last executing test programs:

2m9.298831157s ago: executing program 2 (id=450):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r0)
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, r1, 0xba87317d461c07c9, 0x70bd3d, 0x4004}, 0x14}, 0x1, 0x0, 0x0, 0x40000c9}, 0x1000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYRESOCT=r0, @ANYRES16=r0, @ANYBLOB="140006000000000005"], 0x40}, 0x1, 0x0, 0x0, 0x24000011}, 0x0)
r2 = socket$inet6(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000c80)={'batadv_slave_1\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000000)=ANY=[@ANYBLOB="480000001400090527bd7000fddbdf25021f00cb", @ANYRES32=r4, @ANYBLOB="0800040064010104080008000001000008000200e0000002080009000600000008"], 0x48}, 0x1, 0x0, 0x0, 0x4040014}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="1800"], 0x18}}, 0x0)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), r0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan1\x00', <r6=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000440)={0x200, r5, 0x200, 0x70bd2d, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000002}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_SEC_KEY={0x30, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0xc}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "9cc0045a5fe76bd3cacb9a38da81e9cd31e156ff3647ff5cedd7cde206b4ff6e"}]}, @NL802154_ATTR_SEC_KEY={0x178, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "0b06cd9b722de2f3e5fd5385bbd4c90c77a53fc09aebdcf36b1da3b39930dffc"}, @NL802154_KEY_ATTR_ID={0xac, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x7ff}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x44, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa3}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa0}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x28, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x18, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa1}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}]}]}, @NL802154_KEY_ATTR_ID={0xc, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x1}]}, @NL802154_KEY_ATTR_ID={0x3c, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x3ff}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x354c7a29}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x4}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}]}]}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "1a3fcc8c502712ae7c579bff468f0b3673977193a9d739aef1ae9f4d0c48f870"}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "f33ce003870d21181fae3dbe5c4cd4b8"}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "ae27218cb060fbac5cc2873ca7175fa451ebf32c096cfe99b06b5a3e6097cd34"}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x200}, 0x1, 0x0, 0x0, 0x8800}, 0x40000)
sendto$inet6(r2, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)

2m9.230615905s ago: executing program 2 (id=451):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0xe8381, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, &(0x7f0000000980)={0x0, 0x0, @pic={0xff, 0x8, 0x43, 0x2, 0x1, 0x2, 0xdf, 0x6, 0xb6, 0x8, 0x93, 0x4, 0xa, 0x8e, 0xaa, 0x4f}})
r2 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0xffffffffffffffff, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
r3 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_int(r4, 0x29, 0x4b, &(0x7f00000001c0)=0x9, 0x4)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000140)={0x2, @vbi={0x500, 0x0, 0x0, 0x0, [0x4]}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0xe8381, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, &(0x7f0000000980)={0x0, 0x0, @pic={0xff, 0x8, 0x43, 0x2, 0x1, 0x2, 0xdf, 0x6, 0xb6, 0x8, 0x93, 0x4, 0xa, 0x8e, 0xaa, 0x4f}}) (async)
socket$igmp6(0xa, 0x3, 0x2) (async)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0xffffffffffffffff, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528) (async)
syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) (async)
socket$inet6_mptcp(0xa, 0x1, 0x106) (async)
setsockopt$inet6_int(r4, 0x29, 0x4b, &(0x7f00000001c0)=0x9, 0x4) (async)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000140)={0x2, @vbi={0x500, 0x0, 0x0, 0x0, [0x4]}}) (async)

2m9.000872213s ago: executing program 2 (id=457):
r0 = socket$inet6_udp(0xa, 0x2, 0x0) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) (async)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=@newsa={0x13c, 0x10, 0x413, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@dev={0xfe, 0x80, '\x00', 0x32}, 0x0, 0x0, 0x4e24, 0x0, 0x2, 0x0, 0x20, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x0, 0x32}, @in=@dev={0xac, 0x14, 0x14, 0x16}, {0x0, 0x0, 0x0, 0x0, 0xc64a, 0x0, 0x20000000008}, {0x0, 0x1, 0xcc, 0x4}, {0x5}, 0x70bd26, 0xfffffffe, 0xa, 0x1, 0x1}, [@algo_aead={0x4c, 0x12, {{'rfc4309(ccm(aes))\x00'}, 0x0, 0x80}}]}, 0x13c}, 0x1, 0x0, 0x0, 0x20044804}, 0x0) (async)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_int(r2, &(0x7f0000000080)='hugetlb.2MB.max_usage_in_bytes\x00', 0x2, 0x0)
sendfile(r3, r3, 0x0, 0x8000)
ioctl$sock_inet6_udp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080))

2m8.689261441s ago: executing program 2 (id=459):
socket$kcm(0x29, 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r2, 0x0, 0x22, &(0x7f00000056c0), 0x4)
r3 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000001780))
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r4, &(0x7f0000000500)=[{&(0x7f00000002c0)=""/23, 0x17}], 0x1, 0x6, 0x6)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000140), 0x80, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000400)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000380)={0x28, 0x5, r6, 0x0, &(0x7f00005c8000/0x3000)=nil, 0x3000, 0x9fa1})
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000040)={0x28, 0x4, r6, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9})
ioctl$IOMMU_IOAS_COPY(r5, 0x3b83, &(0x7f0000000100)={0x28, 0x2, 0x0, r6, 0x2000000000002, 0x80000001, 0x3fff})
ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(r4, 0x3b87, &(0x7f0000000100)={0x18, 0x1, 0x0, 0x0, r6, 0x1a})
ioctl$PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f0000001880)={0x60, 0x1, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x7, 0x0, 0x0, 0x401, 0x8, 0x61, 0x4, 0x24})
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a44000000060a0b0400000000000000000200080818000480140001800a000100696e6e6572000000040002800900010073797a30000000000900020073797a3000000000140000001100010000000000000000000300000a5bca3ca87952ea8874d812c3fa6b87cc66436af0486e97a0c0857d3c4f3d57968570380c128957e4111ada9a9b3f1f65ae374a635e7e8891ba235bfacf4e3b5debef907ea76696ff822ae346e33a30a8a94898b87c6aa5ff292f0965ef1b3ff434aeb0d982a0a3f6aff80f267f3c325d1d35ac292fe2cddebb6c58dfc6a46d682692b3c0a04a23c482c0d6d6a4e6c9fe11884e42cb945f4095880134923aaa8a07e06df02d1fb62da5f44e6b5ce222f017bb23400111b6e33e41a6c150ba8db9d1d64ba054d0a69e07"], 0x6c}}, 0x20000000)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x10, 0x1, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x220, 0x20000}, [@IFLA_IFNAME={0x14, 0x3, 'macsec0\x00'}, @IFLA_ADDRESS={0xa, 0x1, @local}]}, 0x40}, 0x1, 0x0, 0x0, 0x90}, 0x0)

2m8.688942757s ago: executing program 2 (id=460):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$kcm(0xa, 0x922000000003, 0x11)
mbind(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x5, &(0x7f0000000240)=0xffffffffffffffff, 0x85, 0x0)
setsockopt$sock_attach_bpf(r1, 0x29, 0x24, &(0x7f00000000c0), 0x19)
socket$unix(0x1, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={&(0x7f0000000400)=@l2tp6={0xa, 0x0, 0x7, @mcast1, 0x7, 0x10000002}, 0x80, &(0x7f0000000480)=[{&(0x7f0000001540)="f4000900062b3b25fe80000000000000", 0x10}, {&(0x7f0000000240)="45f289a31a11d10c1101fb2cc62ff73459000ec82c600374", 0x18}], 0x2}, 0x20000884)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c)
ppoll(&(0x7f0000000500)=[{r2, 0x2081}], 0x1, 0x0, 0x0, 0x0)
r3 = fsopen(&(0x7f0000000240)='ramfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
fchdir(r4)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r1, &(0x7f0000000040)={0x48000004})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'erspan0\x00'})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000036c0)=ANY=[@ANYBLOB="000000f2ff000000", @ANYRES32=0x0, @ANYBLOB="6cf2040000000000140003006e657464657673696d3000000000000014001680100001800c000900b02200007a000000"], 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x0)

2m8.590650673s ago: executing program 2 (id=461):
syz_emit_vhci(&(0x7f00000001c0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0xa, 0x1, 0x406}}}, 0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r4, 0x800455c9, 0x80)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f00000001c0)={0x7, 0x2, 0x4})
close_range(r5, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000400)={0x19980330}, &(0x7f0000000040)={0x200000, 0x200000, 0x8000000, 0x0, 0x0, 0x1003})
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='quota,grpquota_block_hardlimit=3'])
chdir(&(0x7f0000000640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00')
symlink(&(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000140), r1)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0593910421a9febabfb9d24a75f801426d187523d0d3f79d01fcaf2b12dc486499e045ba", @ANYRES16=r6, @ANYBLOB="00012abd7000fddbdf25010000000800040005000000"], 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x440c0)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
splice(r2, 0x0, r1, 0x0, 0xffffffffffff8000, 0x0)
close(0x4)

2m7.348976844s ago: executing program 32 (id=465):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40002804}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, 0x7, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x6}, [@IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x6}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc810}, 0x4015)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0xa, &(0x7f0000000680)=ANY=[@ANYBLOB="180872"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="4c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff000000001c0012800b0001006772657461700000", @ANYRES32, @ANYBLOB='\b\x00\r\x00\x00\x00\x00\x00\b\x00?'], 0x4c}}, 0x0)

1m53.618854825s ago: executing program 33 (id=461):
syz_emit_vhci(&(0x7f00000001c0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0xa, 0x1, 0x406}}}, 0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r4, 0x800455c9, 0x80)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f00000001c0)={0x7, 0x2, 0x4})
close_range(r5, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000400)={0x19980330}, &(0x7f0000000040)={0x200000, 0x200000, 0x8000000, 0x0, 0x0, 0x1003})
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='quota,grpquota_block_hardlimit=3'])
chdir(&(0x7f0000000640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00')
symlink(&(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000140), r1)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0593910421a9febabfb9d24a75f801426d187523d0d3f79d01fcaf2b12dc486499e045ba", @ANYRES16=r6, @ANYBLOB="00012abd7000fddbdf25010000000800040005000000"], 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x440c0)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})
splice(r2, 0x0, r1, 0x0, 0xffffffffffff8000, 0x0)
close(0x4)

1m50.000675101s ago: executing program 4 (id=614):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0xffffffffffff7fff, 0x10080) (async)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x28f, 0xfff, 0xa})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000000)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r1, 0xc01c64a3, &(0x7f0000000340)={0x3, r2, 0xfffffffa, 0x7fffffff, 0xb, 0x1fd, 0x1}) (async)
ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64a3, &(0x7f00000003c0)={0x2, r2, 0x6, 0x3, 0x2, 0xa, 0x31d}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f0000000100)={<r3=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01864c2, &(0x7f0000000140)={<r4=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TRANSFER(r0, 0xc02064cc, &(0x7f0000000180)={r3, r4, 0x8, 0x7})
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1) (async)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB='\x00\b\x00oupOid=', @ANYRES8]) (async, rerun: 32)
read$FUSE(r5, &(0x7f0000006300)={0x2020, 0x0, <r6=>0x0, 0x0, 0x0, <r7=>0x0}, 0x2020) (rerun: 32)
write$FUSE_INIT(r5, &(0x7f0000000340)={0x50, 0x0, r6, {0x7, 0x1f, 0x0, 0x34014c40, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
r8 = syz_open_dev$vcsa(&(0x7f0000000240), 0x1, 0x22120)
setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r8, 0x84, 0x7, &(0x7f00000002c0)={0x5}, 0x4) (async)
syz_fuse_handle_req(r5, &(0x7f0000008340)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000001d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0xfa, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x80101, 0x2)
r10 = socket(0x28, 0x5, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x40004) (async)
fcntl$lock(r9, 0x6, &(0x7f00000000c0)={0x2, 0x2, 0x5, 0x8, r7}) (async)
r11 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x80400, 0x0) (async, rerun: 64)
r12 = ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x1000000000000, 0x100000000}) (rerun: 64)
madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x3e558f140c1c408d) (async)
ioctl$DMA_BUF_IOCTL_SYNC(r12, 0x40086200, &(0x7f0000000080)) (async)
ioctl$VHOST_SET_FEATURES(r11, 0x4008af00, &(0x7f0000000200)=0x8001100)

1m49.939797106s ago: executing program 4 (id=617):
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x8000]}, 0x8, 0x80000)
getsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0xe)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000200)=0x1, 0x4)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000000400)={'wg2\x00', <r4=>0x0})
bind$xdp(r2, &(0x7f0000000100)={0x2c, 0xa, r4}, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000007c0)={0x14, 0x15, 0x301, 0x0, 0x0, {0xa}}, 0x14}}, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0xe, 0x4, 0x4, 0x4, 0x1001, 0x1, 0xfefffffe}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2c}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {}, {0x85, 0x0, 0x0, 0x33}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00000}, 0x94)

1m49.860215067s ago: executing program 4 (id=619):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb7, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0xa8}, [@ldst={0x5, 0x3, 0x0, 0xa}]}, &(0x7f00000002c0)='GPL\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x2a)
r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0xffffffffffffffff, 0xc, 0x18}, 0xc)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000100)={r0, r1}, 0xc)

1m49.768638288s ago: executing program 4 (id=621):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x101201, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4020aeb2, &(0x7f00000006c0)={0x0, 0x0, @ioapic={0x100010000, 0x101, 0x0, 0x0, 0x0, [{0x6, 0x6, 0x8, '\x00', 0xab}, {0x2, 0x0, 0x2, '\x00', 0x5b}, {0x60, 0x4, 0x8, '\x00', 0x8}, {0x5, 0x6, 0x3, '\x00', 0xf1}, {0xc, 0x0, 0x9, '\x00', 0x43}, {0x4, 0x79, 0xc5, '\x00', 0x5}, {0x94, 0x3, 0xb, '\x00', 0xfe}, {0xf, 0x0, 0x6, '\x00', 0xfc}, {0x1, 0x4, 0x8, '\x00', 0x33}, {0x1, 0xf, 0x57, '\x00', 0x9}, {0x5, 0x4, 0x1, '\x00', 0x6}, {0x81, 0x6, 0x6, '\x00', 0x48}, {0x7, 0x3, 0x8, '\x00', 0xff}, {0x6, 0x3, 0xa3, '\x00', 0x2}, {0x7, 0x0, 0x3, '\x00', 0x6}, {0xd, 0xfb, 0xd, '\x00', 0x6}, {0x8, 0x80, 0x80, '\x00', 0xb}, {0x3, 0x89, 0x81, '\x00', 0xe}, {0x78, 0x7, 0x2, '\x00', 0x7}, {0x3, 0x3, 0xb6, '\x00', 0x7}, {0x5, 0x26, 0x5, '\x00', 0x9}, {0x7, 0x9, 0x9, '\x00', 0x81}, {0xf9, 0xd, 0x81, '\x00', 0x81}, {0xfd, 0x3, 0x80, '\x00', 0x6}]}})
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
getsockopt$bt_hci(r2, 0x0, 0x2, 0x0, &(0x7f0000001200))
mmap(&(0x7f0000a6b000/0x1000)=nil, 0x1000, 0xb, 0x12, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0xa00000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)

1m49.690106977s ago: executing program 4 (id=622):
r0 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000004c0)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1, 0x8000000000000003, {}, 0xfd}, 0x18)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000300)=@gettclass={0x24, 0x2a, 0x800, 0x70bd2c, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0x1, 0x5}, {0x3}, {0x6}}, ["", "", "", ""]}, 0x24}}, 0x40)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@newtaction={0x140, 0x30, 0xc96f2b0dc02613b7, 0x71bd23, 0x25dfdbff, {}, [{0x12c, 0x1, [@m_ife={0x98, 0xb, 0x0, 0x0, {{0x8}, {0x48, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x1, 0x8, 0x8, 0x1ff, 0x8}, 0x1}}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x10800, 0xffffffff, 0x4, 0x800004, 0xe4}, 0x1}}, @TCA_IFE_DMAC={0xa, 0x3, @multicast}]}, {0x2a, 0x6, "ea24464decc1b2772ce0e9d802b5374a8d6638c9f5d62d73097ad328a4154dd4046c261a61dc"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_csum={0x60, 0x14, 0x0, 0x0, {{0x9}, {0x4}, {0x34, 0x6, "1ed0822c77a64017dbc62f5d14d932ebc6c446abdf4e3b55ee133232e0d764e0b30353d506aa394ff3584b721f343a4b"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_skbmod={0x30, 0xd, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}]}, 0x140}, 0x1, 0x0, 0x0, 0x4004000}, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendto(r2, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x8804, 0x0, 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x202)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000780)={0xfffffffe, 0x0, 0x0, 'queue0\x00', 0x48})
write$sndseq(r3, &(0x7f00000000c0)=[{0x5, 0x0, 0x0, 0x0, @time, {}, {}, @queue={0xa, {0x7fff, 0x1}}}], 0x1c)
recvmmsg(r2, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

1m49.688883217s ago: executing program 4 (id=623):
r0 = io_uring_setup(0x3b70, 0x0)
r1 = socket(0x10, 0x2, 0x0)
write(r1, &(0x7f0000000000)="240000001d005f80004000000000000002000000010000000000080008000100000303ff", 0x24)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x4)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x40040)
ioctl$DRM_IOCTL_MODE_SETGAMMA(r3, 0xc02064a5, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'veth1_virt_wifi\x00'})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)
lseek(r0, 0x100000000, 0x0)
write$cgroup_pid(r5, &(0x7f00000001c0), 0x12)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_COUNTERS(r6, 0x0, 0x81, &(0x7f00000002c0)={'filter\x00', 0x0, 0x0, 0x0, [0x100, 0x6, 0x2, 0x9, 0x7f, 0x7], 0x1, 0x0, 0x0, [{}]}, 0x88)
sync()

1m36.19706274s ago: executing program 1 (id=780):
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, &(0x7f0000000440)={'8255\x00', [0x0, 0x0, 0xa1a, 0x4, 0x6, 0x800afa3, 0x0, 0x4, 0x5855, 0x2, 0x7, 0x9, 0x1, 0x9, 0x6, 0x2, 0x6f48, 0x4, 0x2, 0xa, 0x5, 0xcaa2, 0x1003, 0x20001e5b, 0x2000003, 0xe69, 0x2, 0x4, 0x4086, 0x0, 0x6f5]})
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'sit0\x00'})
ioctl$int_in(r1, 0x5452, &(0x7f0000000000)=0xb)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="d00000001800010600000000fedbdf251c140000fe0000010000000005001a"], 0xd0}}, 0x0)

1m36.149488562s ago: executing program 1 (id=781):
r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x70, 0x103301)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000040)=@usbdevfs_driver={0x0, 0x409dba32, &(0x7f0000000080)})

1m35.358878826s ago: executing program 1 (id=782):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0)
close(r0) (async, rerun: 64)
ioctl$SIOCSIFHWADDR(r0, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="000500000020"}) (rerun: 64)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000002800), 0x60c00, 0x0)
ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r1, 0x3b8b, &(0x7f00000028c0)={0x10, 0x1}) (async, rerun: 64)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="1400000008010800000000ec3da4d20cd86723"], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x100) (async, rerun: 64)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r3, 0x201, 0x400000, 0x25dfdbfc, {{}, {}, {0x8, 0x11, 0x4004}}}, 0x24}}, 0x40)

1m35.358463989s ago: executing program 1 (id=783):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$inet6(r0, &(0x7f0000002280)={&(0x7f0000001e40)={0xa, 0x4e24, 0x0, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="b005000000000000290000003600000000b2"], 0x5b0}, 0x20008001) (async)
sendmsg$inet6(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000340)="ef38df273fc935b005d380e9f6696d255b9514052a1b756b91083e499f7bb421796c44b950615f6f7d41069833c26b9b29bf4daa43b0a88b04021524cc234c9a324985b69d9de6df45f3908a9cff334bb3b0c2c8ccbead00a4875fe738f0278ec824a00fdb111d7ddae3ac78ec0d5a0a01f6", 0x72}, {&(0x7f0000000600)="7e2f13319f5ba68052aecbc9e8faf501d6f209417f73bd29f751b420bf51f813683947e8e63f1888593969adf3913a215e5e150d309dbfd15334631756e76059d86e0d42c918f0bcb4cbc28a3d71a52285fd9045e3853cd3c0cfc76f71de7f2474c4c4bb6c201b43d80a509c9d0f1365b026ab41e2140695903b86e1d5a27a27fced6360709c662712c37ba3dd86d3a8ace3ffeeb108497f87b94cafd91d50956ba86714090c6bb902e9187a201fdf2b7034cc064d3bf4e40876b9acab7687258f6407e1d8613b8be94684f68cb76f202873fff97008614b2c110eebc8f4090480fbfe0361e1e65b97f19d6078ea6ec03c5ee3aaf8f0cc5300895134ab81087cc55161abc527331c03ecfa01ac01319d9ba949d4519c2b46a7dcaa9e87cc2b28181a9549b5bdc7192cb2a9398720ed1f01509561767f2d11ed4f52cbc6012dca85fbc6739a54562ede8ff2886adc1ba78363ba4528223e0e4977c5471383c8748e0afd2a4e65dd9584cbb7adc0678404c1e9c15e37c25ad4d5c9ddffabe101eb82321b79c36329e5ef9d783afb0add226b74a1e39b6d2cce3504411513e89e94612db022606db2af33b387bea85b317f803bf18e3ae361890ad1fabdb03d4e942d1dd623b649ced2c518e6a906f3c5c176fcb6cb7439a88fe77d828944edf63ca179412f7d91d636b69e0147cbf033d2393100d2844bd84fc8bc4d32757d158935a7efebe8419048082103be7864d16adc35cfa3b25d5bf6889f16b94e5745e24626ae4bea76684f93420ef4243d6ac80ef86088da3f59c64d776659fc4fedaccc02f51dc05db81e387c18766bd5dd3fe703d6a91f12406388e990e8c919f49ad7969459a0cfa291bd1440ae4208849e67984c7d9e0c8ed5e639eb77feb87bed3d08d2a89d504ab40e3f76d090e602604a973f4b1683347d1a53b4ce215b63b69079b76afc8b2ae199f88f7f87b90b2392f27293a79c40737ffa23f99c2880a64445f65dae56263a945a6e98ccc4a3febbd85fb837bdde5e0d4bf9bc4c801ac2afda5c2668da61ba526321600f1795a31fa067f337c7115eef024edb641c859f7ba1460adeef04da39e1376d5255a885bd01ae3c27dd2699bfc1ceae35008a61cee317a704eee9443d0d95a371be776e5646201e544bc19561a22ed7e82d41eac30dfbc26ac19af1b7ead8de446a0f290aafaced0d8db1b9a88ab0c3f77352a39149ae9bd1532f435083eb3deafbb78f43216be6f5cc164a6d67b2c87b6d319db9fce2023b6525ba888f727398ecd77c3dd36a4828cb613803600a3dd2beb0885b100bda9f6db1130c0cdc1faa3d03e6194abfe08d3b9a73585f40a2024f2e9a2e901dc1f88532c43e36a7e361212c419006a42e20092afc03715a1979ceaf2530d651231b61a2cefc8585f4c629a2853750bdf79495a896bf94793549aeacf6d0d0c2c860e976451177c0f736969b06da6c2f80ed40790fac339ee8aba0e9d6a394246486f5b0ebb1a66bd4a2fac1015e84af8be1ad7dd1c2bf96da9067fb18e798759eb02a81773462eaf9c71c007b1cc4df7f0e421063ad041c4d5b59f444d0fa9a952f9ed5b9dbab482928c9dd2ed960ed61f92c4ab7e3673c3a9430defdb6f16d555c5e1baa8d7c5bd705e53640951a84bc41942b7232eee96ec28599a37e32f02aa6e1e99ab41bd77613b0fd988b32ba2aecdfd03afc9df5a5389ed7db7cada460b02fcc5788990d82ab87ed95337b0dbbcd875a19fd2aaea69bdc0e6a4a62ae417e6abd393b7a42ebff7c2ef9bd702168a64fdebd22b154a75029e033ffeebbba83bf76428f4e1400ee54d13ee842646965a15cf63f34705d1fb63ddf4bd1caded6147b0d6a1acc6bac4e9ea4ae024d5c226554be37ab62b754bcbd71dbbaab17664267d035e31fa6f1260b1bb94f8bad65c289717a833d4e164dbc7c1d62cfbd6e121d4944e4716ea304dfb2457f36c2725537947ba9597d29b22bac11f008f24fe37187c4780aaef80b9e3444d610c1a01ef37c4dbc53440547d0f94d90ddef7ddc86e35c0bcc2dd9d2aea4532b20feb8579a922464dfcfe965538ee13ace8c7e1b2321bde8dae0a0ef2e1bfce793992cc67a39be3b6189f0dc24a791157d4821f242e2a9709d469272584b3db4abd60ce0a2c09a46b715aab0048a0ac84ac0d55763ebcafed1ffe45310f97ebecf48f61e33cfa1cff0164f1def00ce05045dee97669b2de718d17e4cf8cee5f000eae701117f7fc43445395b73cf7a002568bdc5345143bda028e0f742f4c299b23fac0ed92665ae1968549d1cdbeb7c17eb96dc079be83a7a74e5b15497e94de3bdfee822ca7de3cd1d0e8cda82476ae4bdb72341e93be67efb78ebb38930c07ce99fccb433465b539b16f32486ccb975c0ec219528df37b61b6105c3ecbe2c0feb328e4034e778592887ce167f9eeec04f9c8d11753d6d8e0798c7932cefcf9bc7b8c9d30688fa226e107eede50d6a3ceff7477107b61a12676e261cb9c216d2bfdd4c6475d192df60cc2c16d77e2ddf51b7f67b57dc71bccbc6a84890bcc5f337a0a6915f88bfa40a9dbc2f8ca7221e7f78c375bb68af519b9d3db2227bdcc1d1e449b164c5db8db3ae8db6423194317e55a43b4df9c2b034c26855303f9c68ccb89c8256029864f052c02b41e27d5336ff2350697579ae08bd25dc051e50e67c8df3d247cf59979a2b2291a069b32bbad17af58ce5494f796bad30898594c606220ce178949d9dd2b8355d8e43dbd7e22c069de917660244c1210fded55766da83759310ab1c86cc691d82e04f8dea7efe50d8841959e7fc2d66805cfed5b033a5d3228c1f97ebb8bac373a41df7c1eaaa2a50987f93a81a7aafb331bc1d2bdd0eebc4bec4095e17af3e206a499f054f9c632fc1809ec0b8327bd069039e2b97a951889fbcbc40a63019362aca8a517153c4c74f47629f45faccd72b743abc4a46f3fd34f6ca384278c2e44337f824e2c4272c5ad46322202606d8f4f7dc6a3e5ff865d593b1d75ae4c7f260f98a5d3e231b884c55d497494462baa9ffb2c64a5432f2f238658ffd25ac26ab0b22add514f38fff2ee82b16e623f17690699e12bce3f974511a8f89d5df7cab89abfc84cb565d253535c67ecafb291f27f61b84f1062d029831ce56e2defcfb5aed43fdb68a107b4a25916b7dbdb56b2e324be966201a5668e676f68808e8c7c6e2926857e6bd5d729d9364a46e4ca4659ae160b65f5d97f3d22ebe0e9f357feb31de17ffa313a3f67a25c01d722ade96598a37dedc97173ad9c7478748fa6e57c3edc825bac7c60d4ac4d96ec34626f965510a3b26ca4f4969d1b0c3e8b1e495b12ab392b7fbb34f0932a768957ba6590ab8022f299cfdecb3c3ee4c3cde5722d62e2235da4f4146507d9e022d57ae25ecc1fde4b57b100cfade350673ee61cc1e313f0dcaed5aa18a012d3ad7cea187cdf4921ec55755dbbc9bd9a39d66220bc1e8f4b6f730f337014e52f12a10bc47f277b5214dad60bd9925183ef53c0c9c7b2c1aa7416fa27b46398b7cbee31a4b416ad0f189d2e0d5e2bfbd8e0e5e1e1f59ec1c635cac00a0b75fe2a3b9916e5c8de9b574385e51fb10704b9901fd90803d7d0e67544975fdf516f0df1d7d0bd7520b618d92b3bfc07c468edd9f53796c80d78987b761b07021d5f4ad07a5f94307f7939c4747e65df8037e9ce268641dba4ffc348bbe4ae3f1844c5f761a6d02c18e389f5776bfbcae20e2e588ffc5465f5954665fea1c9cac6cf5691ca6e1f54e6dd774be7a0bfe87f6adb839572138765e14c2ab04c373ab3fd801dd9f639c886977320affe425dacc7aef1f1b069aacb0b9b94b202bb8fddcc2e07c925dfe750047ec1bccc3a50e5c3319e38b0946a4309bd1a99a033454e36a7af99f3cbf63c6804c9933a8080b445e38a269ef3cf8167ec4818800c800f8a6e17f85ee87bd6ca8005cd1fe1a304034c11f641b195811b40bd15d9386c18e3a47c32025869bc16e149456", 0xb17}], 0x2}, 0x20008004)
syz_emit_ethernet(0x66, &(0x7f0000000000)={@local, @random="cce390677742", @val={@val={0x88a8, 0x0, 0x0, 0x3}, {0x8100, 0x6, 0x1}}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0cbb45", 0x28, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, {[], @ndisc_redir={0x2, 0x0, 0x0, '\x00', @empty, @private1}}}}}}, 0x0)

1m35.357896753s ago: executing program 1 (id=784):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101)
mount$fuse(0x0, 0x0, 0x0, 0x2b18094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x10, &(0x7f0000000400))
chdir(&(0x7f0000000140)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r1 = open$dir(&(0x7f0000000000)='./file0/../file0\x00', 0x10000, 0x180)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
mount_setattr(r1, &(0x7f0000000100)='./file1\x00', 0x8000, &(0x7f00000001c0)={0x78, 0x4, 0x60000, {r2}}, 0x20)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x5f, 0xffffffffffffffff, {0x29}}, './file0\x00'})
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101) (async)
mount$fuse(0x0, 0x0, 0x0, 0x2b18094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) (async)
mount(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x10, &(0x7f0000000400)) (async)
chdir(&(0x7f0000000140)='./file1\x00') (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) (async)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) (async)
openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) (async)
open$dir(&(0x7f0000000000)='./file0/../file0\x00', 0x10000, 0x180) (async)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async)
mount_setattr(r1, &(0x7f0000000100)='./file1\x00', 0x8000, &(0x7f00000001c0)={0x78, 0x4, 0x60000, {r2}}, 0x20) (async)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x5f, 0xffffffffffffffff, {0x29}}, './file0\x00'}) (async)

1m35.357078759s ago: executing program 1 (id=785):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000700)='/sys/kernel/cpu_byteorder', 0x0, 0x0)
ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f0000000180)={0x8000, 0xc5f7, @value=0x1})
r1 = openat$cgroup_ro(r0, &(0x7f0000000000)='blkio.bfq.sectors_recursive\x00', 0x0, 0x0)
ioctl$TUNGETFILTER(r1, 0x801054db, &(0x7f0000000040)=""/14) (async)
r2 = add_key$user(&(0x7f0000000080), &(0x7f0000000300)={'syz', 0x3}, &(0x7f0000000200)='\x00', 0x1, 0xfffffffffffffffe)
r3 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r2, r3, r2}, &(0x7f00000000c0)=""/67, 0x43, 0x0) (async)
read$nci(r0, &(0x7f0000000680)=""/88, 0x58) (async)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000900)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffb}}, [@mark={0xc, 0x15, {0x35075c, 0xfffffffb}}]}, 0xc4}}, 0x0)

1m33.875241034s ago: executing program 34 (id=623):
r0 = io_uring_setup(0x3b70, 0x0)
r1 = socket(0x10, 0x2, 0x0)
write(r1, &(0x7f0000000000)="240000001d005f80004000000000000002000000010000000000080008000100000303ff", 0x24)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x4)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x40040)
ioctl$DRM_IOCTL_MODE_SETGAMMA(r3, 0xc02064a5, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'veth1_virt_wifi\x00'})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)
lseek(r0, 0x100000000, 0x0)
write$cgroup_pid(r5, &(0x7f00000001c0), 0x12)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_COUNTERS(r6, 0x0, 0x81, &(0x7f00000002c0)={'filter\x00', 0x0, 0x0, 0x0, [0x100, 0x6, 0x2, 0x9, 0x7f, 0x7], 0x1, 0x0, 0x0, [{}]}, 0x88)
sync()

1m31.877620821s ago: executing program 3 (id=830):
socket$inet_icmp_raw(0x2, 0x3, 0x1) (async)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x201, 0xe4340000, 0x0, {0x2}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0xa}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x44080}, 0x2)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}, "00186371ae9b1c03"}}}}}, 0x0)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000240)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0xffffffffffffff6b, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48)

1m31.687181203s ago: executing program 3 (id=832):
r0 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/netstat\x00')
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@getqdisc={0x24, 0x26, 0x705, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x1, 0xa}, {0x10, 0x8}, {0xfff2, 0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
pread64(r0, &(0x7f000001a240)=""/102400, 0x19000, 0x100008)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000200), 0x76, 0x103901)
ioctl$USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f0000000040)={0x80, 0x8, 0x7ff, 0x0, 0x0, 0xf421, 0x0})
readv(0xffffffffffffffff, &(0x7f00000002c0)=[{&(0x7f0000000000)=""/193, 0xc1}, {&(0x7f0000000100)=""/158, 0x9e}, {&(0x7f00000001c0)=""/76, 0x4c}, {&(0x7f0000000240)=""/99, 0x63}], 0x4)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x10, 0x90}, [@ldst={0x3, 0x0, 0xb, 0x0, 0x0, 0x9800}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x48)
r4 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r4, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r5 = socket$unix(0x1, 0x2, 0x0)
r6 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
ioctl$VIDIOC_STREAMOFF(r6, 0x40045613, &(0x7f0000000080)=0x2)
connect$unix(r5, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
connect$unix(r5, &(0x7f0000000340)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, 0x0, 0x110)

1m31.610025299s ago: executing program 3 (id=833):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000175622bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="00000002104300001c0012800e80cf78982185fa0100697036677265626170000000080035947a818f8291139f69ec028004001200"], 0x3c}, 0x1, 0x0, 0x0, 0x20000800}, 0x4c040) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000175622bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="00000002104300001c0012800e80cf78982185fa0100697036677265626170000000080035947a818f8291139f69ec028004001200"], 0x3c}, 0x1, 0x0, 0x0, 0x20000800}, 0x4c040)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xe0881)
write$sndseq(r0, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000900)={0x6, 0x0, 0x1ff, 0x3, 0x5, 0x52a9396a, 0x1, 0x8}, 0x0, &(0x7f0000000980)={0x8, 0x7fff, 0x0, 0xc, 0xf, 0x9, 0x3, 0x9}, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000001140)={0x80, 0x21, 0x3, 0x7})
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x360, 0x0, 0x111, 0x4b4, 0x1c0, 0xd4feffff, 0x290, 0x20a, 0x278, 0x290, 0x278, 0x3, 0x0, {[{{@ipv6={@private0, @empty, [0x0, 0xffffff00], [0xffffff00, 0x0, 0x0, 0xffffffff], 'ipvlan0\x00', 'team_slave_0\x00', {}, {}, 0x6, 0x8d, 0x0, 0x20}, 0x0, 0x198, 0x1c0, 0x0, {}, [@common=@unspec=@cluster={{0x30}, {0xcd, 0x5, 0x2, 0x1}}, @common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "6d93eb00557dfa39de04767f46614613a407abbf4ed2e83a63b484dbb3bf6b2a850e79009e2905d2f98ba19f91f3c9faee6d3686e9bee067f4e77d9ad66238750c4100d7ee97ec7646259d90edece6e9787a97bc956c01754c34c5c9518c46178ed5f9194454980e579c80eca35a58dc47d1d5e4ff6e216c724e88c702448587", 0xa, 0x0, {0x400000000000000}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ipv6={@loopback, @mcast2, [], [], 'veth1_to_hsr\x00', 'pim6reg1\x00'}, 0x0, 0xa8, 0xd0}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0x3}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c0) (async)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x360, 0x0, 0x111, 0x4b4, 0x1c0, 0xd4feffff, 0x290, 0x20a, 0x278, 0x290, 0x278, 0x3, 0x0, {[{{@ipv6={@private0, @empty, [0x0, 0xffffff00], [0xffffff00, 0x0, 0x0, 0xffffffff], 'ipvlan0\x00', 'team_slave_0\x00', {}, {}, 0x6, 0x8d, 0x0, 0x20}, 0x0, 0x198, 0x1c0, 0x0, {}, [@common=@unspec=@cluster={{0x30}, {0xcd, 0x5, 0x2, 0x1}}, @common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "6d93eb00557dfa39de04767f46614613a407abbf4ed2e83a63b484dbb3bf6b2a850e79009e2905d2f98ba19f91f3c9faee6d3686e9bee067f4e77d9ad66238750c4100d7ee97ec7646259d90edece6e9787a97bc956c01754c34c5c9518c46178ed5f9194454980e579c80eca35a58dc47d1d5e4ff6e216c724e88c702448587", 0xa, 0x0, {0x400000000000000}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ipv6={@loopback, @mcast2, [], [], 'veth1_to_hsr\x00', 'pim6reg1\x00'}, 0x0, 0xa8, 0xd0}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0x3}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001680)={&(0x7f00000001c0)=ANY=[@ANYBLOB="600000001000175626bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="00000000110b00004000128009000100626f6e6400000000300002800c001f"], 0x60}, 0x1, 0x0, 0x0, 0x200008c4}, 0x4c860) (async)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001680)={&(0x7f00000001c0)=ANY=[@ANYBLOB="600000001000175626bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="00000000110b00004000128009000100626f6e6400000000300002800c001f"], 0x60}, 0x1, 0x0, 0x0, 0x200008c4}, 0x4c860)

1m30.774919757s ago: executing program 3 (id=849):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(camellia)\x00'}, 0x5f)
r1 = fsopen(&(0x7f0000000140)='ext3\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='test_dummy_encryption', &(0x7f0000000180)='v\x05%Jg1\x00ul\x00\x00\x00\x00\x00loc\x8d\x8b#\xe0\xb9\xbd\"\xeb.\xc7]\xa67\x97 \xc9\xfc|\x85o*\x00\x00\x00\x00\x00\x00\x00\xaa\x7f4\xafq\x1d\xf6(\xe6\x9em_\x1a\xbfDi\x15\x81\xd47\x8e\x86\xa2\xe1\x00\x00\x00\x9c\xe3\x98\x87\x98\xf7\xa2\xb5\x12\x8cv\xe4_\x91\xa8G!mm\f\xcf\xfb[\xd5Qf\x15\xfe\xc80\xad\xaa\xe9', 0x0) (async)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='test_dummy_encryption', &(0x7f0000000180)='v\x05%Jg1\x00ul\x00\x00\x00\x00\x00loc\x8d\x8b#\xe0\xb9\xbd\"\xeb.\xc7]\xa67\x97 \xc9\xfc|\x85o*\x00\x00\x00\x00\x00\x00\x00\xaa\x7f4\xafq\x1d\xf6(\xe6\x9em_\x1a\xbfDi\x15\x81\xd47\x8e\x86\xa2\xe1\x00\x00\x00\x9c\xe3\x98\x87\x98\xf7\xa2\xb5\x12\x8cv\xe4_\x91\xa8G!mm\f\xcf\xfb[\xd5Qf\x15\xfe\xc80\xad\xaa\xe9', 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) (async)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f462d5fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5b0200000000000000ed884e7cb51726b360fbb37b4fe035bbb0958730", 0x4c}, {&(0x7f0000000600)="e8700e444d50a969ff67347cff6127e6ef12ee38192714820d000000000000004db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343eff5aa6a663188bca70f2d69d80a605e4f0c27afaec202e40d440440cd07e1a8fa99c79353a7127583788d0a25ff248d936fefc575b7fff5062ba5f7decfca18b20e3115590e3e438c2fea71dc0d4b7fe0b16eeb38e684755c50c24945aef35718ef005db93806a126f072f2dc134be82b060b9d04f8509bca331ce9f96413896ebcd0bec82e14f7f507b09e4e9874606fd2555bea67b0e819873900d416a0fbcf1e84e6727a047d34695ff3a1150eae4ab777c6cb89fad7319b5bb362c229109fcce97acea43217b1eb68c9c5abda4db639d72cd3e897902664b167df5f2629626761f694d149fafb3b7470ec68d6703", 0x1b4}], 0x2, 0x0, 0x0, 0x40480c0}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

1m30.709965285s ago: executing program 3 (id=851):
close(0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'syz_tun\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000010c0)=ANY=[@ANYBLOB="3401000010000100"/20, @ANYRES32=r1, @ANYBLOB="000000000000000014011a80400002803c000180080021000000000008001800000000000800030000000000080009000000000008000c0000000000080012000000000008001f00000000006c000a8014000700"], 0x134}}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000003bc0)={0x13, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x5], &(0x7f0000000180)=[0x2], 0x0, 0x1, 0x1}}, 0x40)
ioctl$BTRFS_IOC_SYNC(r2, 0x9408, 0x0)
r3 = fsopen(&(0x7f0000000100)='debugfs\x00', 0x0)
fchdir(r0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r5, 0x401c5820, &(0x7f0000000080)={0x8})
ioctl$XFS_IOC_FD_TO_HANDLE(r4, 0xc038586a, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000000)='/\x00', 0x403, 0x0, 0x6, 0x0, 0x0})
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, 0x0)
sendmsg$WG_CMD_GET_DEVICE(r4, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002abd7000fedbdf250000000008000700070000001400020077673100000000000000799683dc624b780051684f3f000000000000d72ee7691cc3475b365d03b11190fed11e79db9fc79d435b2d954446ba05d865f3968ceb987d524b3e54c6c87acc8816a1eb297aa3f800d04177f12c7e75745882565015146916cb382245e32d0acfd0ff04a146deb7e5214e98aaeb58"], 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x20000000)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000040)='context', &(0x7f0000000080)='ramfs\x00', 0x0)

1m30.629149943s ago: executing program 3 (id=852):
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x208004, 0x21fffc, 0xc, 0x200000, 0x2, 0xfffffffe})
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000017c0)=@newtaction={0xe68, 0x30, 0x25, 0x0, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0xff}, [{}, {0x0, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {0x6}, {}, {}, {}, {}, {}, {}, {}, {0x4, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x1000000}, {}, {}, {}, {}, {}, {}, {0x6}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {0x3, 0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x5}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x200}, {}, {}, {}, {0x0, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x4}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x1, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r1 = open(&(0x7f00009e1000)='./file0\x00', 0x149040, 0x10)
fcntl$setsig(r1, 0xa, 0x13)
fcntl$setlease(r1, 0x400, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000280))
timer_settime(0x0, 0x0, &(0x7f0000000180)={{}, {0x0, 0x1c9c380}}, 0x0)
truncate(&(0x7f0000000080)='./file0\x00', 0x4)
fcntl$setlease(r1, 0x400, 0x2)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000000)={[{@mpol={'mpol', 0x3d, {'bind', '', @val={0x3a, [0x30, 0x2d, 0x31, 0x3a, 0x31, 0x2f, 0x35]}}}, 0x4e}]})
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140), 0x8, &(0x7f0000001200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@nfs_export_on}]})

1m20.813377158s ago: executing program 35 (id=785):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000700)='/sys/kernel/cpu_byteorder', 0x0, 0x0)
ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f0000000180)={0x8000, 0xc5f7, @value=0x1})
r1 = openat$cgroup_ro(r0, &(0x7f0000000000)='blkio.bfq.sectors_recursive\x00', 0x0, 0x0)
ioctl$TUNGETFILTER(r1, 0x801054db, &(0x7f0000000040)=""/14) (async)
r2 = add_key$user(&(0x7f0000000080), &(0x7f0000000300)={'syz', 0x3}, &(0x7f0000000200)='\x00', 0x1, 0xfffffffffffffffe)
r3 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r2, r3, r2}, &(0x7f00000000c0)=""/67, 0x43, 0x0) (async)
read$nci(r0, &(0x7f0000000680)=""/88, 0x58) (async)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000900)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffb}}, [@mark={0xc, 0x15, {0x35075c, 0xfffffffb}}]}, 0xc4}}, 0x0)

1m15.573029745s ago: executing program 36 (id=852):
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x208004, 0x21fffc, 0xc, 0x200000, 0x2, 0xfffffffe})
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000017c0)=@newtaction={0xe68, 0x30, 0x25, 0x0, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0xff}, [{}, {0x0, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {0x6}, {}, {}, {}, {}, {}, {}, {}, {0x4, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x1000000}, {}, {}, {}, {}, {}, {}, {0x6}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {0x3, 0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x5}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x200}, {}, {}, {}, {0x0, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x4}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x1, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r1 = open(&(0x7f00009e1000)='./file0\x00', 0x149040, 0x10)
fcntl$setsig(r1, 0xa, 0x13)
fcntl$setlease(r1, 0x400, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000280))
timer_settime(0x0, 0x0, &(0x7f0000000180)={{}, {0x0, 0x1c9c380}}, 0x0)
truncate(&(0x7f0000000080)='./file0\x00', 0x4)
fcntl$setlease(r1, 0x400, 0x2)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000000)={[{@mpol={'mpol', 0x3d, {'bind', '', @val={0x3a, [0x30, 0x2d, 0x31, 0x3a, 0x31, 0x2f, 0x35]}}}, 0x4e}]})
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140), 0x8, &(0x7f0000001200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@nfs_export_on}]})

36.030971424s ago: executing program 6 (id=1596):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000000)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r1 = openat$kvm(0xffffff9c, &(0x7f0000000340), 0x800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r3, 0x4018aee3, &(0x7f0000000180)=@attr_other={0x0, 0x0, 0xe, 0x0})
syz_open_dev$sg(&(0x7f0000000080), 0x7d97, 0x800)
r4 = io_uring_setup(0x1536, &(0x7f0000000100)={0x0, 0x3970, 0x0, 0x3, 0x3a9}) (async)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) (async)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r5, 0x0, 0x80, &(0x7f0000001680)=@nat={'nat\x00', 0x19, 0x2, 0x90, [0x200000001400, 0x0, 0x0, 0x20000000150e, 0x200000001644], 0x0, 0x0, &(0x7f0000001400)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xfffffffffffffffe}]}, 0x108) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = dup(r7)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x5000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) (async)
syz_kvm_setup_cpu$x86(r8, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, 0x0}], 0x1, 0x40, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x50, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0) (async)
open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async)
r10 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r10, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r10, 0x40946400, &(0x7f00000000c0)={'pcm3724\x00', [0x5c22, 0x800, 0x1, 0xffff3244, 0x6, 0x403, 0xc, 0x7, 0x5, 0x1ff, 0x695b, 0x2, 0x41, 0x403, 0x6, 0x3, 0x3, 0x0, 0x3, 0x6, 0x90, 0x6, 0x200006, 0x13fc, 0x8004, 0x4, 0x2, 0x8, 0x5, 0x41, 0xfffffffd]}) (async)
r11 = socket$nl_route(0x10, 0x3, 0x0) (async)
r12 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000c80)={'lo\x00', <r13=>0x0})
sendmsg$nl_route_sched(r11, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r13, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x10, 0xb}, @TCA_FQ_CE_THRESHOLD={0x8, 0xc, 0xfffffffc}, @TCA_FQ_QUANTUM={0x8, 0x2, 0xffffdf80}]}}]}, 0x48}}, 0x0) (async)
close_range(r4, 0xffffffffffffffff, 0x0)

35.730547841s ago: executing program 6 (id=1598):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x881}, 0x0) (async)
mknodat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x81c0, 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x1, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000140)={0x4000}, 0x18, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r3, 0x1, &(0x7f0000000180)={0x4000, r2}, 0x0)
landlock_restrict_self(r3, 0x2) (async)
landlock_restrict_self(r3, 0x0) (async)
sendto$packet(0xffffffffffffffff, &(0x7f0000000080)="44c33b69ebc9", 0x6, 0x830, &(0x7f0000000440)={0x11, 0x0, r1, 0x1, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}, 0x14) (async)
r4 = socket(0xa, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r4, 0x0, 0x19, &(0x7f0000000080)=@broute={'broute\x00', 0x20, 0x2, 0x230, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200004c0], 0x0, 0x0, 0x0}, 0x2a8) (async)
r5 = socket(0x2, 0x80805, 0x0)
r6 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$vim2m_VIDIOC_G_FMT(r6, 0xc0d05604, &(0x7f0000000300)={0x1, @vbi={0x1a, 0x5, 0x96b, 0x64737664, [0x5, 0x5], [0x3, 0x4], 0x108}})
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0xc, &(0x7f0000000040)=@assoc_value, &(0x7f0000000000)=0x8) (async)
r7 = eventfd2(0x100, 0x800)
writev(r7, &(0x7f0000000400)=[{&(0x7f0000000040)="eebd73c460f8a4a8", 0x8}, {&(0x7f0000000100)="dda136dfb2938c66", 0x8}], 0x2) (async)
r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1) (async)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x34, 0x0, 0x8, 0x201, 0x0, 0x0, {0x5, 0x0, 0x4}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @udp=[@CTA_TIMEOUT_UDP_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x8}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x14}, 0x8048) (async)
r9 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r10=>0x0})
r11 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001300290a000000000000000007000000", @ANYRES32=r10, @ANYBLOB="00000132ae57f60014001a8010000580"], 0x34}}, 0x0) (async)
setsockopt$IP_VS_SO_SET_ADD(r8, 0x0, 0x482, &(0x7f0000000180)={0x84, @remote, 0x0, 0x0, 'lblc\x00'}, 0x2c) (async)
setsockopt$IP_VS_SO_SET_DEL(r8, 0x0, 0x484, &(0x7f0000001280)={0x20000000000084, @remote, 0x0, 0x0, 'rr\x00'}, 0x2c)
r12 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r12, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x458, 0x0, 0x2b8, 0xb0000010, 0x2, 0x5c8f0200, 0x388, 0x3a8, 0x3a8, 0x388, 0x3a8, 0x3, 0x0, {[{{@ipv6={@private1, @local, [], [], 'vlan1\x00', 'veth0_to_team\x00'}, 0x0, 0x248, 0x290, 0x700, {}, [@common=@inet=@hashlimit3={{0x158}, {'geneve1\x00', {0xf1, 0x0, 0x33, 0x0, 0x10000000, 0x1, 0x7fffffff}}}, @common=@unspec=@limit={{0x48}, {0x0, 0x3}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x206, 'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b8)
socket$netlink(0x10, 0x3, 0x0)

35.729514841s ago: executing program 6 (id=1600):
bpf$BPF_BTF_LOAD(0x26, 0x0, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x1010408, &(0x7f00000002c0)={[{@huge_within_size}]})
r0 = socket$rxrpc(0x21, 0x2, 0x2)
close(r0)

35.659563009s ago: executing program 6 (id=1601):
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x1)
sigaltstack(&(0x7f0000000000)={&(0x7f0000000280)=""/4124, 0x80000001, 0x101c}, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
ioctl$TCSBRK(r0, 0x5409, 0x9)
ioctl$TCFLSH(r0, 0x540b, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000880)=0x3)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/dev_snmp6\x00')
fchdir(r3)
creat(&(0x7f00000010c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x11)
r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_GETDRIVER(r4, 0xc00c5512, 0x0)
syz_clone(0x1849840, 0x0, 0x0, 0x0, 0x0, 0x0)

34.749934561s ago: executing program 6 (id=1611):
io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, &(0x7f0000000200)=[@ioring_restriction_register_op={0x0, 0x1e}], 0x1)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$kcm(0x29, 0x4, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
r2 = socket(0x10, 0x803, 0x0)
bind$netlink(r2, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc)
getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)=@newlink={0x20, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x0, 0x1201}}, 0x20}}, 0x0)
setsockopt$MRT_DONE(r2, 0x0, 0xc9, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000000)={r1})
socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x9, 0x2, 0x1)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r5, 0x401c5820, &(0x7f0000000080)={0x8})
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="020d0000160000000000000000000000030006000000000002004e0500000000000000000000000005000500000000000a00000000000000ff01000000000000000000000000000100000000000000000800120002000200000000000000000006002b00000000000000000000000000fc010000000000000000000000000000fc010000000000000000000000000000040004000200"/176], 0xb0}}, 0x0)
getsockname$inet(r4, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@gettaction={0x14, 0x32, 0x10}, 0x14}}, 0x20000080)
socket$inet_udplite(0x2, 0x2, 0x88)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000007000000050000000100000f080000000d0010000400060103000000005f30002e61"], 0x0, 0x37, 0x0, 0xa}, 0x28)
r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x141201, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r7, 0x400c330d, 0x0)
ioctl$SIOCX25SCALLUSERDATA(r5, 0x89e5, &(0x7f00000001c0)={0x25, "d518e1643ffa49650b4b85e746a32e688e2e55874e28ad9256dd42c2c8dfd1e352db09f81905a2eb1b079df959f3fb9364a4e6c6d3b1b733c23728e91d3046c27add98f76d4b1591454902ccf5cfa774b0da83e6de56170366df819402e0cabf9e8cfce49a21495d9517220e531c7074521aaf33c66877c5cd00185773698ec3"})

34.679046391s ago: executing program 6 (id=1614):
r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x0)
ioctl$I2C_PEC(r0, 0x708, 0x2)
write$sndseq(r0, &(0x7f0000000000)=[{0x6, 0xef, 0x1, 0x1, @tick=0x8, {0x7, 0x9}, {0x4, 0xf}, @quote={{0x0, 0x81}, 0x381c}}, {0x59, 0x0, 0x0, 0x3, @time={0x1, 0x80}, {0x0, 0xfd}, {0x40, 0x1}, @control={0x5, 0xffffff71, 0x7}}], 0x38)

25.366477908s ago: executing program 7 (id=1728):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f00000001c0)=@newtaction={0x64, 0x30, 0x9, 0x0, 0xffffffff, {}, [{0x50, 0x1, [@m_bpf={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_FD={0x8, 0x5, r0}, @TCA_ACT_BPF_PARMS={0x18}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x10}, 0x0) (async)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@updpolicy={0xb8, 0x15, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, 0x0, 0x6e6bb5}}, 0xb8}, 0x1, 0x0, 0x0, 0x810}, 0x0) (async, rerun: 64)
r2 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 64)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000b00)=@newtaction={0x6c, 0x30, 0x9, 0x400004, 0x1000000, {}, [{0x58, 0x1, [@m_mpls={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x0, 0x200, 0x3, 0x200}, 0x3}}, @TCA_MPLS_TC={0x5, 0x6, 0x3}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x24000000}, 0x8080)

25.256858589s ago: executing program 7 (id=1730):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0xb, &(0x7f00000001c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0x7786}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x1, 0xfe00}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}}]}, 0x0, 0x5, 0x0, 0x0, 0x41000, 0xc}, 0x94)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000170900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}}, 0x2000c450)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x3, 0x4, &(0x7f0000000b00)=ANY=[@ANYBLOB="18070000000000000000000000000000711095000000000095"], 0x0, 0x6}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'})
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="14000000040000000400000022"], 0x50)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x28000)
sendmsg$NFNL_MSG_ACCT_NEW(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={0x0}, 0x1, 0x0, 0x0, 0x4000850}, 0x4048010)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'veth0_to_hsr\x00', @link_local})
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000005000010a000000000000000080005385"], 0x14}}, 0x8054)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a000007"], 0x7c}, 0x1, 0x0, 0x0, 0x20004001}, 0x4000018)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000580)=ANY=[@ANYBLOB="20000000030101040000ddffffffffff090000000400198008001a40fffffc07fcd6e69b732dfe1e09d23bd4"], 0x20}}, 0x4008084)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000680)=""/81, 0x51}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x100)
sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x20004000)
write$tun(r2, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x27, 0x0, 0x27}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0xfd5e, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffff20, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x700, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2, 0xffffff07}, @generic={0x0, 0x2, "d588380003c1"}]}}}}}}, 0xfd6c)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a48000000060a010400000000000000000a0000050900020073797a32000000001c000480180001800d00010073796e70726f787900c72b00040002800900010073797a310000000014000000110001"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)
syz_emit_ethernet(0x4e, &(0x7f00000001c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4df30c", 0x18, 0x6, 0xff, @empty, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x6, 0x0, 0x0, {[@generic={0x3, 0x2}]}}}}}}}}, 0x0)

25.13497663s ago: executing program 7 (id=1731):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
pipe2$watch_queue(&(0x7f0000001180)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
r2 = add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe)
setrlimit(0x7, &(0x7f0000000400))
keyctl$KEYCTL_WATCH_KEY(0x20, r2, r1, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r2, r1, 0xffffffffffffffff)
keyctl$revoke(0x3, r2)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
syz_usb_connect$uac1(0x4, 0xa9, &(0x7f0000000340)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0xff, 0x582, 0xc, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x97, 0x3, 0x1, 0x55, 0x48, 0x8, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x7, 0x13}, [@output_terminal={0x9, 0x24, 0x3, 0x2, 0x1ff, 0x6, 0x6, 0x8}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0x11, 0x24, 0x2, 0x2, 0x0, 0xcb78, 0x0, "7de570648e68efdc"}, @format_type_ii_discrete={0x11, 0x24, 0x2, 0x2, 0x1, 0x222, 0x3, "61cf12a6e823664d"}]}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x3, 0x3, 0x6, {0x7, 0x25, 0x1, 0xc, 0xec}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xc, 0x24, 0x2, 0x2, 0x416, 0x3, 0x5, "d249c8"}]}, {{0x9, 0x5, 0x82, 0x9, 0x8, 0x7, 0x7f, 0x25, {0x7, 0x25, 0x1, 0x4, 0x2, 0x1000}}}}}}}}]}}, &(0x7f0000000580)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x300, 0x2, 0x3, 0xb7, 0x141, 0xa}, 0x2e, &(0x7f0000000440)={0x5, 0xf, 0x2e, 0x4, [@ss_container_id={0x14, 0x10, 0x4, 0x4, "87ea14aee72349e6c05572d2fbae0f88"}, @wireless={0xb, 0x10, 0x1, 0x8, 0xe1, 0x5, 0x4, 0xd852, 0x80}, @ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0xb, 0xc, 0x2d0e}]}, 0x3, [{0x67, &(0x7f0000000480)=@string={0x67, 0x3, "ddd5683881a6bf0acfaa1622b5e72c4bb4dd3f2da623f45ae9d97f205e12b073ee8a419a2d35c44ef47b779de3b4dde7877b4699fd873685129c2862dbe539c674ea1b994475ce8a6e26883d3dcd84a8970c8ad8ea93f733447cb4a4e461051d809cd81cca"}}, {0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0x459}}, {0x4, &(0x7f0000000540)=@lang_id={0x4}}]})
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
write$tun(r3, &(0x7f00000006c0)={@val={0x8, 0x800}, @val={0x3, 0x0, 0x6, 0x0, 0x14}, @ipv4=@generic={{0x5, 0x4, 0x2, 0x2, 0x1c, 0x66, 0x0, 0xb, 0x2, 0x0, @rand_addr=0x64010102, @broadcast}, "3297e3ba0fa8a2e7"}}, 0x2a)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x108000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000640)={0x74, r5, 0x11, 0x60bd2b, 0x25dfdbff, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x8000, 0x31}}}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_FREQ_FIXED={0x4}, @NL80211_ATTR_BSS_BASIC_RATES={0x1f, 0x24, [{0x30}, {0x2}, {0x3}, {0x9, 0x1}, {0x18, 0x1}, {0x24}, {0x60, 0x1}, {0xd}, {}, {0x2}, {0xb}, {0x12, 0x1}, {0x5, 0x1}, {0x9}, {0x1b}, {0x30, 0x1}, {0x2}, {0x12, 0x1}, {0x16, 0x1}, {0x48}, {0x60, 0x1}, {0x60, 0x1}, {0x48, 0x1}, {0x16}, {0x3, 0x1}, {0x41, 0x1}, {0x30}]}, @NL80211_ATTR_SSID={0x13, 0x34, @random="c487fca396066087c4083ca210269a"}]}, 0x74}, 0x1, 0x0, 0x0, 0x40c0}, 0x40000c0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x3, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x48, 0x7a}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80)

24.596932395s ago: executing program 7 (id=1733):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r0 = landlock_create_ruleset(&(0x7f0000000040)={0xc015, 0x3}, 0x18, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = eventfd2(0x46, 0x80801)
r4 = eventfd2(0x8, 0x800)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000200)={r3, 0x5, 0x2, r4})
close_range(r0, 0xffffffffffffffff, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r5, 0x5, &(0x7f00000000c0)={0x0, 0x0, 0xb, 0x300})

24.465448545s ago: executing program 7 (id=1734):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000000)=@gcm_128={{0x303}, "2d9421fe8a4c9563", "cf6ff9ff337ed301000100c747fbbfc1", "dbdc27ff", "16de86d67a8426bd"}, 0x28)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x303}, "b7a41f5d937e5523", "4705a7b6113b967d7314f7201eb2babf", "1d1cbe23", "ecba06893bcdc493"}, 0x28)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000100)={'\x00', 0x0, 0x0, {0xfffffffffffffff8, 0xffff}, {0x6, 0x2}, 0xab4, [0x5, 0x7b, 0x3, 0x4000000005, 0x40, 0x66, 0x1, 0x5f, 0x4, 0x8, 0x10, 0x11, 0x6, 0xffdffffffffffff7, 0x621, 0xe4]})
r1 = openat$ndctl0(0xffffffffffffff9c, &(0x7f0000000000), 0x169101, 0x0)
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000180))
recvfrom(r0, &(0x7f0000002800)=""/4071, 0xfffffffffffffdab, 0x1, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x8000, 0x1f7)
r3 = fanotify_init(0x200, 0x0)
fanotify_mark(r3, 0x201, 0x4000003e, r2, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r4, 0x401c5820, &(0x7f0000000080)={0x8})
r5 = syz_open_dev$dri(&(0x7f0000000c00), 0x1ff, 0x84800)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r5, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[<r7=>0x0], &(0x7f0000000cc0), 0x0, 0x1, 0x0, 0x0, r6})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, &(0x7f0000000380)={0x5, r7, r6})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000004c0)={&(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000440)=[<r8=>0x0, 0x0, 0x0], &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x5, 0x3, 0x7})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r4, 0xc01064ab, &(0x7f0000000500)={0x4, r7, r8})
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f00000000c0)=0x8, 0x4)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='mounts\x00')
r10 = socket$nl_route(0x10, 0x3, 0x0)
r11 = socket(0x1, 0x803, 0x0)
getsockname$packet(r11, &(0x7f0000000100)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000800)=ANY=[@ANYBLOB="400000001000010400"/20, @ANYRES8=r9, @ANYBLOB="000067d7df1538276795120700000000736974080800028008000100d455c889cb7ab49e4f5a8d6999919444116ec1fb423ca170bfd2653da3905d72ed07dd050b493630f371ee17e378fd88fc7e4ca7ae8ccc6bb9932d5673423f44add1afdb6eb6dd967ab88718922a295def989778349cb0b8e123791193c437c2237f6e53e6998651831d0d53a2c3e763a77317299b0bafbf859655a7f00866ac686208a58973fc94f8e3a51f14ac4dd10cb7a5db54ebc28a4019d9b0676a4d77e3e92981b1ff3f", @ANYRES32=r12, @ANYBLOB="08000300", @ANYRES8=r11, @ANYBLOB="0db9fe23709f800d38eaed26383c1977c0fc2d85ca29ef011b87a15f7f0e0004d9599a4d66cb28502d65faffffff782c9f6b2100008a0e16217ae8", @ANYBLOB="a69e74d7012ddfe93ae59b708ce0d8320d2e00f17bf5b9ada0985da72406b5b5f9540cc5c1bbaeaa2f43c4ef50c82ee847eaaede8ea91f0599e8c3f198c35a458de6edbc736a4d6336dc0e10fae96554bfcc05ad0561c31c3a9e72d34fed088af3dd7e029ba3f5fabd94623609665a8cb9db755b01312f6adb1f7c150ab9e42af3d508a6e11cdfd76c3ae16e008cb994cc"], 0x40}, 0x1, 0x0, 0x0, 0x4000800}, 0x4000000)

24.218959485s ago: executing program 7 (id=1735):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000000800)=ANY=[@ANYBLOB="611234000000000061134c0000000000bf3000000000000015000200000000103d030100000000009500000000000000bc26080000000000bf67000000000000070300000fff070067020000030000001606000080ffffffbf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f909ad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305865050df26469fac5202d6293c3d5e11f4f83e7455baeeba4f"], &(0x7f0000000100)='GPL\x00'}, 0x48)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xc, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x94)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x28, r5, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}]}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000080}, 0x2000)
setsockopt$sock_timeval(r3, 0x1, 0x15, &(0x7f0000000000)={0x0, 0x2710}, 0x10)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x2}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
sendmmsg$inet6(r3, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000180)='i', 0x20086}], 0x1}}], 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f00000071c0)=[{{&(0x7f00000001c0)={0xa, 0x1, 0x0, @loopback, 0x7}, 0x1c, &(0x7f0000000100)=[{&(0x7f0000000240)="8f", 0x1}], 0x1}}], 0x1, 0x24044004)
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000080)={0x2, 0x0, [{0x40000002, 0x0, 0x9}, {0x40000002, 0x0, 0x100000000}]})

19.318008915s ago: executing program 37 (id=1614):
r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x0)
ioctl$I2C_PEC(r0, 0x708, 0x2)
write$sndseq(r0, &(0x7f0000000000)=[{0x6, 0xef, 0x1, 0x1, @tick=0x8, {0x7, 0x9}, {0x4, 0xf}, @quote={{0x0, 0x81}, 0x381c}}, {0x59, 0x0, 0x0, 0x3, @time={0x1, 0x80}, {0x0, 0xfd}, {0x40, 0x1}, @control={0x5, 0xffffff71, 0x7}}], 0x38)

12.459853022s ago: executing program 5 (id=1864):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x103c41, 0x10)
flock(r0, 0x2)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x3d}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x7d}, @exit={0x95, 0x0, 0x33}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb8000000}, 0x70)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a40)=@newtaction={0x94, 0x30, 0x1, 0x0, 0x0, {}, [{0x80, 0x1, [@m_mpls={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{}, 0x4}}]}, {0x4}, {0xc}, {0xc}}}, @m_pedit={0x30, 0x2, 0x0, 0x0, {{0xa}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x94}}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x103c41, 0x10) (async)
flock(r0, 0x2) (async)
truncate(&(0x7f0000000040)='./file0\x00', 0x0) (async)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x3d}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x7d}, @exit={0x95, 0x0, 0x33}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb8000000}, 0x70) (async)
socket$netlink(0x10, 0x3, 0x0) (async)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a40)=@newtaction={0x94, 0x30, 0x1, 0x0, 0x0, {}, [{0x80, 0x1, [@m_mpls={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{}, 0x4}}]}, {0x4}, {0xc}, {0xc}}}, @m_pedit={0x30, 0x2, 0x0, 0x0, {{0xa}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x94}}, 0x0) (async)

12.399512725s ago: executing program 5 (id=1865):
r0 = socket$inet(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETPRL(r0, 0x89f4, &(0x7f00000000c0)={'sit0\x00', 0x0})
r1 = socket(0x10, 0x3, 0x0)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), r1)
sendmsg$TIPC_NL_NET_SET(r1, &(0x7f0000000400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x218, r2, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_NET={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x101}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x9}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x4}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x40}]}, @TIPC_NLA_MEDIA={0xac, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffff801}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fffffff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xeee4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}]}]}, @TIPC_NLA_MEDIA={0x48, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x200}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x163}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_NODE={0x4}, @TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7ff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xffffff1c}]}, @TIPC_NLA_NET={0x5c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7f}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8000000000000001}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xf83}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1ff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_ADDR={0x8}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}]}, @TIPC_NLA_MEDIA={0x70, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2400000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffb}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xd0}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xdd55}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}]}, 0x218}, 0x1, 0x0, 0x0, 0x4004}, 0x8000)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x1d7)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000080)='./file1/file0\x00', 0x0, 0x1085408, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x40, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
unlinkat(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file0\x00', 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200)
openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x101000, 0x108)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001400b59500000000000000000a400000", @ANYRES32, @ANYBLOB="14000200fe80"], 0x48}}, 0x0)
sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000180)=ANY=[], 0x50}}, 0xc0)
sendmmsg(r1, &(0x7f0000000000), 0x400000000000047, 0x0)

12.349460036s ago: executing program 5 (id=1866):
r0 = fsopen(&(0x7f00000001c0)='bpf\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_IRQ_LINE(r3, 0x4008ae61, &(0x7f0000000140)={0x8, 0xcde5})
fchdir(r1)
readv(0xffffffffffffffff, 0x0, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) (async)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) (async)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000001800), 0x0, &(0x7f0000000a00)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) (async)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000001800), 0x0, &(0x7f0000000a00)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)

12.137716388s ago: executing program 5 (id=1869):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newae={0x48, 0x1e, 0x1, 0x70bd2c, 0x25dfdbfd, {{@in=@private=0xa010100, 0x4d4, 0xa, 0x32}, @in=@multicast2, 0x3, 0x3503}, [@replay_thresh={0x8, 0xb, 0x10}]}, 0x48}}, 0x20000800) (async)
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000140), 0x80, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000080)=@bpf_lsm={0xd, 0x7, &(0x7f0000000180)=@framed={{0x75, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x9c, 0x7}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf}, 0x94)

12.135349669s ago: executing program 5 (id=1871):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101)
mount$fuse(0x0, 0x0, 0x0, 0x2b18094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x10, &(0x7f0000000400))
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0xc04c5349, &(0x7f0000000580)={0x8001, 0x80000000, 0x1})
chdir(&(0x7f0000000140)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
unlink(&(0x7f0000000000)='./file0/../file0\x00')
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(twofish))\x00'}, 0x58)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZE(r4, 0x560f, &(0x7f00000002c0)={0xa})
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r3, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x5f, 0xffffffffffffffff, {0x29}}, './file0\x00'})

12.028741636s ago: executing program 5 (id=1873):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x2, 0x0)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f00000001c0)={'dt2801\x00', [0x408, 0x7ff, 0xffffffff, 0x0, 0x1, 0x1, 0x8, 0x7, 0xa, 0xfc, 0x2, 0x1, 0x684b, 0x4000004, 0x6, 0xffffffff, 0x1, 0x1a447, 0x3, 0x40000006, 0x100, 0x2, 0xf24, 0x6, 0xb, 0xa, 0x5, 0xc, 0x4, 0x10000, 0x6]})
timer_create(0xfffffffffffffffd, 0x0, &(0x7f0000000440)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f00000001c0)={{0x77359400}, {0x77359400}}, 0x0)
r3 = add_key$user(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000540)="bc3009bb", 0x4, 0xfffffffffffffffe)
r4 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000480)={r4, r3, r3}, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000280)={0x73622a85, 0x1000, 0x2})
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x2, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000540)={0xa0, 0x0, &(0x7f0000000640)=[@request_death={0x400c6313}, @transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x29, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@weak_handle={0x77682a85, 0x80, 0x3}, @flat=@weak_binder={0x77622a85, 0x1000, 0x3}, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/33, 0x21, 0x0, 0x22}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000340)={@ptr={0x70742a85, 0x0, &(0x7f0000000700)=""/129, 0x81, 0x2, 0x33}, @fda={0x66646185, 0x7, 0x0, 0x1a}, @fd}, &(0x7f0000000040)={0x0, 0x28, 0x48}}}], 0x0, 0x1000000, 0x0})

8.63535245s ago: executing program 38 (id=1735):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000000800)=ANY=[@ANYBLOB="611234000000000061134c0000000000bf3000000000000015000200000000103d030100000000009500000000000000bc26080000000000bf67000000000000070300000fff070067020000030000001606000080ffffffbf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f909ad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305865050df26469fac5202d6293c3d5e11f4f83e7455baeeba4f"], &(0x7f0000000100)='GPL\x00'}, 0x48)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xc, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x94)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x28, r5, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}]}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000080}, 0x2000)
setsockopt$sock_timeval(r3, 0x1, 0x15, &(0x7f0000000000)={0x0, 0x2710}, 0x10)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x2}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
sendmmsg$inet6(r3, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000180)='i', 0x20086}], 0x1}}], 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f00000071c0)=[{{&(0x7f00000001c0)={0xa, 0x1, 0x0, @loopback, 0x7}, 0x1c, &(0x7f0000000100)=[{&(0x7f0000000240)="8f", 0x1}], 0x1}}], 0x1, 0x24044004)
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000080)={0x2, 0x0, [{0x40000002, 0x0, 0x9}, {0x40000002, 0x0, 0x100000000}]})

1.835861957s ago: executing program 0 (id=1960):
r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x248801, 0x0)
r1 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x80080, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000080)={<r2=>0x0, 0x0, r1})
r3 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8)
ioctl$KVM_S390_VCPU_FAULT(r3, 0x4008ae52, &(0x7f0000000100)=0x4)
ioctl$KVM_GET_XCRS(r3, 0x8188aea6, &(0x7f0000000140))
sendfile(0xffffffffffffffff, r0, &(0x7f0000000300), 0x5)
close_range(r1, r3, 0x2)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r3, 0xc01064c8, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000340)=[0x0, 0x0, 0x0, <r4=>0x0]})
ioctl$DRM_IOCTL_PANTHOR_BO_QUERY_INFO(r3, 0xc0106450, &(0x7f00000003c0)={<r5=>r2, 0x0, 0x2})
ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000000400)={r4, 0xd338, 0x8, 0x0, 0x0, [r2, r5, r2, r2], [0x5, 0x8, 0x5, 0xd], [0x8, 0x15e, 0xfffffff8, 0x2], [0xbe, 0xfd, 0x6, 0x4]})
sendfile(r3, r1, &(0x7f0000000480)=0x6, 0x3)
socketpair(0x15, 0x5, 0x3, &(0x7f00000004c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000540)={'wg0\x00', &(0x7f0000000500)=@ethtool_ts_info})
socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000580)={{0x1, 0x1, 0x18, <r8=>r1, {0x1}}, './file0\x00'})
ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f00000005c0)={r4, 0x5, 0x2, 0x4, 0x2, [0x0, <r9=>0x0], [0x8, 0x1, 0x80, 0xffff], [0x8d88, 0xf5, 0x70c5, 0x3e1f], [0x13d3d81, 0x7fff, 0x9, 0x8]})
ioctl$DRM_IOCTL_PANTHOR_BO_QUERY_INFO(r3, 0xc0106450, &(0x7f0000000640)={<r10=>r2, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000000680)={r4, 0x2, 0x1, 0x9, 0x1, [r5, r2, r9, r10], [0x2, 0x1, 0x7, 0x9], [0x3, 0x3b3299ef, 0x7f, 0x2], [0x15, 0x3, 0x106c, 0x10000]})
clock_gettime(0x0, &(0x7f0000000700)={<r11=>0x0, <r12=>0x0})
timerfd_settime(r3, 0x3, &(0x7f0000000740)={{0x0, 0x3938700}, {r11, r12+60000000}}, &(0x7f0000000780))
syz_open_dev$vim2m(&(0x7f00000007c0), 0x100000001, 0x2)
write$selinux_validatetrans(r8, &(0x7f0000000800)={'system_u:object_r:systemd_systemctl_exec_t:s0', 0x20, 'system_u:object_r:faillog_t:s0', 0x20, 0x23f1af7, 0x20, '/usr/lib/telepathy/mission-control-5\x00'}, 0x87)
r13 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000900), r7)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f00000009c0)={'ip6gre0\x00', &(0x7f0000000940)={'syztnl2\x00', <r14=>0x0, 0x4, 0x4, 0xff, 0x7, 0x10, @private0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x8000, 0x700, 0xffffff81, 0xce}})
getpeername$packet(r6, &(0x7f0000000a00)={0x11, 0x0, <r15=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000a40)=0x14)
getpeername$packet(r6, &(0x7f0000000a80)={0x11, 0x0, <r16=>0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000ac0)=0x14)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000b00)={'dvmrp0\x00', <r17=>0x0})
sendmsg$MPTCP_PM_CMD_ANNOUNCE(r3, &(0x7f0000000cc0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000c80)={&(0x7f0000000b40)={0x118, r13, 0x300, 0x70bd2a, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r14}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0xb}]}, @MPTCP_PM_ATTR_ADDR={0x2c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x5}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @remote}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x9}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x3}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x80}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x3c, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x3}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r15}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x4}]}, @MPTCP_PM_ATTR_ADDR={0x2c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast2}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r16}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0xa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x2}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r17}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x2c, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x2}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @empty}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x7}]}, 0x118}, 0x1, 0x0, 0x0, 0x20000000}, 0x24004045)
ioctl$BTRFS_IOC_QUOTA_RESCAN(r1, 0x4040942c, &(0x7f0000000d00)={0x0, 0x1, [0x5d3, 0x7, 0x9, 0x7, 0x1, 0xfff]})

1.766182054s ago: executing program 0 (id=1961):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000140)=0x1, 0x4)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x1, @empty, 0x7}, 0x1c)
r1 = syz_open_dev$sg(&(0x7f0000000100), 0x89, 0x1)
ioctl$SG_SET_FORCE_PACK_ID(r1, 0x227b, &(0x7f00000001c0))
io_setup(0x6, &(0x7f0000000680)=<r2=>0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bond0\x00', 0x10)
io_submit(r2, 0x1, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x1, 0x0, r0, 0x0}])

1.635607374s ago: executing program 0 (id=1965):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = syz_io_uring_setup(0x6de4, &(0x7f0000000180)={0x0, 0x113a, 0x2, 0x2}, &(0x7f00000000c0), &(0x7f0000000000))
io_uring_enter(r2, 0x0, 0xe38e, 0x5, 0x0, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS2(r2, 0xf, &(0x7f00000024c0)={0x2, 0x0, 0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000240)=""/191, 0xbf}], &(0x7f0000002480)=[0x0, 0x2]}, 0x20)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r2, 0x10, &(0x7f0000002d80)={0x0, 0x0, &(0x7f0000002cc0)=[{0x0}, {0x0}], 0x0, 0x2}, 0x20)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000340)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$inet(r5, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f00000042c0)="86", 0xff0f}], 0x1}, 0x0)
recvmsg(r4, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000600)=""/203, 0xcb}], 0x1}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
r6 = fsopen(&(0x7f00000000c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r6, 0x6, 0x0, 0x0, 0x0)
r7 = fsmount(r6, 0x0, 0x0)
r8 = openat$cgroup_subtree(r7, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r8, &(0x7f0000000040)={[{0x2d, 'cpuset'}]}, 0x8)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

690.710504ms ago: executing program 9 (id=1971):
r0 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) (async)
r1 = fsmount(r0, 0x0, 0x4)
r2 = openat$cgroup_ro(r1, &(0x7f00000000c0)='cgroup.stat\x00', 0x5000000, 0x0)
readv(r2, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/4080, 0xff0}], 0x1) (async)
mkdirat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file0/file0\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1) (async)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) (async)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r3) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$TCSETS2(0xffffffffffffffff, 0x402c542b, &(0x7f0000000080)={0x0, 0x1, 0x7, 0x10001, 0x5, "1afa86d32101b58680cdda128ed251c679583d", 0x3f, 0x80000004}) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={<r4=>0xffffffffffffffff}) (async)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) (async)
fcntl$lock(r5, 0x410, &(0x7f0000000080)={0x0, 0x1, 0x6, 0x1fd})
unlink(&(0x7f0000000100)='./file0\x00') (async)
close_range(r4, 0xffffffffffffffff, 0x0) (async)
ptrace$setregs(0xd, r3, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") (async)
ptrace$getregset(0x4205, r3, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78}) (async)
ptrace$getregset(0x4204, r3, 0x2, &(0x7f0000000740)={0x0}) (async)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) (async)
chdir(&(0x7f00000003c0)='./bus\x00') (async)
rename(&(0x7f0000001100)='./file0/file0\x00', &(0x7f0000000000)='./file0\x00')

590.711046ms ago: executing program 9 (id=1972):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) (async)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup(r1)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) (async)
write$tun(r0, &(0x7f0000000080)={@val={0x70}, @void, @eth={@broadcast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x4000, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x6558, 0x18, 0x0, @wg=@data={0x4, 0x0, 0x8}}}}}}}, 0x3e) (async)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x181000, 0x0)
ioctl$TUNSETIFF(r3, 0x400454da, &(0x7f00000001c0)={'bond_slave_0\x00', 0x800})
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1}) (async)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x80400, 0x0)
ioctl$TUNSETIFF(r4, 0x400454da, &(0x7f00000002c0)={'bond0\x00', 0x4000})
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000100)={'nicvf0\x00', 0x1432}) (async)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
mkdir(&(0x7f0000000080)='./file1\x00', 0x8) (async)
mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota')

481.955711ms ago: executing program 9 (id=1973):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x11, 0x80a, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', <r2=>0x0})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2100, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r4, 0x4068aea3, &(0x7f0000000000))
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="780000001000010400"/20, @ANYRES32=r2, @ANYBLOB="60300300001400005800128009000100626f6e6400000000480002802c0008"], 0x78}}, 0x0)

410.645593ms ago: executing program 8 (id=1976):
socket$vsock_stream(0x28, 0x1, 0x0) (async)
r0 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0x800)
r1 = openat$panthor(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f00000000c0)={<r2=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r0, 0xc01864c1, &(0x7f0000000180)={r2}) (async, rerun: 32)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (rerun: 32)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0xfffb, 0x7, @loopback, 0xa098}, {0xa, 0x4e21, 0x9, @mcast1, 0x9}, 0xffffffffffffffff, 0x8001}}, 0x48) (async)
writev(r3, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01864c2, &(0x7f0000000000))
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000400)={0xa, 0x8001, 0x1, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xfffffff6}, 0x1c) (async)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x80000, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async, rerun: 32)
r6 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 32)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) (async, rerun: 32)
r9 = socket$unix(0x1, 0x5, 0x0) (rerun: 32)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@deltclass={0x70, 0x29, 0x400, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, r10, {0x7, 0xfff1}, {0x6, 0xffff}, {0xfff3, 0xb}}, [@tclass_kind_options=@c_qfq={{0x8}, {0x44, 0x2, [@TCA_QFQ_WEIGHT={0x8, 0x1, 0x9}, @TCA_QFQ_WEIGHT={0x8, 0x1, 0x87a3}, @TCA_QFQ_LMAX={0x8, 0x2, 0xcbf}, @TCA_QFQ_LMAX={0x8, 0x2, 0x5}, @TCA_QFQ_LMAX={0x8, 0x2, 0x33}, @TCA_QFQ_LMAX={0x8, 0x2, 0x4}, @TCA_QFQ_WEIGHT={0x8, 0x1, 0x2}, @TCA_QFQ_LMAX={0x8, 0x2, 0x2}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x8858}, 0x20004804)
r11 = socket$inet_mptcp(0x2, 0x1, 0x106) (async, rerun: 64)
mknod$loop(&(0x7f0000000580)='./file0\x00', 0xfff, 0x0) (async, rerun: 64)
execve(&(0x7f0000000740)='./file0\x00', 0x0, 0x0) (async)
link(&(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') (async)
rename(&(0x7f0000000180)='./file0\x00', &(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') (async)
rename(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file1\x00')
setsockopt$inet_int(r11, 0x0, 0x33, &(0x7f0000000000)=0x80020000, 0x4)
r12 = mq_open(&(0x7f0000000100)='&\x00', 0x40, 0x100, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) (async)
mq_notify(r12, &(0x7f00000003c0)={0x0, 0xd, 0x1, @thr={0x0, 0x0}})

409.902591ms ago: executing program 9 (id=1977):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff) (async)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_TDLS_OPER(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x1c}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000400)={0x38, r1, 0x209, 0x0, 0x25dfdbfc, {}, [@FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @loopback={0xff00000000000000}}, @FOU_ATTR_IFINDEX={0x8, 0xb, r3}]}, 0x38}}, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000000), &(0x7f0000000040)=0x4)

331.114742ms ago: executing program 9 (id=1978):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@newlink={0x58, 0x10, 0x401, 0x0, 0x3, {0x0, 0x0, 0x0, 0x0, 0xe59bca127d81a0fa, 0xc574450d1af3b5bc}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0xc, 0x5, 0x0, 0x1, [@IFLA_BRPORT_PROXYARP={0x5, 0xa, 0x1}]}}}, @IFLA_IFNAME={0x14, 0x3, 'bridge_slave_0\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x20044010}, 0x200000c0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_GEM_OPEN(r2, 0xc0106442, 0x0)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0xa)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x28}, 0x1, 0x0, 0x0, 0x4048000}, 0x4008880)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4)
r6 = fanotify_init(0x2, 0x80000)
read$FUSE(r6, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r3}, 0x8)
r7 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, r7)
close(0x3)
r8 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r8, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0x3, 0x1, 0x8}, 0x20)
setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f0000000040)=0x2005, 0x4)
sendmsg$inet6(r1, &(0x7f0000000140)={&(0x7f0000000100)={0xa, 0x1, 0x80000, @empty, 0xfffdfffb}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='H'], 0x48}, 0x40000)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14615}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ES={0x5, 0xa, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4001}, 0x0)

221.103363ms ago: executing program 0 (id=1979):
msgctl$MSG_INFO(0x0, 0xc, &(0x7f0000000d40)=""/139)
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$SNDCTL_TMR_START(r0, 0x5402)
socket$kcm(0x29, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000900)={0x74, 0x0, 0x8, 0x801, 0x0, 0x0, {0xa, 0x0, 0x8}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0xbe2cd1427c94682b}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_DATA={0x3c, 0x4, 0x0, 0x1, @fccp=[@CTA_TIMEOUT_DCCP_RESPOND={0x8, 0x2, 0x1, 0x0, 0x72}, @CTA_TIMEOUT_DCCP_OPEN={0x8, 0x4, 0x1, 0x0, 0x1}, @CTA_TIMEOUT_DCCP_TIMEWAIT={0x8, 0x7, 0x1, 0x0, 0xfffffffc}, @CTA_TIMEOUT_DCCP_CLOSEREQ={0x8, 0x5, 0x1, 0x0, 0x8}, @CTA_TIMEOUT_DCCP_CLOSEREQ={0x8, 0x5, 0x1, 0x0, 0x8}, @CTA_TIMEOUT_DCCP_TIMEWAIT={0x8, 0x7, 0x1, 0x0, 0x3}, @CTA_TIMEOUT_DCCP_RESPOND={0x8, 0x2, 0x1, 0x0, 0xa}]}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8917}]}, 0x74}, 0x1, 0x0, 0x0, 0x57}, 0x80)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = dup(r2)
write$UHID_INPUT(r3, &(0x7f0000001040)={0xfc, {"a2e3ad09ed1a09f91b37090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f383b6c090890e0879b0a0ac6e70a9b3361959b509a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d07640936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)

220.497691ms ago: executing program 8 (id=1980):
r0 = socket(0x1a, 0x5, 0x0)
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x30000001})

203.6667ms ago: executing program 8 (id=1981):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r1)
r4 = syz_genetlink_get_family_id$smc(&(0x7f0000000380), r1)
sendmsg$SMC_PNETID_ADD(r1, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x20, r4, 0x10, 0x70bd29, 0x25dfdbfc, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4008800}, 0x10)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x2c, r3, 0x1, 0x4, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x5, 0x1, [0xc]}]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000800}, 0x80)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000480)={r0, 0x0, 0x0}, 0xffffffffffffff73)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_int(r5, 0x0, 0x33, &(0x7f0000000080)=0x80000003, 0x4)
listen(r5, 0x3)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
r7 = openat$ndctl0(0xffffffffffffff9c, &(0x7f00000001c0), 0x84000, 0x0)
io_uring_enter(r7, 0x7b8b, 0x39b6, 0x28, &(0x7f0000000200)={[0x1]}, 0x8)
setsockopt$inet_int(r6, 0x0, 0x33, &(0x7f0000000040)=0x80000003, 0x4)
prlimit64(0x0, 0xd, &(0x7f00000002c0)={0xb, 0x9}, &(0x7f0000000300))
connect$inet(r6, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)

203.258864ms ago: executing program 0 (id=1982):
r0 = gettid() (async)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3b071, 0xffffffffffffffff, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) (async)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) (async)
r1 = landlock_create_ruleset(&(0x7f0000000000)={0x8040, 0x2, 0x2}, 0x18, 0x0)
landlock_restrict_self(r1, 0x0) (async)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) (async)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
rt_sigsuspend(&(0x7f0000000240)={[0x5]}, 0x8)

119.612338ms ago: executing program 8 (id=1983):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$l2tp(0x2, 0x2, 0x73)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0xfffffffd, @mcast2={0xff, 0x5}, 0x1ff}, 0x1c)
mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f00007fe000/0x800000)=nil)
sendmsg$nl_route(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@ipv6_newrule={0x4c, 0x20, 0x1, 0x0, 0x0, {0xa, 0x80, 0x14, 0x0, 0xff, 0x0, 0x0, 0x7}, [@FRA_SRC={0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, @FIB_RULE_POLICY=@FRA_SUPPRESS_IFGROUP={0x8, 0xd, 0x2}, @FRA_DST={0x14, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}, 0x4c}}, 0x20000000)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5c0000001000390400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000003c0012800b000100697036746e6c00002c020080140003002001000000000000000000000000000114000200fc0200"/68], 0x5c}}, 0x0)

117.706203ms ago: executing program 9 (id=1984):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
prlimit64(0x0, 0x7, &(0x7f0000002640)={0x3, 0xa5b1}, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x40000108, 0x0, 0x400006}]})
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
ioctl$KVM_CREATE_PIT2(r6, 0x4040ae77, &(0x7f0000000180)={0x1})
ioctl$KVM_GET_PIT(r6, 0xc048ae65, &(0x7f0000000340))
setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000300), 0x4)
r7 = syz_open_dev$vbi(&(0x7f0000002080), 0x1, 0x2)
ioctl$VIDIOC_TRY_FMT(r7, 0xc0d05640, &(0x7f0000002180)={0x5, @raw_data="c1a21ddfb318c2836cfd949038aa7bc75a2f9c13072c603a03b4841d8fe98ad10de911e9cbc86b7cb651f219c89725f226b63d564da1bc6f019b2dd0f38a570ef8d4dbff6c5b1a459a39bc672e08bd6c93c5b41fb7a10026422bf146785806e191787aa8254247b7272378b20f575fe93bf88ab80d88c5e2848aa38b11b936d9208e8cf5b431d6b29ef220e38f2324d80b54468ec244f85480ef5291b18ce48c5651e6cd8bbbbca2c748c4eb3cc5645c4ffe944e1465d85aeb8894bf15db71eb4d4eb61996670a84"})
r8 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000180)={'batadv_slave_1\x00', <r9=>0x0})
setsockopt$packet_add_memb(r8, 0x107, 0x1, &(0x7f0000000080)={r9, 0x1, 0x6, @local}, 0x10)
r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(r10, 0x0, 0x1, &(0x7f0000000140)=0x2, 0x4)
setsockopt$packet_add_memb(r8, 0x107, 0x1, &(0x7f0000000000)={r9, 0x1, 0x6, @random="2716157f3354"}, 0x10)
recvmmsg(r1, &(0x7f0000000500)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=""/8, 0xc}}], 0x4b, 0x0, 0x0)
r11 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
pidfd_send_signal(r11, 0x26, &(0x7f00000000c0)={0x2f, 0x0, 0x8}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x24, 0x2, 0x3, 0x3, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x6}}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x40884}, 0x80)
r12 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r12, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000000914e73f"], 0x30}, 0x1, 0x0, 0x0, 0xc044}, 0x0)
r13 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0)
ppoll(&(0x7f0000000240)=[{r6, 0x2120}, {r0, 0x1884}, {r0, 0xc690}, {r12, 0x8000}, {r13, 0x80}, {r11, 0x8000}], 0x6, &(0x7f0000000280), &(0x7f00000002c0)={[0x5]}, 0x8)

117.30176ms ago: executing program 8 (id=1985):
socket$inet6(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100))
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x63)
write$P9_RLERRORu(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="d1cc67"], 0x10) (async)
write$P9_RLERRORu(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="d1cc67"], 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x2], 0x0, 0x0, 0x1, 0x1}}, 0x40) (async)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x2], 0x0, 0x0, 0x1, 0x1}}, 0x40)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x10012, r0, 0x0) (async)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x10012, r0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x401, 0x2020000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_PRIORITY={0x6, 0x6, 0x5}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x240008c4}, 0x4054)

403.962µs ago: executing program 8 (id=1986):
r0 = syz_open_dev$video4linux(&(0x7f0000000ac0), 0x2000000000002, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
accept4(r1, 0x0, 0x0, 0x80800)
ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0585605, &(0x7f0000000140)={0x0, 0x0, {0x0, 0xffffffff, 0x3010, 0x0, 0x6, 0x6, 0x0, 0x17}})
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x4, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4002}, 0x24000000)
ioctl$sock_SIOCSIFBR(r2, 0x8941, &(0x7f0000000040)=@add_del={0x2, &(0x7f0000000000)='vcan0\x00'})
syz_open_dev$video4linux(&(0x7f0000000ac0), 0x2000000000002, 0x0) (async)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) (async)
accept4(r1, 0x0, 0x0, 0x80800) (async)
ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0585605, &(0x7f0000000140)={0x0, 0x0, {0x0, 0xffffffff, 0x3010, 0x0, 0x6, 0x6, 0x0, 0x17}}) (async)
syz_init_net_socket$x25(0x9, 0x5, 0x0) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$IPSET_CMD_FLUSH(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x4, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4002}, 0x24000000) (async)
ioctl$sock_SIOCSIFBR(r2, 0x8941, &(0x7f0000000040)=@add_del={0x2, &(0x7f0000000000)='vcan0\x00'}) (async)

0s ago: executing program 0 (id=1987):
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) (async)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000240)=0xc, 0x4) (async)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000040)=<r2=>0xffffffffffffffff)
ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000180)=@overlay={0xfffffffe, 0x4, 0x4, 0x1, 0x9, {}, {0x1, 0xc, 0xc1, 0x6, 0x7, 0x0, "d94719a7"}, 0xe, 0x3, {}, 0x9, 0x0, <r3=>r2})
open_by_handle_at(r3, &(0x7f00000003c0)=@OVL_FILEID_V1={0x42, 0xf8, {'\x00', {0x0, 0xfb, 0x3f, 0x0, 0x80, "07b9a304bede31f1c7769cb102449e8c", "7118e5c71bfb8afde8ad28346a4f09605a8aac22259bdb3a65cfc208d5995d9b372d36a48f29e471fa92"}}}, 0x4001)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x4, 0x8, 0x8}, 0x48) (async)
r5 = socket$rds(0x15, 0x5, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x2000)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r6, 0xc00864bf, &(0x7f00000000c0)={<r7=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_RESET(r6, 0xc01064c4, &(0x7f0000000100)={&(0x7f0000000040)=[r7], 0x1}) (async)
setsockopt$RDS_GET_MR_FOR_DEST(r5, 0x114, 0x7, &(0x7f0000000300)={@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e22, @multicast1}, 0x3, 0x0, 0x3, 0x4}}, {&(0x7f0000000280)=""/102, 0x66}, &(0x7f0000000080)}, 0xa0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

kernel console output (not intermixed with test programs):

0288] CIFS mount error: No usable UNC path provided in device string!
[  183.387883][T10288] 
[  183.391793][T10288] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  183.809910][    T9] usb 12-1: new high-speed USB device number 7 using dummy_hcd
[  183.864813][T10334] bond1: option downdelay: invalid value (18446744073709551615)
[  183.868501][T10334] bond1: option downdelay: allowed values 0 - 2147483647
[  183.873246][T10334] bond1 (unregistering): Released all slaves
[  183.957890][    T9] usb 12-1: Using ep0 maxpacket: 32
[  183.962049][    T9] usb 12-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  183.965333][    T9] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  183.970430][    T9] usb 12-1: config 0 descriptor??
[  183.979791][    T9] as10x_usb: device has been detected
[  183.982474][    T9] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  183.995561][    T9] usb 12-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  184.035833][    T9] as10x_usb: error during firmware upload part1
[  184.038731][    T9] Registered device nBox DVB-T Dongle
[  184.120704][T10345] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  184.126285][T10345] block device autoloading is deprecated and will be removed.
[  184.133728][T10345] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10345 comm=syz.6.1187
[  184.174997][ T7049] usb 12-1: USB disconnect, device number 7
[  184.176100][T10349] misc userio: Begin command sent, but we're already running
[  184.190007][ T7049] Unregistered device nBox DVB-T Dongle
[  184.190798][ T7049] as10x_usb: device has been disconnected
[  184.586869][T10360] tmpfs: Unknown parameter 'nr_in��U��(�#��'
[  184.637506][T10360] kvm: pic: non byte write
[  184.650185][T10360] syz.6.1193: attempt to access beyond end of device
[  184.650185][T10360] sr0: rw=6144, sector=128, nr_sectors = 8 limit=128
[  184.655880][T10360] gfs2: error -5 reading superblock
[  184.722745][T10376] nfs4: Unknown parameter '��������'
[  184.774852][T10378] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1198'.
[  184.814787][T10378] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10378 comm=syz.5.1198
[  184.861948][T10385] MPI: mpi too large (16392 bits)
[  184.866011][T10385] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1201'.
[  184.961934][T10385] netlink: 'syz.6.1201': attribute type 3 has an invalid length.
[  185.139305][T10402] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  185.143595][T10402] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  185.151356][T10402] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  185.160390][T10402] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  185.163270][T10402] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  185.167953][T10402] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  185.170347][T10402] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  185.173368][T10402] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  185.177799][T10402] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  185.179981][T10402] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  185.186915][T10402] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  185.200783][T10402] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  185.203663][T10402] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  185.211973][T10402] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  185.268335][T10411] IPv6: syztnl0: Disabled Multicast RS
[  185.464967][ T5941] Bluetooth: hci5: ACL packet for unknown connection handle 201
[  185.497659][   T55] usb 10-1: new high-speed USB device number 12 using dummy_hcd
[  185.515675][ T5941] Bluetooth: hci5: unexpected event for opcode 0x0c58
[  185.516591][T10426] netlink: 'syz.7.1216': attribute type 1 has an invalid length.
[  185.532646][T10426] 8021q: adding VLAN 0 to HW filter on device bond2
[  185.544762][T10426] bond2: (slave gretap1): making interface the new active one
[  185.556183][T10426] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  185.563601][T10426] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10426 comm=syz.7.1216
[  185.658002][   T55] usb 10-1: Using ep0 maxpacket: 8
[  185.661204][   T55] usb 10-1: config 0 has an invalid interface number: 55 but max is 0
[  185.664168][   T55] usb 10-1: config 0 has no interface number 0
[  185.666336][   T55] usb 10-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  185.670069][   T55] usb 10-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  185.673983][   T55] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  185.677465][   T55] usb 10-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  185.681929][   T55] usb 10-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  185.684950][   T55] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.689611][   T55] usb 10-1: config 0 descriptor??
[  185.693908][   T55] ldusb 10-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  185.896219][   T55] usb 10-1: USB disconnect, device number 12
[  185.899704][    C1] ldusb 10-1:0.55: usb_submit_urb failed (-19)
[  185.909419][   T55] ldusb 10-1:0.55: LD USB Device #0 now disconnected
[  185.916327][T10445] sd 0:0:0:0: PR command failed: 1026
[  185.920461][T10445] sd 0:0:0:0: Sense Key : Illegal Request [current] 
[  185.923319][T10445] sd 0:0:0:0: Add. Sense: Invalid command operation code
[  186.057025][T10450] Bluetooth: hci0: invalid len left 7, exp >= 50
[  186.099041][T10410] ldusb: No device or device unplugged -19
[  186.120678][T10457] overlayfs: failed lookup in lower (newroot/67, name='file0', err=-40): overlapping layers
[  186.197521][   T40] kauditd_printk_skb: 11 callbacks suppressed
[  186.197570][   T40] audit: type=1400 audit(186.104:771): avc:  denied  { ioctl } for  pid=10458 comm="syz.6.1226" path="socket:[38693]" dev="sockfs" ino=38693 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  186.322230][T10468] ip6gretap0: entered promiscuous mode
[  186.324182][T10468] ip6gretap0: entered allmulticast mode
[  186.433061][T10479] overlayfs: failed to set uuid (127/file0, err=-1); falling back to uuid=null.
[  186.436533][T10479] overlayfs: failed to verify upper root origin
[  186.457379][T10480] overlayfs: failed to set uuid (127/file0, err=-1); falling back to uuid=null.
[  186.464937][T10480] overlayfs: failed to verify upper root origin
[  186.472236][T10478] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  186.519513][T10489] openvswitch: netlink: Port -1 exceeds max allowable 65535
[  186.688279][    T9] usb 13-1: new high-speed USB device number 5 using dummy_hcd
[  186.867909][    T9] usb 13-1: Using ep0 maxpacket: 8
[  186.871906][    T9] usb 13-1: config index 0 descriptor too short (expected 301, got 45)
[  186.875553][    T9] usb 13-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  186.880822][    T9] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  186.885329][    T9] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  186.890871][    T9] usb 13-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  186.896685][    T9] usb 13-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  186.903921][    T9] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  186.958708][T10516] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  187.045431][T10524] xt_cgroup: path and classid specified
[  187.088517][T10528] SELinux:  Context system_u:object_r:crond_var_run_t:s0 is not valid (left unmapped).
[  187.095054][   T40] audit: type=1400 audit(187.004:772): avc:  denied  { relabelto } for  pid=10527 comm="syz.6.1246" name="130" dev="tmpfs" ino=724 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:crond_var_run_t:s0"
[  187.108851][   T40] audit: type=1400 audit(187.004:773): avc:  denied  { associate } for  pid=10527 comm="syz.6.1246" name="130" dev="tmpfs" ino=724 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:crond_var_run_t:s0"
[  187.125023][    T9] usb 13-1: usb_control_msg returned -32
[  187.128028][    T9] usbtmc 13-1:16.0: can't read capabilities
[  187.177808][ T5941] Bluetooth: hci2: command 0x0c1a tx timeout
[  187.177961][ T5292] Bluetooth: hci3: command 0x0c1a tx timeout
[  187.181901][ T5948] Bluetooth: hci4: command 0x0406 tx timeout
[  187.198013][   T40] audit: type=1400 audit(187.104:774): avc:  denied  { remove_name } for  pid=8850 comm="syz-executor" name="binderfs" dev="tmpfs" ino=728 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:crond_var_run_t:s0"
[  187.209713][   T40] audit: type=1400 audit(187.114:775): avc:  denied  { rmdir } for  pid=8850 comm="syz-executor" name="130" dev="tmpfs" ino=724 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:crond_var_run_t:s0"
[  187.257904][ T5941] Bluetooth: hci0: command 0x0c1a tx timeout
[  187.496359][T10542] usbtmc 13-1:16.0: usb_control_msg returned -32
[  187.530948][T10549] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter'
[  187.552737][ T7047] usb 13-1: USB disconnect, device number 5
[  187.605308][T10553] __nla_validate_parse: 6 callbacks suppressed
[  187.605320][T10553] netlink: 384 bytes leftover after parsing attributes in process `syz.5.1253'.
[  187.706246][T10565] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2 sclass=netlink_route_socket pid=10565 comm=syz.7.1257
[  187.779561][T10567] x_tables: ip6_tables: TCPOPTSTRIP target: only valid for protocol 6
[  187.833049][T10576] syzkaller0: entered promiscuous mode
[  187.835323][T10576] syzkaller0: entered allmulticast mode
[  187.841628][T10576] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1261'.
[  188.040720][   T40] audit: type=1400 audit(187.944:776): avc:  denied  { mounton } for  pid=10588 comm="syz.6.1264" path="/140/file0" dev="tmpfs" ino=781 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  188.137783][  T842] usb 12-1: new full-speed USB device number 8 using dummy_hcd
[  188.192526][T10601] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1266'.
[  188.245812][   T40] audit: type=1400 audit(188.154:777): avc:  denied  { name_bind } for  pid=10605 comm="syz.8.1267" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  188.302784][  T842] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  188.306842][  T842] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  188.312827][  T842] usb 12-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  188.316792][  T842] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  188.321254][  T842] usb 12-1: Product: syz
[  188.323132][  T842] usb 12-1: Manufacturer: syz
[  188.325233][  T842] usb 12-1: SerialNumber: syz
[  188.335464][  T842] usb 12-1: config 0 descriptor??
[  188.339218][  T842] hub 12-1:0.0: bad descriptor, ignoring hub
[  188.341873][  T842] hub 12-1:0.0: probe with driver hub failed with error -5
[  188.348967][  T842] input: syz syz as /devices/platform/dummy_hcd.7/usb12/12-1/12-1:0.0/input/input20
[  188.446317][T10608] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  189.267884][ T5941] Bluetooth: hci3: command 0x0c1a tx timeout
[  189.268619][ T5948] Bluetooth: hci2: command 0x0c1a tx timeout
[  189.268675][ T5292] Bluetooth: hci4: command 0x0406 tx timeout
[  189.348139][ T5948] Bluetooth: hci0: command 0x0c1a tx timeout
[  189.536025][T10620] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  189.561244][T10623] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  189.572163][T10623] Invalid option length (2749) for dns_resolver key
[  189.612333][T10625] netlink: 212328 bytes leftover after parsing attributes in process `syz.8.1272'.
[  189.615510][T10625] netlink: ct family unspecified
[  189.620809][   T40] audit: type=1400 audit(189.534:778): avc:  denied  { load_policy } for  pid=10624 comm="syz.8.1272" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  189.621261][T10625] SELinux: ebitmap: map size 0 does not match my size 64 (high bit was 0)
[  189.633202][T10625] SELinux: failed to load policy
[  189.745002][   T40] audit: type=1400 audit(189.654:779): avc:  denied  { connect } for  pid=10629 comm="syz.5.1274" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  190.180342][T10653] tipc: Started in network mode
[  190.182300][T10653] tipc: Node identity 76881e78fa48, cluster identity 4711
[  190.185063][T10653] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  190.198388][T10653] tipc: Disabling bearer <eth:syzkaller0>
[  190.342196][   T40] audit: type=1326 audit(190.254:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10661 comm="syz.7.1283" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb49d39c799 code=0x0
[  190.363794][T10658] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10658 comm=syz.5.1282
[  190.448743][T10667] netlink: 'syz.7.1283': attribute type 1 has an invalid length.
[  190.473200][T10667] 8021q: adding VLAN 0 to HW filter on device bond3
[  190.509030][T10667] bond3: (slave veth3): Enslaving as an active interface with a down link
[  190.526139][T10667] bond3: (slave dummy0): making interface the new active one
[  190.532699][T10667] dummy0: entered promiscuous mode
[  190.535502][T10667] bond3: (slave dummy0): Enslaving as an active interface with an up link
[  190.542988][T10667] netlink: 'syz.7.1283': attribute type 10 has an invalid length.
[  190.546456][T10667] netlink: 40 bytes leftover after parsing attributes in process `syz.7.1283'.
[  190.552688][T10667] bond3: (slave dummy0): Releasing active interface
[  190.647378][T10676] sctp: [Deprecated]: syz.8.1287 (pid 10676) Use of int in maxseg socket option.
[  190.647378][T10676] Use struct sctp_assoc_value instead
[  190.660616][T10678] netlink: 'syz.5.1285': attribute type 2 has an invalid length.
[  190.700455][T10682] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1289'.
[  190.795700][T10691] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1292'.
[  190.820414][T10691] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  190.822800][T10691] SELinux: failed to load policy
[  190.860192][T10696] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  190.863442][T10696] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  191.238164][   T39] usb 10-1: new high-speed USB device number 13 using dummy_hcd
[  191.250346][   T40] kauditd_printk_skb: 1 callbacks suppressed
[  191.250362][   T40] audit: type=1400 audit(191.164:782): avc:  denied  { read } for  pid=10719 comm="syz.7.1303" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  191.272442][   T40] audit: type=1400 audit(191.164:783): avc:  denied  { open } for  pid=10719 comm="syz.7.1303" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  191.287803][   T40] audit: type=1400 audit(191.164:784): avc:  denied  { ioctl } for  pid=10719 comm="syz.7.1303" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x63a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  191.339566][ T5948] Bluetooth: hci2: command 0x0c1a tx timeout
[  191.347851][ T5948] Bluetooth: hci3: command 0x0c1a tx timeout
[  191.397840][   T39] usb 10-1: Using ep0 maxpacket: 8
[  191.404909][   T39] usb 10-1: config 0 has an invalid interface number: 55 but max is 0
[  191.409020][   T39] usb 10-1: config 0 has no interface number 0
[  191.411755][   T39] usb 10-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  191.416502][   T39] usb 10-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  191.422059][ T5948] Bluetooth: hci0: command 0x0c1a tx timeout
[  191.424845][   T39] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  191.430171][   T39] usb 10-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  191.436105][   T39] usb 10-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  191.440051][   T39] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.447114][   T39] usb 10-1: config 0 descriptor??
[  191.455411][   T39] ldusb 10-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  191.560500][T10736] netlink: 'syz.7.1307': attribute type 10 has an invalid length.
[  191.574952][T10736] team0: Device vxcan1 is of different type
[  191.657712][T10744] xt_l2tp: missing protocol rule (udp|l2tpip)
[  191.713015][T10750] netlink: 'syz.6.1305': attribute type 13 has an invalid length.
[  191.748377][T10750] gretap0: refused to change device tx_queue_len
[  191.750733][T10750] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  191.773604][   T39] usb 10-1: USB disconnect, device number 13
[  191.778026][   T39] ldusb 10-1:0.55: LD USB Device #0 now disconnected
[  192.045455][ T7049] usb 12-1: USB disconnect, device number 8
[  192.120188][   T40] audit: type=1400 audit(192.034:785): avc:  denied  { execute } for  pid=10764 comm="syz.6.1312" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=40416 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  192.187828][ T7049] usb 12-1: new high-speed USB device number 9 using dummy_hcd
[  192.328930][T10776] netlink: 'syz.5.1315': attribute type 1 has an invalid length.
[  192.351280][ T7049] usb 12-1: unable to get BOS descriptor or descriptor too short
[  192.356394][ T7049] usb 12-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  192.363842][ T7049] usb 12-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  192.369955][ T7049] usb 12-1: config 1 interface 0 has no altsetting 0
[  192.374794][ T7049] usb 12-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  192.378149][ T7049] usb 12-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  192.380937][ T7049] usb 12-1: Product: 蝔⤀觥悳ﹺ夗촂各靿쪦€
[  192.384149][ T7049] usb 12-1: Manufacturer: syz
[  192.386016][ T7049] usb 12-1: SerialNumber: 퇿䃜䙕臸봥呋丕䝢问ᛏ䓍侫ǯ⣷ᲇ菶눸蒜葅㻋솰嫐ꓮ⎜崥륧䋡吩缰摺셢Ⴑَ⠲⿭ɮ王苚䷏ʔ➲尵꛻៑픖큵랓靶게鳳ч矄ᩊ䊸ꑤ鯺䥙㶾㜏翸碎ᗲ擊즮
[  192.536262][T10786] overlayfs: conflicting options: userxattr,metacopy=on
[  192.547452][T10788] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1319'.
[  192.550638][T10788] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1319'.
[  192.655486][ T7049] usbhid 12-1:1.0: couldn't find an input interrupt endpoint
[  192.663249][ T7049] usb 12-1: USB disconnect, device number 9
[  192.692812][T10801] xt_hashlimit: size too large, truncated to 1048576
[  192.797981][T10801] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.1320'.
[  192.811313][T10809] workqueue: name exceeds WQ_NAME_LEN. Truncating to: 4π!F���Vl�uc'f`�ކ�;��1�
[  193.454002][T10836] overlayfs: conflicting options: nfs_export=on,index=off
[  193.461201][T10836] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1327'.
[  193.507301][   T40] audit: type=1400 audit(193.414:786): avc:  denied  { getopt } for  pid=10844 comm="syz.6.1331" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  193.516002][T10845] netlink: 76 bytes leftover after parsing attributes in process `syz.6.1331'.
[  193.528758][T10845] CIFS: Unable to determine destination address
[  193.541887][T10846] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1327'.
[  193.545300][T10848] overlayfs: missing 'lowerdir'
[  193.609771][T10855] tmpfs: Unknown parameter 'm'
[  193.616528][ T5937] udevd[5937]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  193.619190][T10854] tmpfs: Unknown parameter 'm'
[  193.673763][T10861] xt_TPROXY: Can be used only with -p tcp or -p udp
[  193.784163][T10867] could not allocate digest TFM handle xxhash64
[  193.798168][   T40] audit: type=1400 audit(193.714:787): avc:  denied  { getopt } for  pid=10873 comm="syz.8.1342" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  193.895638][T10882] SET target dimension over the limit!
[  193.972784][   T40] audit: type=1400 audit(193.884:788): avc:  denied  { create } for  pid=10889 comm="syz.8.1346" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  194.045464][T10891] delete_channel: no stack
[  194.047551][T10891] delete_channel: no stack
[  194.049809][T10891] delete_channel: no stack
[  194.051575][T10891] delete_channel: no stack
[  194.053420][T10891] delete_channel: no stack
[  194.055626][T10891] delete_channel: no stack
[  194.057777][T10891] delete_channel: no stack
[  194.059972][T10891] delete_channel: no stack
[  194.082006][T10891] delete_channel: no stack
[  194.084311][T10891] delete_channel: no stack
[  194.086164][T10891] delete_channel: no stack
[  194.087955][T10891] delete_channel: no stack
[  194.089671][T10891] delete_channel: no stack
[  194.091310][T10891] delete_channel: no stack
[  194.092988][T10891] delete_channel: no stack
[  194.094634][T10891] delete_channel: no stack
[  194.096310][T10891] delete_channel: no stack
[  194.098094][T10891] delete_channel: no stack
[  194.099763][T10891] delete_channel: no stack
[  194.101369][T10891] delete_channel: no stack
[  194.103091][T10891] delete_channel: no stack
[  194.104734][T10891] delete_channel: no stack
[  194.106442][T10891] delete_channel: no stack
[  194.108264][T10891] delete_channel: no stack
[  194.109055][T10894] MTD: Couldn't look up './bus': -15
[  194.109961][T10891] delete_channel: no stack
[  194.113401][   T40] audit: type=1400 audit(194.024:789): avc:  denied  { mounton } for  pid=10889 comm="syz.8.1346" path="/106/bus" dev="tmpfs" ino=604 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1
[  194.113483][T10891] delete_channel: no stack
[  194.123739][T10891] delete_channel: no stack
[  194.126169][T10891] delete_channel: no stack
[  194.133019][T10891] delete_channel: no stack
[  194.135509][T10891] delete_channel: no stack
[  194.137282][T10891] delete_channel: no stack
[  194.141394][T10891] delete_channel: no stack
[  194.143343][T10891] delete_channel: no stack
[  194.174051][   T40] audit: type=1400 audit(194.084:790): avc:  denied  { write } for  pid=10895 comm="syz.5.1348" name="usbmon6" dev="devtmpfs" ino=756 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  194.233601][   T40] audit: type=1400 audit(194.144:791): avc:  denied  { ioctl } for  pid=10900 comm="syz.5.1349" path="socket:[43029]" dev="sockfs" ino=43029 ioctlcmd=0x890c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  194.309307][T10904] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1350'.
[  194.402924][T10916] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1353'.
[  194.462003][T10921] overlayfs: failed to resolve './file0': -2
[  194.716242][T10937] loop3: detected capacity change from 0 to 4096
[  195.234998][T10955] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1364'.
[  195.240851][T10955] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1364'.
[  195.363898][T10965] syz.6.1365 (10965): /proc/10956/oom_adj is deprecated, please use /proc/10956/oom_score_adj instead.
[  195.395277][T10967] QAT: failed to copy from user cfg_data.
[  195.597076][T10985] ip6t_srh: unknown srh match flags  4000
[  195.607739][T10985] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1371'.
[  195.617689][    T9] usb 11-1: new high-speed USB device number 7 using dummy_hcd
[  195.662389][T10987] SELinux:  policydb magic number 0x4b07fa81 does not match expected magic number 0xf97cff8c
[  195.667310][T10987] SELinux: failed to load policy
[  195.767713][    T9] usb 11-1: Using ep0 maxpacket: 8
[  195.771428][    T9] usb 11-1: config index 0 descriptor too short (expected 301, got 45)
[  195.774807][    T9] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  195.787724][    T9] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  195.791683][    T9] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  195.795184][    T9] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  195.807849][    T9] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  195.811679][    T9] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.035029][    T9] usb 11-1: usb_control_msg returned -32
[  196.037299][    T9] usbtmc 11-1:16.0: can't read capabilities
[  196.300556][T11018] netlink: 'syz.7.1384': attribute type 1 has an invalid length.
[  196.314876][T11018] 8021q: adding VLAN 0 to HW filter on device bond4
[  196.320956][T11018] tmpfs: Group quota inode hardlimit too large.
[  196.341806][T11018] bond4: (slave veth5): Enslaving as an active interface with a down link
[  196.359962][T11018] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11018 comm=syz.7.1384
[  196.372283][T11018] vlan2: entered allmulticast mode
[  196.374093][T11018] bond4: entered allmulticast mode
[  196.389010][T10965] usbtmc 11-1:16.0: usbtmc488_ioctl_trigger returned -90
[  196.520527][   T40] kauditd_printk_skb: 12 callbacks suppressed
[  196.520540][   T40] audit: type=1400 audit(196.434:804): avc:  denied  { setopt } for  pid=11036 comm="syz.8.1388" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  196.533554][T11040] delete_channel: no stack
[  196.535491][T11040] delete_channel: no stack
[  196.539080][   T39] usb 10-1: new high-speed USB device number 14 using dummy_hcd
[  196.562955][T11045] netlink: 20 bytes leftover after parsing attributes in process `syz.8.1389'.
[  196.565942][T11045] netem: invalid attributes len -22
[  196.567512][T11045] netem: change failed
[  196.698390][   T39] usb 10-1: Using ep0 maxpacket: 8
[  196.702282][   T39] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  196.706058][   T39] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  196.709685][   T39] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.718067][   T39] usb 10-1: config 0 descriptor??
[  196.925452][   T39] iowarrior 10-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior1
[  197.132101][   T39] usb 10-1: USB disconnect, device number 14
[  197.348589][    C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
[  197.652709][T11066] netlink: 'syz.8.1396': attribute type 3 has an invalid length.
[  197.657014][   T40] audit: type=1400 audit(197.564:805): avc:  denied  { setopt } for  pid=11065 comm="syz.8.1396" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  197.905262][   T40] audit: type=1400 audit(197.814:806): avc:  denied  { setattr } for  pid=11073 comm="syz.8.1399" name="XDP" dev="sockfs" ino=45063 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  197.998627][   T40] audit: type=1400 audit(197.914:807): avc:  denied  { append } for  pid=11077 comm="syz.8.1401" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  198.092436][T11085] could not allocate digest TFM handle cryptd(blake2b-160)
[  198.303093][T11104] openvswitch: netlink: EtherType 50a is less than min 600
[  198.312901][T11104] team0: Device gtp0 is of different type
[  198.315752][   T39] usb 11-1: USB disconnect, device number 7
[  198.352664][T11107] netlink: 'syz.6.1407': attribute type 30 has an invalid length.
[  198.457748][   T10] usb 12-1: new full-speed USB device number 10 using dummy_hcd
[  198.476811][T11121] __nla_validate_parse: 1 callbacks suppressed
[  198.476823][T11121] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1411'.
[  198.609872][   T10] usb 12-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  198.614830][   T10] usb 12-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  198.628107][   T10] usb 12-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  198.632951][   T10] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  198.843908][ T5948] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  198.846556][   T10] usb 12-1: usb_control_msg returned -32
[  198.848920][   T40] audit: type=1400 audit(198.754:808): avc:  denied  { read write } for  pid=11146 comm="syz.6.1419" name="file0" dev="tmpfs" ino=949 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  198.850978][T11148] IPv6: NLM_F_CREATE should be specified when creating new route
[  198.859503][   T40] audit: type=1400 audit(198.754:809): avc:  denied  { open } for  pid=11146 comm="syz.6.1419" path="/170/file0" dev="tmpfs" ino=949 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  198.862082][   T10] usbtmc 12-1:16.0: can't read capabilities
[  199.160888][T11183] netlink: 16 bytes leftover after parsing attributes in process `syz.8.1429'.
[  199.261843][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  199.875382][T11209] netlink: 212368 bytes leftover after parsing attributes in process `syz.8.1436'.
[  199.879368][T11210] netlink: 212368 bytes leftover after parsing attributes in process `syz.8.1436'.
[  199.895328][T11210] ufs: You didn't specify the type of your ufs filesystem
[  199.895328][T11210] 
[  199.895328][T11210] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  199.895328][T11210] 
[  199.895328][T11210] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  199.907305][T11210] ufs: failed to set blocksize
[  199.911434][T11209] overlay: Unknown parameter 'audit'
[  199.948967][T11212] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11212 comm=syz.8.1437
[  200.001905][T11217] syzkaller0: entered promiscuous mode
[  200.005508][T11217] syzkaller0: entered allmulticast mode
[  200.276436][ T7047] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  200.281238][ T7047] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  200.285435][ T7047] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  200.289843][ T7047] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  200.294390][ T7047] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  200.298200][ T7047] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  200.302025][ T7047] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  200.305919][ T7047] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  200.311915][ T7047] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  200.315418][ T7047] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  200.325220][ T7047] hid-generic 0000:0000:0000.000A: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  200.381729][T11234] fido_id[11234]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  200.396242][T11239] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  200.443929][   T40] audit: type=1400 audit(200.354:810): avc:  denied  { bind } for  pid=11241 comm="syz.8.1448" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  200.471723][T11245] overlayfs: conflicting options: nfs_export=on,index=off
[  200.484851][   T40] audit: type=1400 audit(200.394:811): avc:  denied  { getopt } for  pid=11241 comm="syz.8.1448" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  200.491235][   T40] audit: type=1400 audit(200.394:812): avc:  denied  { setopt } for  pid=11241 comm="syz.8.1448" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  200.560976][   T40] audit: type=1400 audit(200.474:813): avc:  denied  { getattr } for  pid=11253 comm="syz.8.1452" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=43519 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  200.696629][T11270] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1457'.
[  200.760870][T11280] xt_TPROXY: Can be used only with -p tcp or -p udp
[  201.018892][T11302] input: syz1 as /devices/virtual/input/input21
[  201.053723][T11308] x_tables: ip6_tables: TCPOPTSTRIP target: only valid for protocol 6
[  201.146259][   T39] usb 12-1: USB disconnect, device number 10
[  201.220067][T11313] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1470'.
[  201.278868][T11317] kvm: kvm [11316]: vcpu2, guest rIP: 0x9130 Unhandled WRMSR(0xc1) = 0x87
[  201.283825][T11317] kvm: kvm [11316]: vcpu2, guest rIP: 0x9130 Unhandled WRMSR(0xc2) = 0x87
[  201.288954][T11323] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1472'.
[  201.310789][T11317] kvm: kvm [11316]: vcpu2, guest rIP: 0x9130 Unhandled WRMSR(0x11e) = 0x87
[  201.339016][T11317] kvm: kvm [11316]: vcpu2, guest rIP: 0x9130 Unhandled WRMSR(0x186) = 0x87
[  201.343119][T11317] kvm: kvm [11316]: vcpu2, guest rIP: 0x9130 Unhandled WRMSR(0x187) = 0x87
[  201.376851][T11317] kvm_intel: kvm [11316]: vcpu2, guest rIP: 0x9130 Unhandled WRMSR(0x1d9) = 0x87
[  201.377553][T11329] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1475'.
[  201.385018][T11329] openvswitch: netlink: Missing key (keys=40, expected=80)
[  201.432609][T11333] binder: 11331:11333 ioctl c0306201 200000000540 returned -22
[  201.701562][T11348] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11348 comm=syz.6.1480
[  201.904390][T11367] qrtr: Invalid version 47
[  201.953266][   T40] audit: type=1400 audit(201.864:814): avc:  denied  { mounton } for  pid=11369 comm="syz.6.1489" path="/186/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1
[  201.960780][T11370] tmpfs: Bad value for 'usrquota_block_hardlimit'
[  201.963309][   T40] audit: type=1326 audit(201.874:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11314 comm="syz.8.1471" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51b619c799 code=0x7fc00000
[  202.031268][T11377] netlink: 120 bytes leftover after parsing attributes in process `syz.5.1487'.
[  202.040296][   T40] audit: type=1400 audit(201.954:816): avc:  denied  { accept } for  pid=11366 comm="syz.5.1487" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  202.049750][T11379] syzkaller0: entered promiscuous mode
[  202.052181][T11379] syzkaller0: entered allmulticast mode
[  202.112704][   T40] audit: type=1400 audit(202.024:817): avc:  denied  { ioctl } for  pid=11382 comm="syz.6.1494" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1294 ioctlcmd=0x5451 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  202.209994][T11388] virtiofs: Unknown parameter 'ramfs'
[  202.431272][   T40] audit: type=1400 audit(202.344:818): avc:  denied  { bind } for  pid=11392 comm="syz.8.1497" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  202.440357][T11393] bridge: RTM_NEWNEIGH with invalid ether address
[  202.459806][   T40] audit: type=1400 audit(202.374:819): avc:  denied  { write } for  pid=11392 comm="syz.8.1497" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  202.634722][T11401] netlink: 'syz.8.1499': attribute type 1 has an invalid length.
[  202.651987][T11401] bond5: entered promiscuous mode
[  202.653856][T11401] bond5: entered allmulticast mode
[  202.655836][T11401] 8021q: adding VLAN 0 to HW filter on device bond5
[  202.662896][T11401] netlink: 44 bytes leftover after parsing attributes in process `syz.8.1499'.
[  202.801937][T11408] overlayfs: missing 'workdir'
[  202.891623][   T40] audit: type=1326 audit(202.804:820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11415 comm="syz.8.1505" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51b619c799 code=0x7ffc0000
[  202.898725][   T40] audit: type=1326 audit(202.804:821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11415 comm="syz.8.1505" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51b619c799 code=0x7ffc0000
[  202.908305][   T40] audit: type=1326 audit(202.814:822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11415 comm="syz.8.1505" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f51b619c799 code=0x7ffc0000
[  202.918337][   T40] audit: type=1326 audit(202.814:823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11415 comm="syz.8.1505" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51b619c799 code=0x7ffc0000
[  202.999640][T11418] netlink: 'syz.5.1506': attribute type 1 has an invalid length.
[  203.096646][T11434] overlayfs: missing 'workdir'
[  203.258072][ T7049] usb 10-1: new high-speed USB device number 15 using dummy_hcd
[  203.417911][ T7049] usb 10-1: Using ep0 maxpacket: 8
[  203.426078][ T7049] usb 10-1: config 168 descriptor has 1 excess byte, ignoring
[  203.430047][ T7049] usb 10-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  203.434502][ T7049] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  203.440322][ T7049] usb 10-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  203.445977][ T7049] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  203.451283][ T7049] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  203.457055][ T7049] usb 10-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  203.473644][ T7049] usb 10-1: config 168 interface 0 has no altsetting 0
[  203.478422][ T7049] usb 10-1: config 168 descriptor has 1 excess byte, ignoring
[  203.481832][ T7049] usb 10-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  203.486710][ T7049] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  203.492153][ T7049] usb 10-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  203.496964][ T7049] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  203.501955][ T7049] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  203.507405][ T7049] usb 10-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  203.513510][ T7049] usb 10-1: config 168 interface 0 has no altsetting 0
[  203.518844][ T7049] usb 10-1: config 168 descriptor has 1 excess byte, ignoring
[  203.522916][ T7049] usb 10-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  203.527848][ T7049] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  203.532683][ T7049] usb 10-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  203.537796][ T7049] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  203.543063][ T7049] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  203.548246][ T7049] usb 10-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  203.554176][ T7049] usb 10-1: config 168 interface 0 has no altsetting 0
[  203.561866][ T7049] usb 10-1: string descriptor 0 read error: -22
[  203.564930][ T7049] usb 10-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  203.568902][ T7049] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  203.576050][ T6278] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  203.578021][ T7049] adutux 10-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  203.583903][   T13] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  203.590507][   T13] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  203.594453][   T13] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  203.640933][T11469] Failed to enqueue queue_pair DETACH event datagram for context (ID=0x0)
[  203.661663][T11469] __nla_validate_parse: 3 callbacks suppressed
[  203.661682][T11469] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1519'.
[  203.673897][T11469] veth0_vlan: left promiscuous mode
[  203.781754][ T7049] usb 10-1: USB disconnect, device number 15
[  204.037936][   T39] usb 12-1: new full-speed USB device number 11 using dummy_hcd
[  204.200205][   T39] usb 12-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  204.203854][   T39] usb 12-1: config 0 has 1 interface, different from the descriptor's value: 2
[  204.206756][   T39] usb 12-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  204.209800][   T39] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  204.214400][   T39] usb 12-1: config 0 descriptor??
[  204.218635][   T39] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  204.221084][   T39] dvb-usb: bulk message failed: -22 (3/0)
[  204.227893][   T39] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  204.231806][   T39] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  204.234255][   T39] usb 12-1: media controller created
[  204.236935][   T39] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  204.248056][   T39] dvb-usb: bulk message failed: -22 (6/0)
[  204.252923][   T39] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  204.256792][   T39] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.7/usb12/12-1/input/input22
[  204.262900][   T39] dvb-usb: schedule remote query interval to 150 msecs.
[  204.265235][   T39] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  204.361618][T11485] netlink: 104 bytes leftover after parsing attributes in process `syz.8.1527'.
[  204.419275][T11480] dvb-usb: bulk message failed: -22 (2/0)
[  204.423479][T11480] netlink: 60 bytes leftover after parsing attributes in process `syz.7.1525'.
[  204.426814][T11480] unsupported nlmsg_type 40
[  204.432461][   T39] dvb-usb: bulk message failed: -22 (1/0)
[  204.434619][   T39] dvb-usb: error while querying for an remote control event.
[  204.439775][   T39] usb 12-1: USB disconnect, device number 11
[  204.458277][   T39] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  204.849506][T11521] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1539'.
[  204.889100][T11523] vlan3: entered promiscuous mode
[  204.891764][T11523] vlan3: entered allmulticast mode
[  204.894022][T11523] hsr_slave_1: entered allmulticast mode
[  205.074276][T11539] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1545'.
[  205.202389][T11544] netlink: 44 bytes leftover after parsing attributes in process `syz.6.1546'.
[  205.220282][T11544] netlink: 44 bytes leftover after parsing attributes in process `syz.6.1546'.
[  205.278887][T11548] hugetlbfs: syz.6.1547 (11548): Using mlock ulimits for SHM_HUGETLB is obsolete
[  205.550468][T11555] tmpfs: Too few inodes for current use
[  205.922443][T11574] netlink: 148 bytes leftover after parsing attributes in process `syz.7.1557'.
[  206.195291][T11586] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  206.197503][T11586] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  206.199815][T11586] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  206.201898][T11586] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  206.203952][T11586] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  206.240538][   T39] usb 11-1: new high-speed USB device number 8 using dummy_hcd
[  206.298740][ T1291] block nbd0: Possible stuck request ffff8880294e0000: control (read@0,1024B). Runtime 90 seconds
[  206.303441][ T1291] block nbd0: Possible stuck request ffff8880294e0200: control (read@1024,1024B). Runtime 90 seconds
[  206.312966][ T1291] block nbd0: Possible stuck request ffff8880294e0400: control (read@2048,1024B). Runtime 90 seconds
[  206.320254][ T1291] block nbd0: Possible stuck request ffff8880294e0600: control (read@3072,1024B). Runtime 90 seconds
[  206.408269][   T39] usb 11-1: too many configurations: 9, using maximum allowed: 8
[  206.416526][   T39] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  206.421715][   T39] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  206.427959][   T39] usb 11-1: config 0 interface 0 has no altsetting 0
[  206.431847][   T39] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  206.435733][   T39] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  206.441871][   T39] usb 11-1: config 0 interface 0 has no altsetting 0
[  206.445995][   T39] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  206.449583][   T39] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  206.452999][   T39] usb 11-1: config 0 interface 0 has no altsetting 0
[  206.456212][   T39] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  206.459759][   T39] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  206.463519][   T39] usb 11-1: config 0 interface 0 has no altsetting 0
[  206.466932][   T39] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  206.470339][   T39] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  206.474164][   T39] usb 11-1: config 0 interface 0 has no altsetting 0
[  206.479216][   T39] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  206.482329][   T39] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  206.486740][   T39] usb 11-1: config 0 interface 0 has no altsetting 0
[  206.491057][   T39] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  206.494662][   T39] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  206.507811][   T39] usb 11-1: config 0 interface 0 has no altsetting 0
[  206.510952][   T39] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  206.514050][   T39] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  206.522560][T11615] netlink: 'syz.7.1569': attribute type 1 has an invalid length.
[  206.523321][   T39] usb 11-1: config 0 interface 0 has no altsetting 0
[  206.530677][   T39] usb 11-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  206.532318][T11613] 9p: Invalid uid '0x00000000ffffffff'
[  206.533941][   T39] usb 11-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  206.533956][   T39] usb 11-1: Product: syz
[  206.541340][   T39] usb 11-1: Manufacturer: syz
[  206.543141][   T39] usb 11-1: SerialNumber: syz
[  206.546315][   T39] usb 11-1: config 0 descriptor??
[  206.553833][   T39] yurex 11-1:0.0: USB YUREX device now attached to Yurex #0
[  206.555736][T11615] bond5: entered promiscuous mode
[  206.559030][T11615] 8021q: adding VLAN 0 to HW filter on device bond5
[  206.587874][T11615] 8021q: adding VLAN 0 to HW filter on device bond5
[  206.591577][T11615] bond5: (slave vxcan3): The slave device specified does not support setting the MAC address
[  206.596353][T11615] bond5: (slave vxcan3): Setting fail_over_mac to active for active-backup mode
[  206.603849][T11615] bond5: (slave vxcan3): making interface the new active one
[  206.607437][T11615] vxcan3: entered promiscuous mode
[  206.612261][T11615] vxcan3: left promiscuous mode
[  206.629984][T11617] netlink: 100 bytes leftover after parsing attributes in process `syz.5.1570'.
[  206.633586][T11613] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  206.640945][T11612] tipc: Disabling bearer <eth:syzkaller0>
[  206.764567][    T9] usb 11-1: USB disconnect, device number 8
[  206.768296][    T9] yurex 11-1:0.0: USB YUREX #0 now disconnected
[  206.814731][T11622] netlink: 28 bytes leftover after parsing attributes in process `syz.7.1572'.
[  207.127725][  T832] usb 10-1: new high-speed USB device number 16 using dummy_hcd
[  207.277056][   T40] kauditd_printk_skb: 34 callbacks suppressed
[  207.277071][   T40] audit: type=1400 audit(207.184:858): avc:  denied  { append } for  pid=11648 comm="syz.7.1581" name="pfkey" dev="proc" ino=4026534637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  207.279013][T11649] qnx4: unable to read the superblock
[  207.310973][  T832] usb 10-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  207.314433][  T832] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.319000][  T832] usb 10-1: Product: syz
[  207.320755][  T832] usb 10-1: Manufacturer: syz
[  207.322720][  T832] usb 10-1: SerialNumber: syz
[  207.329121][  T832] usb 10-1: config 0 descriptor??
[  207.350994][   T40] audit: type=1400 audit(207.264:859): avc:  denied  { write } for  pid=11650 comm="syz.7.1582" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  207.421101][T11653] openvswitch: netlink: Flow key attr not present in new flow.
[  207.533566][   T34] usb 10-1: USB disconnect, device number 16
[  207.575954][T11663] 9p: Bad value for 'dfltgid'
[  207.577750][T11663] 9p: Bad value for 'dfltgid'
[  207.613858][T11665] ubi: mtd0 is already attached to ubi0
[  207.617392][T11665] netlink: 'syz.6.1588': attribute type 10 has an invalid length.
[  208.139383][ T5948] Bluetooth: hci2: command 0x0c1a tx timeout
[  208.221976][ T5948] Bluetooth: hci0: command 0x0c1a tx timeout
[  208.222883][ T5292] Bluetooth: hci3: command 0x0c1a tx timeout
[  208.223316][ T5941] Bluetooth: hci5: command 0x041b tx timeout
[  208.223361][ T5941] Bluetooth: hci4: command 0x0406 tx timeout
[  208.386482][T11673] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(3)
[  208.388687][T11673] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  208.391499][T11673] vhci_hcd vhci_hcd.0: Device attached
[  208.550006][T11674] vhci_hcd: connection closed
[  208.552318][ T6278] vhci_hcd vhci_hcd.7: stop threads
[  208.555697][ T6278] vhci_hcd vhci_hcd.7: release socket
[  208.560312][ T6278] vhci_hcd vhci_hcd.7: disconnect device
[  208.583234][  T832] vhci_hcd vhci_hcd.7: vhci_device speed not set
[  208.609829][T11691] hub 9-0:1.0: USB hub found
[  208.612194][T11691] hub 9-0:1.0: 1 port detected
[  209.103750][   T40] audit: type=1400 audit(524496.984:860): avc:  denied  { add_name } for  pid=11710 comm="syz.6.1601" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=dir permissive=1
[  209.115546][   T40] audit: type=1400 audit(524496.993:861): avc:  denied  { create } for  pid=11710 comm="syz.6.1601" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:proc_net_t tclass=file permissive=1
[  209.124986][   T40] audit: type=1400 audit(524496.993:862): avc:  denied  { associate } for  pid=11710 comm="syz.6.1601" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:object_r:proc_net_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  209.242109][T11707] __nla_validate_parse: 3 callbacks suppressed
[  209.242126][T11707] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1599'.
[  209.341600][T11721] overlay: ./file0 is not a directory
[  209.387334][T11725] macvtap1: entered promiscuous mode
[  209.390102][T11725] macvtap1: entered allmulticast mode
[  209.392485][T11725] veth1_vlan: entered allmulticast mode
[  209.437560][T11728] syzkaller0: entered promiscuous mode
[  209.439775][T11728] syzkaller0: entered allmulticast mode
[  209.957951][T11741] random: crng reseeded on system resumption
[  209.958557][   T40] audit: type=1400 audit(524497.818:863): avc:  denied  { write } for  pid=11740 comm="syz.6.1611" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  209.972304][   T40] audit: type=1400 audit(524497.828:864): avc:  denied  { ioctl } for  pid=11740 comm="syz.6.1611" path="/dev/snapshot" dev="devtmpfs" ino=98 ioctlcmd=0x330d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  210.110993][T11755] bond6: entered promiscuous mode
[  210.113139][T11755] bond6: entered allmulticast mode
[  210.128802][   T40] audit: type=1400 audit(524497.974:865): avc:  denied  { create } for  pid=11751 comm="syz.8.1615" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  210.376603][ T5292] Bluetooth: hci5: command 0x041b tx timeout
[  210.448366][T11761] cgroup: fork rejected by pids controller in /syz5
[  210.949888][   T40] audit: type=1400 audit(524498.771:866): avc:  denied  { mount } for  pid=11808 comm="syz.8.1619" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  211.006720][T11760] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  211.009228][T11760] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  211.011612][T11760] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  211.016816][T11760] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  211.019154][T11760] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  211.113532][   T40] audit: type=1400 audit(524498.936:867): avc:  denied  { unmount } for  pid=9436 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  211.145630][T11821] cgroup2: Unknown parameter 'permit_directio'
[  211.148167][T11821] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[  211.151419][T11821] overlayfs: missing 'lowerdir'
[  211.495124][T11850] netlink: 596 bytes leftover after parsing attributes in process `syz.5.1629'.
[  211.545911][T11853] binder: 11846:11853 ioctl c018937a 2000000006c0 returned -22
[  211.630471][T11861] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1630'.
[  211.938021][    T9] usb 10-1: new high-speed USB device number 17 using dummy_hcd
[  212.123206][    T9] usb 10-1: too many configurations: 9, using maximum allowed: 8
[  212.127141][    T9] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  212.131162][    T9] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  212.137486][    T9] usb 10-1: config 0 interface 0 has no altsetting 0
[  212.148613][    T9] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  212.151840][    T9] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  212.157400][    T9] usb 10-1: config 0 interface 0 has no altsetting 0
[  212.160712][    T9] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  212.165772][    T9] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  212.171067][    T9] usb 10-1: config 0 interface 0 has no altsetting 0
[  212.174844][    T9] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  212.178151][    T9] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  212.182741][    T9] usb 10-1: config 0 interface 0 has no altsetting 0
[  212.189457][    T9] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  212.192756][    T9] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  212.197111][    T9] usb 10-1: config 0 interface 0 has no altsetting 0
[  212.200403][    T9] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  212.203777][    T9] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  212.208364][    T9] usb 10-1: config 0 interface 0 has no altsetting 0
[  212.212171][    T9] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  212.215591][    T9] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  212.219775][    T9] usb 10-1: config 0 interface 0 has no altsetting 0
[  212.223970][    T9] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  212.227592][    T9] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  212.231907][    T9] usb 10-1: config 0 interface 0 has no altsetting 0
[  212.236214][    T9] usb 10-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  212.240635][    T9] usb 10-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  212.243825][    T9] usb 10-1: Product: syz
[  212.246369][    T9] usb 10-1: Manufacturer: syz
[  212.248450][    T9] usb 10-1: SerialNumber: syz
[  212.251995][    T9] usb 10-1: config 0 descriptor??
[  212.259655][    T9] yurex 10-1:0.0: USB YUREX device now attached to Yurex #0
[  212.338078][ T5292] Bluetooth: hci2: command 0x0c1a tx timeout
[  212.490809][T11901] trusted_key: encrypted_key: master key parameter is missing
[  212.573872][    T9] usb 10-1: USB disconnect, device number 17
[  212.582931][    T9] yurex 10-1:0.0: USB YUREX #0 now disconnected
[  212.632016][T11909] x_tables: ip_tables: osf match: only valid for protocol 6
[  212.657901][T11910] x_tables: ip_tables: osf match: only valid for protocol 6
[  212.738952][   T55] IPVS: starting estimator thread 0...
[  212.800296][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[  212.803818][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  212.830471][T11922] IPVS: using max 40 ests per chain, 96000 per kthread
[  212.917208][T11929] netlink: 64 bytes leftover after parsing attributes in process `syz.7.1647'.
[  212.927920][T11929] syzkaller1: entered promiscuous mode
[  212.929877][T11929] syzkaller1: entered allmulticast mode
[  213.037432][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  213.076965][ T5292] Bluetooth: hci0: command 0x0c1a tx timeout
[  213.080332][ T5949] Bluetooth: hci5: command 0x041b tx timeout
[  213.093669][ T5292] Bluetooth: hci3: command 0x0c1a tx timeout
[  213.095780][ T5292] Bluetooth: hci4: command 0x0406 tx timeout
[  213.114708][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  213.233423][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  213.324476][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  213.336887][   T40] kauditd_printk_skb: 2 callbacks suppressed
[  213.336903][   T40] audit: type=1400 audit(524501.101:870): avc:  denied  { bind } for  pid=11939 comm="syz.7.1651" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  213.381564][   T40] audit: type=1400 audit(524501.140:871): avc:  denied  { name_bind 0x1000000 } for  pid=11937 comm="syz.5.1650" path="socket:[49144]" dev="sockfs" ino=49144 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  213.534009][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  213.629514][T11945] trusted_key: encrypted_key: master key parameter '��'�p' is invalid
[  213.635158][T11945] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1652'.
[  213.639962][T11945] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1652'.
[  213.652187][T11945] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1652'.
[  213.653536][   T13] netdevsim netdevsim8 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  213.655336][T11945] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1652'.
[  213.666111][   T13] netdevsim netdevsim8 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  213.669074][   T13] netdevsim netdevsim8 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  213.678442][   T13] netdevsim netdevsim8 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  213.706271][ T6279] Bluetooth: (null): Invalid header checksum
[  213.716657][T11949] 9p: Could not find request transport: vmx
[  213.839592][   T40] audit: type=1326 audit(524501.590:872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11954 comm="syz.7.1655" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb49d39c799 code=0x7ffc0000
[  213.848499][   T40] audit: type=1326 audit(524501.590:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11954 comm="syz.7.1655" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb49d39c799 code=0x7ffc0000
[  213.856993][   T40] audit: type=1326 audit(524501.590:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11954 comm="syz.7.1655" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb49d39c799 code=0x7ffc0000
[  213.866392][   T40] audit: type=1326 audit(524501.590:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11954 comm="syz.7.1655" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb49d39c799 code=0x7ffc0000
[  213.876308][   T40] audit: type=1326 audit(524501.590:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11954 comm="syz.7.1655" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb49d39c799 code=0x7ffc0000
[  213.886731][   T40] audit: type=1326 audit(524501.590:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11954 comm="syz.7.1655" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb49d39c799 code=0x7ffc0000
[  213.899531][   T40] audit: type=1326 audit(524501.590:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11954 comm="syz.7.1655" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb49d39c799 code=0x7ffc0000
[  213.909834][   T40] audit: type=1326 audit(524501.590:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11954 comm="syz.7.1655" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb49d39c799 code=0x7ffc0000
[  213.953463][T11958] overlayfs: failed to resolve './bus': -2
[  213.972535][T11962] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1655'.
[  213.975593][T11962] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1655'.
[  214.237845][T11973] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  214.242775][T11973] gretap1: entered promiscuous mode
[  214.245000][T11973] gretap1: entered allmulticast mode
[  214.286739][T11976] netlink: 'syz.5.1660': attribute type 1 has an invalid length.
[  214.291864][T11976] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  214.504367][T11991] __nla_validate_parse: 3 callbacks suppressed
[  214.504380][T11991] netlink: 108 bytes leftover after parsing attributes in process `syz.5.1663'.
[  214.510385][T11991] netlink: 108 bytes leftover after parsing attributes in process `syz.5.1663'.
[  214.513544][T11991] netlink: 84 bytes leftover after parsing attributes in process `syz.5.1663'.
[  214.849701][T11998] delete_channel: no stack
[  214.860635][T11997] sd 0:0:0:0: PR command failed: 1026
[  214.863327][T11997] sd 0:0:0:0: Sense Key : Illegal Request [current] 
[  214.866502][T11997] sd 0:0:0:0: Add. Sense: Invalid command operation code
[  214.973685][T12012] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  215.044959][T12021] netlink: 'syz.7.1672': attribute type 1 has an invalid length.
[  215.058527][T12021] 8021q: adding VLAN 0 to HW filter on device bond6
[  215.064503][T12021] bond6: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms
[  215.068111][T12021] bond6: entered allmulticast mode
[  215.088959][T12021] bond6: (slave ip6gretap1): Enslaving as an active interface with an up link
[  215.240515][  T832] usb 10-1: new high-speed USB device number 18 using dummy_hcd
[  215.408195][  T832] usb 10-1: Using ep0 maxpacket: 8
[  215.413685][  T832] usb 10-1: config 0 has an invalid interface number: 55 but max is 0
[  215.418481][T12038] "syz.8.1677" (12038) uses obsolete ecb(arc4) skcipher
[  215.427090][  T832] usb 10-1: config 0 has no interface number 0
[  215.437703][  T832] usb 10-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  215.442909][  T832] usb 10-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  215.449695][  T832] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  215.454487][  T832] usb 10-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  215.460831][  T832] usb 10-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  215.491739][  T832] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  215.497332][  T832] usb 10-1: config 0 descriptor??
[  215.511862][  T832] ldusb 10-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  215.548109][T12055] Process accounting resumed
[  215.581581][T12059] netlink: 'syz.8.1681': attribute type 2 has an invalid length.
[  215.615228][T12062] sctp: [Deprecated]: syz.8.1682 (pid 12062) Use of struct sctp_assoc_value in delayed_ack socket option.
[  215.615228][T12062] Use struct sctp_sack_info instead
[  215.747450][T12073] netlink: 168 bytes leftover after parsing attributes in process `syz.7.1685'.
[  215.778149][  T842] usb 10-1: USB disconnect, device number 18
[  215.794075][  T842] ldusb 10-1:0.55: LD USB Device #0 now disconnected
[  215.964793][T12085] netlink: 'syz.7.1689': attribute type 10 has an invalid length.
[  215.970900][T12083] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  215.986282][T12085] team0: Port device netdevsim0 added
[  216.101629][T12095] x_tables: ip_tables: .0 target: invalid size 8 (kernel) != (user) 4
[  216.452095][T12126] bad cache= option: nonw
[  216.452095][T12126] 
[  216.454790][T12126] CIFS: VFS: bad cache= option: nonw
[  216.459285][T12126] netlink: 'syz.8.1703': attribute type 39 has an invalid length.
[  216.897272][T12141] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1025 sclass=netlink_route_socket pid=12141 comm=syz.8.1708
[  216.957008][ T6007] usb 12-1: new high-speed USB device number 12 using dummy_hcd
[  217.120139][ T6007] usb 12-1: Using ep0 maxpacket: 32
[  217.123868][ T6007] usb 12-1: config index 0 descriptor too short (expected 29220, got 36)
[  217.126813][ T6007] usb 12-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  217.129783][ T6007] usb 12-1: config 0 has 1 interface, different from the descriptor's value: 81
[  217.133319][ T6007] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  217.136831][ T6007] usb 12-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  217.141228][ T6007] usb 12-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  217.145661][ T6007] usb 12-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  217.148853][ T6007] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  217.155200][ T6007] usb 12-1: config 0 descriptor??
[  217.364876][ T6007] usblp 12-1:0.0: usblp0: USB Bidirectional printer dev 12 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  217.379543][ T6007] usb 12-1: USB disconnect, device number 12
[  217.387885][ T6007] usblp0: removed
[  217.456875][T12151] xt_hashlimit: size too large, truncated to 1048576
[  217.812442][  T842] usb 12-1: new high-speed USB device number 13 using dummy_hcd
[  217.986151][  T842] usb 12-1: Using ep0 maxpacket: 32
[  217.989375][  T842] usb 12-1: config index 0 descriptor too short (expected 29220, got 36)
[  217.992119][  T842] usb 12-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  217.995027][  T842] usb 12-1: config 0 has 1 interface, different from the descriptor's value: 81
[  217.998251][  T842] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  218.001663][  T842] usb 12-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  218.004858][  T842] usb 12-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  218.009164][  T842] usb 12-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  218.012140][  T842] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  218.016816][  T842] usb 12-1: config 0 descriptor??
[  218.073986][T12166] tmpfs: Cannot change global quota limit on remount
[  218.078846][T12167] tmpfs: Cannot change global quota limit on remount
[  218.096447][T12169] ip6t_srh: unknown srh match flags  4000
[  218.112045][T12169] netlink: 20 bytes leftover after parsing attributes in process `syz.8.1715'.
[  218.182090][T12175] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1717'.
[  218.186097][T12175] netlink: 'syz.8.1717': attribute type 20 has an invalid length.
[  218.229261][  T842] usblp 12-1:0.0: usblp0: USB Bidirectional printer dev 13 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  218.436576][  T842] usb 12-1: USB disconnect, device number 13
[  218.440288][  T842] usblp0: removed
[  218.982217][  T832] usb 10-1: new low-speed USB device number 19 using dummy_hcd
[  218.989110][ T5292] Bluetooth: hci5: unexpected event for opcode 0x042c
[  219.124539][  T832] usb 10-1: device descriptor read/64, error -71
[  219.356075][T12212] netlink: 104 bytes leftover after parsing attributes in process `syz.7.1728'.
[  219.367201][T12212] netlink: 104 bytes leftover after parsing attributes in process `syz.7.1728'.
[  219.373297][T12212] netlink: 104 bytes leftover after parsing attributes in process `syz.7.1728'.
[  219.376938][T12212] netlink: 104 bytes leftover after parsing attributes in process `syz.7.1728'.
[  219.380887][  T832] usb 10-1: new low-speed USB device number 20 using dummy_hcd
[  219.521612][  T832] usb 10-1: device descriptor read/64, error -71
[  219.632937][  T832] usb usb10-port1: attempt power cycle
[  219.977889][  T832] usb 10-1: new low-speed USB device number 21 using dummy_hcd
[  219.998866][  T832] usb 10-1: device descriptor read/8, error -71
[  220.081570][   T40] kauditd_printk_skb: 590 callbacks suppressed
[  220.081597][   T40] audit: type=1400 audit(524507.724:1470): avc:  denied  { remount } for  pid=12223 comm="syz.8.1732" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  220.241952][  T832] usb 10-1: new low-speed USB device number 22 using dummy_hcd
[  220.264806][  T832] usb 10-1: device descriptor read/8, error -71
[  220.374194][  T832] usb usb10-port1: unable to enumerate USB device
[  220.442932][T12232] __nla_validate_parse: 61 callbacks suppressed
[  220.442948][T12232] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1734'.
[  220.911419][T12234] Invalid logical block size (9)
[  220.965520][   T40] audit: type=1400 audit(524508.591:1471): avc:  denied  { setopt } for  pid=12235 comm="syz.8.1737" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  222.057378][T12260] syzkaller0: entered promiscuous mode
[  222.060548][T12260] syzkaller0: entered allmulticast mode
[  222.067336][T12260] simple: basic_1
[  222.163278][T12262] xt_recent: Unsupported userspace flags (000000b2)
[  222.166423][T12262] xt_recent: Unsupported userspace flags (000000b2)
[  222.185278][   T40] audit: type=1400 audit(524509.794:1472): avc:  denied  { lock } for  pid=12261 comm="syz.5.1745" path="/359/file0/cpuset.effective_cpus" dev="9p" ino=73662629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  222.406456][T12275] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1748'.
[  222.417480][T12275] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  222.420430][T12275] syzkaller0: entered promiscuous mode
[  222.422933][T12275] syzkaller0: entered allmulticast mode
[  222.429946][T12275] tipc: Resetting bearer <eth:syzkaller0>
[  222.435419][   T40] audit: type=1400 audit(524510.040:1473): avc:  denied  { lock } for  pid=12271 comm="syz.8.1749" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  222.438152][T12274] tipc: Resetting bearer <eth:syzkaller0>
[  222.465919][T12274] tipc: Disabling bearer <eth:syzkaller0>
[  222.633168][T12280] overlayfs: failed to resolve './file0/file0': -2
[  222.638309][T12280] overlayfs: overlapping lowerdir path
[  222.672914][T12282] netlink: 'syz.5.1752': attribute type 61 has an invalid length.
[  222.748130][   T40] audit: type=1400 audit(524510.356:1474): avc:  denied  { getopt } for  pid=12283 comm="syz.5.1753" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  222.814254][T12289] overlayfs: workdir and upperdir must be separate subtrees
[  222.821879][   T40] audit: type=1400 audit(524510.425:1475): avc:  denied  { bind } for  pid=12288 comm="syz.5.1754" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  222.837651][   T40] audit: type=1400 audit(524510.425:1476): avc:  denied  { ioctl } for  pid=12288 comm="syz.5.1754" path="socket:[53905]" dev="sockfs" ino=53905 ioctlcmd=0xf517 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  223.161953][  T832] usb 10-1: new high-speed USB device number 23 using dummy_hcd
[  223.333930][  T832] usb 10-1: Using ep0 maxpacket: 16
[  223.345604][  T832] usb 10-1: no configurations
[  223.348589][  T832] usb 10-1: can't read configurations, error -22
[  223.399294][T12296] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1757'.
[  223.420119][T12296] bond7: entered promiscuous mode
[  223.423362][T12296] 8021q: adding VLAN 0 to HW filter on device bond7
[  223.438728][T12298] 8021q: adding VLAN 0 to HW filter on device bond7
[  223.441636][T12298] bond7: (slave sit1): The slave device specified does not support setting the MAC address
[  223.446806][T12298] bond7: (slave sit1): Error -95 calling set_mac_address
[  223.458908][T12299] bond7: (slave sit1): The slave device specified does not support setting the MAC address
[  223.463504][T12299] bond7: (slave sit1): Error -95 calling set_mac_address
[  223.487321][  T832] usb 10-1: new high-speed USB device number 24 using dummy_hcd
[  223.592218][T12301] ieee802154 phy1 wpan1: encryption failed: -22
[  223.639671][  T832] usb 10-1: Using ep0 maxpacket: 16
[  223.648062][  T832] usb 10-1: no configurations
[  223.654653][  T832] usb 10-1: can't read configurations, error -22
[  223.670504][  T832] usb usb10-port1: attempt power cycle
[  223.792382][T12311] netlink: 164 bytes leftover after parsing attributes in process `syz.8.1761'.
[  223.792382][T12312] netlink: 164 bytes leftover after parsing attributes in process `syz.8.1761'.
[  223.799345][T12311] netlink: 36 bytes leftover after parsing attributes in process `syz.8.1761'.
[  223.997025][T12320] sch_fq: defrate 4294967295 ignored.
[  224.012055][  T832] usb 10-1: new high-speed USB device number 25 using dummy_hcd
[  224.013887][ T5292] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  224.042956][  T832] usb 10-1: Using ep0 maxpacket: 16
[  224.045835][  T832] usb 10-1: no configurations
[  224.047450][  T832] usb 10-1: can't read configurations, error -22
[  224.103305][T12324] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1766'.
[  224.107033][T12324] netlink: 16 bytes leftover after parsing attributes in process `syz.8.1766'.
[  224.164681][T12326] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1767'.
[  224.184092][  T832] usb 10-1: new high-speed USB device number 26 using dummy_hcd
[  224.199021][T12327] bridge0: port 1(bridge_slave_0) entered disabled state
[  224.215071][  T832] usb 10-1: Using ep0 maxpacket: 16
[  224.218305][  T832] usb 10-1: no configurations
[  224.219954][   T40] audit: type=1400 audit(524511.808:1477): avc:  denied  { unmount } for  pid=9436 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  224.221456][  T832] usb 10-1: can't read configurations, error -22
[  224.232816][  T832] usb usb10-port1: unable to enumerate USB device
[  224.297107][   T40] audit: type=1400 audit(524511.887:1478): avc:  denied  { write } for  pid=12331 comm="syz.8.1768" name="loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  224.308094][T12332] Cannot find add_set index 128 as target
[  224.339462][T12334] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1769'.
[  224.517864][T12343] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12343 comm=syz.8.1773
[  224.693453][ T5292] Bluetooth: hci0: Malformed Event: 0x02
[  224.695375][ T5292] Bluetooth: hci0: Malformed Event: 0x02
[  224.703066][T12361] netlink: 'syz.8.1778': attribute type 1 has an invalid length.
[  224.881545][   T40] audit: type=1326 audit(524512.451:1479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12369 comm="syz.8.1782" exe="/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f51b619c799 code=0x7ffc0000
[  225.470389][ T5292] Bluetooth: hci0: ACL packet for unknown connection handle 201
[  225.513125][T12387] netlink: 'syz.8.1788': attribute type 8 has an invalid length.
[  225.523950][ T5949] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  225.528517][ T5949] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  225.539499][ T5949] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  225.543611][ T5949] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  225.546531][ T5949] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  225.564392][   T40] kauditd_printk_skb: 9 callbacks suppressed
[  225.564408][   T40] audit: type=1400 audit(524513.123:1489): avc:  denied  { getopt } for  pid=12389 comm="syz.8.1789" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  225.595604][T12390] dummy0: entered allmulticast mode
[  225.636349][T12393] __nla_validate_parse: 4 callbacks suppressed
[  225.636361][T12393] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1790'.
[  225.696942][T12385] chnl_net:caif_netlink_parms(): no params data found
[  225.798602][T12385] bridge0: port 1(bridge_slave_0) entered blocking state
[  225.800916][T12385] bridge0: port 1(bridge_slave_0) entered disabled state
[  225.805751][T12385] bridge_slave_0: entered allmulticast mode
[  225.808526][T12385] bridge_slave_0: entered promiscuous mode
[  225.825100][T12400] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1791'.
[  225.834904][ T6279] netdevsim netdevsim6 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  225.838501][ T6279] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.853692][T12385] bridge0: port 2(bridge_slave_1) entered blocking state
[  225.856389][T12385] bridge0: port 2(bridge_slave_1) entered disabled state
[  225.859252][T12385] bridge_slave_1: entered allmulticast mode
[  225.862519][T12385] bridge_slave_1: entered promiscuous mode
[  225.891066][T12385] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  225.905501][T12385] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  225.947032][ T6279] netdevsim netdevsim6 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  225.951054][ T6279] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.980448][T12385] team0: Port device team_slave_0 added
[  225.985637][T12385] team0: Port device team_slave_1 added
[  226.016882][T12385] batman_adv: batadv0: Adding interface: batadv_slave_0
[  226.020478][T12385] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  226.032199][T12385] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  226.043310][T12385] batman_adv: batadv0: Adding interface: batadv_slave_1
[  226.046682][T12385] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  226.058833][T12385] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  226.073020][   T40] audit: type=1400 audit(524513.638:1490): avc:  denied  { read } for  pid=12408 comm="syz.5.1794" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  226.131726][ T6279] netdevsim netdevsim6 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  226.137531][ T6279] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  226.153822][T12385] hsr_slave_0: entered promiscuous mode
[  226.157442][T12385] hsr_slave_1: entered promiscuous mode
[  226.160666][T12385] debugfs: 'hsr0' already exists in 'hsr'
[  226.163231][T12385] Cannot create hsr debugfs directory
[  226.242470][ T6279] netdevsim netdevsim6 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  226.247417][ T6279] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  226.321031][ T5949] Bluetooth: hci0: unexpected event for opcode 0x080f
[  226.393127][   T40] audit: type=1400 audit(524513.955:1491): avc:  denied  { read } for  pid=5593 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[  226.455767][ T6279] bridge_slave_1: left allmulticast mode
[  226.458283][ T6279] bridge_slave_1: left promiscuous mode
[  226.461714][ T6279] bridge0: port 2(bridge_slave_1) entered disabled state
[  226.466192][ T6279] bridge_slave_0: left allmulticast mode
[  226.468104][ T6279] bridge_slave_0: left promiscuous mode
[  226.470599][ T6279] bridge0: port 1(bridge_slave_0) entered disabled state
[  226.568785][   T40] audit: type=1400 audit(524514.123:1492): avc:  denied  { append } for  pid=12438 comm="syz.8.1799" name="ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  226.579893][T12443] random: crng reseeded on system resumption
[  226.651666][T12450] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=12450 comm=syz.8.1801
[  226.657129][T12452] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=12452 comm=syz.8.1801
[  226.937797][   T40] audit: type=1400 audit(524514.499:1493): avc:  denied  { execute_no_trans } for  pid=12454 comm="syz.8.1802" path=2F6D656D66643AA39F6EB4645204693502ACCEE1889D5B4038D7CE1F2039497F151D933DB5E75C274CE6D28EBC294A7454447181CF81BAE531F522C8103EC95C85174CBFCF91DF4DF3025E542A202864656C6574656429 dev="hugetlbfs" ino=56325 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  226.966335][T12455] overlay: Unknown parameter 'subj_user'
[  226.969168][T12455] overlayfs: overlapping lowerdir path
[  227.100287][ T6279] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  227.107495][ T6279] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  227.111559][ T6279] bond0 (unregistering): Released all slaves
[  227.118198][ T6279] bond1 (unregistering): Released all slaves
[  227.180973][T12385] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  227.192658][T12385] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  227.202954][T12385] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  227.215738][T12385] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  227.276992][T12461] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  227.330585][   T40] audit: type=1400 audit(524514.885:1494): avc:  denied  { unmount } for  pid=9436 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  227.346729][T12385] 8021q: adding VLAN 0 to HW filter on device bond0
[  227.351100][T12461] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  227.361637][T12385] 8021q: adding VLAN 0 to HW filter on device team0
[  227.380882][ T6285] bridge0: port 1(bridge_slave_0) entered blocking state
[  227.383560][ T6285] bridge0: port 1(bridge_slave_0) entered forwarding state
[  227.393889][ T6285] bridge0: port 2(bridge_slave_1) entered blocking state
[  227.396969][ T6285] bridge0: port 2(bridge_slave_1) entered forwarding state
[  227.421412][T12460] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  227.475406][T12385] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  227.482000][T12385] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  227.485794][T12482] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  227.486659][T12481] nfs4: Unknown parameter '{��V��
'
[  227.620422][ T5949] Bluetooth: hci1: command tx timeout
[  227.641881][ T6279] hsr_slave_0: left promiscuous mode
[  227.649508][ T6279] hsr_slave_1: left promiscuous mode
[  227.658809][ T6279] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  227.663025][ T6279] batman_adv: batadv0: Removing interface: batadv_slave_0
[  227.666430][ T6279] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  227.668928][ T6279] batman_adv: batadv0: Removing interface: batadv_slave_1
[  227.977990][ T6279] veth1_macvtap: left promiscuous mode
[  227.980856][ T6279] veth0_macvtap: left promiscuous mode
[  227.985380][ T6279] veth1_vlan: left promiscuous mode
[  228.023327][   T40] audit: type=1400 audit(524515.569:1495): avc:  denied  { write } for  pid=12502 comm="syz.5.1809" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  228.097947][   T40] audit: type=1400 audit(524515.648:1496): avc:  denied  { mount } for  pid=12509 comm="syz.5.1813" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  228.107166][   T40] audit: type=1400 audit(524515.658:1497): avc:  denied  { remount } for  pid=12509 comm="syz.5.1813" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  228.182524][ T6279] team0 (unregistering): Port device team_slave_1 removed
[  228.200902][ T6279] team0 (unregistering): Port device team_slave_0 removed
[  228.293420][T12385] 8021q: adding VLAN 0 to HW filter on device batadv0
[  228.307532][   T40] audit: type=1400 audit(524515.856:1498): avc:  denied  { unmount } for  pid=8042 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  228.478944][T12531] netlink: 6 bytes leftover after parsing attributes in process `syz.5.1814'.
[  228.489464][T12531] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1814'.
[  228.546927][T12385] veth0_vlan: entered promiscuous mode
[  228.561024][T12385] veth1_vlan: entered promiscuous mode
[  228.582875][T12537] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  228.592200][T12385] veth0_macvtap: entered promiscuous mode
[  228.597537][T12385] veth1_macvtap: entered promiscuous mode
[  228.613090][T12385] batman_adv: batadv0: Interface activated: batadv_slave_0
[  228.619168][T12385] batman_adv: batadv0: Interface activated: batadv_slave_1
[  228.625321][   T13] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  228.645356][   T13] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  228.654200][   T13] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  228.669380][   T13] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  228.728445][ T6278] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  228.740459][ T6278] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  228.766710][ T6168] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  228.770311][ T6168] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  228.866077][T12555] overlay: ./file0 is not a directory
[  228.984512][T12560] team0: Device gtp0 is of different type
[  229.087311][T12563] ALSA: mixer_oss: invalid OSS volume 'PHl�6��q
ӆ���ONEOUT'
[  229.089995][T12563] ALSA: mixer_oss: invalid index 1374389
[  229.423677][T12597] Set syz1 is full, maxelem 768 reached
[  229.488886][T12600] hfsplus: unable to find HFS+ superblock
[  229.493255][T12544] ceph: No mds server is up or the cluster is laggy
[  229.547501][T12603] Failed to get privilege flags for destination (handle=0x2:0x156)
[  229.608197][T12611] loop6: detected capacity change from 0 to 524288000
[  229.615169][T12618] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  229.622308][T12618] netlink: 'syz.8.1837': attribute type 1 has an invalid length.
[  229.626026][T12618] netlink: 96 bytes leftover after parsing attributes in process `syz.8.1837'.
[  229.630742][T12618] netlink: 658 bytes leftover after parsing attributes in process `syz.8.1837'.
[  229.634951][T12618] netlink: 1 bytes leftover after parsing attributes in process `syz.8.1837'.
[  229.640614][T12617] netlink: 868 bytes leftover after parsing attributes in process `syz.9.1835'.
[  229.649402][T12621] netlink: 868 bytes leftover after parsing attributes in process `syz.9.1835'.
[  229.656803][T12618] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  229.668683][T12618] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1541 sclass=netlink_route_socket pid=12618 comm=syz.8.1837
[  229.719668][ T5949] Bluetooth: hci1: command tx timeout
[  229.811816][T12633] KVM: debugfs: duplicate directory 12633-7
[  230.579754][T12680] netlink: 128 bytes leftover after parsing attributes in process `syz.5.1852'.
[  230.585537][  T842] IPVS: starting estimator thread 0...
[  230.686446][T12682] IPVS: using max 43 ests per chain, 103200 per kthread
[  230.690644][T12685] netlink: 'syz.5.1853': attribute type 64 has an invalid length.
[  230.711002][T12685] kvm: kvm [12684]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x1
[  230.864263][T12690] netlink: 'syz.5.1854': attribute type 64 has an invalid length.
[  230.878075][T12690] netlink: 'syz.5.1854': attribute type 4 has an invalid length.
[  230.881440][T12690] __nla_validate_parse: 3 callbacks suppressed
[  230.881460][T12690] netlink: 152 bytes leftover after parsing attributes in process `syz.5.1854'.
[  231.119648][   T10] usb 14-1: new high-speed USB device number 2 using dummy_hcd
[  231.137171][T12697] hpfs: Bad magic ... probably not HPFS
[  231.272833][   T10] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  231.278410][   T10] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  231.293798][   T10] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  231.299492][   T10] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  231.306518][   T10] usb 14-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  231.311668][   T10] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  231.315805][   T10] usb 14-1: Product: syz
[  231.317906][   T10] usb 14-1: Manufacturer: syz
[  231.319999][   T10] usb 14-1: SerialNumber: syz
[  231.325511][   T10] usb 14-1: config 0 descriptor??
[  231.526868][T12704] 9p: p9: multiple sources not supported
[  231.540059][   T10] adutux 14-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  231.743129][T12692] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  231.747355][T12692] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  231.824647][ T5949] Bluetooth: hci1: command tx timeout
[  231.899691][    T9] usb 14-1: USB disconnect, device number 2
[  232.157478][   T40] kauditd_printk_skb: 6 callbacks suppressed
[  232.157493][   T40] audit: type=1400 audit(524519.676:1505): avc:  granted  { setsecparam } for  pid=12713 comm="syz.5.1862" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[  232.167385][   T40] audit: type=1400 audit(524519.686:1506): avc:  denied  { create } for  pid=12713 comm="syz.5.1862" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  232.289159][T12724] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12724 comm=syz.5.1865
[  232.306911][T12724] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1865'.
[  232.312058][T12724] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1865'.
[  232.398010][T12726] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  232.403356][   T40] audit: type=1400 audit(524519.904:1507): avc:  denied  { mounton } for  pid=12725 comm="syz.5.1866" path="/bus" dev="bpf" ino=57094 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=dir permissive=1
[  232.404306][T12728] overlayfs: upper fs does not support tmpfile.
[  232.496379][   T40] audit: type=1400 audit(524520.004:1508): avc:  denied  { bind } for  pid=12732 comm="syz.9.1868" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  232.556656][T12733] overlayfs: missing 'lowerdir'
[  232.665987][T12746] netlink: 36 bytes leftover after parsing attributes in process `syz.9.1872'.
[  232.886787][   T40] audit: type=1400 audit(524520.391:1509): avc:  denied  { write } for  pid=12754 comm="syz.9.1876" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  233.133684][   T10] usb 14-1: new high-speed USB device number 3 using dummy_hcd
[  233.296717][   T10] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  233.311871][   T10] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  233.325046][   T10] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  233.330551][   T10] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  233.337572][   T10] usb 14-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  233.340811][   T10] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.343625][   T10] usb 14-1: Product: syz
[  233.345825][   T10] usb 14-1: Manufacturer: syz
[  233.348199][   T10] usb 14-1: SerialNumber: syz
[  233.353783][   T10] usb 14-1: config 0 descriptor??
[  233.579950][   T10] adutux 14-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  233.700406][T12780] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  233.793154][T12755] usb 14-1: Couldn't submit interrupt_out_urb -90
[  233.909845][ T5949] Bluetooth: hci1: command tx timeout
[  234.340348][   T39] usb 14-1: USB disconnect, device number 3
[  234.364116][T12794] bridge: RTM_NEWNEIGH with invalid ether address
[  234.471807][T12801] Cannot find add_set index 65532 as target
[  234.895352][T12819] loop6: detected capacity change from 0 to 2640
[  234.898180][T12819] buffer_io_error: 25 callbacks suppressed
[  234.898189][T12819] Buffer I/O error on dev loop6, logical block 0, async page read
[  234.902795][T12819] Buffer I/O error on dev loop6, logical block 0, async page read
[  234.907055][T12819] Buffer I/O error on dev loop6, logical block 0, async page read
[  234.910038][T12819] Buffer I/O error on dev loop6, logical block 0, async page read
[  234.912768][T12819] Buffer I/O error on dev loop6, logical block 0, async page read
[  234.915865][T12819] Buffer I/O error on dev loop6, logical block 0, async page read
[  234.918712][T12819] Buffer I/O error on dev loop6, logical block 0, async page read
[  234.921453][T12819] Buffer I/O error on dev loop6, logical block 0, async page read
[  234.924099][T12819] ldm_validate_partition_table(): Disk read failed.
[  234.926907][T12819] Buffer I/O error on dev loop6, logical block 0, async page read
[  234.929429][T12819] Buffer I/O error on dev loop6, logical block 0, async page read
[  234.932083][T12819] Dev loop6: unable to read RDB block 0
[  234.934484][T12819]  loop6: unable to read partition table
[  234.942224][T12819] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  234.988180][ T5341] ldm_validate_partition_table(): Disk read failed.
[  234.991223][ T5341] Dev loop6: unable to read RDB block 0
[  234.993779][ T5341]  loop6: unable to read partition table
[  235.051045][   T40] audit: type=1400 audit(524522.547:1510): avc:  denied  { write } for  pid=12821 comm="syz.9.1893" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  235.287087][ T6070] usb 14-1: new high-speed USB device number 4 using dummy_hcd
[  235.443978][ T6070] usb 14-1: config 1 interface 0 altsetting 2 bulk endpoint 0x1 has invalid maxpacket 16
[  235.449420][ T6070] usb 14-1: config 1 interface 0 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  235.454395][ T6070] usb 14-1: config 1 interface 0 has no altsetting 0
[  235.459740][ T6070] usb 14-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  235.463908][ T6070] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  235.467527][ T6070] usb 14-1: Product: 醙渦뿊⽯츁ጻ೾Ⓤ釠뒠䟉犀擛䘐檚왎ﴻ⪛㙮颢虃⅝騺鈛符ง쩙֤湣쀢鰋㚈岣㆟✱鬉ૈ카焎뫪Ꞽ뗕狾
[  235.473999][ T6070] usb 14-1: Manufacturer: Ꙉ窾ⱳᄈ攧鋃猺䍠ꏴ䞁讑ᙒ肆ǡ㥠偽콝졗힕ꗁ罦㦣蕳ⷮꝿを桥ⵋ싶簡恐궡阯膷礱᤼佦拴瀞畨쎓Ꝏ㣽䅛炗䤫彖傌ᶅ슸ﴯ觝樇䋗ࡹ〕⾋≽誡㜜歭醏ꝱ㎓￠튶
[  235.482135][ T6070] usb 14-1: SerialNumber: 듹胖뇓汥ᶔꓯ៲⾆晨Ȁꍿﾊ㽠갎ոꉈ盟䞳漨ஞ㹼꾡꓾ዂᄫᬿ▐皝୴袀㹉
[  235.490158][T12822] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  235.493172][T12822] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  235.700990][T12822] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  235.705382][T12822] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  235.920720][ T6070] usb 14-1: USB disconnect, device number 4
[  236.150402][T12831] loop6: detected capacity change from 0 to 524287999
[  236.153444][T12831] ldm_validate_partition_table(): Disk read failed.
[  236.156563][T12831] Dev loop6: unable to read RDB block 0
[  236.159257][T12831]  loop6: unable to read partition table
[  236.162060][T12831] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  236.166638][ T5292] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  236.176725][ T5292] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  236.185111][ T5292] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  236.196486][ T5292] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  236.201149][ T5292] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  236.233868][T12834] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1896'.
[  236.322108][T12837] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1897'.
[  236.356429][T12837] sp0: Synchronizing with TNC
[  236.384425][T12836] [U] �`
[  236.408228][T12832] chnl_net:caif_netlink_parms(): no params data found
[  236.452469][T12842] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1898'.
[  236.462988][T12842] syz.9.1898: vmalloc error: size 4127592448, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  236.473467][T12842] CPU: 2 UID: 0 PID: 12842 Comm: syz.9.1898 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  236.473501][T12842] Tainted: [L]=SOFTLOCKUP
[  236.473506][T12842] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  236.473516][T12842] Call Trace:
[  236.473521][T12842]  <TASK>
[  236.473528][T12842]  dump_stack_lvl+0x100/0x190
[  236.473571][T12842]  warn_alloc.cold+0x95/0x1c1
[  236.473600][T12842]  ? __pfx_warn_alloc+0x10/0x10
[  236.473622][T12842]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  236.473651][T12842]  ? lockdep_hardirqs_on+0x78/0x100
[  236.473672][T12842]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  236.473697][T12842]  ? kasan_save_stack+0x3f/0x50
[  236.473722][T12842]  ? kasan_save_stack+0x30/0x50
[  236.473747][T12842]  ? kasan_save_track+0x14/0x30
[  236.473772][T12842]  ? vb2_vmalloc_alloc+0x135/0x410
[  236.473809][T12842]  __vmalloc_node_range_noprof+0x1252/0x1530
[  236.473830][T12842]  ? do_syscall_64+0x106/0xf80
[  236.473850][T12842]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  236.473872][T12842]  ? vb2_vmalloc_alloc+0x135/0x410
[  236.473903][T12842]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  236.473933][T12842]  ? vb2_vmalloc_alloc+0x135/0x410
[  236.473961][T12842]  vmalloc_user_noprof+0x9e/0xe0
[  236.473982][T12842]  ? vb2_vmalloc_alloc+0x135/0x410
[  236.474010][T12842]  vb2_vmalloc_alloc+0x135/0x410
[  236.474037][T12842]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[  236.474064][T12842]  __vb2_queue_alloc+0x8d5/0x1160
[  236.474101][T12842]  vb2_core_create_bufs+0x5fa/0xa30
[  236.474127][T12842]  ? __pfx_vb2_core_create_bufs+0x10/0x10
[  236.474160][T12842]  ? rcu_is_watching+0x12/0xc0
[  236.474185][T12842]  vb2_create_bufs+0x40c/0x830
[  236.474222][T12842]  ? __pfx_vb2_create_bufs+0x10/0x10
[  236.474251][T12842]  ? v4l_sanitize_format+0x18d/0x430
[  236.474276][T12842]  vb2_ioctl_create_bufs+0x244/0x3e0
[  236.474298][T12842]  ? check_fmt+0x230/0x900
[  236.474318][T12842]  v4l_create_bufs+0x17d/0x270
[  236.474342][T12842]  __video_do_ioctl+0xaf8/0xdc0
[  236.474370][T12842]  ? __might_fault+0xc5/0x140
[  236.474395][T12842]  ? __pfx___video_do_ioctl+0x10/0x10
[  236.474425][T12842]  video_usercopy+0x47a/0x1740
[  236.474449][T12842]  ? __pfx___video_do_ioctl+0x10/0x10
[  236.474473][T12842]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  236.474500][T12842]  ? __pfx_video_usercopy+0x10/0x10
[  236.474543][T12842]  v4l2_ioctl+0x1bd/0x250
[  236.474566][T12842]  ? __pfx_v4l2_ioctl+0x10/0x10
[  236.474588][T12842]  __x64_sys_ioctl+0x18e/0x210
[  236.474614][T12842]  do_syscall_64+0x106/0xf80
[  236.474635][T12842]  ? clear_bhb_loop+0x40/0x90
[  236.474659][T12842]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  236.474676][T12842] RIP: 0033:0x7f950df9c799
[  236.474693][T12842] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  236.474710][T12842] RSP: 002b:00007f950ed8e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  236.474728][T12842] RAX: ffffffffffffffda RBX: 00007f950e215fa0 RCX: 00007f950df9c799
[  236.474739][T12842] RDX: 0000200000000140 RSI: 00000000c100565c RDI: 0000000000000006
[  236.474749][T12842] RBP: 00007f950e032c99 R08: 0000000000000000 R09: 0000000000000000
[  236.474758][T12842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  236.474769][T12842] R13: 00007f950e216038 R14: 00007f950e215fa0 R15: 00007fff70737028
[  236.474794][T12842]  </TASK>
[  236.474801][T12842] Mem-Info:
[  236.514792][T12832] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.516496][T12842] active_anon:23669 inactive_anon:3 isolated_anon:0
[  236.516496][T12842]  active_file:9072 inactive_file:28485 isolated_file:0
[  236.516496][T12842]  unevictable:1769 dirty:33 writeback:31
[  236.516496][T12842]  slab_reclaimable:10147 slab_unreclaimable:90403
[  236.516496][T12842]  mapped:35449 shmem:12665 pagetables:3843
[  236.516496][T12842]  sec_pagetables:301 bounce:0
[  236.516496][T12842]  kernel_misc_reclaimable:0
[  236.516496][T12842]  free:407172 free_pcp:18553 free_cma:0
[  236.518878][T12832] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.521596][T12842] Node 0 active_anon:94676kB inactive_anon:12kB active_file:36288kB inactive_file:113620kB unevictable:3540kB isolated(anon):0kB isolated(file):0kB mapped:92664kB dirty:128kB writeback:124kB shmem:47124kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:16256kB pagetables:14200kB sec_pagetables:1200kB all_unreclaimable? no Balloon:0kB
[  236.524446][T12832] bridge_slave_0: entered allmulticast mode
[  236.526355][T12842] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:320kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:49132kB dirty:4kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:96kB pagetables:1172kB sec_pagetables:4kB all_unreclaimable? no Balloon:0kB
[  236.530271][T12832] bridge_slave_0: entered promiscuous mode
[  236.531839][T12842] Node 0 DMA free:15152kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  236.537361][T12832] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.539272][T12842] lowmem_reserve[]:
[  236.541795][T12832] bridge0: port 2(bridge_slave_1) entered disabled state
[  236.544697][T12842]  0
[  236.546704][T12832] bridge_slave_1: entered allmulticast mode
[  236.548885][T12842]  1231
[  236.553453][T12832] bridge_slave_1: entered promiscuous mode
[  236.554484][T12842]  1231
[  236.587136][T12832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  236.593397][T12849] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1900'.
[  236.596401][T12842]  1231 1231
[  236.596429][T12842] Node 0 DMA32 free:103212kB boost:0kB min:27476kB low:34344kB high:41212kB reserved_highatomic:0KB free_highatomic:0KB active_anon:94924kB inactive_anon:12kB active_file:36288kB inactive_file:113620kB unevictable:3540kB writepending:376kB zspages:0kB present:2080628kB managed:1260904kB mlocked:0kB bounce:0kB free_pcp:51200kB local_pcp:13016kB free_cma:0kB
[  236.596481][T12842] lowmem_reserve[]: 0 0 0 0 0
[  236.596517][T12842] Node 1 Normal free:1510076kB boost:0kB min:39760kB low:49700kB high:59640kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:320kB unevictable:3536kB writepending:4kB zspages:0kB present:2097152kB managed:1781884kB mlocked:0kB bounce:0kB free_pcp:23364kB local_pcp:0kB free_cma:0kB
[  236.596575][T12842] lowmem_reserve[]: 0 0 0 0 0
[  236.596613][T12842] Node 0 DMA: 8*4kB (U) 12*8kB (U) 13*16kB (UE) 15*32kB (U) 14*64kB (UE) 9*128kB (UE) 6*256kB (UE) 7*512kB (UE) 5*1024kB (UE) 1*2048kB (U) 0*4096kB = 15152kB
[  236.596799][T12842] Node 0 DMA32: 325*4kB (UM) 209*8kB (ME) 43*16kB (ME) 51*32kB (UME) 51*64kB (UME) 36*128kB (ME) 18*256kB (UM) 81*512kB (UME) 25*1024kB (UM) 9*2048kB (UM) 0*4096kB = 103276kB
[  236.596966][T12842] Node 1 Normal: 67*4kB (UME) 194*8kB (UME) 251*16kB (UME) 270*32kB (UME) 243*64kB (UME) 211*128kB (UME) 194*256kB (U) 169*512kB (UME) 138*1024kB (U) 12*2048kB (UME) 281*4096kB (UM) = 1510092kB
[  236.597128][T12842] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  236.597144][T12842] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  236.597157][T12842] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  236.597174][T12842] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  236.597190][T12842] 50224 total pagecache pages
[  236.597198][T12842] 1 pages in swap cache
[  236.597204][T12842] Free swap  = 124992kB
[  236.597211][T12842] Total swap = 124996kB
[  236.597218][T12842] 1048443 pages RAM
[  236.597225][T12842] 0 pages HighMem/MovableOnly
[  236.597278][T12842] 283906 pages reserved
[  236.597287][T12842] 0 pages cma reserved
[  236.605419][T12832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  236.608937][T12849] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1900'.
[  236.639873][T12832] team0: Port device team_slave_0 added
[  236.666156][   T40] audit: type=1400 audit(524524.158:1511): avc:  denied  { setopt } for  pid=12850 comm="syz.9.1901" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  236.676664][T12832] team0: Port device team_slave_1 added
[  236.738176][T12859] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12859 comm=syz.9.1903
[  236.772163][T12832] batman_adv: batadv0: Adding interface: batadv_slave_0
[  236.805630][ T1291] block nbd0: Possible stuck request ffff8880294e0000: control (read@0,1024B). Runtime 120 seconds
[  236.813365][T12832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  236.814514][ T1291] block nbd0: Possible stuck request ffff8880294e0200: control (read@1024,1024B). Runtime 120 seconds
[  236.819893][T12832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  236.822079][ T1291] block nbd0: Possible stuck request ffff8880294e0400: control (read@2048,1024B). Runtime 120 seconds
[  236.836016][ T1291] block nbd0: Possible stuck request ffff8880294e0600: control (read@3072,1024B). Runtime 120 seconds
[  236.856122][T12832] batman_adv: batadv0: Adding interface: batadv_slave_1
[  236.859790][T12832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  236.872183][T12832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  236.948165][T12832] hsr_slave_0: entered promiscuous mode
[  236.950754][T12832] hsr_slave_1: entered promiscuous mode
[  236.953422][T12832] debugfs: 'hsr0' already exists in 'hsr'
[  236.956797][T12832] Cannot create hsr debugfs directory
[  237.028473][   T39] usb 13-1: new high-speed USB device number 6 using dummy_hcd
[  237.094980][T12832] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  237.188441][   T39] usb 13-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  237.198345][   T39] usb 13-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  237.204047][   T39] usb 13-1: config 1 has 1 interface, different from the descriptor's value: 66
[  237.210209][   T39] usb 13-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  237.215385][   T39] usb 13-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  237.231136][   T39] usb 13-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  237.235525][   T39] usb 13-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  237.239966][   T39] usb 13-1: Product: syz
[  237.242086][   T39] usb 13-1: Manufacturer: syz
[  237.242212][T12832] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  237.252306][T12886] netlink: 28 bytes leftover after parsing attributes in process `syz.9.1910'.
[  237.255242][   T39] cdc_wdm 13-1:1.0: skipping garbage
[  237.259415][   T39] cdc_wdm 13-1:1.0: skipping garbage
[  237.268526][   T39] cdc_wdm 13-1:1.0: cdc-wdm0: USB WDM device
[  237.271226][   T39] cdc_wdm 13-1:1.0: Unknown control protocol
[  237.341981][T12832] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  237.475066][    C0] cdc_wdm 13-1:1.0: nonzero urb status received: -71
[  237.478335][    C0] cdc_wdm 13-1:1.0: wdm_int_callback - 0 bytes
[  237.481854][    C0] cdc_wdm 13-1:1.0: nonzero urb status received: -71
[  237.485494][    C0] cdc_wdm 13-1:1.0: wdm_int_callback - 0 bytes
[  237.488967][   T10] usb 13-1: USB disconnect, device number 6
[  237.491633][T12832] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  237.656952][T12832] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  237.662892][T12832] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  237.667393][T12832] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  237.672753][T12832] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  237.680360][T12857] fuse: Bad value for 'fd'
[  237.740011][T12832] 8021q: adding VLAN 0 to HW filter on device bond0
[  237.752542][T12832] 8021q: adding VLAN 0 to HW filter on device team0
[  237.761140][ T6286] bridge0: port 1(bridge_slave_0) entered blocking state
[  237.764637][ T6286] bridge0: port 1(bridge_slave_0) entered forwarding state
[  237.774402][ T6286] bridge0: port 2(bridge_slave_1) entered blocking state
[  237.777712][ T6286] bridge0: port 2(bridge_slave_1) entered forwarding state
[  237.922410][T12832] 8021q: adding VLAN 0 to HW filter on device batadv0
[  237.947534][T12832] veth0_vlan: entered promiscuous mode
[  237.952944][T12832] veth1_vlan: entered promiscuous mode
[  237.962145][  T842] usb 14-1: new low-speed USB device number 5 using dummy_hcd
[  237.970699][T12832] veth0_macvtap: entered promiscuous mode
[  237.974958][T12832] veth1_macvtap: entered promiscuous mode
[  237.986627][T12832] batman_adv: batadv0: Interface activated: batadv_slave_0
[  237.996277][T12832] batman_adv: batadv0: Interface activated: batadv_slave_1
[  238.005507][ T6279] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  238.009619][ T6279] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  238.016788][ T6279] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  238.022435][ T6279] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  238.097491][ T6285] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  238.102593][  T842] usb 14-1: device descriptor read/64, error -71
[  238.105541][ T6285] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  238.128728][ T6285] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  238.131574][ T6285] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  238.227202][T12911] input: syz0 as /devices/virtual/input/input23
[  238.242322][   T40] audit: type=1400 audit(524525.711:1512): avc:  denied  { map } for  pid=12910 comm="syz.0.1894" path="/dev/bus/usb/003/001" dev="devtmpfs" ino=748 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  238.252617][ T5949] Bluetooth: hci3: command tx timeout
[  238.315259][T12913] sp0: Synchronizing with TNC
[  238.323185][T12912] [U] �
[  238.354715][  T842] usb 14-1: new low-speed USB device number 6 using dummy_hcd
[  238.483623][  T842] usb 14-1: device descriptor read/64, error -71
[  238.527506][T12923] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1916'.
[  238.604264][  T842] usb usb14-port1: attempt power cycle
[  238.729636][T12927] overlayfs: failed to resolve './file1': -2
[  238.936427][T12938] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1921'.
[  238.955797][  T842] usb 14-1: new low-speed USB device number 7 using dummy_hcd
[  238.977197][  T842] usb 14-1: device descriptor read/8, error -71
[  239.151232][T12949] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1924'.
[  239.226951][  T842] usb 14-1: new low-speed USB device number 8 using dummy_hcd
[  239.249494][  T842] usb 14-1: device descriptor read/8, error -71
[  239.310763][T12955] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1925'.
[  239.361277][  T842] usb usb14-port1: unable to enumerate USB device
[  239.416666][T12955] nbd: device at index 64 is going down
[  239.435033][ T5937] udevd[5937]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  239.899903][   T40] audit: type=1326 audit(524527.373:1513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12989 comm="syz.0.1933" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abbf9c799 code=0x7ffc0000
[  239.913615][   T40] audit: type=1326 audit(524527.373:1514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12989 comm="syz.0.1933" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abbf9c799 code=0x7ffc0000
[  239.925194][   T40] audit: type=1326 audit(524527.383:1515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12989 comm="syz.0.1933" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abbf9c799 code=0x7ffc0000
[  239.935453][   T40] audit: type=1326 audit(524527.383:1516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12989 comm="syz.0.1933" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abbf9c799 code=0x7ffc0000
[  239.947198][   T40] audit: type=1326 audit(524527.383:1517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12989 comm="syz.0.1933" exe="/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f6abbf9c799 code=0x7ffc0000
[  239.957908][   T40] audit: type=1326 audit(524527.383:1518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12989 comm="syz.0.1933" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abbf9c799 code=0x7ffc0000
[  239.967791][   T40] audit: type=1326 audit(524527.383:1519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12989 comm="syz.0.1933" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abbf9c799 code=0x7ffc0000
[  239.978592][   T40] audit: type=1326 audit(524527.383:1520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12989 comm="syz.0.1933" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abbf9c799 code=0x7ffc0000
[  239.989334][   T40] audit: type=1326 audit(524527.383:1521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12989 comm="syz.0.1933" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abbf9c799 code=0x7ffc0000
[  240.008075][T12990] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16)
[  240.011569][T12990] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  240.351751][ T5949] Bluetooth: hci3: command tx timeout
[  240.447143][T12999] vcan1: entered allmulticast mode
[  240.938553][T13030] sp0: Synchronizing with TNC
[  240.954064][T13032] overlayfs: empty lowerdir
[  241.029721][T13039] random: crng reseeded on system resumption
[  241.176257][   T39] usb 14-1: new high-speed USB device number 9 using dummy_hcd
[  241.327633][   T39] usb 14-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  241.332829][   T39] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  241.342506][   T39] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  241.348876][   T39] usb 14-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  241.354775][   T39] usb 14-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  241.358853][   T39] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  241.373841][   T39] usb 14-1: config 0 descriptor??
[  241.374594][T13045] bridge1: entered promiscuous mode
[  241.785176][   T39] hid_parser_main: 22 callbacks suppressed
[  241.785190][   T39] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  241.792235][   T39] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  241.794870][   T39] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  241.798069][   T39] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  241.800963][   T39] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  241.803439][   T39] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  241.805940][   T39] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  241.808480][   T39] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  241.811016][   T39] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  241.813808][   T39] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  241.817993][T13072] misc userio: Begin command sent, but we're already running
[  241.824912][   T39] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.9-1/input0
[  241.898663][T13074] kvm: emulating exchange as write
[  242.010824][T13083] netlink: 'syz.8.1955': attribute type 1 has an invalid length.
[  242.013405][T13083] __nla_validate_parse: 4 callbacks suppressed
[  242.013415][T13083] netlink: 224 bytes leftover after parsing attributes in process `syz.8.1955'.
[  242.018830][T13083] NCSI netlink: No device for ifindex 0
[  242.052903][T13086] fuse: Bad value for 'group_id'
[  242.054706][T13086] fuse: Bad value for 'group_id'
[  242.429773][ T5949] Bluetooth: hci3: command tx timeout
[  242.793566][T13090] netlink: 'syz.0.1957': attribute type 11 has an invalid length.
[  242.797109][T13090] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1957'.
[  243.065415][T13108] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1964'.
[  243.069701][T13108] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1964'.
[  243.074400][T13108] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1964'.
[  243.092376][T13108] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1964'.
[  243.104014][T13108] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1964'.
[  243.108319][T13108] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1964'.
[  243.112741][T13108] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1964'.
[  243.116976][T13108] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1964'.
[  243.133118][   T39] usb 14-1: reset high-speed USB device number 9 using dummy_hcd
[  243.177975][T13113] dummy0: entered promiscuous mode
[  243.180770][T13113] netdevsim netdevsim8 netdevsim0: entered promiscuous mode
[  243.184734][T13113] debugfs: 'hsr1' already exists in 'hsr'
[  243.186944][T13113] Cannot create hsr debugfs directory
[  243.189434][T13113] hsr1: entered allmulticast mode
[  243.191577][T13113] netdevsim netdevsim8 netdevsim0: entered allmulticast mode
[  243.202402][T13113] 9p: Bad value for 'version'
[  243.202404][T13114] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  243.243715][ T7043] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[  243.247996][ T7043] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[  243.254441][   T13] wlan1: authenticated
[  243.254698][T13114] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  243.264542][   T13] wlan1: associate with 08:02:11:00:00:00 (try 1/3)
[  243.314720][   T13] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1)
[  243.317836][   T13] wlan1: associated
[  243.318389][T13122] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  243.931681][T13029] [U] �
[  244.011774][T13129] netlink: 'syz.9.1970': attribute type 3 has an invalid length.
[  244.021552][T13130] netlink: 'syz.9.1970': attribute type 3 has an invalid length.
[  244.237488][   T40] kauditd_printk_skb: 155 callbacks suppressed
[  244.237506][   T40] audit: type=1400 audit(524531.697:1677): avc:  denied  { setopt } for  pid=13149 comm="syz.8.1974" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  244.517468][ T5949] Bluetooth: hci3: command tx timeout
[  244.713526][ T7049] usb 14-1: USB disconnect, device number 9
[  244.744049][T13190] ------------[ cut here ]------------
[  244.746478][T13190] 1
[  244.746490][T13190] WARNING: mm/page_alloc.c:5226 at __alloc_frozen_pages_noprof+0x23ea/0x2ba0, CPU#3: syz.0.1987/13190
[  244.752422][T13190] Modules linked in:
[  244.754379][T13190] CPU: 3 UID: 0 PID: 13190 Comm: syz.0.1987 Tainted: G             L      syzkaller #0 PREEMPT(full) 
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  244.760878][T13190] Tainted: [L]=SOFTLOCKUP
[  244.763224][T13190] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  244.767829][T13190] RIP: 0010:__alloc_frozen_pages_noprof+0x23ea/0x2ba0
[  244.771225][T13190] Code: 00 45 31 c9 49 83 bc 24 70 05 00 00 00 4c 89 4c 24 50 0f 85 5f f8 ff ff c6 44 24 10 00 e9 f3 ea ff ff c6 05 e2 81 5a 0e 01 90 <0f> 0b 90 e9 69 df ff ff 83 7c 24 40 03 41 bc 04 00 00 00 7f 06 41
[  244.780849][T13190] RSP: 0018:ffffc9000dedf7a0 EFLAGS: 00010246
[  244.783958][T13190] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  244.787789][T13190] RDX: 0000000000000000 RSI: 0000000000000016 RDI: 0000000000040cc0
[  244.791277][T13190] RBP: 0000000000000016 R08: 0000000000000005 R09: 0000000000000009
[  244.794788][T13190] R10: 0000000000000016 R11: 0000000000000000 R12: 0000000000040cc0
[  244.798381][T13190] R13: 1ffff92001bdbf43 R14: 0000000000000016 R15: 1ffff92001bdbf0d
[  244.801958][T13190] FS:  00007f6abcf3e6c0(0000) GS:ffff8880d6642000(0000) knlGS:0000000000000000
[  244.805927][T13190] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  244.809286][T13190] CR2: 00007f6abcefcd58 CR3: 000000003b400000 CR4: 0000000000352ef0
[  244.813072][T13190] Call Trace:
[  244.814709][T13190]  <TASK>
[  244.816098][T13190]  ? bpf_ksym_find+0x128/0x1c0
[  244.818407][T13190]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  244.821241][T13190]  ? is_bpf_text_address+0x94/0x1a0
[  244.823531][T13190]  ? kernel_text_address+0x8d/0x100
[  244.825836][T13190]  ? __kernel_text_address+0xd/0x30
[  244.828267][T13190]  ? unwind_get_return_address+0x59/0xa0
[  244.830882][T13190]  ? arch_stack_walk+0xa6/0xf0
[  244.832959][T13190]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  244.835671][T13190]  ? tomoyo_path_number_perm+0x46d/0x580
[  244.838241][T13190]  ? stack_trace_save+0x8e/0xc0
[  244.840359][T13190]  ? __lock_acquire+0x4a5/0x2630
[  244.842502][T13190]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  244.845034][T13190]  ? policy_nodemask+0xed/0x4f0
[  244.847154][T13190]  alloc_pages_mpol+0x1fb/0x550
[  244.849390][T13190]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  244.851712][T13190]  ? find_held_lock+0x2b/0x80
[  244.853997][T13190]  ? avc_has_extended_perms+0x33a/0x1080
[  244.856540][T13190]  ? avc_has_extended_perms+0x33a/0x1080
[  244.858913][T13190]  ? drm_syncobj_array_find+0x34/0x3b0
[  244.861044][T13190]  ___kmalloc_large_node+0x104/0x150
[  244.863129][T13190]  __kmalloc_large_node_noprof+0x1c/0x70
[  244.865440][T13190]  __kmalloc_noprof+0x5be/0x850
[  244.867420][T13190]  drm_syncobj_array_find+0x34/0x3b0
[  244.869668][T13190]  drm_syncobj_reset_ioctl+0x20b/0x370
[  244.871833][T13190]  ? __pfx_drm_syncobj_reset_ioctl+0x10/0x10
[  244.874567][T13190]  ? drm_dev_exit+0x41/0x60
[  244.876370][T13190]  ? drm_dev_exit+0x41/0x60
[  244.878465][T13190]  drm_ioctl_kernel+0x1f3/0x3e0
[  244.880456][T13190]  ? __pfx_drm_syncobj_reset_ioctl+0x10/0x10
[  244.882803][T13190]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  244.885102][T13190]  drm_ioctl+0x5e6/0xc60
[  244.886931][T13190]  ? __pfx_drm_syncobj_reset_ioctl+0x10/0x10
[  244.889583][T13190]  ? __pfx_drm_ioctl+0x10/0x10
[  244.891726][T13190]  ? selinux_file_ioctl+0x139/0x290
[  244.894052][T13190]  ? selinux_file_ioctl+0xb4/0x290
[  244.896168][T13190]  ? __pfx_drm_ioctl+0x10/0x10
[  244.898127][T13190]  __x64_sys_ioctl+0x18e/0x210
[  244.900042][T13190]  do_syscall_64+0x106/0xf80
[  244.901925][T13190]  ? clear_bhb_loop+0x40/0x90
[  244.903789][T13190]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  244.906131][T13190] RIP: 0033:0x7f6abbf9c799
[  244.908262][T13190] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  244.917135][T13190] RSP: 002b:00007f6abcf3e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  244.921028][T13190] RAX: ffffffffffffffda RBX: 00007f6abc215fa0 RCX: 00007f6abbf9c799
[  244.924580][T13190] RDX: 0000200000000100 RSI: 00000000c01064c4 RDI: 0000000000000007
[  244.928339][T13190] RBP: 00007f6abc032c99 R08: 0000000000000000 R09: 0000000000000000
[  244.932476][T13190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  244.936352][T13190] R13: 00007f6abc216038 R14: 00007f6abc215fa0 R15: 00007ffce17285c8
[  244.939945][T13190]  </TASK>
[  244.941365][T13190] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  244.944638][T13190] CPU: 3 UID: 0 PID: 13190 Comm: syz.0.1987 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  244.949479][T13190] Tainted: [L]=SOFTLOCKUP
[  244.951443][T13190] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  244.955904][T13190] Call Trace:
[  244.957572][T13190]  <TASK>
[  244.959053][T13190]  dump_stack_lvl+0x100/0x190
[  244.961273][T13190]  vpanic+0x552/0x970
[  244.963101][T13190]  ? __pfx_vpanic+0x10/0x10
[  244.965235][T13190]  panic+0xd1/0xe0
[  244.966977][T13190]  ? __pfx_panic+0x10/0x10
[  244.969053][T13190]  ? check_panic_on_warn+0x1f/0x90
[  244.971342][T13190]  check_panic_on_warn.cold+0x19/0x34
[  244.973650][T13190]  ? __alloc_frozen_pages_noprof+0x23ea/0x2ba0
[  244.976174][T13190]  __warn.cold+0x191/0x348
[  244.978044][T13190]  __report_bug+0x296/0x3d0
[  244.980077][T13190]  ? __alloc_frozen_pages_noprof+0x23ea/0x2ba0
[  244.982827][T13190]  ? __pfx___report_bug+0x10/0x10
[  244.985079][T13190]  ? __lock_acquire+0x4a5/0x2630
[  244.987550][T13190]  ? __lock_acquire+0x4a5/0x2630
[  244.990049][T13190]  ? __alloc_frozen_pages_noprof+0x23ea/0x2ba0
[  244.992812][T13190]  report_bug+0xb2/0x220
[  244.994722][T13190]  ? __alloc_frozen_pages_noprof+0x23ea/0x2ba0
[  244.997393][T13190]  handle_bug+0x16a/0x2a0
[  244.999448][T13190]  exc_invalid_op+0x17/0x50
[  245.001622][T13190]  asm_exc_invalid_op+0x1a/0x20
[  245.003915][T13190] RIP: 0010:__alloc_frozen_pages_noprof+0x23ea/0x2ba0
[  245.007350][T13190] Code: 00 45 31 c9 49 83 bc 24 70 05 00 00 00 4c 89 4c 24 50 0f 85 5f f8 ff ff c6 44 24 10 00 e9 f3 ea ff ff c6 05 e2 81 5a 0e 01 90 <0f> 0b 90 e9 69 df ff ff 83 7c 24 40 03 41 bc 04 00 00 00 7f 06 41
[  245.016302][T13190] RSP: 0018:ffffc9000dedf7a0 EFLAGS: 00010246
[  245.019132][T13190] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  245.022496][T13190] RDX: 0000000000000000 RSI: 0000000000000016 RDI: 0000000000040cc0
[  245.026216][T13190] RBP: 0000000000000016 R08: 0000000000000005 R09: 0000000000000009
[  245.030066][T13190] R10: 0000000000000016 R11: 0000000000000000 R12: 0000000000040cc0
[  245.033673][T13190] R13: 1ffff92001bdbf43 R14: 0000000000000016 R15: 1ffff92001bdbf0d
[  245.037376][T13190]  ? bpf_ksym_find+0x128/0x1c0
[  245.039645][T13190]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  245.042403][T13190]  ? is_bpf_text_address+0x94/0x1a0
[  245.044635][T13190]  ? kernel_text_address+0x8d/0x100
[  245.046932][T13190]  ? __kernel_text_address+0xd/0x30
[  245.049413][T13190]  ? unwind_get_return_address+0x59/0xa0
[  245.051999][T13190]  ? arch_stack_walk+0xa6/0xf0
[  245.054241][T13190]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  245.057155][T13190]  ? tomoyo_path_number_perm+0x46d/0x580
[  245.059892][T13190]  ? stack_trace_save+0x8e/0xc0
[  245.062162][T13190]  ? __lock_acquire+0x4a5/0x2630
[  245.064383][T13190]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  245.067037][T13190]  ? policy_nodemask+0xed/0x4f0
[  245.069359][T13190]  alloc_pages_mpol+0x1fb/0x550
[  245.071546][T13190]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  245.074065][T13190]  ? find_held_lock+0x2b/0x80
[  245.076419][T13190]  ? avc_has_extended_perms+0x33a/0x1080
[  245.079062][T13190]  ? avc_has_extended_perms+0x33a/0x1080
[  245.081583][T13190]  ? drm_syncobj_array_find+0x34/0x3b0
[  245.084031][T13190]  ___kmalloc_large_node+0x104/0x150
[  245.086416][T13190]  __kmalloc_large_node_noprof+0x1c/0x70
[  245.089325][T13190]  __kmalloc_noprof+0x5be/0x850
[  245.091648][T13190]  drm_syncobj_array_find+0x34/0x3b0
[  245.094021][T13190]  drm_syncobj_reset_ioctl+0x20b/0x370
[  245.096434][T13190]  ? __pfx_drm_syncobj_reset_ioctl+0x10/0x10
[  245.099142][T13190]  ? drm_dev_exit+0x41/0x60
[  245.101412][T13190]  ? drm_dev_exit+0x41/0x60
[  245.103692][T13190]  drm_ioctl_kernel+0x1f3/0x3e0
[  245.106151][T13190]  ? __pfx_drm_syncobj_reset_ioctl+0x10/0x10
[  245.108875][T13190]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  245.111218][T13190]  drm_ioctl+0x5e6/0xc60
[  245.113009][T13190]  ? __pfx_drm_syncobj_reset_ioctl+0x10/0x10
[  245.115559][T13190]  ? __pfx_drm_ioctl+0x10/0x10
[  245.117605][T13190]  ? selinux_file_ioctl+0x139/0x290
[  245.119955][T13190]  ? selinux_file_ioctl+0xb4/0x290
[  245.122460][T13190]  ? __pfx_drm_ioctl+0x10/0x10
[  245.124907][T13190]  __x64_sys_ioctl+0x18e/0x210
[  245.127164][T13190]  do_syscall_64+0x106/0xf80
[  245.129276][T13190]  ? clear_bhb_loop+0x40/0x90
[  245.131341][T13190]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  245.133923][T13190] RIP: 0033:0x7f6abbf9c799
[  245.135879][T13190] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  245.144920][T13190] RSP: 002b:00007f6abcf3e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  245.148701][T13190] RAX: ffffffffffffffda RBX: 00007f6abc215fa0 RCX: 00007f6abbf9c799
[  245.152258][T13190] RDX: 0000200000000100 RSI: 00000000c01064c4 RDI: 0000000000000007
[  245.155682][T13190] RBP: 00007f6abc032c99 R08: 0000000000000000 R09: 0000000000000000
[  245.159144][T13190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  245.162830][T13190] R13: 00007f6abc216038 R14: 00007f6abc215fa0 R15: 00007ffce17285c8
[  245.166485][T13190]  </TASK>
[  245.168781][T13190] Kernel Offset: disabled
[  245.170698][T13190] Rebooting in 86400 seconds..