e92cd2a9a49e8188c86a3ed6ac7fc30538601223570d57127773c929770a95ae8197bfeddd2478015016c5803a86faa7603e3641c4127f932fa7281312cc859fcba15fbf21b8ed34383dfa7f771fc9bdee0afa92a73704ea2c00f70f08282972c82b3ede9bb667de8823243dd785759435a9a2a49da9635eca1c2c00c3bed9fb24a1b365e3cfa52cbab420c0faae0e9249b2804e9fc02c1b0e349eef860b7a5a7d6e722c437d666a38744571eb66a02c85bf0e85020475d7893ddb24ce0994c9e4c7daff67fe59f1076b5fcc585ef9c6fa18a9cce9f962712943efbd56f6c9c095b1feb5dcdad057426254f45eee397dffc9ecd92e9f6508b9ea241f69ed940847c2b7586cbf930e285586912bfc815feaca82509457878ff48046ffcc0b1cd04e655a723a76697ae139797f31a9150f44ad8fd05985a774f4b240497aab1fcd4d41d611230295e61b41a200a010132e09c3d89cf3c609a63481291753fb1de1c7fb7f26b0d7257ee3e6d286d9d7ce9e1333c917ec07b9590e77030462095b62a959422370326a097a579c12b1f34f3c34bca7e655335e7f87b14e923308fda48e8f4df1997afc58e8e5f5da6604954517a5acfed4c59435cf8deb0d8974fdeb4900b0b4285c8d7ffad960c09961785e5c9c3e4a3b28f2aa7d8d64648ecc842f8200c6f784ad3d951d310ff8fcf0ce8cf8f93cbd59c8b1a70691c63a7e07813fcdda1433c22edb889a7ed1903c422904f47c455148b36814478941f4c39b64c6fc9f4e276402b6a7ff37d2496ad75faea2ea7d18404382f659e4f545fd3b29e0b4c80089d2ebcf6fbfceff96218d3acfef387e1150951c73c3328f45d3f609fd5bdb6c7d3b744fd1117258d59717005542da1fd73407e99cf1ac104a916f864f36d220a63c6509096fd4f83d8b5cb1bca0e09a0736efc69ab0a26aafde36921add947cc89f426896bc8131c6b2fdc6ebae8921f5289d652858dff5fe028f775e70558347b53ba31d58f4cac393fe093394eba44d5e8cbb589b26da247f735c9c0010012219e154ac5f9d4d5e129c5fcde1034e65b7b0c84ccabb219603764a4cfb6b25803abf33ea1c4b03b2a01f3306ffdb601638370565c575a3a09ad10b0eccce7bad50a2a57080a7569a52bd625fdfa66c3720c773dfeaeef529403398f460a19f59f3119ac458add8533436b828a9a1a22e2938f4885ae3ee6883b6968192a791ead0e4a344c84ac3bb425555f4c8dd2c00d4c2034452577224e0b3e74eba9c4d5a4d9e81cad56b2c41f3a77fcafdc5a37a2be4dafdbbaf1e73e9aa2afefd76f2bd09cbd5e1db53a20bbff2649bdeb5306f8fa8e99c18e59985c1cfdf8ee72eafd2cc4e1b480e2b65cfd5d12e8a91396c704f6e94b2955bf82cccef60b28cd70f1480c89535af38388b17cfaf9159a7f656557761dc5ead2f80671041ed5c2ff4e8e0b309b132c096889b99bb61f1a869f946cff4037707598c269e0a7d07af908973c6b7003e26363c01122f68aa0b18b7d5424d22fde40be567d7ede45fa69df0e55e5c9111fae6f1190ec090ed9d5ef822a5b8a1561ee8575bb5768603bed4645d04c08e072c742aabadbb8bfed8f9d99e38f9ebce0a3e8757a61c5294160591038b69027c24a1dcfc40618a3938b48d9dcf94dbafcbb0297d1c873492fe4f7666fb5499cbbb463f01237a19377c874252263e99136b997602c9efc0774a336ce3de79fa0f70bb309cc224"})
ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(r1, 0x7a9, &(0x7f00000003c0)={{@my=0x1}, 0xfff, 0xffffffffffffffff, 0x0, 0x0, 0x80000, 0x2, 0x1000000000ff6, 0x58df})

1.266863208s ago: executing program 5 (id=2535):
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x840, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000000040)={0x9, 0x9, 0x0, [{0x4, 0x57, 0x101, 0x0, 0x97, 0x2, 0x6, '\x00', 0x800}, {0x0, 0x1, 0xd, 0x9, 0x80, 0x80, 0x7, '\x00', 0xff}, {0xffffffffd38d822f, 0x950, 0x7, 0x2, 0x4, 0x6, 0x6, '\x00', 0x6}, {0x3, 0x1, 0x7, 0x4, 0xfe, 0x27, 0xfa, '\x00', 0xa519}, {0x8, 0x4, 0x5, 0xd, 0x9, 0x3, 0xf7, '\x00', 0x6}, {0x800, 0x1e, 0xfffffffffffffff4, 0xb, 0xea, 0x5, 0xcc, '\x00', 0x7fffffff}, {0x9, 0x3, 0x0, 0x8, 0x3, 0x0, 0x3, '\x00', 0xe}, {0x8, 0x7, 0x1, 0x8, 0x2, 0x8, 0x1, '\x00', 0x7ff}, {0x4, 0x2, 0xffff, 0x1, 0xf, 0xf8, 0xa7, '\x00', 0x5}]})
r1 = socket$alg(0x26, 0x5, 0x0)
preadv2(r1, &(0x7f0000000740)=[{&(0x7f00000002c0)=""/43, 0x2b}, {&(0x7f0000000300)=""/62, 0x3e}, {&(0x7f0000000340)=""/161, 0xa1}, {&(0x7f0000000400)=""/27, 0x1b}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/220, 0xdc}, {&(0x7f0000000640)=""/241, 0xf1}], 0x7, 0x3, 0x38aa3995, 0x8)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000880)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x1c, 0x0, 0x1, 0x70bd25, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000804}, 0x4000004)
ioctl$SNDRV_TIMER_IOCTL_CREATE(r0, 0xc02054a5, &(0x7f00000008c0)={0x5, <r2=>r0, 'id1\x00'})
ioctl$AUTOFS_IOC_FAIL(r2, 0x9361, 0x8000)
ioctl$KVM_RESET_DIRTY_RINGS(r2, 0xaec7)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r0, 0xc0189371, &(0x7f0000000940)={{0x1, 0x1, 0x18, <r3=>r2}, './file0\x00'})
r4 = accept4$phonet_pipe(r3, &(0x7f0000000980), &(0x7f00000009c0)=0x10, 0x800)
ioctl$BLKRRPART(r3, 0x125f, 0x0)
ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000a00))
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000a80), r2)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r3, &(0x7f0000000b40)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000ac0)={0x24, r5, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x4841}, 0x40)
open_by_handle_at(r2, &(0x7f0000000b80)=@xfs_parent={0x1c, 0x82, {0xffff, 0x8001, 0x4, 0x8}}, 0x80)
r6 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000bc0), 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000c40)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000c00), 0x111, 0x1}}, 0x20)
r7 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000c80), 0x600800, 0x0)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r2, 0xc0189378, &(0x7f0000000cc0)={{0x1, 0x1, 0x18, <r8=>r7, {<r9=>r3}}, './file0\x00'})
sendmsg$AUDIT_USER(r9, &(0x7f0000000e00)={&(0x7f0000000d00)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d40)={0x50, 0x3ed, 0x200, 0x70bd28, 0x25dfdbfb, "6a83d23c1353e3df942aeb39c75639cfef3780a1bce921abbf5aafd8151b0cb2933d51db5394dd3309f8a08c4b83e9543f404bd2e69dd20be715b408baa6", ["", "", "", "", ""]}, 0x50}, 0x1, 0x0, 0x0, 0x4005}, 0x8800)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000e40)={[0x1, 0x1, 0x10, 0x1, 0x5dff, 0x3ff, 0x1, 0x3, 0x3, 0xc, 0x6, 0xf02, 0x5, 0x100000000, 0x2, 0x199], 0x58000, 0x2})
syz_genetlink_get_family_id$ipvs(&(0x7f0000000f00), r2)
ioctl$VT_RESIZE(r6, 0x5609, &(0x7f0000000f40)={0x3, 0x6, 0x1})
ioctl$EVIOCGABS0(r8, 0x80184540, &(0x7f0000000f80)=""/170)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, &(0x7f00000011c0)={&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001040)=""/72, 0x48, 0x0, &(0x7f00000010c0)=""/237, 0xed}, &(0x7f0000001200)=0x40)
fsync(r9)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r4, 0xf501, 0x0)
ioctl$F2FS_IOC_PRECACHE_EXTENTS(r3, 0xf50f, 0x0)
ioctl$TUNSETFILTEREBPF(r6, 0x800454e1, &(0x7f0000001240)=r2)
sendmsg$NL80211_CMD_SET_REG(r8, &(0x7f0000001480)={&(0x7f0000001280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000001440)={&(0x7f0000001300)={0x10c, 0x0, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'aa\x00'}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'a\x00'}, @NL80211_ATTR_REG_RULES={0xa4, 0x22, 0x0, 0x1, [{0x2c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0xb}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x3}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0xcd89}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x3}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x4}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_REG_RULE_FLAGS={0x8}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x8}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0xe}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x6}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x1}]}, {0x44, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x81}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x3}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x1}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x7}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x1}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x4aa1}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x1}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0xffff}]}]}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_REG_RULES={0x38, 0x22, 0x0, 0x1, [{0x34, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x10001}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x8}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x9}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0xff}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x7}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x9ca}]}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x20008000}, 0x4001010)

1.263949273s ago: executing program 4 (id=2536):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfbffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xb}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r2, 0x0, 0x800)
r4 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x7}})
r5 = socket$kcm(0x11, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r6, 0x3e}, 0x80, 0x0}, 0x4)

1.14907437s ago: executing program 5 (id=2537):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x2}]}, 0x6c}}, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0)
open$dir(&(0x7f0000000340)='./file0\x00', 0x122c40, 0x4)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000380)={&(0x7f0000000040)=""/34, 0x8000, 0x800, 0x76d, 0x1}, 0x20)
ptrace(0x10, 0x1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000240)={'netdevsim0\x00', <r5=>0x0})
r6 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x34, 0x10, 0x403, 0xfffffff9, 0x25dfdbfe, {0x0, 0x0, 0x74, r5, 0x59808, 0x55007}, [@IFLA_IFNAME={0x14, 0x3, 'veth1_macvtap\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x4802}, 0x4000010)
ioctl$sock_bt_bnep_BNEPGETCONNINFO(r6, 0x800442d3, &(0x7f00000002c0)={0x2, 0x4, 0x401, @remote, 'vlan0\x00'})
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000f80), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_INTERFACE(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000540)={0x50, r7, 0x1, 0x70bd25, 0x35dfdbfb, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0x1}, @NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan0\x00'}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan1\x00'}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0102}}]}, 0x50}}, 0x4088094)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r9 = accept4(r8, 0x0, 0x0, 0x800)
sendmmsg$alg(r9, &(0x7f0000000040), 0x0, 0x40c80)
recvmsg(r9, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x70, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_PROTOINFO={0x28, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0x24, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0x2b17}, @CTA_PROTOINFO_SCTP_VTAG_ORIGINAL={0x8, 0x2, 0x1, 0x0, 0xa9}, @CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0x100}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x3}]}}, @CTA_TUPLE_REPLY={0x2c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0x98}}, 0x0)

1.148850217s ago: executing program 0 (id=2538):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYRES16=r0, @ANYRES32=r1, @ANYBLOB="d6e584160c354534a5a053045978b1020806b32dcf898b202b7cd08afb611b3685c4a8ba5103afaea31e72d38eca7ac8b854c15100f6ec020e87f9961d2ce968f06a4b26a241ccf0db9595cd89bb83d9c5", @ANYRES16=r2, @ANYRES8=r0, @ANYRESDEC=r0], 0x34}, 0x1, 0x0, 0x0, 0x4048090}, 0x4009)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000040)=@x86={0x6, 0x0, 0x8, 0x0, 0x4000004, 0x8, 0x6, 0xb, 0x83, 0xe, 0x5, 0xa, 0x0, 0x101, 0x28, 0x0, 0x0, 0x0, 0x4, '\x00', 0xff, 0x9})
sendto$inet(r0, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000280)=@newlink={0x44, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x504a9}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_IKEY={0x8, 0x4, 0x10001}]}}}, @IFLA_MTU={0x8}]}, 0x44}}, 0x0)
r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000001780))
ioctl$sock_ifreq(r6, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x4})
ioctl$sock_netdev_private(r6, 0x89f2, &(0x7f0000000000))

1.088300408s ago: executing program 4 (id=2539):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000380)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000010651fbe347b322b00000c000180080001"], 0x20}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
ioctl$sock_ifreq(r0, 0x8910, &(0x7f0000000000)={'bond_slave_0\x00', @ifru_map={0x2, 0x30d, 0x4, 0xd, 0x8, 0x7}})
creat(&(0x7f0000000100)='./bus\x00', 0x100)
mount(&(0x7f0000000340)=@filename='\x00', &(0x7f0000000080)='./bus\x00', &(0x7f00000000c0)='ecryptfs\x00', 0x0, 0x0)
ioctl$sock_netdev_private(r0, 0x89f0, &(0x7f0000000000))

1.087482492s ago: executing program 5 (id=2540):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000180)={0x550acae9, r1, 0x3})
r3 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_restrict_self(r3, 0x8)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x14, 0x15, 0x1, 0x70bd26, 0x0, {0xb}}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r5 = socket(0x2a, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001000)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000039c0)=@newtfilter={0x48, 0x2c, 0x605, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xffe0}, {}, {0xffff, 0x2}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x0, 0xa}}]}}, @TCA_RATE={0x6, 0x5, {0x8, 0x7}}]}, 0x48}}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r8, 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETIFINDEX(r0, 0x400454da, 0x0)

1.039823674s ago: executing program 4 (id=2541):
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x80000, 0x0)
ioctl$AUTOFS_IOC_FAIL(r0, 0x4c81, 0x7) (fail_nth: 2)

930.50768ms ago: executing program 4 (id=2542):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_open_dev$vcsu(&(0x7f0000000000), 0x4, 0x1)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f00000000c0)={r1, r0})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r2, &(0x7f0000000040)={0x30000004})
epoll_pwait(r4, &(0x7f0000000600)=[{}], 0x1, 0x7c0e, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
r5 = inotify_init1(0x800)
inotify_add_watch(r5, &(0x7f0000000040)='.\x00', 0xc0000484)
symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

857.528961ms ago: executing program 2 (id=2543):
r0 = socket(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'macvlan0\x00', <r1=>0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_open_procfs(0x0, &(0x7f0000000280)='oom_score_adj\x00')
preadv(r3, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0x300, 0x0)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x40000)
sendmsg$TIPC_CMD_SET_NETID(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x8, 0x2, 0xfffffff8}}, ["", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x6008081}, 0x0)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000000)={0x4, 0x0, 0x0, r1}, 0xc)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x1, 0x1, 0x0, r1, 0x267a4e37}, 0xc)
r5 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r5, &(0x7f0000000140)={&(0x7f0000000440)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x0, 0x0, 0x3, 0x4, {0xa, 0x4e22, 0x5, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80000083}}}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000280)="a6", 0x1}, {0x0}], 0x10000289, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r1], 0x20}, 0x1, 0x0, 0x0, 0x24008050}, 0x20008000)

699.812752ms ago: executing program 2 (id=2544):
add_key$user(&(0x7f00000002c0), &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000280)="d25a9850", 0x4, 0xfffffffffffffffe)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000001c0), 0x600, 0x0)
syz_usb_connect(0x3, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000002140)={0x2020, 0x0, 0x0, <r3=>0x0}, 0x2020)
quotactl_fd$Q_GETQUOTA(r1, 0x2a3db04f32c89ada, r3, &(0x7f0000000500))
bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r2, 0x90004)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
ppoll(&(0x7f00000000c0)=[{r2, 0x60}], 0x1, 0x0, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r0, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0x14, 0x6, 0x1, 0x301, 0x0, 0x0, {0x2, 0x0, 0x2}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x4000)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

219.721774ms ago: executing program 0 (id=2545):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$kcm(0x11, 0x3, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000640)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r9, {0x0, 0x4}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000010}, 0x4)
setsockopt$sock_attach_bpf(r2, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r2, &(0x7f0000000280)={&(0x7f0000000440)=@xdp={0x2c, 0x0, r6, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200000214000e00002fb96dffff1144ee163cddcb000000800000827600000000000000", 0x26}, {&(0x7f00000004c0)="f058050000007f8f", 0x8}], 0x2}, 0x5)

68.84651ms ago: executing program 0 (id=2546):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_GET_VCPU_EVENTS(r0, 0x8040ae9f, &(0x7f0000000000)=@arm64)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000400)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x58, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x888e}, @NL80211_ATTR_FRAME={0x26, 0x33, @data_frame={@msdu=@type11={{0x0, 0x2, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1}, {0x9}, @device_a, @broadcast, @device_b, {0x8, 0x3}, @device_b, @void, @value=@ver_80211n={0x0, 0x5, 0x2, 0x2, 0x0, 0x2, 0x0, 0x0, 0x1}}, @a_msdu}}]}, 0x58}, 0x1, 0x0, 0x0, 0x8080}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x34, 0x0, 0x1, 0x70bd2b, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_RX={0x5}]}, 0x34}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x2c, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0x5}, {0xffff, 0xffff}, {0xfff3, 0x10}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x7}]}, 0x2c}}, 0x44080)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000020000103feffffff0000000002000000000000000400010008000a000008000005001e"], 0x50}}, 0x4000850)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'bond0\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="0000000072d6071c000000db0000000000000000", @ANYRES32=r6, @ANYRES8=r4], 0x58}}, 0x40080)

68.563701ms ago: executing program 4 (id=2547):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x701, 0x10000, 0xffdffffc, {0x26}}, 0x14}, 0x1, 0x0, 0x0, 0x24044015}, 0x0)
r2 = socket(0x1d, 0x2, 0x6)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r2, 0x6a, 0x5, 0x0, &(0x7f0000000040))

68.292528ms ago: executing program 0 (id=2548):
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
r0 = socket$tipc(0x1e, 0x2, 0x0)
ioctl$SIOCGETLINKNAME(r0, 0x89e0, &(0x7f0000000000)={0x1})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000001c0)={'bond0\x00', &(0x7f00000002c0)=@ethtool_cmd={0x49, 0x100, 0xffffffff, 0x401, 0x0, 0x1, 0x0, 0x0, 0xd, 0xff, 0x0, 0x8000001f, 0x2, 0x47}})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x22023500, 0x0, 0xff4e, 0x0, 0x0, 0x0)

0s ago: executing program 4 (id=2549):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x2}]}, 0x6c}}, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0)
open$dir(&(0x7f0000000340)='./file0\x00', 0x122c40, 0x4)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000380)={&(0x7f0000000040)=""/34, 0x8000, 0x800, 0x76d, 0x1}, 0x20)
ptrace(0x10, 0x1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000240)={'netdevsim0\x00', <r5=>0x0})
r6 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x34, 0x10, 0x403, 0xfffffff9, 0x25dfdbfe, {0x0, 0x0, 0x74, r5, 0x59808, 0x55007}, [@IFLA_IFNAME={0x14, 0x3, 'veth1_macvtap\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x4802}, 0x4000010)
ioctl$sock_bt_bnep_BNEPGETCONNINFO(r6, 0x800442d3, &(0x7f00000002c0)={0x2, 0x4, 0x401, @remote, 'vlan0\x00'})
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000f80), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_INTERFACE(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000540)={0x50, r7, 0x1, 0x70bd25, 0x35dfdbfb, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0x1}, @NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan0\x00'}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan1\x00'}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0102}}]}, 0x50}}, 0x4088094)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r9 = accept4(r8, 0x0, 0x0, 0x800)
sendmmsg$alg(r9, &(0x7f0000000040), 0x0, 0x40c80)
recvmsg(r9, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x70, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_PROTOINFO={0x28, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0x24, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0x2b17}, @CTA_PROTOINFO_SCTP_VTAG_ORIGINAL={0x8, 0x2, 0x1, 0x0, 0xa9}, @CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0x100}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x3}]}}, @CTA_TUPLE_REPLY={0x2c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0x98}}, 0x0)

kernel console output (not intermixed with test programs):

read write } for  pid=11604 comm="syz.5.1770" name="cdc-wdm0" dev="devtmpfs" ino=2976 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1
[  224.465236][   T40] audit: type=1400 audit(1776127254.166:591): avc:  denied  { open } for  pid=11604 comm="syz.5.1770" path="/dev/cdc-wdm0" dev="devtmpfs" ino=2976 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1
[  224.486544][   T40] audit: type=1326 audit(1776127254.186:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11604 comm="syz.5.1770" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18e1d9c819 code=0x7ffc0000
[  224.505192][   T40] audit: type=1326 audit(1776127254.186:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11604 comm="syz.5.1770" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18e1d9c819 code=0x7ffc0000
[  224.541014][T11665] Set syz1 is full, maxelem 65536 reached
[  224.545769][T11664] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1791'.
[  224.623290][T11646] random: crng reseeded on system resumption
[  224.673628][T11675] syzkaller0: entered promiscuous mode
[  224.677973][T11675] syzkaller0: entered allmulticast mode
[  224.741175][T11677] syzkaller0: entered promiscuous mode
[  224.743603][T11677] syzkaller0: entered allmulticast mode
[  224.847385][T11679] syzkaller0: entered promiscuous mode
[  224.853019][T11679] 0: reclassify loop, rule prio 0, protocol 800
[  224.872015][T11681] ptrace attach of "/syz-executor exec"[9832] was attempted by ""[11681]
[  225.103230][T11691] sctp: [Deprecated]: syz.0.1799 (pid 11691) Use of struct sctp_assoc_value in delayed_ack socket option.
[  225.103230][T11691] Use struct sctp_sack_info instead
[  225.137417][T11694] Set syz1 is full, maxelem 65536 reached
[  225.242758][T11701] fuse: Unknown parameter 'L§Kšø5Cøde�“©™‡‰t¢|»Ø~Ï°çbdÅæÌ<]}œ…ôµK8ÇõY[ÿil:ZÇveŒ·6ï(òR"¾ÅÕö„ÆáB£CmWA¼V�:ô|IîêÄÛ"‚/e(à(ñ9˜sÔNæ‚0x0000000000000003'
[  225.322814][T11703] syzkaller0: entered promiscuous mode
[  225.326941][T11703] syzkaller0: entered allmulticast mode
[  225.603799][T11707] ptrace attach of "/syz-executor exec"[9832] was attempted by ""[11707]
[  225.688446][T11709] xt_hashlimit: size too large, truncated to 1048576
[  225.847328][T11715] overlayfs: option "index=on" is useless in a non-upper mount, ignore
[  225.851080][T11715] overlayfs: missing 'lowerdir'
[  225.978157][T11724] Set syz1 is full, maxelem 65536 reached
[  226.043732][T11728] syzkaller0: entered promiscuous mode
[  226.046877][T11728] syzkaller0: entered allmulticast mode
[  226.247121][  T832] usb 10-1: USB disconnect, device number 3
[  226.373335][T11744] IPVS: persistence engine module ip_vs_pe_s not found
[  226.430844][T11752] devpts: Bad value for 'max'
[  226.619989][T11775] ptrace attach of "/syz-executor exec"[5938] was attempted by ""[11775]
[  226.815436][ T5986] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  226.944628][T11796] usb usb8: usbfs: process 11796 (syz.5.1835) did not claim interface 0 before use
[  226.985343][ T5986] usb 9-1: Using ep0 maxpacket: 8
[  226.988720][ T5986] usb 9-1: config 0 has an invalid interface number: 55 but max is 0
[  226.991794][ T5986] usb 9-1: config 0 has no interface number 0
[  226.994598][ T5986] usb 9-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  226.999221][ T5986] usb 9-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  227.003018][ T5986] usb 9-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  227.007195][ T5986] usb 9-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  227.011992][ T5986] usb 9-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  227.015913][ T5986] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.016562][T11796] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1835'.
[  227.020009][ T5986] usb 9-1: config 0 descriptor??
[  227.029865][ T5986] ldusb 9-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  227.071356][T11804] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  227.082015][ T5946] Bluetooth: hci4: unexpected event for opcode 0x0401
[  227.234403][T11813] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1838'.
[  227.285222][ T1455] usb 9-1: USB disconnect, device number 7
[  227.297538][ T1455] ldusb 9-1:0.55: LD USB Device #0 now disconnected
[  227.373655][T11820] syzkaller0: entered promiscuous mode
[  227.379749][T11820] 0: reclassify loop, rule prio 0, protocol 800
[  227.471270][T11826] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1842'.
[  227.474326][T11826] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1842'.
[  227.692559][T11833] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=276 sclass=netlink_tcpdiag_socket pid=11833 comm=syz.0.1844
[  227.809320][T11835] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  227.812307][T11835] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  227.816206][T11835] vhci_hcd vhci_hcd.0: Device attached
[  227.818906][T11836] usbip_core: unknown command
[  227.820569][T11836] vhci_hcd: unknown pdu 0
[  227.821851][T11836] usbip_core: unknown command
[  227.823822][ T7603] vhci_hcd vhci_hcd.0: stop threads
[  227.826334][ T7603] vhci_hcd vhci_hcd.0: release socket
[  227.828436][ T7603] vhci_hcd vhci_hcd.0: disconnect device
[  228.342061][T11839] netlink: 'syz.2.1846': attribute type 21 has an invalid length.
[  228.392558][T11848] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  228.397869][ T5944] Bluetooth: hci0: unexpected event for opcode 0x0401
[  228.585304][T11858] syzkaller0: entered promiscuous mode
[  228.595508][ T5944] Bluetooth: hci1: command 0x0406 tx timeout
[  228.600935][T11858] 0: reclassify loop, rule prio 0, protocol 800
[  228.821638][T11881] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1859'.
[  229.243763][T11887] tmpfs: Bad value for 'mpol'
[  229.413533][T11892] hpfs: Bad magic ... probably not HPFS
[  229.422417][T11892] hpfs: Bad magic ... probably not HPFS
[  229.479205][T11894] syzkaller0: entered promiscuous mode
[  229.486235][T11894] 0: reclassify loop, rule prio 0, protocol 800
[  229.685894][T11909] TCP: TCP_TX_DELAY enabled
[  229.790365][ T5941] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  229.793881][ T5941] CPU: 1 UID: 0 PID: 5941 Comm: kworker/u33:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  229.793909][ T5941] Tainted: [L]=SOFTLOCKUP
[  229.793915][ T5941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  229.793988][ T5941] Workqueue: hci0 hci_rx_work
[  229.794017][ T5941] Call Trace:
[  229.794023][ T5941]  <TASK>
[  229.794031][ T5941]  dump_stack_lvl+0x100/0x190
[  229.794114][ T5941]  sysfs_warn_dup.cold+0x1c/0x28
[  229.794194][ T5941]  sysfs_create_dir_ns+0x24b/0x2b0
[  229.794224][ T5941]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  229.794300][ T5941]  ? find_held_lock+0x2b/0x80
[  229.794376][ T5941]  ? kobject_add_internal+0x25f/0x930
[  229.794398][ T5941]  ? kobject_add_internal+0x25f/0x930
[  229.794485][ T5941]  ? do_raw_spin_unlock+0x145/0x1e0
[  229.794510][ T5941]  kobject_add_internal+0x2c8/0x930
[  229.794590][ T5941]  kobject_add+0x16a/0x1e0
[  229.794611][ T5941]  ? __pfx_kobject_add+0x10/0x10
[  229.794632][ T5941]  ? class_to_subsys+0x10f/0x150
[  229.794762][ T5941]  ? kobject_put+0xb9/0x640
[  229.794782][ T5941]  ? _raw_spin_unlock+0x28/0x50
[  229.794869][ T5941]  device_add+0x294/0x1950
[  229.795087][ T5941]  ? __pfx_dev_set_name+0x10/0x10
[  229.795141][ T5941]  ? __pfx_device_add+0x10/0x10
[  229.795270][ T5941]  ? mgmt_send_event_skb+0x2fb/0x460
[  229.795304][ T5941]  hci_conn_add_sysfs+0x1a3/0x260
[  229.795450][ T5941]  le_conn_complete_evt+0x11eb/0x1f60
[  229.795621][ T5941]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  229.795653][ T5941]  hci_le_conn_complete_evt+0x23c/0x3a0
[  229.795784][ T5941]  ? skb_pull_data+0x15f/0x1e0
[  229.795809][ T5941]  hci_le_meta_evt+0x34a/0x5f0
[  229.795885][ T5941]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  229.795960][ T5941]  hci_event_packet+0x51c/0xcd0
[  229.795986][ T5941]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  229.796062][ T5941]  ? __pfx_hci_event_packet+0x10/0x10
[  229.796090][ T5941]  ? kcov_remote_start+0x374/0x660
[  229.796183][ T5941]  ? lockdep_hardirqs_on+0x78/0x100
[  229.796267][ T5941]  hci_rx_work+0x451/0xfc0
[  229.796292][ T5941]  process_one_work+0xa23/0x19a0
[  229.796363][ T5941]  ? __pfx_process_one_work+0x10/0x10
[  229.796387][ T5941]  ? __pfx_hci_rx_work+0x10/0x10
[  229.796487][ T5941]  worker_thread+0x5ef/0xe50
[  229.796555][ T5941]  ? kthread+0x13a/0x450
[  229.796571][ T5941]  ? __pfx_worker_thread+0x10/0x10
[  229.796587][ T5941]  kthread+0x370/0x450
[  229.796645][ T5941]  ? __pfx_kthread+0x10/0x10
[  229.796664][ T5941]  ret_from_fork+0x754/0xd80
[  229.796809][ T5941]  ? __pfx_ret_from_fork+0x10/0x10
[  229.796828][ T5941]  ? __switch_to+0x7b4/0x1120
[  229.796890][ T5941]  ? __pfx_kthread+0x10/0x10
[  229.796907][ T5941]  ret_from_fork_asm+0x1a/0x30
[  229.796975][ T5941]  </TASK>
[  229.800939][T11926] syzkaller0: entered promiscuous mode
[  229.804011][ T5941] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  229.806544][T11926] syzkaller0: entered allmulticast mode
[  229.808136][ T5941] Bluetooth: hci0: failed to register connection device
[  229.925333][T11933] tipc: Started in network mode
[  229.931312][T11933] tipc: Node identity ac14140f, cluster identity 4711
[  229.938099][T11933] tipc: Enabled bearer <udp:syz2>, priority 10
[  230.144782][T11945] sctp: [Deprecated]: syz.4.1876 (pid 11945) Use of struct sctp_assoc_value in delayed_ack socket option.
[  230.144782][T11945] Use struct sctp_sack_info instead
[  230.225990][   T29] hid_parser_main: 7 callbacks suppressed
[  230.226066][   T29] hid-generic 0005:00B6:0009.0008: unknown main item tag 0x0
[  230.230959][   T29] hid-generic 0005:00B6:0009.0008: unknown main item tag 0x0
[  230.233395][   T29] hid-generic 0005:00B6:0009.0008: unknown main item tag 0x0
[  230.235883][   T29] hid-generic 0005:00B6:0009.0008: unknown main item tag 0x0
[  230.238217][   T29] hid-generic 0005:00B6:0009.0008: unknown main item tag 0x0
[  230.240705][   T29] hid-generic 0005:00B6:0009.0008: unknown main item tag 0x0
[  230.243386][   T29] hid-generic 0005:00B6:0009.0008: unknown main item tag 0x0
[  230.246707][   T29] hid-generic 0005:00B6:0009.0008: unknown main item tag 0x0
[  230.249413][   T29] hid-generic 0005:00B6:0009.0008: unknown main item tag 0x0
[  230.251831][   T29] hid-generic 0005:00B6:0009.0008: unknown main item tag 0x0
[  230.279034][   T29] hid-generic 0005:00B6:0009.0008: hidraw1: BLUETOOTH HID v1ade12.f3 Device [syz0] on syz1
[  230.321189][T11950] fido_id[11950]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  230.334859][T11952] Set syz1 is full, maxelem 65536 reached
[  230.345548][T11947] netlink: 'syz.5.1880': attribute type 4 has an invalid length.
[  230.377785][T11954] overlay: Bad value for 'workdir'
[  230.401929][T11956] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  230.459280][ T5941] Bluetooth: hci4: unexpected event for opcode 0x0401
[  230.719593][T11969] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1886'.
[  230.722526][T11969] netlink: 'syz.0.1886': attribute type 6 has an invalid length.
[  230.725348][T11969] netlink: 'syz.0.1886': attribute type 5 has an invalid length.
[  230.728583][T11969] netlink: 'syz.0.1886': attribute type 4 has an invalid length.
[  230.733037][T11969] fuse: Unknown parameter '0xffffffffffffffff0xffffffffffffffff'
[  230.737717][   T40] kauditd_printk_skb: 1153 callbacks suppressed
[  230.737730][   T40] audit: type=1400 audit(1776127260.436:1747): avc:  denied  { ioctl } for  pid=11968 comm="syz.0.1886" path="socket:[37668]" dev="sockfs" ino=37668 ioctlcmd=0xf50d scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  230.822160][   T40] audit: type=1400 audit(1776127260.516:1748): avc:  denied  { bind } for  pid=11971 comm="syz.0.1887" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  230.827305][T11972] overlayfs: upper fs does not support tmpfile.
[  230.925107][   T39] tipc: Node number set to 2886997007
[  230.949197][T11991] Set syz1 is full, maxelem 65536 reached
[  230.987788][T11994] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1892'.
[  231.182720][T12004] syzkaller0: entered promiscuous mode
[  231.185208][T12004] syzkaller0: entered allmulticast mode
[  231.273335][T12007] openvswitch: netlink: Key type 51 is out of range max 32
[  231.486982][T12025] sctp: [Deprecated]: syz.5.1897 (pid 12025) Use of struct sctp_assoc_value in delayed_ack socket option.
[  231.486982][T12025] Use struct sctp_sack_info instead
[  231.652076][T12040] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1905'.
[  231.799044][T12042] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1906'.
[  232.148240][T12049] fuse: Unknown parameter 'vLh¶n9)èi×bhpd'
[  232.185002][   T40] audit: type=1400 audit(1776127261.866:1749): avc:  denied  { recv } for  pid=5927 comm="syz-executor" saddr=127.0.0.1 src=59320 daddr=127.0.0.1 dest=30000 netif=lo scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  232.214645][   T40] audit: type=1400 audit(1776127261.876:1750): avc:  denied  { recv } for  pid=5927 comm="syz-executor" saddr=127.0.0.1 src=30000 daddr=127.0.0.1 dest=59320 netif=lo scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  232.237156][T12058] netlink: 'syz.0.1912': attribute type 1 has an invalid length.
[  232.271888][T12058] 8021q: adding VLAN 0 to HW filter on device bond3
[  232.321594][T12058] bond3: (slave veth7): Enslaving as an active interface with a down link
[  232.331746][T12063] netlink: 99 bytes leftover after parsing attributes in process `syz.5.1911'.
[  232.481281][T12071] ptrace attach of "/syz-executor exec"[5939] was attempted by ""[12071]
[  232.491058][   T40] audit: type=1400 audit(1776127262.186:1751): avc:  denied  { create } for  pid=12070 comm="syz.0.1915" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  232.506598][   T40] audit: type=1400 audit(1776127262.186:1752): avc:  denied  { bind } for  pid=12070 comm="syz.0.1915" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  232.515819][   T40] audit: type=1400 audit(1776127262.186:1753): avc:  denied  { setopt } for  pid=12070 comm="syz.0.1915" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  232.524854][   T40] audit: type=1400 audit(1776127262.186:1754): avc:  denied  { accept } for  pid=12070 comm="syz.0.1915" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  232.534101][   T40] audit: type=1400 audit(1776127262.186:1755): avc:  denied  { read } for  pid=12070 comm="syz.0.1915" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  232.621000][T12076] syzkaller0: entered promiscuous mode
[  232.623868][T12076] syzkaller0: entered allmulticast mode
[  232.820541][T12082] fuse: Bad value for 'fd'
[  232.920651][   T40] audit: type=1400 audit(1776127262.616:1756): avc:  denied  { write } for  pid=12093 comm="syz.0.1921" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  233.112214][T12099] syzkaller0: entered promiscuous mode
[  233.117478][T12099] 0: reclassify loop, rule prio 0, protocol 800
[  233.300292][T12124] Set syz1 is full, maxelem 65536 reached
[  233.483282][T12145] syzkaller0: entered promiscuous mode
[  233.490288][T12145] 0: reclassify loop, rule prio 0, protocol 800
[  233.593895][T12154] macvtap1: entered promiscuous mode
[  233.605280][T12154] macvtap1: entered allmulticast mode
[  233.607724][T12154] veth1_vlan: entered allmulticast mode
[  233.658343][T12156] Set syz1 is full, maxelem 65536 reached
[  233.717169][T12158] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1941'.
[  233.900537][T12164] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  233.904736][T12164] cramfs: wrong magic
[  234.029881][T12173] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1947'.
[  234.032722][T12176] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  234.033330][T12177] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  234.041609][T12173] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1947'.
[  234.051091][T12173] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1947'.
[  234.055373][   T39] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  234.057246][T12173] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1947'.
[  234.063841][T12173] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1947'.
[  234.068670][T12173] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1947'.
[  234.072943][T12173] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1947'.
[  234.076709][T12173] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1947'.
[  234.156508][T12187] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  234.185345][   T39] usb 10-1: device descriptor read/64, error -71
[  234.199466][T12190] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  234.319442][ T5941] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  234.324266][ T5941] CPU: 2 UID: 0 PID: 5941 Comm: kworker/u33:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  234.324302][ T5941] Tainted: [L]=SOFTLOCKUP
[  234.324309][ T5941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  234.324324][ T5941] Workqueue: hci3 hci_rx_work
[  234.324354][ T5941] Call Trace:
[  234.324362][ T5941]  <TASK>
[  234.324370][ T5941]  dump_stack_lvl+0x100/0x190
[  234.324409][ T5941]  sysfs_warn_dup.cold+0x1c/0x28
[  234.324437][ T5941]  sysfs_create_dir_ns+0x24b/0x2b0
[  234.324469][ T5941]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  234.324506][ T5941]  ? find_held_lock+0x2b/0x80
[  234.324529][ T5941]  ? kobject_add_internal+0x25f/0x930
[  234.324548][ T5941]  ? kobject_add_internal+0x25f/0x930
[  234.324569][ T5941]  ? do_raw_spin_unlock+0x145/0x1e0
[  234.324594][ T5941]  kobject_add_internal+0x2c8/0x930
[  234.324619][ T5941]  kobject_add+0x16a/0x1e0
[  234.324638][ T5941]  ? __pfx_kobject_add+0x10/0x10
[  234.324656][ T5941]  ? class_to_subsys+0x10f/0x150
[  234.324682][ T5941]  ? kobject_put+0xb9/0x640
[  234.324698][ T5941]  ? _raw_spin_unlock+0x28/0x50
[  234.324731][ T5941]  device_add+0x294/0x1950
[  234.324754][ T5941]  ? __pfx_dev_set_name+0x10/0x10
[  234.324782][ T5941]  ? __pfx_device_add+0x10/0x10
[  234.324806][ T5941]  ? mgmt_send_event_skb+0x2fb/0x460
[  234.324836][ T5941]  hci_conn_add_sysfs+0x1a3/0x260
[  234.324865][ T5941]  le_conn_complete_evt+0x11eb/0x1f60
[  234.324898][ T5941]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  234.324949][ T5941]  hci_le_conn_complete_evt+0x23c/0x3a0
[  234.324980][ T5941]  ? skb_pull_data+0x15f/0x1e0
[  234.325004][ T5941]  hci_le_meta_evt+0x34a/0x5f0
[  234.325033][ T5941]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  234.325061][ T5941]  hci_event_packet+0x51c/0xcd0
[  234.325084][ T5941]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  234.325110][ T5941]  ? __pfx_hci_event_packet+0x10/0x10
[  234.325135][ T5941]  ? kcov_remote_start+0x374/0x660
[  234.325160][ T5941]  ? lockdep_hardirqs_on+0x78/0x100
[  234.325192][ T5941]  hci_rx_work+0x451/0xfc0
[  234.325220][ T5941]  process_one_work+0xa23/0x19a0
[  234.325257][ T5941]  ? __pfx_process_one_work+0x10/0x10
[  234.325288][ T5941]  ? __pfx_hci_rx_work+0x10/0x10
[  234.325315][ T5941]  worker_thread+0x5ef/0xe50
[  234.325345][ T5941]  ? kthread+0x13a/0x450
[  234.325362][ T5941]  ? __pfx_worker_thread+0x10/0x10
[  234.325381][ T5941]  kthread+0x370/0x450
[  234.325400][ T5941]  ? __pfx_kthread+0x10/0x10
[  234.325420][ T5941]  ret_from_fork+0x754/0xd80
[  234.325442][ T5941]  ? __pfx_ret_from_fork+0x10/0x10
[  234.325465][ T5941]  ? __switch_to+0x7b4/0x1120
[  234.325503][ T5941]  ? __pfx_kthread+0x10/0x10
[  234.325526][ T5941]  ret_from_fork_asm+0x1a/0x30
[  234.325571][ T5941]  </TASK>
[  234.442637][ T5941] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  234.449737][ T5941] Bluetooth: hci3: failed to register connection device
[  234.453204][T12210] ptrace attach of "/syz-executor exec"[5939] was attempted by ""[12210]
[  234.456333][   T39] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  234.526859][T12221] syzkaller0: entered promiscuous mode
[  234.529314][T12221] syzkaller0: entered allmulticast mode
[  234.575501][T12226] macsec2: entered promiscuous mode
[  234.579318][T12226] macsec2: entered allmulticast mode
[  234.605068][   T39] usb 10-1: device descriptor read/64, error -71
[  234.637093][T12233] netlink: 'syz.0.1965': attribute type 1 has an invalid length.
[  234.717044][   T39] usb usb10-port1: attempt power cycle
[  234.723568][T12245] Set syz1 is full, maxelem 65536 reached
[  234.787435][ T5941] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  234.791832][ T5941] CPU: 2 UID: 0 PID: 5941 Comm: kworker/u33:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  234.791896][ T5941] Tainted: [L]=SOFTLOCKUP
[  234.791908][ T5941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  234.791928][ T5941] Workqueue: hci0 hci_rx_work
[  234.791971][ T5941] Call Trace:
[  234.791980][ T5941]  <TASK>
[  234.791993][ T5941]  dump_stack_lvl+0x100/0x190
[  234.792044][ T5941]  sysfs_warn_dup.cold+0x1c/0x28
[  234.792088][ T5941]  sysfs_create_dir_ns+0x24b/0x2b0
[  234.792132][ T5941]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  234.792173][ T5941]  ? find_held_lock+0x2b/0x80
[  234.792208][ T5941]  ? kobject_add_internal+0x25f/0x930
[  234.792240][ T5941]  ? kobject_add_internal+0x25f/0x930
[  234.792277][ T5941]  ? do_raw_spin_unlock+0x145/0x1e0
[  234.792314][ T5941]  kobject_add_internal+0x2c8/0x930
[  234.792351][ T5941]  kobject_add+0x16a/0x1e0
[  234.792382][ T5941]  ? __pfx_kobject_add+0x10/0x10
[  234.792409][ T5941]  ? class_to_subsys+0x10f/0x150
[  234.792448][ T5941]  ? kobject_put+0xb9/0x640
[  234.792475][ T5941]  ? _raw_spin_unlock+0x28/0x50
[  234.792523][ T5941]  device_add+0x294/0x1950
[  234.792556][ T5941]  ? __pfx_dev_set_name+0x10/0x10
[  234.792593][ T5941]  ? __pfx_device_add+0x10/0x10
[  234.792626][ T5941]  ? mgmt_send_event_skb+0x2fb/0x460
[  234.792683][ T5941]  hci_conn_add_sysfs+0x1a3/0x260
[  234.792726][ T5941]  le_conn_complete_evt+0x11eb/0x1f60
[  234.792774][ T5941]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  234.792825][ T5941]  hci_le_conn_complete_evt+0x23c/0x3a0
[  234.792867][ T5941]  ? skb_pull_data+0x15f/0x1e0
[  234.792905][ T5941]  hci_le_meta_evt+0x34a/0x5f0
[  234.792945][ T5941]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  234.792987][ T5941]  hci_event_packet+0x51c/0xcd0
[  234.793024][ T5941]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  234.793066][ T5941]  ? __pfx_hci_event_packet+0x10/0x10
[  234.793220][ T5941]  ? kcov_remote_start+0x374/0x660
[  234.793261][ T5941]  ? lockdep_hardirqs_on+0x78/0x100
[  234.793317][ T5941]  hci_rx_work+0x451/0xfc0
[  234.793365][ T5941]  process_one_work+0xa23/0x19a0
[  234.793412][ T5941]  ? __pfx_process_one_work+0x10/0x10
[  234.793454][ T5941]  ? __pfx_hci_rx_work+0x10/0x10
[  234.793494][ T5941]  worker_thread+0x5ef/0xe50
[  234.793540][ T5941]  ? kthread+0x13a/0x450
[  234.793564][ T5941]  ? __pfx_worker_thread+0x10/0x10
[  234.793591][ T5941]  kthread+0x370/0x450
[  234.793616][ T5941]  ? __pfx_kthread+0x10/0x10
[  234.793652][ T5941]  ret_from_fork+0x754/0xd80
[  234.793688][ T5941]  ? __pfx_ret_from_fork+0x10/0x10
[  234.793725][ T5941]  ? __switch_to+0x7b4/0x1120
[  234.793763][ T5941]  ? __pfx_kthread+0x10/0x10
[  234.793797][ T5941]  ret_from_fork_asm+0x1a/0x30
[  234.793858][ T5941]  </TASK>
[  234.793928][ T5941] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  234.855871][T12260] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  234.937278][ T5941] Bluetooth: hci0: failed to register connection device
[  234.980916][T12276] cgroup: none used incorrectly
[  235.065469][   T39] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  235.073695][T12282] 8021q: VLANs not supported on gre0
[  235.079349][T12282] x_tables: ip_tables: osf.0 match: invalid size 48 (kernel) != (user) 4096
[  235.086077][   T39] usb 10-1: device descriptor read/8, error -71
[  235.132006][T12284] netlink: 'syz.0.1981': attribute type 1 has an invalid length.
[  235.179140][T12284] 8021q: adding VLAN 0 to HW filter on device bond4
[  235.200438][T12284] bond4: (slave geneve2): making interface the new active one
[  235.205598][T12284] bond4: (slave geneve2): Enslaving as an active interface with an up link
[  235.209740][  T102] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0
[  235.214548][  T102] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0
[  235.218593][ T7604] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0
[  235.223198][ T7604] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0
[  235.325110][   T39] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[  235.357071][   T39] usb 10-1: device descriptor read/8, error -71
[  235.467402][   T39] usb usb10-port1: unable to enumerate USB device
[  235.552688][T12317] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  235.620399][T12319] overlayfs: failed to resolve './bus': -2
[  235.722920][T12329] ptrace attach of "/syz-executor exec"[9832] was attempted by ""[12329]
[  235.830287][T12330] overlayfs: failed to resolve './file1': -2
[  235.923983][ T5941] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  235.929214][ T5941] CPU: 2 UID: 0 PID: 5941 Comm: kworker/u33:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  235.929249][ T5941] Tainted: [L]=SOFTLOCKUP
[  235.929256][ T5941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  235.929273][ T5941] Workqueue: hci0 hci_rx_work
[  235.929305][ T5941] Call Trace:
[  235.929313][ T5941]  <TASK>
[  235.929322][ T5941]  dump_stack_lvl+0x100/0x190
[  235.929356][ T5941]  sysfs_warn_dup.cold+0x1c/0x28
[  235.929382][ T5941]  sysfs_create_dir_ns+0x24b/0x2b0
[  235.929414][ T5941]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  235.929439][ T5941]  ? find_held_lock+0x2b/0x80
[  235.929461][ T5941]  ? kobject_add_internal+0x25f/0x930
[  235.929485][ T5941]  ? kobject_add_internal+0x25f/0x930
[  235.929508][ T5941]  ? do_raw_spin_unlock+0x145/0x1e0
[  235.929531][ T5941]  kobject_add_internal+0x2c8/0x930
[  235.929556][ T5941]  kobject_add+0x16a/0x1e0
[  235.929578][ T5941]  ? __pfx_kobject_add+0x10/0x10
[  235.929598][ T5941]  ? class_to_subsys+0x10f/0x150
[  235.929623][ T5941]  ? kobject_put+0xb9/0x640
[  235.929642][ T5941]  ? _raw_spin_unlock+0x28/0x50
[  235.929674][ T5941]  device_add+0x294/0x1950
[  235.929689][ T5941]  ? __pfx_dev_set_name+0x10/0x10
[  235.929705][ T5941]  ? __pfx_device_add+0x10/0x10
[  235.929729][ T5941]  ? mgmt_send_event_skb+0x2fb/0x460
[  235.929752][ T5941]  hci_conn_add_sysfs+0x1a3/0x260
[  235.929775][ T5941]  le_conn_complete_evt+0x11eb/0x1f60
[  235.929799][ T5941]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  235.929822][ T5941]  hci_le_conn_complete_evt+0x23c/0x3a0
[  235.929843][ T5941]  ? skb_pull_data+0x15f/0x1e0
[  235.929859][ T5941]  hci_le_meta_evt+0x34a/0x5f0
[  235.929876][ T5941]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  235.929895][ T5941]  hci_event_packet+0x51c/0xcd0
[  235.929910][ T5941]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  235.929928][ T5941]  ? __pfx_hci_event_packet+0x10/0x10
[  235.929945][ T5941]  ? kcov_remote_start+0x374/0x660
[  235.929962][ T5941]  ? lockdep_hardirqs_on+0x78/0x100
[  235.929986][ T5941]  hci_rx_work+0x451/0xfc0
[  235.930010][ T5941]  process_one_work+0xa23/0x19a0
[  235.930041][ T5941]  ? __pfx_process_one_work+0x10/0x10
[  235.930070][ T5941]  ? __pfx_hci_rx_work+0x10/0x10
[  235.930095][ T5941]  worker_thread+0x5ef/0xe50
[  235.930120][ T5941]  ? kthread+0x13a/0x450
[  235.930134][ T5941]  ? __pfx_worker_thread+0x10/0x10
[  235.930150][ T5941]  kthread+0x370/0x450
[  235.930166][ T5941]  ? __pfx_kthread+0x10/0x10
[  235.930183][ T5941]  ret_from_fork+0x754/0xd80
[  235.930207][ T5941]  ? __pfx_ret_from_fork+0x10/0x10
[  235.930231][ T5941]  ? __switch_to+0x7b4/0x1120
[  235.930253][ T5941]  ? __pfx_kthread+0x10/0x10
[  235.930275][ T5941]  ret_from_fork_asm+0x1a/0x30
[  235.930314][ T5941]  </TASK>
[  235.930340][ T5941] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  236.028705][   T40] kauditd_printk_skb: 48 callbacks suppressed
[  236.028724][   T40] audit: type=1400 audit(1776127265.726:1805): avc:  denied  { create } for  pid=12363 comm="syz.4.2002" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  236.045956][ T5941] Bluetooth: hci0: failed to register connection device
[  236.047315][   T40] audit: type=1400 audit(1776127265.726:1806): avc:  denied  { ioctl } for  pid=12363 comm="syz.4.2002" path="socket:[41320]" dev="sockfs" ino=41320 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  236.091373][   T40] audit: type=1400 audit(1776127265.736:1807): avc:  denied  { bind } for  pid=12363 comm="syz.4.2002" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  236.620123][   T40] audit: type=1400 audit(1776127266.316:1808): avc:  denied  { mount } for  pid=12392 comm="syz.0.2012" name="/" dev="autofs" ino=39719 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  237.022259][T12410] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=12410 comm=syz.5.2017
[  237.095933][T12417] syzkaller0: entered promiscuous mode
[  237.098328][T12417] syzkaller0: entered allmulticast mode
[  237.532738][   T40] audit: type=1400 audit(1776127267.226:1809): avc:  denied  { create } for  pid=12434 comm="syz.0.2026" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1
[  237.620812][   T40] audit: type=1400 audit(1776127267.316:1810): avc:  denied  { create } for  pid=12451 comm="syz.5.2031" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  237.630574][   T40] audit: type=1400 audit(1776127267.316:1811): avc:  denied  { write } for  pid=12451 comm="syz.5.2031" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  237.695465][T12456] syzkaller0: entered promiscuous mode
[  237.698050][T12456] syzkaller0: entered allmulticast mode
[  237.937164][T12477] __nla_validate_parse: 37 callbacks suppressed
[  237.937187][T12477] netlink: 88 bytes leftover after parsing attributes in process `syz.4.2036'.
[  238.053549][T12487] x_tables: duplicate underflow at hook 1
[  238.098443][T12492] loop6: detected capacity change from 0 to 524288000
[  238.250663][T12500] syzkaller0: entered promiscuous mode
[  238.253360][T12500] syzkaller0: entered allmulticast mode
[  238.432877][T12509] mmap: syz.0.2047 (12509) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  238.485335][   T40] audit: type=1400 audit(1776127268.186:1812): avc:  denied  { wake_alarm } for  pid=12512 comm="syz.0.2048" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  238.637369][T12518] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2050'.
[  238.649720][T12518] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2050'.
[  238.817199][T12523] netlink: 212348 bytes leftover after parsing attributes in process `syz.5.2052'.
[  238.824102][T12523] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2052'.
[  238.911478][T12539] net_ratelimit: 1 callbacks suppressed
[  238.911500][T12539] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  238.956581][T12541] FAULT_INJECTION: forcing a failure.
[  238.956581][T12541] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  238.965690][T12541] CPU: 3 UID: 0 PID: 12541 Comm: syz.5.2055 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  238.965719][T12541] Tainted: [L]=SOFTLOCKUP
[  238.965725][T12541] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  238.965735][T12541] Call Trace:
[  238.965741][T12541]  <TASK>
[  238.965748][T12541]  dump_stack_lvl+0x100/0x190
[  238.965780][T12541]  should_fail_ex.cold+0x5/0xa
[  238.965850][T12541]  _copy_from_user+0x2e/0xd0
[  238.965870][T12541]  copy_msghdr_from_user+0x9f/0x4f0
[  238.965891][T12541]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  238.965921][T12541]  ___sys_sendmsg+0x106/0x1e0
[  238.965941][T12541]  ? __pfx____sys_sendmsg+0x10/0x10
[  238.965986][T12541]  __sys_sendmsg+0x170/0x220
[  238.966010][T12541]  ? __pfx___sys_sendmsg+0x10/0x10
[  238.966047][T12541]  do_syscall_64+0x106/0xf80
[  238.966064][T12541]  ? clear_bhb_loop+0x40/0x90
[  238.966084][T12541]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  238.966101][T12541] RIP: 0033:0x7f18e1d9c819
[  238.966117][T12541] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  238.966132][T12541] RSP: 002b:00007f18e2c7e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  238.966149][T12541] RAX: ffffffffffffffda RBX: 00007f18e2016090 RCX: 00007f18e1d9c819
[  238.966159][T12541] RDX: 008bb3a301eb085f RSI: 0000200000000280 RDI: 0000000000000003
[  238.966169][T12541] RBP: 00007f18e2c7e090 R08: 0000000000000000 R09: 0000000000000000
[  238.966179][T12541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  238.966188][T12541] R13: 00007f18e2016128 R14: 00007f18e2016090 R15: 00007ffd1402d4b8
[  238.966210][T12541]  </TASK>
[  239.104915][T12550] overlayfs: failed to clone upperpath
[  239.107178][T12549] syzkaller0: entered promiscuous mode
[  239.113231][T12549] 0: reclassify loop, rule prio 0, protocol 800
[  239.162309][T12552] nbd: couldn't find device at index -2127233020
[  239.250384][T12555] netlink: 762 bytes leftover after parsing attributes in process `syz.5.2062'.
[  239.352529][ T5946] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  239.360181][ T5946] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  239.367032][ T5946] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  239.373636][ T5946] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  239.381058][ T5946] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  239.518986][ T8215] raw-gadget.0 gadget.2: failed to queue disconnect event
[  239.545134][ T1464] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[  239.583511][T12567] tipc: Failed to remove unknown binding: 66,0,0/0:1736233371/1736233372
[  239.594649][T12567] tipc: Failed to remove unknown binding: 66,0,0/0:1736233371/1736233372
[  239.654755][  T180] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  239.661759][  T180] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.668057][  T180] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0
[  239.695157][ T1464] usb 10-1: Using ep0 maxpacket: 32
[  239.699478][ T1464] usb 10-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  239.703938][ T1464] usb 10-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  239.704481][T12558] chnl_net:caif_netlink_parms(): no params data found
[  239.710654][ T1464] usb 10-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  239.717999][ T1464] usb 10-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  239.724471][ T1464] usb 10-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  239.728677][ T1464] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  239.731766][ T1464] usb 10-1: Product: syz
[  239.733331][ T1464] usb 10-1: Manufacturer: syz
[  239.735355][ T1464] usb 10-1: SerialNumber: syz
[  239.746787][    C2] imon 10-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  239.760799][ T1464] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:155.0/input/input12
[  239.797090][  T180] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  239.801804][  T180] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.807536][   T40] audit: type=1400 audit(1776127269.506:1813): avc:  denied  { mounton } for  pid=12577 comm="syz.0.2067" path="/572/file0" dev="tmpfs" ino=2998 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  239.808641][  T180] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0
[  239.825040][   T40] audit: type=1400 audit(1776127269.516:1814): avc:  denied  { map } for  pid=12577 comm="syz.0.2067" path="/572/file0" dev="tmpfs" ino=2998 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  239.937623][  T180] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  239.941028][  T180] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.944429][  T180] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0
[  239.964002][T12558] bridge0: port 1(bridge_slave_0) entered blocking state
[  239.967221][T12558] bridge0: port 1(bridge_slave_0) entered disabled state
[  239.969927][T12558] bridge_slave_0: entered allmulticast mode
[  239.973168][T12558] bridge_slave_0: entered promiscuous mode
[  239.986272][T12558] bridge0: port 2(bridge_slave_1) entered blocking state
[  239.990793][T12558] bridge0: port 2(bridge_slave_1) entered disabled state
[  239.993252][T12558] bridge_slave_1: entered allmulticast mode
[  239.997360][T12558] bridge_slave_1: entered promiscuous mode
[  240.005042][ T1464] imon 10-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  240.007834][ T1464]  (id 0x00)
[  240.012568][T12595] syzkaller0: entered promiscuous mode
[  240.020002][T12595] syzkaller0: entered allmulticast mode
[  240.026646][T12593] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2069'.
[  240.037246][T12593] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=59 sclass=netlink_route_socket pid=12593 comm=syz.0.2069
[  240.047704][T12558] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  240.055611][T12558] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  240.076330][ T1464] rc_core: IR keymap rc-imon-pad not found
[  240.079436][ T1464] Registered IR keymap rc-empty
[  240.081193][ T1464] imon 10-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  240.084655][ T1464] imon 10-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  240.097595][  T180] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  240.102832][  T180] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  240.110413][  T180] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0
[  240.175762][T12558] team0: Port device team_slave_0 added
[  240.181614][T12558] team0: Port device team_slave_1 added
[  240.207279][ T1464] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:155.0/rc/rc0
[  240.210216][T12558] batman_adv: batadv0: Adding interface: batadv_slave_0
[  240.214400][ T1464] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:155.0/rc/rc0/input13
[  240.219760][T12558] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  240.219792][T12558] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  240.221501][T12558] batman_adv: batadv0: Adding interface: batadv_slave_1
[  240.231775][ T1464] imon 10-1:155.0: iMON device (15c2:ffdc, intf0) on usb<10:8> initialized
[  240.233923][T12558] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  240.256215][T12558] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  240.360712][T12558] hsr_slave_0: entered promiscuous mode
[  240.364901][T12558] hsr_slave_1: entered promiscuous mode
[  240.368953][T12558] debugfs: 'hsr0' already exists in 'hsr'
[  240.371429][T12558] Cannot create hsr debugfs directory
[  240.390534][T12557] imon:display_open: display port is already open
[  240.467163][T12614] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  240.477792][  T831] usb 10-1: USB disconnect, device number 8
[  240.595184][ T5946] Bluetooth: hci3: command 0x0405 tx timeout
[  240.660505][  T180] bond2 (unregistering): (slave geneve2): Releasing active interface
[  240.814540][  T180] bond0 (unregistering): Released all slaves
[  240.828822][  T180] bond1 (unregistering): Released all slaves
[  240.842344][  T180] bond2 (unregistering): Released all slaves
[  240.858799][  T180] bond3 (unregistering): Released all slaves
[  240.971715][  T180] tipc: Left network mode
[  241.069962][  T180] IPVS: stopping backup sync thread 8919 ...
[  241.158379][T12626] netlink: 'syz.5.2078': attribute type 10 has an invalid length.
[  241.162453][T12626] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2078'.
[  241.197991][T12626] team0: Port device geneve0 added
[  241.204556][T12626] new mount options do not match the existing superblock, will be ignored
[  241.252313][T12626] openvswitch: netlink: push_nsh: missing base or metadata attributes
[  241.257151][T12626] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  241.264514][T12626] option changes via remount are deprecated (pid=12625 comm=syz.5.2078)
[  241.488533][ T5946] Bluetooth: hci5: command tx timeout
[  241.504265][  T180] hsr_slave_0: left promiscuous mode
[  241.513934][  T180] hsr_slave_1: left promiscuous mode
[  241.524342][  T180] veth1_vlan: left allmulticast mode
[  241.527873][  T180] veth0_macvtap: left promiscuous mode
[  241.530465][  T180] veth1_vlan: left promiscuous mode
[  241.533069][  T180] veth0_vlan: left promiscuous mode
[  241.616871][T12659] fuse: Bad value for 'fd'
[  241.821239][T12659] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  241.857549][T12666] atomic_op ffff8880611f4998 conn xmit_atomic 0000000000000000
[  242.084722][T12558] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  242.103783][T12558] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  242.136979][T12558] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  242.150324][T12558] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  242.397280][T12558] 8021q: adding VLAN 0 to HW filter on device bond0
[  242.412657][T12558] 8021q: adding VLAN 0 to HW filter on device team0
[  242.433408][ T7603] bridge0: port 1(bridge_slave_0) entered blocking state
[  242.436281][ T7603] bridge0: port 1(bridge_slave_0) entered forwarding state
[  242.448143][ T7603] bridge0: port 2(bridge_slave_1) entered blocking state
[  242.450548][ T7603] bridge0: port 2(bridge_slave_1) entered forwarding state
[  242.630703][T12558] 8021q: adding VLAN 0 to HW filter on device batadv0
[  242.694674][T12558] veth0_vlan: entered promiscuous mode
[  242.708167][T12558] veth1_vlan: entered promiscuous mode
[  242.738508][T12558] veth0_macvtap: entered promiscuous mode
[  242.750333][T12558] veth1_macvtap: entered promiscuous mode
[  242.770977][T12558] batman_adv: batadv0: Interface activated: batadv_slave_0
[  242.816564][T12558] batman_adv: batadv0: Interface activated: batadv_slave_1
[  242.824095][ T7604] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  242.836667][ T7604] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  242.839995][ T7604] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  242.862465][ T7604] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  242.965791][   T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  242.975368][   T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  243.033910][ T7603] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  243.037723][ T7603] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  243.080926][   T40] kauditd_printk_skb: 2 callbacks suppressed
[  243.080945][   T40] audit: type=1400 audit(1776127272.776:1817): avc:  denied  { mounton } for  pid=12558 comm="syz-executor" path="/syzkaller.DlO7Se/syz-tmp" dev="sda1" ino=2040 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  243.129513][T12740] xt_CT: No such helper "snmp_trap"
[  243.219967][T12759] syzkaller0: entered promiscuous mode
[  243.223572][ T7604] 0: reclassify loop, rule prio 0, protocol 800
[  243.307874][T12765] Set syz1 is full, maxelem 65536 reached
[  243.348424][T12767] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  243.472676][T12770] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  243.531778][T12772] SELinux: security_context_str_to_sid („) failed with errno=-22
[  243.555205][ T5946] Bluetooth: hci5: command tx timeout
[  243.627280][T12774] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.2107'.
[  243.634269][T12774] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2107'.
[  243.640250][   T40] audit: type=1800 audit(1776127273.336:1818): pid=12774 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.2107" name="nullb0" dev="tmpfs" ino=2667 res=0 errno=0
[  243.688787][   T40] audit: type=1400 audit(1776127273.386:1819): avc:  denied  { create } for  pid=12775 comm="syz.0.2108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  243.695768][T12776] ptrace attach of "/syz-executor exec"[5939] was attempted by ""[12776]
[  243.698318][   T40] audit: type=1400 audit(1776127273.396:1820): avc:  denied  { setopt } for  pid=12775 comm="syz.0.2108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  243.739626][T12778] veth1_to_team: entered promiscuous mode
[  243.743543][   T40] audit: type=1400 audit(1776127273.436:1821): avc:  denied  { create } for  pid=12777 comm="syz.0.2109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  243.752304][   T40] audit: type=1400 audit(1776127273.436:1822): avc:  denied  { setopt } for  pid=12777 comm="syz.0.2109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  243.752718][T12777] veth1_to_team: left promiscuous mode
[  243.805828][   T40] audit: type=1400 audit(1776127273.506:1823): avc:  denied  { map } for  pid=12779 comm="syz.0.2110" path="socket:[43600]" dev="sockfs" ino=43600 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  243.816246][   T40] audit: type=1400 audit(1776127273.506:1824): avc:  denied  { accept } for  pid=12779 comm="syz.0.2110" path="socket:[43600]" dev="sockfs" ino=43600 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  243.900836][T12784] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2112'.
[  244.288217][T12787] Set syz1 is full, maxelem 65536 reached
[  244.346409][T12794] netdevsim netdevsim5 netdevsim0: entered allmulticast mode
[  244.361721][T12794] xt_hashlimit: size too large, truncated to 1048576
[  244.397525][T12798] ptrace attach of "/syz-executor exec"[9832] was attempted by ""[12798]
[  244.425421][   T40] audit: type=1400 audit(1776127274.116:1825): avc:  denied  { setattr } for  pid=12793 comm="syz.5.2116" name="TIPC" dev="sockfs" ino=41823 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  244.477259][T12802] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2118'.
[  244.490794][T12802] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2118'.
[  244.495139][T12802] block nbd0: Unsupported socket: should be TCP or UNIX.
[  244.549277][T12804] fuse: Bad value for 'rootmode'
[  244.571262][T12807] sctp: [Deprecated]: syz.4.2120 (pid 12807) Use of int in max_burst socket option.
[  244.571262][T12807] Use struct sctp_assoc_value instead
[  244.916160][T12838] syzkaller0: entered promiscuous mode
[  244.922098][T12838] 0: reclassify loop, rule prio 0, protocol 800
[  245.109991][T12851] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2135'.
[  245.231980][T12859] : entered promiscuous mode
[  245.234117][T12858] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2137'.
[  245.279913][T12864] netlink: 'syz.5.2141': attribute type 10 has an invalid length.
[  245.302475][T12864] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  245.352497][T12875] ptrace attach of "/syz-executor exec"[9832] was attempted by ""[12875]
[  245.441418][T12880] 8021q: adding VLAN 0 to HW filter on device bond2
[  245.481943][T12886] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4096 (8192 ns) > initial count (28 ns). Using initial count to start timer.
[  245.482517][T12891] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2148'.
[  245.490264][T12892] Set syz1 is full, maxelem 65536 reached
[  245.500259][T12893] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2148'.
[  245.577335][T12901] netlink: 'syz.5.2151': attribute type 3 has an invalid length.
[  245.580696][T12901] netlink: 'syz.5.2151': attribute type 1 has an invalid length.
[  245.583877][T12901] netlink: 224 bytes leftover after parsing attributes in process `syz.5.2151'.
[  245.588698][T12901] NCSI netlink: No device for ifindex 0
[  245.635402][ T5946] Bluetooth: hci5: command tx timeout
[  245.728895][T12913] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  245.758017][T12916] libceph: resolve '4' (ret=-3): failed
[  245.761286][   T40] audit: type=1400 audit(1776127275.456:1826): avc:  denied  { create } for  pid=12915 comm="syz.4.2156" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  245.761917][T12917] Set syz1 is full, maxelem 65536 reached
[  245.786227][ T5986] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  245.790087][T12922] libceph: resolve '4' (ret=-3): failed
[  245.945162][ T5986] usb 7-1: Using ep0 maxpacket: 8
[  245.949737][ T5986] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  245.965068][ T5986] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  245.970040][ T5986] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  245.974239][ T5986] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  245.985054][ T5986] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  245.995434][ T5986] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.168931][T12948] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  246.175437][T12950] netlink: 'syz.5.2165': attribute type 4 has an invalid length.
[  246.186156][T12950] .`: renamed from bond0 (while UP)
[  246.223703][ T5986] usb 7-1: GET_CAPABILITIES returned 0
[  246.226559][ T5986] usbtmc 7-1:16.0: can't read capabilities
[  246.250992][T12954] Set syz1 is full, maxelem 65536 reached
[  246.308127][T12956] netlink: 'syz.5.2169': attribute type 10 has an invalid length.
[  246.311667][T12956] team0: entered promiscuous mode
[  246.313941][T12956] team_slave_0: entered promiscuous mode
[  246.319598][T12956] team_slave_1: entered promiscuous mode
[  246.322276][T12956] geneve0: entered promiscuous mode
[  246.325402][T12956] team0: entered allmulticast mode
[  246.328514][T12956] team_slave_0: entered allmulticast mode
[  246.331412][T12956] team_slave_1: entered allmulticast mode
[  246.333967][T12956] geneve0: entered allmulticast mode
[  246.337801][T12956] bridge0: port 3(team0) entered blocking state
[  246.340809][T12956] bridge0: port 3(team0) entered disabled state
[  246.347241][T12956] bridge0: port 3(team0) entered blocking state
[  246.351320][T12956] bridge0: port 3(team0) entered forwarding state
[  246.444052][ T5986] usb 7-1: USB disconnect, device number 10
[  246.483536][T12964] .`: (slave syz_tun): Releasing backup interface
[  246.509532][T12964] bridge0: port 3(team0) entered disabled state
[  246.519108][T12966] ptrace attach of "/syz-executor exec"[12558] was attempted by ""[12966]
[  246.530225][T12964] bridge_slave_0: left allmulticast mode
[  246.533197][T12964] bridge_slave_0: left promiscuous mode
[  246.537831][T12964] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.548987][T12964] bridge_slave_1: left allmulticast mode
[  246.551033][T12964] bridge_slave_1: left promiscuous mode
[  246.553156][T12964] bridge0: port 2(bridge_slave_1) entered disabled state
[  246.564276][T12964] .`: (slave bond_slave_0): Releasing backup interface
[  246.576426][T12964] .`: (slave bond_slave_1): Releasing backup interface
[  246.587533][T12964] team_slave_0: left promiscuous mode
[  246.589520][T12964] team_slave_0: left allmulticast mode
[  246.600047][T12964] team0: Port device team_slave_0 removed
[  246.602970][ T5944] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  246.604191][T12964] team_slave_1: left promiscuous mode
[  246.608210][ T5944] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  246.609275][T12964] team_slave_1: left allmulticast mode
[  246.614372][ T5944] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  246.623144][ T5944] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  246.627598][T12964] team0: Port device team_slave_1 removed
[  246.627695][ T5944] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  246.631387][T12964] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  246.638751][T12964] batman_adv: batadv0: Removing interface: batadv_slave_0
[  246.646157][T12964] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  246.649594][T12964] batman_adv: batadv0: Removing interface: batadv_slave_1
[  246.657416][T12964] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  246.696897][T12969] tipc: Resetting bearer <eth:rose0>
[  246.771949][T12974] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12974 comm=syz.2.2175
[  246.938337][T12997] syzkaller0: entered promiscuous mode
[  246.942362][   T43] 0: reclassify loop, rule prio 0, protocol 800
[  246.989770][T12969] chnl_net:caif_netlink_parms(): no params data found
[  247.064667][T12969] bridge0: port 1(bridge_slave_0) entered blocking state
[  247.067555][T12969] bridge0: port 1(bridge_slave_0) entered disabled state
[  247.070197][T12969] bridge_slave_0: entered allmulticast mode
[  247.074050][T12969] bridge_slave_0: entered promiscuous mode
[  247.078505][T12969] bridge0: port 2(bridge_slave_1) entered blocking state
[  247.081092][T12969] bridge0: port 2(bridge_slave_1) entered disabled state
[  247.083856][T12969] bridge_slave_1: entered allmulticast mode
[  247.088921][T12969] bridge_slave_1: entered promiscuous mode
[  247.119570][T12969] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  247.126961][T12969] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  247.149937][T13011] ptrace attach of "/syz-executor exec"[10481] was attempted by ""[13011]
[  247.215969][   T70] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  247.220564][   T70] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0
[  247.254644][T12969] team0: Port device team_slave_0 added
[  247.262880][T13020] cgroup: subsys name conflicts with all
[  247.267620][T13021] cgroup: subsys name conflicts with all
[  247.282178][T12969] team0: Port device team_slave_1 added
[  247.366831][   T70] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  247.371188][   T70] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0
[  247.387400][T12969] batman_adv: batadv0: Adding interface: batadv_slave_0
[  247.389813][T12969] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  247.401763][T12969] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  247.407078][T12969] batman_adv: batadv0: Adding interface: batadv_slave_1
[  247.410806][T12969] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  247.420034][T12969] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  247.429755][T13031] macsec0: entered promiscuous mode
[  247.432169][T13031] macsec0: entered allmulticast mode
[  247.434187][T13031] veth1_macvtap: entered allmulticast mode
[  247.458063][T12969] hsr_slave_0: entered promiscuous mode
[  247.460968][T12969] hsr_slave_1: entered promiscuous mode
[  247.463247][T12969] debugfs: 'hsr0' already exists in 'hsr'
[  247.465302][T12969] Cannot create hsr debugfs directory
[  247.474730][T13035] Set syz1 is full, maxelem 65536 reached
[  247.483094][   T70] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  247.488500][   T70] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0
[  247.545918][T13037] netlink: 'syz.5.2194': attribute type 4 has an invalid length.
[  247.568079][T13037] netlink: 'syz.5.2194': attribute type 4 has an invalid length.
[  247.603674][   T70] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  247.608501][   T70] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0
[  247.655170][  T832] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  247.697747][T13042] syzkaller0: entered promiscuous mode
[  247.700080][T13042] syzkaller0: entered allmulticast mode
[  247.725261][ T5946] Bluetooth: hci5: command tx timeout
[  247.825691][  T832] usb 7-1: Using ep0 maxpacket: 16
[  247.830125][   T70] bridge_slave_1: left allmulticast mode
[  247.832553][   T70] bridge_slave_1: left promiscuous mode
[  247.836894][  T832] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 226
[  247.837646][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[  247.843454][  T832] usb 7-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  247.852691][  T832] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  247.853684][   T70] bridge_slave_0: left allmulticast mode
[  247.855738][T13045] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  247.858112][  T832] usb 7-1: Product: syz
[  247.858133][  T832] usb 7-1: Manufacturer: syz
[  247.858147][  T832] usb 7-1: SerialNumber: syz
[  247.860819][  T832] usb 7-1: config 0 descriptor??
[  247.861958][   T70] bridge_slave_0: left promiscuous mode
[  247.866726][T13029] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  247.868002][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[  247.871093][  T832] hub 7-1:0.0: bad descriptor, ignoring hub
[  247.889375][  T832] hub 7-1:0.0: probe with driver hub failed with error -5
[  247.898869][  T832] input: syz syz as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/input/input15
[  247.920309][    C0] usbtouchscreen 7-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -1
[  248.182922][   T70] dvmrp0 (unregistering): left allmulticast mode
[  248.190550][   T70] bond4 (unregistering): (slave geneve2): Releasing active interface
[  248.279108][T13029] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  248.464390][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  248.470966][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  248.477888][   T70] bond0 (unregistering): Released all slaves
[  248.486202][   T70] bond1 (unregistering): Released all slaves
[  248.498594][   T70] bond2 (unregistering): Released all slaves
[  248.519688][   T70] bond3 (unregistering): (slave veth7): Releasing active interface
[  248.525129][   T70] bond3 (unregistering): Released all slaves
[  248.540010][   T70] bond4 (unregistering): Released all slaves
[  248.686874][ T5946] Bluetooth: hci0: command tx timeout
[  248.689402][   T70] IPVS: stopping backup sync thread 11299 ...
[  248.778706][T13086] syzkaller0: entered promiscuous mode
[  248.810383][T13089] xt_hashlimit: max too large, truncated to 1048576
[  248.872264][T13092] mkiss: ax0: crc mode is auto.
[  248.878164][T13091] PM: Enabling pm_trace changes system date and time during resume.
[  248.878164][T13091] PM: Correct system time has to be restored manually after resume.
[  248.926426][T13095] x_tables: ip_tables: .0 target: invalid size 8 (kernel) != (user) 4
[  248.960764][T13095] xfrm0 speed is unknown, defaulting to 1000
[  248.967089][T13095] xfrm0 speed is unknown, defaulting to 1000
[  248.970815][T13095] xfrm0 speed is unknown, defaulting to 1000
[  248.988164][T13095] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  249.004130][T13095] xfrm0 speed is unknown, defaulting to 1000
[  249.013168][T13095] xfrm0 speed is unknown, defaulting to 1000
[  249.018376][T13095] xfrm0 speed is unknown, defaulting to 1000
[  249.022080][T13095] xfrm0 speed is unknown, defaulting to 1000
[  249.025420][T13095] xfrm0 speed is unknown, defaulting to 1000
[  249.029909][T13095] xfrm0 speed is unknown, defaulting to 1000
[  249.039583][T13100] netlink: 'syz.5.2205': attribute type 1 has an invalid length.
[  249.068646][T13100] 8021q: adding VLAN 0 to HW filter on device bond0
[  249.101319][   T40] kauditd_printk_skb: 8 callbacks suppressed
[  249.101337][   T40] audit: type=1400 audit(1776127278.796:1835): avc:  denied  { map } for  pid=13104 comm="syz.4.2206" path="/dev/video8" dev="devtmpfs" ino=976 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  249.156995][T13095] bond0: (slave veth3): Enslaving as an active interface with a down link
[  249.201366][T13096] bond0: (slave dummy0): making interface the new active one
[  249.202907][T13095] __nla_validate_parse: 11 callbacks suppressed
[  249.202927][T13095] netlink: 14 bytes leftover after parsing attributes in process `syz.5.2205'.
[  249.206476][T13096] dummy0: entered promiscuous mode
[  249.214729][T13096] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  249.249084][   T40] audit: type=1400 audit(1776127278.946:1836): avc:  denied  { setattr } for  pid=13108 comm="syz.4.2207" name="NETLINK" dev="sockfs" ino=42508 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  249.260938][   T70] hsr_slave_0: left promiscuous mode
[  249.264543][   T70] hsr_slave_1: left promiscuous mode
[  249.268343][   T70] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  249.271682][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[  249.276909][   T70] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  249.280609][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[  249.296571][   T70] veth1_to_batadv: left promiscuous mode
[  249.299016][   T70] veth0_macvtap: left promiscuous mode
[  249.301425][   T70] veth1_vlan: left promiscuous mode
[  249.303755][   T70] veth0_vlan: left promiscuous mode
[  249.332453][   T40] audit: type=1800 audit(1776127279.026:1837): pid=13109 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=set_data cause=unavailable-hash-algorithm comm="syz.4.2207" name="/" dev="sockfs" ino=42508 res=0 errno=0
[  249.529358][   T70] team0 (unregistering): Port device team_slave_1 removed
[  249.541739][   T70] team0 (unregistering): Port device team_slave_0 removed
[  249.671972][T13095] bond0: (slave dummy0): Releasing active interface
[  249.675300][T13095] dummy0 (unregistering): left promiscuous mode
[  249.699806][T12969] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  249.706644][T12969] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  249.711264][T12969] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  249.716813][T12969] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  249.784810][T12969] 8021q: adding VLAN 0 to HW filter on device bond0
[  249.800282][T12969] 8021q: adding VLAN 0 to HW filter on device team0
[  249.811221][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  249.814318][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  249.829469][ T7604] bridge0: port 2(bridge_slave_1) entered blocking state
[  249.832585][ T7604] bridge0: port 2(bridge_slave_1) entered forwarding state
[  249.913764][T13127] net_ratelimit: 1 callbacks suppressed
[  249.913784][T13127] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  249.941465][T13130] syzkaller0: entered promiscuous mode
[  249.943937][T13130] syzkaller0: entered allmulticast mode
[  249.960980][T13127] xfrm0 speed is unknown, defaulting to 1000
[  250.049686][T12969] 8021q: adding VLAN 0 to HW filter on device batadv0
[  250.082400][T12969] veth0_vlan: entered promiscuous mode
[  250.092054][T12969] veth1_vlan: entered promiscuous mode
[  250.122449][T12969] veth0_macvtap: entered promiscuous mode
[  250.131918][T12969] veth1_macvtap: entered promiscuous mode
[  250.163155][T12969] batman_adv: batadv0: Interface activated: batadv_slave_0
[  250.172413][T12969] batman_adv: batadv0: Interface activated: batadv_slave_1
[  250.187389][  T180] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  250.190574][  T180] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  250.197905][  T180] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  250.201220][  T180] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  250.280387][ T7604] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  250.284123][ T7604] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  250.334538][   T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  250.339148][   T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  250.352180][T13149] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2214'.
[  250.387179][T13149] 8021q: adding VLAN 0 to HW filter on device bond3
[  250.405680][   T40] audit: type=1326 audit(1776127280.106:1838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13148 comm="syz.5.2214" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f18e1d9c819 code=0x7bff0000
[  250.490778][T13158] ptrace attach of "/syz-executor exec"[12558] was attempted by ""[13158]
[  250.493331][T13159] netlink: 'syz.4.2218': attribute type 10 has an invalid length.
[  250.532433][T13159] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  250.537684][    T9] usb 7-1: USB disconnect, device number 11
[  250.562922][T13159] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2218'.
[  250.696046][T13162] syzkaller0: entered promiscuous mode
[  250.699158][T13162] syzkaller0: entered allmulticast mode
[  250.755133][ T5946] Bluetooth: hci0: command tx timeout
[  250.842281][   T40] audit: type=1400 audit(1776127280.536:1839): avc:  denied  { read } for  pid=13164 comm="syz.4.2220" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  250.869521][   T40] audit: type=1400 audit(1776127280.566:1840): avc:  denied  { unlink } for  pid=13166 comm="syz.0.2221" name="file0" dev="9p" ino=79691887 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  250.888131][   T40] audit: type=1400 audit(1776127280.586:1841): avc:  denied  { create } for  pid=13166 comm="syz.0.2221" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1
[  250.952684][   T40] audit: type=1400 audit(1776127280.646:1842): avc:  denied  { shutdown } for  pid=13166 comm="syz.0.2221" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  250.963895][   T40] audit: type=1400 audit(1776127280.646:1843): avc:  denied  { read } for  pid=13166 comm="syz.0.2221" name="file0" dev="9p" ino=79691887 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1
[  251.140142][T13182] syzkaller0: entered promiscuous mode
[  251.146456][T13182] 0: reclassify loop, rule prio 0, protocol 800
[  251.323369][T13184] syzkaller1: entered promiscuous mode
[  251.327664][T13184] syzkaller1: entered allmulticast mode
[  251.382081][T13191] syzkaller0: entered promiscuous mode
[  251.382099][T13191] syzkaller0: entered allmulticast mode
[  251.489498][   T40] audit: type=1400 audit(1776127281.186:1844): avc:  denied  { execute } for  pid=13194 comm="syz.4.2231" path="/dev/snd/pcmC0D0c" dev="devtmpfs" ino=1315 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1
[  251.537568][T13198] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2232'.
[  251.595247][   T24] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  251.633987][T13204] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2233'.
[  251.643013][T13204] netlink: 'syz.5.2233': attribute type 9 has an invalid length.
[  251.645868][T13204] netlink: 'syz.5.2233': attribute type 11 has an invalid length.
[  251.649027][T13204] netlink: 'syz.5.2233': attribute type 12 has an invalid length.
[  251.652110][T13204] netlink: 148760 bytes leftover after parsing attributes in process `syz.5.2233'.
[  251.658822][T13204] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65 sclass=netlink_route_socket pid=13204 comm=syz.5.2233
[  251.697872][T13211] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2235'.
[  251.701216][T13211] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2235'.
[  251.746618][   T24] usb 5-1: Using ep0 maxpacket: 16
[  251.754730][   T24] usb 5-1: config 225 has an invalid interface number: 26 but max is 0
[  251.759307][   T24] usb 5-1: config 225 contains an unexpected descriptor of type 0x1, skipping
[  251.763898][   T24] usb 5-1: config 225 has an invalid interface number: 18 but max is 0
[  251.767582][   T24] usb 5-1: config 225 has 2 interfaces, different from the descriptor's value: 1
[  251.771751][   T24] usb 5-1: config 225 has no interface number 0
[  251.775784][   T24] usb 5-1: config 225 has no interface number 1
[  251.778564][   T24] usb 5-1: config 225 interface 26 altsetting 2 has an endpoint descriptor with address 0xEB, changing to 0x8B
[  251.782840][   T24] usb 5-1: config 225 interface 26 altsetting 2 has a duplicate endpoint with address 0x8B, skipping
[  251.787265][   T24] usb 5-1: config 225 interface 26 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  251.787294][T13223] hpfs: hpfs_map_sector(): read error
[  251.793409][   T24] usb 5-1: config 225 interface 26 altsetting 2 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  251.798088][   T24] usb 5-1: config 225 interface 26 altsetting 2 has a duplicate endpoint with address 0x4, skipping
[  251.801769][   T24] usb 5-1: config 225 interface 26 altsetting 2 has 7 endpoint descriptors, different from the interface descriptor's value: 11
[  251.806646][   T24] usb 5-1: too many endpoints for config 225 interface 18 altsetting 190: 215, using maximum allowed: 30
[  251.810541][   T24] usb 5-1: config 225 interface 18 altsetting 190 has a duplicate endpoint with address 0x4, skipping
[  251.815650][   T24] usb 5-1: config 225 interface 18 altsetting 190 endpoint 0xA has an invalid bInterval 129, changing to 7
[  251.821191][   T24] usb 5-1: config 225 interface 18 altsetting 190 has an invalid descriptor for endpoint zero, skipping
[  251.825654][   T24] usb 5-1: config 225 interface 18 altsetting 190 has a duplicate endpoint with address 0x6, skipping
[  251.830176][   T24] usb 5-1: config 225 interface 18 altsetting 190 has a duplicate endpoint with address 0x6, skipping
[  251.835754][   T24] usb 5-1: config 225 interface 18 altsetting 190 has 5 endpoint descriptors, different from the interface descriptor's value: 215
[  251.842745][   T24] usb 5-1: config 225 interface 26 has no altsetting 0
[  251.845085][T13229] Set syz1 is full, maxelem 65536 reached
[  251.845788][   T24] usb 5-1: config 225 interface 18 has no altsetting 0
[  251.854367][   T24] usb 5-1: New USB device found, idVendor=08e4, idProduct=017f, bcdDevice=40.c9
[  251.858653][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  251.862419][   T24] usb 5-1: Product: �
[  251.864333][   T24] usb 5-1: Manufacturer: �듋㡀⢚뺜徉噰앀氞穈틚⳪젇ힸ輅Λᄩ률��걕ᨯⷒ뵜鋫擵嘅喘痹꠱㔷�⣢�ﱻ쫣�Ꞽ⛶뺷╷ﱑ㈤�艖铿�抩垙謞�⬓
[  251.867190][T13231] syzkaller0: entered promiscuous mode
[  251.872430][   T24] usb 5-1: SerialNumber: à°‰
[  251.875615][T13231] syzkaller0: entered allmulticast mode
[  251.886677][T13188] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  251.908806][T13235] SELinux: failed to load policy
[  252.043416][T13242] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2245'.
[  252.061565][T13244] netlink: 232 bytes leftover after parsing attributes in process `syz.2.2246'.
[  252.090500][T13188] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  252.093880][T13188] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  252.194453][   T24] usb 5-1: USB disconnect, device number 11
[  252.279923][T13267] ptrace attach of "/syz-executor exec"[10481] was attempted by ""[13267]
[  252.353270][T13279] syzkaller0: entered promiscuous mode
[  252.357460][T13279] syzkaller0: entered allmulticast mode
[  252.408118][T13282] xfrm0 speed is unknown, defaulting to 1000
[  252.771565][T13285] infiniband sy‡1: set active
[  252.774712][T13285] infiniband sy‡1: added bond0
[  252.845313][ T5946] Bluetooth: hci0: command tx timeout
[  252.863182][T13285] RDS/IB: sy‡1: added
[  252.865783][T13285] smc: adding ib device sy‡1 with port count 1
[  252.868924][T13285] smc:    ib device sy‡1 port 1 has no pnetid
[  253.103993][T13308] ptrace attach of "/syz-executor exec"[12969] was attempted by ""[13308]
[  253.165452][T13310] syzkaller0: entered promiscuous mode
[  253.171544][T13310] 0: reclassify loop, rule prio 0, protocol 800
[  253.226913][T13312] uprobe: syz.0.2268:13312 failed to unregister, leaking uprobe
[  253.333487][T13316] xt_connbytes: Forcing CT accounting to be enabled
[  253.372150][T13316] netlink: 'syz.4.2270': attribute type 3 has an invalid length.
[  253.764616][T13347] program syz.4.2280 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  253.865908][T13353] af_packet: tpacket_rcv: packet too big, clamped from 39 to 4294967272. macoff=96
[  254.297152][  T832] IPVS: starting estimator thread 0...
[  254.306274][T13380] xt_l2tp: v2 tid > 0xffff: 2031748
[  254.390284][T13391] netlink: 'syz.5.2292': attribute type 4 has an invalid length.
[  254.395183][T13379] IPVS: using max 35 ests per chain, 84000 per kthread
[  254.401933][T13391] netlink: 'syz.5.2292': attribute type 4 has an invalid length.
[  254.414767][   T40] kauditd_printk_skb: 17 callbacks suppressed
[  254.414825][   T40] audit: type=1400 audit(1776127284.106:1862): avc:  denied  { map } for  pid=13390 comm="syz.5.2292" path="/dev/hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  254.488122][T13395] syzkaller0: entered promiscuous mode
[  254.490225][T13395] syzkaller0: entered allmulticast mode
[  254.542911][T13399] __nla_validate_parse: 9 callbacks suppressed
[  254.542935][T13399] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2296'.
[  254.814712][T13416] syzkaller0: entered promiscuous mode
[  254.826142][   T40] audit: type=1400 audit(1776127284.526:1863): avc:  denied  { read write } for  pid=13417 comm="syz.0.2300" name="loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  254.830242][T13416] 0: reclassify loop, rule prio 0, protocol 800
[  254.842763][   T40] audit: type=1400 audit(1776127284.526:1864): avc:  denied  { open } for  pid=13417 comm="syz.0.2300" path="/dev/loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  254.883882][ T5946] Bluetooth: hci4: Ignoring connect complete event for invalid link type
[  254.898319][   T40] audit: type=1400 audit(1776127284.596:1865): avc:  denied  { ioctl } for  pid=13417 comm="syz.0.2300" path="/dev/loop-control" dev="devtmpfs" ino=657 ioctlcmd=0x4c82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  254.915506][ T5946] Bluetooth: hci0: command tx timeout
[  254.970146][T13434] syzkaller0: entered promiscuous mode
[  254.972213][T13434] syzkaller0: entered allmulticast mode
[  255.075389][T13441] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2306'.
[  255.116577][T13445] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2307'.
[  255.144655][   T40] audit: type=1400 audit(1776127284.836:1866): avc:  denied  { nlmsg_read } for  pid=13446 comm="syz.4.2308" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  255.183747][   T40] audit: type=1400 audit(1776127284.876:1867): avc:  denied  { connect } for  pid=13456 comm="syz.4.2310" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  255.325227][T13483] syzkaller0: entered promiscuous mode
[  255.332431][   T43] 0: reclassify loop, rule prio 0, protocol 800
[  255.339849][   T40] audit: type=1400 audit(1776127285.036:1868): avc:  denied  { getattr } for  pid=13479 comm="syz.5.2313" name="/" dev="9p" ino=79691885 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  255.349211][T13480] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  255.364056][   T40] audit: type=1400 audit(1776127285.056:1869): avc:  denied  { setattr } for  pid=13479 comm="syz.5.2313" name="file0" dev="overlay" ino=79691887 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1
[  255.391328][   T40] audit: type=1400 audit(1776127285.086:1870): avc:  denied  { create } for  pid=13479 comm="syz.5.2313" name="#10" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1
[  255.401185][   T40] audit: type=1400 audit(1776127285.086:1871): avc:  denied  { associate } for  pid=13479 comm="syz.5.2313" name="#10" scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  255.490030][T13489] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2313'.
[  255.553586][T13480] Bluetooth: MGMT ver 1.23
[  255.573956][T13495] syzkaller0: entered promiscuous mode
[  255.576904][T13495] syzkaller0: entered allmulticast mode
[  255.753586][T13511] Set syz1 is full, maxelem 65536 reached
[  255.812769][T13516] 9pnet_virtio: no channels available for device syz
[  255.828617][T13518] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2321'.
[  255.861974][T13521] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2323'.
[  255.864800][T13521] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2323'.
[  255.915197][T13525] netlink: 'syz.4.2322': attribute type 10 has an invalid length.
[  255.922900][ T5946] Bluetooth: hci5: SCO packet for unknown connection handle 1
[  255.928567][T13525] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[  255.937778][T13525] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  255.942126][T13525] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[  256.001357][T13531] syzkaller0: entered promiscuous mode
[  256.003486][T13531] syzkaller0: entered allmulticast mode
[  256.250952][T13555] tmpfs: Group quota inode hardlimit too large.
[  256.255109][T13553] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2331'.
[  256.497455][T13567] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2337'.
[  256.628549][T13579] syzkaller0: entered promiscuous mode
[  256.630944][T13579] syzkaller0: entered allmulticast mode
[  256.722044][T13586] netlink: 'syz.2.2343': attribute type 15 has an invalid length.
[  256.840114][T13603] cgroup: Need name or subsystem set
[  256.842935][T13603] netlink: 'syz.0.2348': attribute type 39 has an invalid length.
[  256.984417][T13609] ptrace attach of "/syz-executor exec"[12558] was attempted by ""[13609]
[  257.073720][T13613] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2351'.
[  257.221761][T13620] syzkaller0: entered promiscuous mode
[  257.223882][T13620] syzkaller0: entered allmulticast mode
[  257.354916][T13625] mkiss: ax0: crc mode is auto.
[  257.673532][T13636] xt_l2tp: v2 sid > 0xffff: 4294967294
[  257.915224][T13661] syzkaller0: entered promiscuous mode
[  257.917432][T13661] syzkaller0: entered allmulticast mode
[  261.401150][ T1419] ieee802154 phy0 wpan0: encryption failed: -22
[  261.404841][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[  278.461101][T13685] __nla_validate_parse: 6 callbacks suppressed
[  278.461123][T13685] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2373'.
[  278.711448][T13702] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2375'.
[  279.125087][   T29] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[  279.285289][   T29] usb 10-1: Using ep0 maxpacket: 8
[  279.292216][   T29] usb 10-1: config 0 has an invalid interface number: 55 but max is 0
[  279.297677][   T29] usb 10-1: config 0 has no interface number 0
[  279.300398][   T29] usb 10-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  279.305821][   T29] usb 10-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  279.311409][   T29] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  279.316864][   T29] usb 10-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  279.323706][   T29] usb 10-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  279.329662][   T29] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  279.336951][   T29] usb 10-1: config 0 descriptor??
[  279.384547][   T29] ldusb 10-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  279.389173][T13721] syzkaller0: entered promiscuous mode
[  279.391620][T13721] syzkaller0: entered allmulticast mode
[  279.531332][T13723] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2382'.
[  279.538434][T13723] netlink: 'syz.4.2382': attribute type 7 has an invalid length.
[  279.541923][T13723] netlink: 'syz.4.2382': attribute type 8 has an invalid length.
[  279.545779][T13723] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2382'.
[  279.559151][   T24] usb 10-1: USB disconnect, device number 9
[  279.575657][   T24] ldusb 10-1:0.55: LD USB Device #0 now disconnected
[  279.618070][T13727] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long
[  279.622599][T13727] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long
[  279.627977][T13727] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long
[  279.632196][T13727] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long
[  279.638917][T13727] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long
[  279.647143][T13727] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long
[  279.650709][T13727] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long
[  279.654086][T13727] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long
[  279.657957][T13727] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long
[  279.661403][T13727] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long
[  279.665019][T13727] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long
[  279.669043][T13727] trusted_key: encrypted_key: insufficient parameters specified
[  279.672804][T13727] trusted_key: encrypted_key: insufficient parameters specified
[  279.676058][T13727] trusted_key: encrypted_key: insufficient parameters specified
[  279.678704][T13727] trusted_key: encrypted_key: insufficient parameters specified
[  279.681259][T13727] trusted_key: encrypted_key: insufficient parameters specified
[  279.683738][T13727] trusted_key: encrypted_key: insufficient parameters specified
[  279.687809][T13727] trusted_key: encrypted_key: insufficient parameters specified
[  279.691001][T13727] trusted_key: encrypted_key: insufficient parameters specified
[  279.693560][T13727] trusted_key: encrypted_key: insufficient parameters specified
[  279.696810][T13727] trusted_key: encrypted_key: insufficient parameters specified
[  279.699542][T13727] trusted_key: encrypted_key: insufficient parameters specified
[  279.703416][T13727] trusted_key: encrypted_key: insufficient parameters specified
[  279.706576][T13727] trusted_key: encrypted_key: insufficient parameters specified
[  279.709999][T13727] trusted_key: encrypted_key: insufficient parameters specified
[  279.712804][T13727] trusted_key: encrypted_key: insufficient parameters specified
[  279.716024][T13727] trusted_key: encrypted_key: insufficient parameters specified
[  279.722499][T13727] trusted_key: encrypted_key: insufficient parameters specified
[  279.726384][T13727] trusted_key: encrypted_key: insufficient parameters specified
[  279.729678][T13727] trusted_key: encrypted_key: insufficient parameters specified
[  279.732721][T13727] trusted_key: encrypted_key: insufficient parameters specified
[  279.735655][T13727] trusted_key: encrypted_key: insufficient parameters specified
[  279.739062][T13727] trusted_key: encrypted_key: insufficient parameters specified
[  279.891980][T13735] syzkaller0: entered promiscuous mode
[  279.894574][T13735] syzkaller0: entered allmulticast mode
[  280.061954][T13743] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2388'.
[  280.147648][T13745] syzkaller0: entered promiscuous mode
[  280.153742][T13745] 0: reclassify loop, rule prio 0, protocol 800
[  280.193613][T13752] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2392'.
[  280.250609][T13755] netlink: 148 bytes leftover after parsing attributes in process `syz.0.2393'.
[  280.276476][   T40] kauditd_printk_skb: 5 callbacks suppressed
[  280.276559][   T40] audit: type=1400 audit(1776127309.976:1877): avc:  denied  { map } for  pid=13757 comm="syz.5.2394" path="/dev/ptyqf" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  280.291249][   T40] audit: type=1400 audit(1776127309.996:1878): avc:  denied  { execute } for  pid=13757 comm="syz.5.2394" path="/dev/ptyqf" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  280.312133][T13760] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=44 sclass=netlink_audit_socket pid=13760 comm=syz.0.2395
[  280.428866][T13767] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2398'.
[  280.434660][T13767] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2398'.
[  280.502326][T13772] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2400'.
[  280.635196][    T9] usb 10-1: new high-speed USB device number 10 using dummy_hcd
[  280.775092][ T1327] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  280.795156][    T9] usb 10-1: Using ep0 maxpacket: 8
[  280.805712][    T9] usb 10-1: config 0 has an invalid interface number: 55 but max is 0
[  280.810228][    T9] usb 10-1: config 0 has no interface number 0
[  280.813723][    T9] usb 10-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  280.815904][T13776] syzkaller0: entered promiscuous mode
[  280.818635][    T9] usb 10-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  280.825142][T13776] 0: reclassify loop, rule prio 0, protocol 800
[  280.826293][    T9] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  280.834595][    T9] usb 10-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  280.841469][    T9] usb 10-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  280.845803][    T9] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  280.851566][    T9] usb 10-1: config 0 descriptor??
[  280.868466][    T9] ldusb 10-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  280.915458][ T1327] usb 5-1: device descriptor read/64, error -71
[  281.059706][ T5944] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[  281.064427][ T5944] CPU: 2 UID: 0 PID: 5944 Comm: kworker/u33:3 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  281.064459][ T5944] Tainted: [L]=SOFTLOCKUP
[  281.064466][ T5944] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  281.064608][ T5944] Workqueue: hci4 hci_rx_work
[  281.064722][ T5944] Call Trace:
[  281.064731][ T5944]  <TASK>
[  281.064741][ T5944]  dump_stack_lvl+0x100/0x190
[  281.064873][ T5944]  sysfs_warn_dup.cold+0x1c/0x28
[  281.065020][ T5944]  sysfs_create_dir_ns+0x24b/0x2b0
[  281.065113][ T5944]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  281.065194][ T5944]  ? find_held_lock+0x2b/0x80
[  281.065318][ T5944]  ? kobject_add_internal+0x25f/0x930
[  281.065344][ T5944]  ? kobject_add_internal+0x25f/0x930
[  281.065418][ T5944]  ? do_raw_spin_unlock+0x145/0x1e0
[  281.065448][ T5944]  kobject_add_internal+0x2c8/0x930
[  281.065521][ T5944]  kobject_add+0x16a/0x1e0
[  281.065545][ T5944]  ? __pfx_kobject_add+0x10/0x10
[  281.065617][ T5944]  ? class_to_subsys+0x10f/0x150
[  281.065660][ T5944]  ? kobject_put+0xb9/0x640
[  281.065724][ T5944]  ? _raw_spin_unlock+0x28/0x50
[  281.065761][ T5944]  device_add+0x294/0x1950
[  281.065825][ T5944]  ? __pfx_dev_set_name+0x10/0x10
[  281.065852][ T5944]  ? __pfx_device_add+0x10/0x10
[  281.065914][ T5944]  ? mgmt_send_event_skb+0x2fb/0x460
[  281.066000][ T5944]  hci_conn_add_sysfs+0x1a3/0x260
[  281.066033][ T5944]  le_conn_complete_evt+0x11eb/0x1f60
[  281.066110][ T5944]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  281.066189][ T5944]  hci_le_conn_complete_evt+0x23c/0x3a0
[  281.066218][ T5944]  ? skb_pull_data+0x15f/0x1e0
[  281.066289][ T5944]  hci_le_meta_evt+0x34a/0x5f0
[  281.066319][ T5944]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  281.066393][ T5944]  hci_event_packet+0x51c/0xcd0
[  281.066465][ T5944]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  281.066499][ T5944]  ? __pfx_hci_event_packet+0x10/0x10
[  281.066570][ T5944]  ? kcov_remote_start+0x374/0x660
[  281.066677][ T5944]  ? lockdep_hardirqs_on+0x78/0x100
[  281.066715][ T5944]  hci_rx_work+0x451/0xfc0
[  281.066791][ T5944]  process_one_work+0xa23/0x19a0
[  281.066925][ T5944]  ? __pfx_process_one_work+0x10/0x10
[  281.066958][ T5944]  ? __pfx_hci_rx_work+0x10/0x10
[  281.067028][ T5944]  worker_thread+0x5ef/0xe50
[  281.067061][ T5944]  ? kthread+0x13a/0x450
[  281.067196][ T5944]  ? __pfx_worker_thread+0x10/0x10
[  281.067218][ T5944]  kthread+0x370/0x450
[  281.067238][ T5944]  ? __pfx_kthread+0x10/0x10
[  281.067305][ T5944]  ret_from_fork+0x754/0xd80
[  281.067362][ T5944]  ? __pfx_ret_from_fork+0x10/0x10
[  281.067429][ T5944]  ? rcu_is_watching+0x12/0xc0
[  281.067558][ T5944]  ? __switch_to+0x7b4/0x1120
[  281.067664][ T5944]  ? __pfx_kthread+0x10/0x10
[  281.067689][ T5944]  ret_from_fork_asm+0x1a/0x30
[  281.067767][ T5944]  </TASK>
[  281.068104][ T5944] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  281.068164][ T5944] Bluetooth: hci4: failed to register connection device
[  281.073491][  T832] usb 10-1: USB disconnect, device number 10
[  281.085592][  T832] ldusb 10-1:0.55: LD USB Device #0 now disconnected
[  281.155523][ T1327] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  281.229831][T13785] futex_wake_op: syz.2.2405 tries to shift op by -1; fix this program
[  281.260953][T13798] netlink: 'syz.4.2408': attribute type 10 has an invalid length.
[  281.274822][T13793] ata1.00: invalid multi_count 128 ignored
[  281.305291][ T1327] usb 5-1: device descriptor read/64, error -71
[  281.421130][T13803] netlink: 'syz.4.2410': attribute type 1 has an invalid length.
[  281.425941][ T1327] usb usb5-port1: attempt power cycle
[  281.451046][T13803] bond2: (slave geneve2): making interface the new active one
[  281.454665][T13803] bond2: (slave geneve2): Enslaving as an active interface with an up link
[  281.458938][T13470] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0
[  281.462426][T13470] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0
[  281.466870][T13470] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0
[  281.471343][T13470] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0
[  281.503142][T13806] syzkaller0: entered promiscuous mode
[  281.509438][T13806] 0: reclassify loop, rule prio 0, protocol 800
[  281.755604][T13819] syzkaller0: entered promiscuous mode
[  281.758158][T13819] syzkaller0: entered allmulticast mode
[  281.767235][T13821] openvswitch: netlink: IP tunnel dst address not specified
[  281.786899][ T1327] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  281.810655][ T1327] usb 5-1: device descriptor read/8, error -71
[  281.846438][T13823] veth0_to_bridge: vlans aren't supported yet for dev_uc|mc_add()
[  281.927261][T13828] syzkaller0: entered promiscuous mode
[  281.932441][T13828] 0: reclassify loop, rule prio 0, protocol 800
[  282.065119][ T1327] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  282.086220][ T1327] usb 5-1: device descriptor read/8, error -71
[  282.101605][T13831] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  282.104536][T13831] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  282.109318][T13831] vhci_hcd vhci_hcd.0: Device attached
[  282.140148][T13832] vhci_hcd: connection closed
[  282.144136][   T43] vhci_hcd vhci_hcd.2: stop threads
[  282.148773][   T43] vhci_hcd vhci_hcd.2: release socket
[  282.151081][   T43] vhci_hcd vhci_hcd.2: disconnect device
[  282.175089][   T24] usb 10-1: new high-speed USB device number 11 using dummy_hcd
[  282.197113][ T1327] usb usb5-port1: unable to enumerate USB device
[  282.345210][   T24] usb 10-1: Using ep0 maxpacket: 8
[  282.353460][   T24] usb 10-1: config 0 has an invalid interface number: 55 but max is 0
[  282.357354][   T24] usb 10-1: config 0 has no interface number 0
[  282.360364][   T24] usb 10-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  282.365425][   T24] usb 10-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  282.375506][   T24] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  282.380384][   T24] usb 10-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  282.389163][   T24] usb 10-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  282.393020][   T24] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  282.399807][   T24] usb 10-1: config 0 descriptor??
[  282.409116][   T24] ldusb 10-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  282.584508][T13847] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  282.607601][ T5944] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[  282.611646][ T5944] CPU: 2 UID: 0 PID: 5944 Comm: kworker/u33:3 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  282.611682][ T5944] Tainted: [L]=SOFTLOCKUP
[  282.611690][ T5944] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  282.611707][ T5944] Workqueue: hci4 hci_rx_work
[  282.611741][ T5944] Call Trace:
[  282.611750][ T5944]  <TASK>
[  282.611763][ T5944]  dump_stack_lvl+0x100/0x190
[  282.611803][ T5944]  sysfs_warn_dup.cold+0x1c/0x28
[  282.611836][ T5944]  sysfs_create_dir_ns+0x24b/0x2b0
[  282.611869][ T5944]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  282.611902][ T5944]  ? find_held_lock+0x2b/0x80
[  282.611932][ T5944]  ? kobject_add_internal+0x25f/0x930
[  282.611960][ T5944]  ? kobject_add_internal+0x25f/0x930
[  282.611986][ T5944]  ? do_raw_spin_unlock+0x145/0x1e0
[  282.612011][ T5944]  kobject_add_internal+0x2c8/0x930
[  282.612040][ T5944]  kobject_add+0x16a/0x1e0
[  282.612063][ T5944]  ? __pfx_kobject_add+0x10/0x10
[  282.612083][ T5944]  ? class_to_subsys+0x10f/0x150
[  282.612113][ T5944]  ? kobject_put+0xb9/0x640
[  282.612132][ T5944]  ? _raw_spin_unlock+0x28/0x50
[  282.612167][ T5944]  device_add+0x294/0x1950
[  282.612191][ T5944]  ? __pfx_dev_set_name+0x10/0x10
[  282.612219][ T5944]  ? __pfx_device_add+0x10/0x10
[  282.612251][ T5944]  ? mgmt_send_event_skb+0x2fb/0x460
[  282.612369][ T5944]  hci_conn_add_sysfs+0x1a3/0x260
[  282.612406][ T5944]  le_conn_complete_evt+0x11eb/0x1f60
[  282.612501][ T5944]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  282.612599][ T5944]  hci_le_conn_complete_evt+0x23c/0x3a0
[  282.612633][ T5944]  ? skb_pull_data+0x15f/0x1e0
[  282.612716][ T5944]  hci_le_meta_evt+0x34a/0x5f0
[  282.612750][ T5944]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  282.612836][ T5944]  hci_event_packet+0x51c/0xcd0
[  282.612921][ T5944]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  282.612956][ T5944]  ? __pfx_hci_event_packet+0x10/0x10
[  282.613043][ T5944]  ? kcov_remote_start+0x374/0x660
[  282.613124][ T5944]  ? lockdep_hardirqs_on+0x78/0x100
[  282.613166][ T5944]  hci_rx_work+0x451/0xfc0
[  282.613254][ T5944]  process_one_work+0xa23/0x19a0
[  282.613293][ T5944]  ? __pfx_process_one_work+0x10/0x10
[  282.613383][ T5944]  ? __pfx_hci_rx_work+0x10/0x10
[  282.613470][ T5944]  worker_thread+0x5ef/0xe50
[  282.613508][ T5944]  ? kthread+0x13a/0x450
[  282.613578][ T5944]  ? __pfx_worker_thread+0x10/0x10
[  282.613603][ T5944]  kthread+0x370/0x450
[  282.613630][ T5944]  ? __pfx_kthread+0x10/0x10
[  282.613708][ T5944]  ret_from_fork+0x754/0xd80
[  282.613735][ T5944]  ? __pfx_ret_from_fork+0x10/0x10
[  282.613805][ T5944]  ? rcu_is_watching+0x12/0xc0
[  282.613837][ T5944]  ? __switch_to+0x7b4/0x1120
[  282.613915][ T5944]  ? __pfx_kthread+0x10/0x10
[  282.613941][ T5944]  ret_from_fork_asm+0x1a/0x30
[  282.614029][ T5944]  </TASK>
[  282.614066][ T5944] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  282.674733][   T29] usb 10-1: USB disconnect, device number 11
[  282.680805][ T5944] Bluetooth: hci4: failed to register connection device
[  282.689361][   T29] ldusb 10-1:0.55: LD USB Device #0 now disconnected
[  283.587754][T13873] __nla_validate_parse: 3 callbacks suppressed
[  283.587770][T13873] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2440'.
[  283.592718][T13873] netlink: 'syz.0.2440': attribute type 7 has an invalid length.
[  283.596324][T13873] netlink: 'syz.0.2440': attribute type 8 has an invalid length.
[  283.599727][T13873] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2440'.
[  283.630093][T13878] EXT4-fs (nbd4): unable to read superblock
[  283.665193][   T29] usb 10-1: new high-speed USB device number 12 using dummy_hcd
[  283.729344][T13894] syzkaller0: entered promiscuous mode
[  283.731566][T13894] syzkaller0: entered allmulticast mode
[  283.764032][T13896] hpfs: Bad magic ... probably not HPFS
[  283.772477][T13898] ptrace attach of "/syz-executor exec"[12969] was attempted by ""[13898]
[  283.837582][   T29] usb 10-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  283.840868][   T29] usb 10-1: config 0 interface 0 has no altsetting 0
[  283.846410][   T29] usb 10-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  283.848843][T13904] netlink: 'syz.0.2450': attribute type 4 has an invalid length.
[  283.849955][T13905] IPVS: set_ctl: invalid protocol: 4 172.20.20.45:20000
[  283.852089][   T29] usb 10-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  283.853930][T13904] netlink: 'syz.0.2450': attribute type 1 has an invalid length.
[  283.857144][   T29] usb 10-1: Product: syz
[  283.859199][T13904] netlink: 228 bytes leftover after parsing attributes in process `syz.0.2450'.
[  283.862183][   T29] usb 10-1: Manufacturer: syz
[  283.877918][   T29] usb 10-1: SerialNumber: syz
[  283.886435][   T29] usb 10-1: config 0 descriptor??
[  283.899033][   T29] usb 10-1: selecting invalid altsetting 0
[  283.945065][ T5946] Bluetooth: hci3: unknown advertising packet type: 0x6b
[  283.945093][ T5946] Bluetooth: hci3: Dropping invalid advertising data
[  283.951082][ T5946] Bluetooth: hci3: Malformed LE Event: 0x02
[  284.089042][   T40] audit: type=1400 audit(1776127313.786:1879): avc:  denied  { lock } for  pid=13907 comm="syz.0.2451" path="socket:[48444]" dev="sockfs" ino=48444 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  284.113387][T13917] futex_wake_op: syz.4.2454 tries to shift op by -1; fix this program
[  284.118946][   T40] audit: type=1400 audit(1776127313.816:1880): avc:  denied  { accept } for  pid=13916 comm="syz.4.2454" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  284.128756][   T40] audit: type=1400 audit(1776127313.816:1881): avc:  denied  { setopt } for  pid=13916 comm="syz.4.2454" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  284.135834][   T29] usb 10-1: USB disconnect, device number 12
[  284.138911][   T40] audit: type=1400 audit(1776127313.826:1882): avc:  denied  { ioctl } for  pid=13907 comm="syz.0.2451" path="socket:[49508]" dev="sockfs" ino=49508 ioctlcmd=0x89f3 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  284.241759][T13928] ptrace attach of "/syz-executor exec"[9832] was attempted by ""[13928]
[  284.319950][T13935] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2458'.
[  284.516883][T13942] syzkaller0: entered promiscuous mode
[  284.519522][T13942] syzkaller0: entered allmulticast mode
[  284.580339][T13944] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[  284.603167][   T40] audit: type=1400 audit(1776127314.296:1883): avc:  denied  { lock } for  pid=13943 comm="syz.4.2461" path="socket:[48573]" dev="sockfs" ino=48573 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  284.603512][T13944] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2461'.
[  284.616050][T13944] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2461'.
[  284.677176][T13948] syzkaller0: entered promiscuous mode
[  284.683857][T13948] 0: reclassify loop, rule prio 0, protocol 800
[  284.685909][T13950] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  284.728435][   T40] audit: type=1400 audit(1776127314.426:1884): avc:  denied  { append } for  pid=13952 comm="syz.0.2465" name="fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  284.826807][T13969] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2469'.
[  284.902008][T13973] syzkaller0: entered promiscuous mode
[  284.904673][T13973] syzkaller0: entered allmulticast mode
[  284.940697][T13977] Set syz1 is full, maxelem 65536 reached
[  284.958356][T13979] netlink: 'syz.2.2473': attribute type 1 has an invalid length.
[  284.977734][T13979] 8021q: adding VLAN 0 to HW filter on device bond1
[  284.983226][T13979] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13979 comm=syz.2.2473
[  284.996627][T13979] bond1: (slave dummy0): making interface the new active one
[  285.000589][T13979] bond1: (slave dummy0): Enslaving as an active interface with an up link
[  285.001761][T13982] netlink: 'syz.4.2474': attribute type 39 has an invalid length.
[  285.044112][T13986] 9pnet_virtio: no channels available for device syz
[  285.066256][T13990] x_tables: duplicate underflow at hook 1
[  285.085381][   T40] audit: type=1400 audit(1776127314.776:1885): avc:  denied  { unmount } for  pid=10481 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  285.228542][T14001] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2482'.
[  285.363443][T14009] syzkaller0: entered promiscuous mode
[  285.367865][T14009] 0: reclassify loop, rule prio 0, protocol 800
[  285.389617][T14011] Set syz1 is full, maxelem 65536 reached
[  285.429751][T14013] syzkaller0: entered promiscuous mode
[  285.432095][T14013] syzkaller0: entered allmulticast mode
[  285.436597][   T40] audit: type=1400 audit(1776127315.136:1886): avc:  denied  { read } for  pid=14014 comm="syz.5.2486" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  285.543017][T14025] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2489'.
[  285.558403][T14025] gtp0: entered promiscuous mode
[  285.563873][T14026] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2488'.
[  285.568644][   T40] audit: type=1400 audit(1776127315.266:1887): avc:  denied  { write } for  pid=14027 comm="syz.4.2490" path="socket:[49600]" dev="sockfs" ino=49600 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  285.659739][T14040] Set syz1 is full, maxelem 65536 reached
[  285.702669][T14042] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  285.714009][T14042] CIFS mount error: No usable UNC path provided in device string!
[  285.714009][T14042] 
[  285.715206][ T5941] Bluetooth: hci4: command 0x0c1a tx timeout
[  285.719452][T14042] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  285.883375][T14050] syzkaller0: entered promiscuous mode
[  285.889511][T14050] 0: reclassify loop, rule prio 0, protocol 800
[  286.086637][T14054] syzkaller0: entered promiscuous mode
[  286.088443][T14054] syzkaller0: entered allmulticast mode
[  286.151128][T14062] ptrace attach of "/syz-executor exec"[9832] was attempted by ""[14062]
[  286.212331][T14065] Set syz1 is full, maxelem 65536 reached
[  286.350241][T14077] ip6gretap1: entered promiscuous mode
[  286.352460][T14077] ip6gretap1: entered allmulticast mode
[  286.379118][T14079] syzkaller0: entered promiscuous mode
[  286.387984][T14079] 0: reclassify loop, rule prio 0, protocol 800
[  286.451937][T14088] ptrace attach of "/syz-executor exec"[10481] was attempted by ""[14088]
[  286.541379][T14092] syzkaller0: entered promiscuous mode
[  286.543448][T14092] syzkaller0: entered allmulticast mode
[  286.638620][T14098] Set syz1 is full, maxelem 65536 reached
[  286.704733][T13471] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  286.708057][T13471] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  286.710850][T13471] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  286.714130][T13471] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  286.767368][T14109] ptrace attach of "/syz-executor exec"[9832] was attempted by ""[14109]
[  286.872486][T14117] 8021q: adding VLAN 0 to HW filter on device bond2
[  286.944482][T14120] syz.4.2523: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  286.952575][T14120] CPU: 3 UID: 0 PID: 14120 Comm: syz.4.2523 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  286.952608][T14120] Tainted: [L]=SOFTLOCKUP
[  286.952616][T14120] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  286.952629][T14120] Call Trace:
[  286.952636][T14120]  <TASK>
[  286.952644][T14120]  dump_stack_lvl+0x100/0x190
[  286.952681][T14120]  warn_alloc.cold+0x95/0x1c1
[  286.952715][T14120]  ? __pfx_warn_alloc+0x10/0x10
[  286.952807][T14120]  ? kasan_save_stack+0x3f/0x50
[  286.952873][T14120]  ? kasan_save_stack+0x30/0x50
[  286.952902][T14120]  ? kasan_save_track+0x14/0x30
[  286.952931][T14120]  ? xskq_create+0xfb/0x1d0
[  286.952960][T14120]  __vmalloc_node_range_noprof+0x1252/0x1530
[  286.952988][T14120]  ? xskq_create+0xfb/0x1d0
[  286.953020][T14120]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  286.953053][T14120]  ? xskq_create+0xfb/0x1d0
[  286.953077][T14120]  vmalloc_user_noprof+0x9e/0xe0
[  286.953098][T14120]  ? xskq_create+0xfb/0x1d0
[  286.953124][T14120]  xskq_create+0xfb/0x1d0
[  286.953154][T14120]  xsk_setsockopt+0x743/0xab0
[  286.953180][T14120]  ? __pfx_xsk_setsockopt+0x10/0x10
[  286.953208][T14120]  ? find_held_lock+0x2b/0x80
[  286.953245][T14120]  ? __fget_files+0x215/0x3d0
[  286.953326][T14120]  ? selinux_socket_setsockopt+0x6a/0x80
[  286.953359][T14120]  ? __pfx_xsk_setsockopt+0x10/0x10
[  286.953390][T14120]  do_sock_setsockopt+0xf3/0x1d0
[  286.953418][T14120]  __sys_setsockopt+0x195/0x220
[  286.953452][T14120]  __x64_sys_setsockopt+0xbd/0x160
[  286.953481][T14120]  ? do_syscall_64+0x95/0xf80
[  286.953500][T14120]  ? lockdep_hardirqs_on+0x78/0x100
[  286.953528][T14120]  do_syscall_64+0x106/0xf80
[  286.953549][T14120]  ? clear_bhb_loop+0x40/0x90
[  286.953578][T14120]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.953598][T14120] RIP: 0033:0x7f609719c819
[  286.953619][T14120] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  286.953639][T14120] RSP: 002b:00007f609804b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  286.953658][T14120] RAX: ffffffffffffffda RBX: 00007f6097415fa0 RCX: 00007f609719c819
[  286.953673][T14120] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000006
[  286.953685][T14120] RBP: 00007f6097232c91 R08: 0000000000000004 R09: 0000000000000000
[  286.953698][T14120] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  286.953710][T14120] R13: 00007f6097416038 R14: 00007f6097415fa0 R15: 00007ffebe8a3b08
[  286.953740][T14120]  </TASK>
[  286.953804][T14120] Mem-Info:
[  287.045303][    T9] usb 10-1: new high-speed USB device number 13 using dummy_hcd
[  287.047589][T14120] active_anon:34437 inactive_anon:3137 isolated_anon:0
[  287.047589][T14120]  active_file:3661 inactive_file:50120 isolated_file:0
[  287.047589][T14120]  unevictable:1768 dirty:235 writeback:0
[  287.047589][T14120]  slab_reclaimable:10115 slab_unreclaimable:89321
[  287.047589][T14120]  mapped:30563 shmem:28228 pagetables:3810
[  287.047589][T14120]  sec_pagetables:294 bounce:0
[  287.047589][T14120]  kernel_misc_reclaimable:0
[  287.047589][T14120]  free:386734 free_pcp:18034 free_cma:0
[  287.094135][T14120] Node 0 active_anon:107128kB inactive_anon:12548kB active_file:14632kB inactive_file:200256kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:60792kB dirty:940kB writeback:0kB shmem:79148kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14496kB pagetables:5880kB sec_pagetables:1176kB all_unreclaimable? no Balloon:0kB
[  287.108183][T14120] Node 1 active_anon:30620kB inactive_anon:0kB active_file:12kB inactive_file:224kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:61460kB dirty:0kB writeback:0kB shmem:33764kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:160kB pagetables:9360kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  287.121149][T14120] Node 0 DMA free:8516kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1300kB inactive_anon:656kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:48kB local_pcp:0kB free_cma:0kB
[  287.133865][T14120] lowmem_reserve[]: 0 1231 1231 1231 1231
[  287.136679][T14120] Node 0 DMA32 free:103176kB boost:0kB min:27476kB low:34344kB high:41212kB reserved_highatomic:0KB free_highatomic:0KB active_anon:105864kB inactive_anon:11892kB active_file:14632kB inactive_file:200256kB unevictable:3536kB writepending:940kB zspages:0kB present:2080628kB managed:1260776kB mlocked:0kB bounce:0kB free_pcp:33224kB local_pcp:1712kB free_cma:0kB
[  287.151027][T14120] lowmem_reserve[]: 0 0 0 0 0
[  287.152964][T14120] Node 1 Normal free:1435244kB boost:0kB min:39760kB low:49700kB high:59640kB reserved_highatomic:0KB free_highatomic:0KB active_anon:30620kB inactive_anon:0kB active_file:12kB inactive_file:224kB unevictable:3536kB writepending:0kB zspages:0kB present:2097152kB managed:1781884kB mlocked:0kB bounce:0kB free_pcp:38932kB local_pcp:7412kB free_cma:0kB
[  287.167111][T14120] lowmem_reserve[]: 0 0 0 0 0
[  287.169110][T14120] Node 0 DMA: 29*4kB (UM) 46*8kB (UM) 20*16kB (UM) 20*32kB (UME) 7*64kB (UME) 4*128kB (UME) 2*256kB (UE) 3*512kB (UME) 2*1024kB (ME) 1*2048kB (M) 0*4096kB = 8548kB
[  287.176485][T14120] Node 0 DMA32: 2032*4kB (UME) 971*8kB (UM) 327*16kB (UM) 688*32kB (UM) 182*64kB (UME) 127*128kB (UME) 47*256kB (UME) 21*512kB (UM) 7*1024kB (UM) 1*2048kB (M) 0*4096kB = 103048kB
[  287.185208][T14120] Node 1 Normal: 322*4kB (UM) 158*8kB (UM) 115*16kB (UME) 340*32kB (UME) 246*64kB (UME) 283*128kB (UM) 252*256kB (UM) 268*512kB (UM) 263*1024kB (UME) 4*2048kB (ME) 217*4096kB (UM) = 1435304kB
[  287.193289][T14120] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  287.195033][    T9] usb 10-1: Using ep0 maxpacket: 8
[  287.197384][T14120] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  287.201783][    T9] usb 10-1: config 0 has an invalid interface number: 55 but max is 0
[  287.203831][T14120] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  287.203850][T14120] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  287.203866][T14120] 82007 total pagecache pages
[  287.203875][T14120] 2 pages in swap cache
[  287.203883][T14120] Free swap  = 118852kB
[  287.208025][    T9] usb 10-1: config 0 has no interface number 0
[  287.211564][T14120] Total swap = 124996kB
[  287.211583][T14120] 1048443 pages RAM
[  287.211590][T14120] 0 pages HighMem/MovableOnly
[  287.211598][T14120] 283938 pages reserved
[  287.211606][T14120] 0 pages cma reserved
[  287.231801][    T9] usb 10-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  287.235921][    T9] usb 10-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  287.240580][    T9] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  287.244535][    T9] usb 10-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  287.248834][    T9] usb 10-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  287.251894][    T9] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  287.256948][    T9] usb 10-1: config 0 descriptor??
[  287.263223][    T9] ldusb 10-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  287.330280][T14123] syzkaller0: entered promiscuous mode
[  287.332602][T14123] syzkaller0: entered allmulticast mode
[  287.470175][    T9] usb 10-1: USB disconnect, device number 13
[  287.480401][    T9] ldusb 10-1:0.55: LD USB Device #0 now disconnected
[  287.481026][T14125] Set syz1 is full, maxelem 65536 reached
[  287.606764][T14127] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  287.615096][T14127] overlayfs: failed to resolve './file0': -2
[  287.795402][ T5941] Bluetooth: hci4: command 0x0c1a tx timeout
[  287.987362][T14142] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=14142 comm=syz.0.2530
[  288.005644][T14142] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14142 comm=syz.0.2530
[  288.101817][T14149] Context (ID=0x0) not attached to queue pair (handle=0x4d3:0x0)
[  288.156868][T14157] ptrace attach of "/syz-executor exec"[10481] was attempted by ""[14157]
[  288.203042][T14163] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  288.209378][T14163] Error validating options; rc = [-22]
[  288.249727][T14168] FAULT_INJECTION: forcing a failure.
[  288.249727][T14168] name failslab, interval 1, probability 0, space 0, times 0
[  288.254393][T14168] CPU: 2 UID: 0 PID: 14168 Comm: syz.4.2541 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  288.254414][T14168] Tainted: [L]=SOFTLOCKUP
[  288.254418][T14168] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  288.254426][T14168] Call Trace:
[  288.254432][T14168]  <TASK>
[  288.254438][T14168]  dump_stack_lvl+0x100/0x190
[  288.254464][T14168]  should_fail_ex.cold+0x5/0xa
[  288.254520][T14168]  ? tomoyo_encode2+0xfb/0x3c0
[  288.254538][T14168]  should_failslab+0xc2/0x120
[  288.254552][T14168]  __kmalloc_noprof+0xe0/0x850
[  288.254570][T14168]  ? d_absolute_path+0x136/0x1b0
[  288.254634][T14168]  tomoyo_encode2+0xfb/0x3c0
[  288.254655][T14168]  tomoyo_encode+0x29/0x50
[  288.254673][T14168]  tomoyo_realpath_from_path+0x18c/0x690
[  288.254695][T14168]  tomoyo_path_number_perm+0x23c/0x580
[  288.254711][T14168]  ? tomoyo_path_number_perm+0x22e/0x580
[  288.254729][T14168]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  288.254759][T14168]  ? find_held_lock+0x2b/0x80
[  288.254775][T14168]  ? __fget_files+0x215/0x3d0
[  288.254788][T14168]  ? hook_file_ioctl_common+0x146/0x410
[  288.254805][T14168]  ? __fget_files+0x21f/0x3d0
[  288.254820][T14168]  security_file_ioctl+0xd3/0x230
[  288.254839][T14168]  __x64_sys_ioctl+0xb7/0x210
[  288.254883][T14168]  do_syscall_64+0x106/0xf80
[  288.254895][T14168]  ? clear_bhb_loop+0x40/0x90
[  288.254911][T14168]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.254938][T14168] RIP: 0033:0x7f609719c819
[  288.254949][T14168] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  288.254960][T14168] RSP: 002b:00007f609804b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  288.254973][T14168] RAX: ffffffffffffffda RBX: 00007f6097415fa0 RCX: 00007f609719c819
[  288.254981][T14168] RDX: 0000000000000007 RSI: 0000000000004c81 RDI: 0000000000000003
[  288.254987][T14168] RBP: 00007f609804b090 R08: 0000000000000000 R09: 0000000000000000
[  288.254994][T14168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  288.255002][T14168] R13: 00007f6097416038 R14: 00007f6097415fa0 R15: 00007ffebe8a3b08
[  288.255017][T14168]  </TASK>
[  288.328803][T14168] ERROR: Out of memory at tomoyo_realpath_from_path.
[  288.443480][T14174] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  288.451431][T14174] macvlan0: entered allmulticast mode
[  288.453962][T14174] veth1_vlan: entered allmulticast mode
[  288.466536][T14174] pim6reg: entered allmulticast mode
[  288.471567][T14174] veth1_vlan: left allmulticast mode
[  288.480332][T14174] macvlan0 (unregistering): left allmulticast mode
[  288.845417][ T5986] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  289.015420][ T5986] usb 7-1: Using ep0 maxpacket: 8
[  289.019565][ T5986] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[  289.024030][ T5986] usb 7-1: config 0 has no interface number 0
[  289.027134][ T5986] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  289.031622][ T5986] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  289.036903][ T5986] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  289.041839][ T5986] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  289.048393][ T5986] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  289.052247][ T5986] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  289.063871][ T5986] usb 7-1: config 0 descriptor??
[  289.070228][T14179] syzkaller0: entered promiscuous mode
[  289.072185][T14179] syzkaller0: entered allmulticast mode
[  289.086660][ T5986] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  289.217285][T14181] __nla_validate_parse: 7 callbacks suppressed
[  289.217300][T14181] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2546'.
[  289.279157][ T5941] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201'
[  289.283006][ T5941] CPU: 0 UID: 0 PID: 5941 Comm: kworker/u33:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  289.283028][ T5941] Tainted: [L]=SOFTLOCKUP
[  289.283033][ T5941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  289.283118][ T5941] Workqueue: hci5 hci_rx_work
[  289.283141][ T5941] Call Trace:
[  289.283147][ T5941]  <TASK>
[  289.283155][ T5941]  dump_stack_lvl+0x100/0x190
[  289.283250][ T5941]  sysfs_warn_dup.cold+0x1c/0x28
[  289.283328][ T5941]  sysfs_create_dir_ns+0x24b/0x2b0
[  289.283350][ T5941]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  289.283419][ T5941]  ? find_held_lock+0x2b/0x80
[  289.283484][ T5941]  ? kobject_add_internal+0x25f/0x930
[  289.283500][ T5941]  ? kobject_add_internal+0x25f/0x930
[  289.283569][ T5941]  ? do_raw_spin_unlock+0x145/0x1e0
[  289.283585][ T5941]  kobject_add_internal+0x2c8/0x930
[  289.283658][ T5941]  kobject_add+0x16a/0x1e0
[  289.283679][ T5941]  ? __pfx_kobject_add+0x10/0x10
[  289.283766][ T5941]  ? class_to_subsys+0x10f/0x150
[  289.283785][ T5941]  ? kobject_put+0xb9/0x640
[  289.283848][ T5941]  ? _raw_spin_unlock+0x28/0x50
[  289.283871][ T5941]  device_add+0x294/0x1950
[  289.283969][ T5941]  ? __pfx_dev_set_name+0x10/0x10
[  289.283987][ T5941]  ? __pfx_device_add+0x10/0x10
[  289.284054][ T5941]  ? mgmt_send_event_skb+0x2fb/0x460
[  289.284127][ T5941]  hci_conn_add_sysfs+0x1a3/0x260
[  289.284149][ T5941]  le_conn_complete_evt+0x11eb/0x1f60
[  289.284215][ T5941]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  289.284282][ T5941]  hci_le_conn_complete_evt+0x23c/0x3a0
[  289.284302][ T5941]  ? skb_pull_data+0x15f/0x1e0
[  289.284365][ T5941]  hci_le_meta_evt+0x34a/0x5f0
[  289.284385][ T5941]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  289.284454][ T5941]  hci_event_packet+0x51c/0xcd0
[  289.284517][ T5941]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  289.284536][ T5941]  ? __pfx_hci_event_packet+0x10/0x10
[  289.284620][ T5941]  ? kcov_remote_start+0x374/0x660
[  289.284639][ T5941]  ? lockdep_hardirqs_on+0x78/0x100
[  289.284716][ T5941]  hci_rx_work+0x451/0xfc0
[  289.284810][ T5941]  process_one_work+0xa23/0x19a0
[  289.284834][ T5941]  ? __pfx_process_one_work+0x10/0x10
[  289.284940][ T5941]  ? __pfx_hci_rx_work+0x10/0x10
[  289.285006][ T5941]  worker_thread+0x5ef/0xe50
[  289.285026][ T5941]  ? kthread+0x13a/0x450
[  289.285043][ T5941]  ? __pfx_worker_thread+0x10/0x10
[  289.285136][ T5941]  kthread+0x370/0x450
[  289.285148][ T5941]  ? __pfx_kthread+0x10/0x10
[  289.285211][ T5941]  ret_from_fork+0x754/0xd80
[  289.285226][ T5941]  ? __pfx_ret_from_fork+0x10/0x10
[  289.285276][ T5941]  ? __switch_to+0x7b4/0x1120
[  289.285294][ T5941]  ? __pfx_kthread+0x10/0x10
[  289.285349][ T5941]  ret_from_fork_asm+0x1a/0x30
[  289.285376][ T5941]  </TASK>
[  289.385357][ T5941] kobject: kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  289.390565][ T5941] Bluetooth: hci5: failed to register connection device
[  289.400935][ T5941] ==================================================================
[  289.403240][T14187] ptrace attach of "/syz-executor exec"[9832] was attempted by ""[14187]
[  289.404248][ T5941] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0xde7/0xf80
[  289.407683][ T1464] usb 7-1: USB disconnect, device number 12
[  289.411796][ T1464] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[  289.414732][ T5941] Read of size 8 at addr ffff888058d38480 by task kworker/u33:2/5941
[  289.421873][ T5941] 
[  289.422825][ T5941] CPU: 1 UID: 0 PID: 5941 Comm: kworker/u33:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  289.422867][ T5941] Tainted: [L]=SOFTLOCKUP
[  289.422877][ T5941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  289.422893][ T5941] Workqueue: hci5 hci_rx_work
[  289.422923][ T5941] Call Trace:
[  289.422928][ T5941]  <TASK>
[  289.422934][ T5941]  dump_stack_lvl+0x100/0x190
[  289.422957][ T5941]  print_report+0x156/0x4c9
[  289.422976][ T5941]  ? __virt_addr_valid+0x239/0x430
[  289.423057][ T5941]  ? l2cap_connect_cfm+0xde7/0xf80
[  289.423073][ T5941]  kasan_report+0xdf/0x1e0
[  289.423088][ T5941]  ? l2cap_connect_cfm+0xde7/0xf80
[  289.423106][ T5941]  l2cap_connect_cfm+0xde7/0xf80
[  289.423125][ T5941]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  289.423142][ T5941]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  289.423159][ T5941]  le_conn_complete_evt+0x197c/0x1f60
[  289.423177][ T5941]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  289.423197][ T5941]  hci_le_conn_complete_evt+0x23c/0x3a0
[  289.423214][ T5941]  ? skb_pull_data+0x15f/0x1e0
[  289.423229][ T5941]  hci_le_meta_evt+0x34a/0x5f0
[  289.423245][ T5941]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  289.423263][ T5941]  hci_event_packet+0x51c/0xcd0
[  289.423278][ T5941]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  289.423295][ T5941]  ? __pfx_hci_event_packet+0x10/0x10
[  289.423312][ T5941]  ? kcov_remote_start+0x374/0x660
[  289.423330][ T5941]  ? lockdep_hardirqs_on+0x78/0x100
[  289.423350][ T5941]  hci_rx_work+0x451/0xfc0
[  289.423367][ T5941]  process_one_work+0xa23/0x19a0
[  289.423384][ T5941]  ? __pfx_process_one_work+0x10/0x10
[  289.423399][ T5941]  ? __pfx_hci_rx_work+0x10/0x10
[  289.423478][ T5941]  worker_thread+0x5ef/0xe50
[  289.423494][ T5941]  ? kthread+0x13a/0x450
[  289.423507][ T5941]  ? __pfx_worker_thread+0x10/0x10
[  289.423521][ T5941]  kthread+0x370/0x450
[  289.423532][ T5941]  ? __pfx_kthread+0x10/0x10
[  289.423546][ T5941]  ret_from_fork+0x754/0xd80
[  289.423559][ T5941]  ? __pfx_ret_from_fork+0x10/0x10
[  289.423573][ T5941]  ? __switch_to+0x7b4/0x1120
[  289.423589][ T5941]  ? __pfx_kthread+0x10/0x10
[  289.423601][ T5941]  ret_from_fork_asm+0x1a/0x30
[  289.423619][ T5941]  </TASK>
[  289.423623][ T5941] 
[  289.501546][ T5941] Allocated by task 5941:
[  289.502985][ T5941]  kasan_save_stack+0x30/0x50
[  289.504532][ T5941]  kasan_save_track+0x14/0x30
[  289.506078][ T5941]  __kasan_kmalloc+0xaa/0xb0
[  289.507590][ T5941]  l2cap_chan_create+0x44/0x940
[  289.509158][ T5941]  l2cap_sock_alloc.constprop.0+0xf5/0x1e0
[  289.511125][ T5941]  l2cap_sock_new_connection_cb+0x101/0x260
[  289.513245][ T5941]  l2cap_connect_cfm+0x4e2/0xf80
[  289.515106][ T5941]  le_conn_complete_evt+0x197c/0x1f60
[  289.516945][ T5941]  hci_le_conn_complete_evt+0x23c/0x3a0
[  289.518769][ T5941]  hci_le_meta_evt+0x34a/0x5f0
[  289.520356][ T5941]  hci_event_packet+0x51c/0xcd0
[  289.522019][ T5941]  hci_rx_work+0x451/0xfc0
[  289.523635][ T5941]  process_one_work+0xa23/0x19a0
[  289.525413][ T5941]  worker_thread+0x5ef/0xe50
[  289.527056][ T5941]  kthread+0x370/0x450
[  289.528450][ T5941]  ret_from_fork+0x754/0xd80
[  289.529963][ T5941]  ret_from_fork_asm+0x1a/0x30
[  289.531713][ T5941] 
[  289.532719][ T5941] Freed by task 14177:
[  289.534477][ T5941]  kasan_save_stack+0x30/0x50
[  289.536767][ T5941]  kasan_save_track+0x14/0x30
[  289.538837][ T5941]  kasan_save_free_info+0x3b/0x70
[  289.540906][ T5941]  __kasan_slab_free+0x5f/0x80
[  289.542819][ T5941]  kfree+0x1f6/0x6b0
[  289.544438][ T5941]  l2cap_chan_put+0x235/0x300
[  289.546376][ T5941]  l2cap_sock_cleanup_listen+0x4d/0x2d0
[  289.548801][ T5941]  l2cap_sock_release+0x69/0x280
[  289.550923][ T5941]  __sock_release+0xb3/0x260
[  289.552789][ T5941]  sock_close+0x1c/0x30
[  289.554191][ T5941]  __fput+0x3ff/0xb40
[  289.555547][ T5941]  task_work_run+0x150/0x240
[  289.557138][ T5941]  exit_to_user_mode_loop+0x100/0x4a0
[  289.558975][ T5941]  do_syscall_64+0x67c/0xf80
[  289.560484][ T5941]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.562354][ T5941] 
[  289.563169][ T5941] The buggy address belongs to the object at ffff888058d38000
[  289.563169][ T5941]  which belongs to the cache kmalloc-2k of size 2048
[  289.568092][ T5941] The buggy address is located 1152 bytes inside of
[  289.568092][ T5941]  freed 2048-byte region [ffff888058d38000, ffff888058d38800)
[  289.572659][ T5941] 
[  289.573437][ T5941] The buggy address belongs to the physical page:
[  289.575504][ T5941] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58d38
[  289.578325][ T5941] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  289.581187][ T5941] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  289.583974][ T5941] page_type: f5(slab)
[  289.585377][ T5941] raw: 00fff00000000040 ffff88801b842f00 dead000000000100 dead000000000122
[  289.588125][ T5941] raw: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000
[  289.590932][ T5941] head: 00fff00000000040 ffff88801b842f00 dead000000000100 dead000000000122
[  289.594057][ T5941] head: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000
[  289.597083][ T5941] head: 00fff00000000003 ffffea0001634e01 00000000ffffffff 00000000ffffffff
[  289.599836][ T5941] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  289.602539][ T5941] page dumped because: kasan: bad access detected
[  289.604609][ T5941] page_owner tracks the page as allocated
[  289.606738][ T5941] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 464, tgid 464 (kworker/u32:7), ts 68803008320, free_ts 0
[  289.613629][ T5941]  post_alloc_hook+0x153/0x170
[  289.615181][ T5941]  get_page_from_freelist+0x111d/0x3140
[  289.616978][ T5941]  __alloc_frozen_pages_noprof+0x27c/0x2ba0
[  289.618877][ T5941]  new_slab+0xa6/0x6b0
[  289.620218][ T5941]  refill_objects+0x26b/0x400
[  289.621825][ T5941]  __pcs_replace_empty_main+0x1ab/0x660
[  289.623953][ T5941]  __kmalloc_node_track_caller_noprof+0x694/0x850
[  289.626316][ T5941]  kmalloc_reserve+0xe8/0x350
[  289.627897][ T5941]  pskb_expand_head+0x246/0xf80
[  289.629478][ T5941]  netlink_trim+0x22d/0x2f0
[  289.630971][ T5941]  netlink_broadcast_filtered+0xd7/0xf50
[  289.632817][ T5941]  nlmsg_notify+0xb1/0x290
[  289.634281][ T5941]  rtmsg_ifinfo+0x177/0x1b0
[  289.636024][ T5941]  netif_state_change+0x17f/0x380
[  289.637941][ T5941]  linkwatch_do_dev+0xdb/0x110
[  289.639620][ T5941]  __linkwatch_run_queue+0x3a9/0x900
[  289.641449][ T5941] page_owner free stack trace missing
[  289.643182][ T5941] 
[  289.643960][ T5941] Memory state around the buggy address:
[  289.645767][ T5941]  ffff888058d38380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  289.648369][ T5941]  ffff888058d38400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  289.650978][ T5941] >ffff888058d38480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  289.653760][ T5941]                    ^
[  289.655188][ T5941]  ffff888058d38500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  289.657792][ T5941]  ffff888058d38580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  289.660345][ T5941] ==================================================================
[  289.666387][ T5941] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  289.668968][ T5941] CPU: 1 UID: 0 PID: 5941 Comm: kworker/u33:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  289.672426][ T5941] Tainted: [L]=SOFTLOCKUP
[  289.673809][ T5941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  289.677369][ T5941] Workqueue: hci5 hci_rx_work
[  289.679200][ T5941] Call Trace:
[  289.680459][ T5941]  <TASK>
[  289.681486][ T5941]  dump_stack_lvl+0x100/0x190
[  289.683044][ T5941]  vpanic+0x552/0x970
[  289.684323][ T5941]  ? __pfx_vpanic+0x10/0x10
[  289.685808][ T5941]  ? l2cap_connect_cfm+0xde7/0xf80
[  289.687451][ T5941]  panic+0xd1/0xe0
[  289.688687][ T5941]  ? __pfx_panic+0x10/0x10
[  289.690205][ T5941]  ? l2cap_connect_cfm+0xde7/0xf80
[  289.692055][ T5941]  ? preempt_schedule_common+0x42/0xc0
[  289.694085][ T5941]  check_panic_on_warn.cold+0x19/0x34
[  289.695984][ T5941]  end_report.part.0+0x3a/0x90
[  289.697519][ T5941]  kasan_report.cold+0xe/0x18
[  289.699042][ T5941]  ? l2cap_connect_cfm+0xde7/0xf80
[  289.700770][ T5941]  l2cap_connect_cfm+0xde7/0xf80
[  289.702489][ T5941]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  289.704459][ T5941]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  289.706430][ T5941]  le_conn_complete_evt+0x197c/0x1f60
[  289.708340][ T5941]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  289.710293][ T5941]  hci_le_conn_complete_evt+0x23c/0x3a0
[  289.712161][ T5941]  ? skb_pull_data+0x15f/0x1e0
[  289.713793][ T5941]  hci_le_meta_evt+0x34a/0x5f0
[  289.715595][ T5941]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  289.718140][ T5941]  hci_event_packet+0x51c/0xcd0
[  289.720154][ T5941]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  289.722119][ T5941]  ? __pfx_hci_event_packet+0x10/0x10
[  289.724238][ T5941]  ? kcov_remote_start+0x374/0x660
[  289.726148][ T5941]  ? lockdep_hardirqs_on+0x78/0x100
[  289.728006][ T5941]  hci_rx_work+0x451/0xfc0
[  289.729578][ T5941]  process_one_work+0xa23/0x19a0
[  289.731526][ T5941]  ? __pfx_process_one_work+0x10/0x10
[  289.733325][ T5941]  ? __pfx_hci_rx_work+0x10/0x10
[  289.735316][ T5941]  worker_thread+0x5ef/0xe50
[  289.737376][ T5941]  ? kthread+0x13a/0x450
[  289.739180][ T5941]  ? __pfx_worker_thread+0x10/0x10
[  289.741332][ T5941]  kthread+0x370/0x450
[  289.742953][ T5941]  ? __pfx_kthread+0x10/0x10
[  289.744572][ T5941]  ret_from_fork+0x754/0xd80
[  289.746125][ T5941]  ? __pfx_ret_from_fork+0x10/0x10
[  289.747777][ T5941]  ? __switch_to+0x7b4/0x1120
[  289.749401][ T5941]  ? __pfx_kthread+0x10/0x10
[  289.751102][ T5941]  ret_from_fork_asm+0x1a/0x30
[  289.752937][ T5941]  </TASK>
[  289.754965][ T5941] Kernel Offset: disabled
[  289.756534][ T5941] Rebooting in 86400 seconds..

VM DIAGNOSIS:
00:41:59  Registers:
info registers vcpu 0

CPU#0
RAX=00000000000002fe RBX=0000000000000000 RCX=ffffc9000c171000 RDX=0000000000080000
RSI=ffffffff84aa1d89 RDI=ffff88803ab50000 RBP=ffff888057a6ae00 RSP=ffffc900038b7da8
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000
R12=0000000000000010 R13=0000000000000003 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff8208f8c0 RFL=00000283 [--S---C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f609804b6c0 ffffffff 00c00000
GS =0000 ffff8880d6338000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000110c2d28e1 CR3=000000004f1e2000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000010001 Opmask01=0000000000000000 Opmask02=00000000f802fefc Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 203a6b6361747320 6461657268747020
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffebe8a3ff6
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffebe8a3ff6 00007ffebe8a3ffc
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6097233274
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f60972332b4
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6097233418
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f60972332a6
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 657a6973203c2065 7a69736565726600 632e6b6361747365 7461636f6c6c6100
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 405f4c5605190540 5f4c564040574300 460b4e4644515640 5144464a49494400
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f60973ec5f8 00007f60973ec5c8 00007f60973ec600 00007f60973ec5e0
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000003a704 RBX=0000000000000042 RCX=ffffc9002f628000 RDX=0000000000100000
RSI=ffffffff81e7c68c RDI=ffff88802ae10000 RBP=0000000000000001 RSP=ffffc900035c7598
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=3a312d3720627375
R12=1ffff920006b8eb5 R13=0000000000000000 R14=ffff88802bb28000 R15=ffffc900035c7660
RIP=ffffffff81e7c68e RFL=00000083 [--S---C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6438000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f0ccb0cbff8 CR3=000000005906a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fffff800 Opmask01=0000000000000000 Opmask02=0000000002fefefc Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 203a6b6361747320 6461657268747020
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe3d0eefe6
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe3d0eefe6 00007ffe3d0eefec
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff226c33274
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff226c332b4
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff226c33418
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff226c332a6
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000322e63 64755f796d6d7564
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7865000a64657275 6769666e6f63203a 7463656e6e6f635f 6273755f7a797300
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5d40000a41405750 424c434b4a46051f 5146404b4b4a465f 4756505f5f5c5600
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff226dec5f8 00007ff226dec5c8 00007ff226dec600 00007ff226dec5e0
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff857ab370 RDI=ffffffff9b4ae040 RBP=ffffffff9b4ae000 RSP=ffffc90006b8ef28
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=0000000000000020 R14=fffffbfff3695c5a R15=dffffc0000000000
RIP=ffffffff857ab397 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c01300
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c01300
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6538000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000110c365b7a CR3=0000000035087000 CR4=00352ef0
DR0=ffffffffffffffff DR1=00000000000001f8 DR2=0000000000000002 DR3=ffffffffefffff15 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000104080 Opmask01=00000000fffffffe Opmask02=00000000ffffffff Opmask03=0000000002082001
Opmask04=00000000ffffffff Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 44455a494c414954 494e495f43455355
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055a11b0ba480
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055a11ae764d0
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa17cdf1b20
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffff0000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 737326d268799483 737326d73385b459
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 c9a41933fb300dbe 737373762962c3ca
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 302e746567646167 2d7761722f737265 766972642f746567 6461672f7375622f
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 302e746567646167 2d7761722f737265 766972642f746567 6461672f7375622f
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055a4411a432a 0000000000000021 0000000000000032
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 003730303d4d554e 5355420036362f36 30322f3938313d45 5059540061366366
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 437263653d700609 1201423d657d617f 7c646a7d380c7000 040a0d5323633066
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7f7f7f7f7f7b7e7f 7f7f7f7f7f7f6f7f 7f6f7f7f7f7d7d7f 7f7f7f77777b7f7f
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4442654344464670 3243353176333030 30623a7475706e69 3d5341494c41444f
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f303830312f3131 453d544355444400 3200302f3730302f 5649522f0065623d
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00303030312f3131 0033310036312f00 30002f2f3700302f 303d4d000036453d
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 282b2e2fdf37342d 280bbfbf23243324 26312033fc040f18 1317140d080b0412
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343133bffc121104 1214041204110814 100411bffc040f18 1317140d080b0412
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000002 RBX=0000000000000002 RCX=ffffffff85001dd4 RDX=0000000000000000
RSI=0000000000000002 RDI=ffff888058cd24c0 RBP=ffffffff8c1b3c20 RSP=ffffc900036b68a8
R8 =0000000000000001 R9 =0000000000000002 R10=0000000000000000 R11=ffff888058a30042
R12=0000000000000000 R13=0000000000000004 R14=0000000000000001 R15=0000000000000001
RIP=ffffffff8208f424 RFL=00000297 [--S-APC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c01300
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c01300
FS =0000 00007f0ccb0cc6c0 ffffffff 00c00000
GS =0000 ffff8880d6638000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f6098029ff8 CR3=0000000061420000 CR4=00352ef0
DR0=ffffffffffffffff DR1=00000000000001f8 DR2=0000000000000002 DR3=ffffffffefffff15 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=00000000f802fefc Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7372656c6c6f7274 6e6f632e70756f72
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffebe8a3ff6
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffebe8a3ff6 00007ffebe8a3ffc
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6097233274
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f60972332b4
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6097233418
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f60972332a6
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6379656b00657461 69746e6174736e69 246c746379656b00 7974697275636573
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000