last executing test programs:

10m47.907755252s ago: executing program 32 (id=2050):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000000c00078008000640000007010500050002000000050004000000000016000300686173683a6e65742c706f7274"], 0x5c}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000ffff00000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f0000000080)=0x3ff)
sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="3801000010000100feffffff00010000010000000000000000000000000000016401010100000000000000000000ba02ae13442978fe", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c000000ac14143f000000000000000000000000000000000000000092010000000000000600000000000000ffff0000000000001c250800000000000200000000000000f8ffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00000000000000feffffffffffffff02000000fcffffff000000002abd7000043500000200010020000000480003006465666c61746500"/236], 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
r7 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000180)={0x80000000}, 0x19a)
write(r7, &(0x7f0000000000)="240000001a005f0400f9f407000904018020202000000000000000002e7ee24d0d000800", 0x24)
r8 = msgget$private(0x0, 0xfffffffffffffffd)
msgrcv(r8, 0x0, 0x0, 0x1, 0x3000)
msgrcv(r8, 0x0, 0x0, 0x2, 0x3000)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0x890}, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="00008000", @ANYRES16=r1, @ANYBLOB="0700000000000000000005000000180001801400020073797a5f74756e000000000000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)

7m52.046882612s ago: executing program 33 (id=2536):
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000005c0), 0x0, 0x48081)
recvmmsg(r1, &(0x7f0000000540)=[{{&(0x7f0000000380)=@can, 0x80, &(0x7f0000000400)=[{&(0x7f0000000480)=""/153, 0x99}], 0x1}}], 0x1, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r2, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x4b73, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
bind$isdn(0xffffffffffffffff, &(0x7f00000000c0)={0x22, 0xc, 0xb, 0x0, 0x2}, 0x6)
getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x20, 0x0, &(0x7f0000000580))
stat64(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0))
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$6lowpan_control(r3, &(0x7f0000000240)='connect aa:aa:aa:aa:aa:11 2', 0x1b)
ioctl$SOUND_PCM_READ_CHANNELS(0xffffffffffffffff, 0x80045006, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19)
setsockopt$RXRPC_SECURITY_KEY(0xffffffffffffffff, 0x110, 0xffe, 0x0, 0x0)
write$6lowpan_control(r3, &(0x7f0000000300)='connect aa:aa:aa:aa:aa:11 1', 0x1b)
r4 = syz_genetlink_get_family_id$tipc2(0x0, r0)
socket$inet_sctp(0x2, 0x5, 0x84)
sendmsg$TIPC_NL_PEER_REMOVE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010025140000000c0007800800020007000000"], 0x20}}, 0x0)
syz_emit_ethernet(0x7a, &(0x7f0000000540)=ANY=[@ANYBLOB], 0x0)
timer_settime(0x0, 0x0, &(0x7f00000005c0)={{0x77359400}, {0x0, 0x9}}, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
mkdirat(0xffffffffffffffff, &(0x7f0000002040)='./file0\x00', 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
shmget$private(0x0, 0x4000, 0x40, &(0x7f0000ffc000/0x4000)=nil)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
umount2(0x0, 0x6)

2m48.797185985s ago: executing program 4 (id=3323):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$ttyS3(0xffffff9c, 0x0, 0x200600, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000280), 0xffff, 0x14f600)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8044}, 0x810)
write$binfmt_misc(r3, &(0x7f0000000040), 0xe09)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1800000040000703fcffffff00000100037c000004"], 0x18}, 0x1, 0x0, 0x0, 0x4008011}, 0xc000)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000002c0)={r3, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x21800, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@newtfilter={0x7c, 0x2c, 0xd27, 0x70bd1f, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0x4, 0xe}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x4c, 0x2, [@TCA_FLOWER_ACT={0x48, 0x3, [@m_bpf={0x44, 0x1, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1, 0x0, 0x4, 0x2, 0x1}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x8848}, 0x80)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3b)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x4e24, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000001240)=ANY=[@ANYBLOB="10000000100100000100000024030000"], 0x10}, 0xc010)
close_range(r9, 0xffffffffffffffff, 0x0)

2m45.926886897s ago: executing program 4 (id=3330):
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40182, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f00000001c0)={0x1000200001ee0000, 0x3})
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_ENUMAUDOUT(r2, 0xc0345642, &(0x7f0000000040)={0x0, "21a56b7ad1e74f1ff6c21e909eafafb31880decf0dc803bdc16a04d86c57f195", 0x1, 0x1})
r3 = socket(0x1e, 0x2, 0x0)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$FIONREAD(r4, 0x541b, 0x0)
socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x4000000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x1000000000, 0x7, 0xfa11, 0xffffffff}, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000480)=[@mss={0x2, 0x3}, @mss={0x2, 0xaf0}, @timestamp, @mss={0x2, 0x8}, @window={0x3, 0x8000, 0x81}, @sack_perm], 0x6)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
getdents(r7, &(0x7f0000001fc0)=""/184, 0xb8)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="400000002e00090027bd700000000000040000002900118031f9e05e2f826cfc31dc2af824704f63dac994ce05030024e5479795b50d9015743a8b75c2000000"], 0x40}, 0x1, 0x0, 0x0, 0x42804}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

2m42.292772315s ago: executing program 4 (id=3342):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)={0x60, r1, 0x1, 0x2100, 0x0, {}, [@TIPC_NLA_BEARER={0x4c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0xa, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}]}]}, 0x60}}, 0x0)

2m41.671878127s ago: executing program 4 (id=3346):
socket$packet(0x11, 0x2, 0x300)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan1\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f0000000140)={0x1d, r1}, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(ecb-aes-aesni)\x00'}, 0x58)
r3 = openat$pfkey(0xffffff9c, &(0x7f0000000200), 0x40440, 0x0)
ioctl$UFFDIO_WRITEPROTECT(r3, 0xc018aa06, &(0x7f0000000240)={{&(0x7f0000ffa000/0x4000)=nil, 0x4000}})
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000180)="10797fcd6cd957d2b903c6bf46b4abf3629ff075475e4bd6e43be1712bf8b4dc", 0x20)
r4 = accept4(r2, 0x0, 0x0, 0x80000)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f00000008c0)=[{0x6, 0x0, 0x0, 0x8}]})
socket$inet6(0x10, 0x4, 0x8)
close_range(r5, 0xffffffffffffffff, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r6, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff})
getpeername$packet(r7, &(0x7f0000000000)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r6, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r8, 0x2f000000}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448", 0xd}, {&(0x7f0000000140)="ebe3a0e9", 0x4}], 0x2}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)
sendmsg$NFQNL_MSG_VERDICT(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x14, 0x1, 0x3, 0x401, 0x0, 0x0, {0x3, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x2400c804}, 0x40800)
recvmmsg(r0, &(0x7f0000007140)=[{{0x0, 0x0, 0x0}, 0x6}], 0x1, 0x40010000, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$can_raw(0x1d, 0x3, 0x1)
close(0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r9, 0x8933, &(0x7f0000000180)={'vxcan0\x00'})
r10 = openat$nvram(0xffffff9c, &(0x7f0000000000), 0x2000, 0x0)
setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r10, 0x110, 0x3)
ioctl$VIDIOC_SUBDEV_S_SELECTION(0xffffffffffffffff, 0xc040563e, &(0x7f00000002c0)={0x0, 0x0, 0x102, 0x6, {0x6, 0x3, 0x6, 0x7fffffff}})

2m40.56010048s ago: executing program 4 (id=3354):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a01020000000000000000010000000900010073797a3000000000d0000000160a01000000000000000000010000010900010073797a30000000000900020073797a3000000000a40003800800014000000000900003801400010076657468305f746f5f62617461647600140001006d6163766c616e3100000000000000001400010076657468310000000000000000000000140001006772653000000000000000000000000014000100776c616e3100000000000000000000001400010076657468315f766972745f77696669001400010076657468305f746f5f626f6e640000000800024000000006c8000000180a0101000b000000000000015b17000900010073797a30000000009c0003800400014000000000900003801400010069703665727370616e300000000000001400010076657468305f6d61637674617000000014000100626f6e645f736c6176655f310000000014000100626f6e645f736c6176655f30000000001400010063616966300000000000000000000000140001006d616373656330000000000000000000140001007465616d5f736c6176655f30000000000900020073797a30"], 0x1e0}}, 0x0)
pipe(&(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff})
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
syz_io_uring_setup(0x19f2, &(0x7f0000000080)={0x0, 0x59ed, 0x10100, 0x0, 0x0, 0x0, r4}, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0)
write$UHID_CREATE2(r8, &(0x7f0000000180)=ANY=[@ANYRES64=r7], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r8, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, r8, 0x0, r3})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x108, &(0x7f0000000040)=0x201, 0x0, 0x4)
pipe(&(0x7f0000000180)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x8501, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r10, 0xc0045005, &(0x7f00000002c0)=0x1)
splice(r1, 0x0, r9, 0x0, 0x80, 0x8)
mmap$snddsp_status(&(0x7f0000ffa000/0x3000)=nil, 0x1000, 0x1000008, 0x11, r1, 0x82000000)
write$tun(r2, &(0x7f00000033c0)=ANY=[], 0x107c)
openat$sw_sync_info(0xffffff9c, &(0x7f00000001c0), 0x8280, 0x0)

2m40.181237648s ago: executing program 4 (id=3356):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a05000000000000000000050000000c000440000000000000000108000240000000012c000000030a01010000000000000000050000000900010073797a30000000000900030073797a30000000009c000000060a010400000000000000000500fffe08000b400000000074000480240001800b0001007470726f7879000014000280ee6fed313fd6b267c9fd080001400000000208000340000000104c0001800b0001006c6f6f6b757000003c0002800900010073797a300000000008000440000000030900010073797a32000000000900010073797a30000000000900010073797a32000000000900010073797a300000000014000000110001000000"], 0x118}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_io_uring_setup(0x118d7, 0x0, 0x0, &(0x7f00000002c0))
socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000500)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x22)
r4 = getpid()
r5 = syz_pidfd_open(r4, 0x0)
getpgrp(r4)
r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x1, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, 0x0)
r7 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r8 = getpid()
syz_pidfd_open(r8, 0x0)
pwritev2(r5, &(0x7f00000004c0)=[{&(0x7f00000003c0)="7ca8829959c5d41a36d5c9158ab775fccacebe69f39afd44667e0b7d8561de00f8f94de40540a8cc1af2ad270f40dd9037e0eab4675fa5c80b6baa79cf5a343d2c00f1ae9f1064d3683a51b43f54b87d038928693e13a8cb9d1387d9c8c58396d96e05c24a7dd5ff13d316aee7f8639108107ff9f67a2cecd4d938524b358959f3eeb3abc6166dee279e7e2979", 0x8d}, {&(0x7f0000000180)="a346bb8470eb066336366ac2c8fce6f3abd2992b456312b956837f96a66b97ef37e1d56607006ef8cac18838a63eb5e1a86e5c76494cfa9ed6c5a4fde8fd747b2da0013a83ad85feeee751", 0x4b}, {&(0x7f0000000480)="b42087ca", 0x4}], 0x3, 0x4, 0x80000001, 0x8)
unshare(0x62040200)
io_uring_enter(r1, 0x3aa2, 0xebae, 0x11, &(0x7f0000000140)={[0x80000000, 0x1000000]}, 0x8)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r7, 0x4018f50b, &(0x7f0000000100)={0xfffffffb, 0x7, 0x3d})
socket$kcm(0x10, 0x400000002, 0x0)
syz_usb_connect(0x0, 0x4a, 0x0, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1})
unshare(0x2000000)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="600000000206010800000000000000000000000005000400000000000900020073797a31000000001400078008001240000000000500140008000000050005000a0000000500010006000000110003"], 0x60}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
getsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, 0xffffffffffffffff, 0x0)

2m24.315687341s ago: executing program 34 (id=3356):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a05000000000000000000050000000c000440000000000000000108000240000000012c000000030a01010000000000000000050000000900010073797a30000000000900030073797a30000000009c000000060a010400000000000000000500fffe08000b400000000074000480240001800b0001007470726f7879000014000280ee6fed313fd6b267c9fd080001400000000208000340000000104c0001800b0001006c6f6f6b757000003c0002800900010073797a300000000008000440000000030900010073797a32000000000900010073797a30000000000900010073797a32000000000900010073797a300000000014000000110001000000"], 0x118}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_io_uring_setup(0x118d7, 0x0, 0x0, &(0x7f00000002c0))
socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000500)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x22)
r4 = getpid()
r5 = syz_pidfd_open(r4, 0x0)
getpgrp(r4)
r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x1, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, 0x0)
r7 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r8 = getpid()
syz_pidfd_open(r8, 0x0)
pwritev2(r5, &(0x7f00000004c0)=[{&(0x7f00000003c0)="7ca8829959c5d41a36d5c9158ab775fccacebe69f39afd44667e0b7d8561de00f8f94de40540a8cc1af2ad270f40dd9037e0eab4675fa5c80b6baa79cf5a343d2c00f1ae9f1064d3683a51b43f54b87d038928693e13a8cb9d1387d9c8c58396d96e05c24a7dd5ff13d316aee7f8639108107ff9f67a2cecd4d938524b358959f3eeb3abc6166dee279e7e2979", 0x8d}, {&(0x7f0000000180)="a346bb8470eb066336366ac2c8fce6f3abd2992b456312b956837f96a66b97ef37e1d56607006ef8cac18838a63eb5e1a86e5c76494cfa9ed6c5a4fde8fd747b2da0013a83ad85feeee751", 0x4b}, {&(0x7f0000000480)="b42087ca", 0x4}], 0x3, 0x4, 0x80000001, 0x8)
unshare(0x62040200)
io_uring_enter(r1, 0x3aa2, 0xebae, 0x11, &(0x7f0000000140)={[0x80000000, 0x1000000]}, 0x8)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r7, 0x4018f50b, &(0x7f0000000100)={0xfffffffb, 0x7, 0x3d})
socket$kcm(0x10, 0x400000002, 0x0)
syz_usb_connect(0x0, 0x4a, 0x0, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1})
unshare(0x2000000)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="600000000206010800000000000000000000000005000400000000000900020073797a31000000001400078008001240000000000500140008000000050005000a0000000500010006000000110003"], 0x60}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
getsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, 0xffffffffffffffff, 0x0)

2m20.469877458s ago: executing program 3 (id=3409):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x118d7, 0x0, 0x0, &(0x7f00000002c0))
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="34000000010401010000000000000000070000050500010001000000080005400000000608000440000004010800032400000004"], 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x8000)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$IP_SET_OP_GET_FNAME(r3, 0x1, 0x53, &(0x7f0000000240)={0x8, 0x7, 0x0, 'syz0\x00'}, &(0x7f0000000300)=0x2c)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r5=>0x0})
r6 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r5, @ANYBLOB="00000000000000001c001a800800028008000200080000003e12000008"], 0x44}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket(0x1d, 0x2, 0x6)
unshare(0x22020400)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'veth1\x00', &(0x7f0000000200)=@ethtool_per_queue_op={0x4b, 0xf, [0xa, 0x1, 0x7fff, 0x1, 0x4, 0x9, 0xa4, 0xffb, 0x7, 0xb69, 0xc1, 0x4, 0x21, 0x3, 0x5, 0x101, 0x1000, 0x9, 0xe12, 0x3, 0x1, 0xfffffffa, 0x0, 0x6, 0x9, 0x4, 0x4, 0x5, 0x100000, 0x762, 0x3, 0xd, 0xe, 0x2b12, 0x100, 0x6, 0x1c00, 0xb, 0x7, 0xbed4, 0x8, 0x8000100, 0x3, 0x0, 0x11000, 0x40000004, 0x5, 0x79b, 0x2, 0x6, 0x0, 0x4, 0x8, 0x7, 0xf, 0x101, 0xd7, 0x1fa0860a, 0x7, 0xaa, 0x81, 0x2, 0x180000, 0x4007, 0x8b, 0x5, 0x2af, 0xf7, 0x5, 0x2, 0x6, 0x9, 0x4, 0x7, 0x4009, 0x0, 0x4, 0x100002, 0x8, 0x752, 0x0, 0x7, 0x0, 0x10001, 0x2, 0xffffffff, 0x6, 0x6, 0x9, 0x80000000, 0xfdffffff, 0x2, 0x2, 0x84, 0x1, 0x5, 0x256, 0x81, 0xb, 0x5, 0x20006, 0x2, 0x2, 0xb, 0x2, 0xd9a, 0xd, 0x2a2, 0xfffffffd, 0x3, 0x22, 0x5, 0x8, 0x0, 0x4, 0x2, 0x40, 0x8, 0x8, 0x4, 0x401, 0x66cd, 0x72, 0x6, 0x1, 0x1fc, 0xc5c, 0xffffffff]}})
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r8, 0x0, 0x4}, 0x18)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x3, 0x10, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000ff0500000000000000000000b7080000000000007b8af8ff00000000b7080000ff0100007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7", @ANYRES32=r7, @ANYBLOB="0000000000170000b705000008"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r9, 0x0, 0xe, 0x0, &(0x7f0000000100)="b34715ecd04550d3abc89b6f7bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bind$alg(r6, &(0x7f00000006c0)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYRESOCT=r3], 0x24}}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r10=>0xffffffffffffffff})
connect$unix(r10, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)

2m20.032579357s ago: executing program 3 (id=3411):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffbfef}]})
r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x8, <r2=>r0})
ioctl$sock_TIOCINQ(r2, 0x541b, &(0x7f0000000040))
ioctl$DMA_BUF_SET_NAME_A(r2, 0x40086203, 0x0)

2m19.646622666s ago: executing program 3 (id=3414):
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40182, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f00000001c0)={0x1000200001ee0000, 0x3})
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_ENUMAUDOUT(r2, 0xc0345642, &(0x7f0000000040)={0x0, "21a56b7ad1e74f1ff6c21e909eafafb31880decf0dc803bdc16a04d86c57f195", 0x1, 0x1})
r3 = socket(0x1e, 0x2, 0x0)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$FIONREAD(r4, 0x541b, 0x0)
socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x4000000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x1000000000, 0x7, 0xfa11, 0xffffffff}, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000480)=[@mss={0x2, 0x3}, @mss={0x2, 0xaf0}, @timestamp, @mss={0x2, 0x8}, @window={0x3, 0x8000, 0x81}, @timestamp], 0x6)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
getdents(r7, &(0x7f0000001fc0)=""/184, 0xb8)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="400000002e00090027bd700000000000040000002900118031f9e05e2f826cfc31dc2af824704f63dac994ce05030024e5479795b50d9015743a8b75c2000000"], 0x40}, 0x1, 0x0, 0x0, 0x42804}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

2m15.817394832s ago: executing program 3 (id=3421):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x40, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xf, 0xf}, {}, {0x7, 0xd}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x10, 0x2, [@TCA_CGROUP_EMATCHES={0xc, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6e4}}]}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000006100)=@delchain={0x24, 0x65, 0x1, 0x70bd2e, 0x25dfdbff, {0x0, 0x0, 0x0, r7, {0xffff, 0xc}, {}, {0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x8848}, 0x20004004)

2m15.500100898s ago: executing program 3 (id=3423):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r2 = syz_usb_connect(0x3, 0x24, &(0x7f00000003c0)={{0x12, 0x1, 0x300, 0x13, 0xdc, 0xa5, 0x40, 0x7ca, 0x1867, 0xa9e7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x5, 0x10, 0xe0, 0x84, [{{0x9, 0x4, 0x1b, 0x9, 0x0, 0x15, 0x82, 0x69, 0x3}}]}}]}}, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0})
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x2008400, &(0x7f00000000c0)=ANY=[@ANYRES64=0x0, @ANYRES8=r2])
read$FUSE(r3, &(0x7f0000006300)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f, 0x20000000, 0x4041}}, 0x50)
syz_fuse_handle_req(r3, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
dup2(r5, r3)
ioctl$FS_IOC_FSGETXATTR(r5, 0x801c581f, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_ASSOCIATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x20, r1, 0x1, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SSID={0x4}]}, 0x20}}, 0xc00)

2m13.246295441s ago: executing program 3 (id=3430):
creat(0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="600000000206010800000000000000000100000a11000300686173683a69702c6d61726b00000000050001000700000005000500020000000900020073797a300000000005000400000000001400078008000840000000d308000b"], 0x60}, 0x1, 0x0, 0x0, 0x2002c0c4}, 0x0)
mremap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f0000ffe000/0x2000)=nil)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = open(&(0x7f00009e1000)='./file0\x00', 0x149040, 0x10)
fcntl$setlease(r2, 0x400, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58)
r4 = socket$packet(0x11, 0x3, 0x300)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
setsockopt$inet_tcp_TCP_QUEUE_SEQ(r5, 0x6, 0x15, &(0x7f0000000100)=0x5, 0x4)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000a80)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="3811bb001000b70412000000ffffffff00000000", @ANYRES32=r6, @ANYBLOB="0b1b040000000000180012800b00010069703667726500000800028004001200"], 0x38}, 0x1, 0x0, 0x0, 0x48800}, 0x4000010)
sendto$packet(r4, &(0x7f0000000000)="6f3d12caa129b05b93fadda088a856d286dd", 0x12, 0x4, &(0x7f0000000180)={0x11, 0x8100, r6, 0x1, 0xe9, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x14)
close(0x3)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
fcntl$setlease(r2, 0x400, 0x1)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000004700)={'team0\x00', <r9=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000047c0)=ANY=[], 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x20044885)
syz_usb_connect$cdc_ncm(0x1, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x1f, 0x0, {0x0, 0x0, 0x74, r9, {}, {}, {0x8, 0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x8881}, 0x0)
r10 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGWINSZ(r10, 0x5413, 0x0)
openat$autofs(0xffffff9c, &(0x7f0000000040), 0x111000, 0x0)

1m58.1168227s ago: executing program 35 (id=3430):
creat(0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="600000000206010800000000000000000100000a11000300686173683a69702c6d61726b00000000050001000700000005000500020000000900020073797a300000000005000400000000001400078008000840000000d308000b"], 0x60}, 0x1, 0x0, 0x0, 0x2002c0c4}, 0x0)
mremap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f0000ffe000/0x2000)=nil)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = open(&(0x7f00009e1000)='./file0\x00', 0x149040, 0x10)
fcntl$setlease(r2, 0x400, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58)
r4 = socket$packet(0x11, 0x3, 0x300)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
setsockopt$inet_tcp_TCP_QUEUE_SEQ(r5, 0x6, 0x15, &(0x7f0000000100)=0x5, 0x4)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000a80)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="3811bb001000b70412000000ffffffff00000000", @ANYRES32=r6, @ANYBLOB="0b1b040000000000180012800b00010069703667726500000800028004001200"], 0x38}, 0x1, 0x0, 0x0, 0x48800}, 0x4000010)
sendto$packet(r4, &(0x7f0000000000)="6f3d12caa129b05b93fadda088a856d286dd", 0x12, 0x4, &(0x7f0000000180)={0x11, 0x8100, r6, 0x1, 0xe9, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x14)
close(0x3)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
fcntl$setlease(r2, 0x400, 0x1)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000004700)={'team0\x00', <r9=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000047c0)=ANY=[], 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x20044885)
syz_usb_connect$cdc_ncm(0x1, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x1f, 0x0, {0x0, 0x0, 0x74, r9, {}, {}, {0x8, 0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x8881}, 0x0)
r10 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGWINSZ(r10, 0x5413, 0x0)
openat$autofs(0xffffff9c, &(0x7f0000000040), 0x111000, 0x0)

1m52.942986799s ago: executing program 6 (id=3490):
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0xa00, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x80c80, 0x0)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00')
pread64(r7, &(0x7f0000001300)=""/4118, 0x1016, 0x0)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r7, 0x8982, &(0x7f00000000c0)={0x7, 'ip6_vti0\x00', {}, 0x2})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r7, 0x89f3, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000040)={0x0, <r8=>0x0})
ioctl$TIOCSPGRP(r7, 0x5410, &(0x7f00000000c0)=r8)
r9 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r10, 0x4138ae84, &(0x7f0000000100)={{0xeeef0000, 0xdddd1000, 0x0, 0x0, 0xff, 0x8, 0xa, 0x2, 0x0, 0x6, 0x80, 0x10}, {0x8080000, 0x0, 0xc, 0x6, 0x7c, 0x0, 0x0, 0x0, 0x7, 0x7, 0x0, 0xff}, {0x2fff, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xdc}, {0x4000, 0xeeee8000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4, 0x1}, {0xf000, 0x3000, 0x9, 0xfd, 0x0, 0x4, 0x20, 0xe, 0x0, 0x3c}, {0x3000, 0x0, 0xd, 0x7, 0x0, 0x0, 0x2, 0xfe, 0x0, 0x0, 0x82, 0x4}, {0x10000, 0x0, 0xf, 0x6, 0x5, 0x0, 0x3, 0x0, 0x4, 0x0, 0x0, 0xfe}, {0x80a0000, 0xdddd0000, 0x0, 0x1, 0x0, 0x1, 0x0, 0xa, 0x26, 0x0, 0xf8}, {0x80a0000, 0x4}, {0x6000}, 0xfdfcffdb, 0x0, 0x0, 0x28, 0xb, 0x0, 0x0, [0x0, 0x0, 0x1, 0x400000000]})
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_GET_SREGS2(r10, 0x8140aecc, &(0x7f0000001680))

1m51.580049384s ago: executing program 6 (id=3495):
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {0x0}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x3, 0x10, 0x81, 0x8000, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x1}, 0x50)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
read$FUSE(r1, &(0x7f0000002280)={0x2020}, 0x2020)

1m51.172426637s ago: executing program 6 (id=3497):
r0 = socket$pppoe(0x18, 0x1, 0x0)
r1 = mq_open(&(0x7f0000000000)='batadv_slave_1\xbb', 0x8c2, 0x30, &(0x7f0000000080)={0x3, 0x8, 0x6, 0xc07})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mq_timedreceive(r1, &(0x7f0000000100)=""/90, 0x5a, 0x0, 0x0)
connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @multicast, 'ip6tnl0\x00'}}, 0x1e)
socket$inet_sctp(0x2, 0x1, 0x84)
r2 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f0000000a80)={{0x2, 0x4e23, @empty}, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x4a, {0x2, 0x0, @rand_addr=0x64010101}, 'lo\x00'})
ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f00000002c0)={{0x2, 0x0, @multicast1}, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x32}}, 0x8, {0x2, 0x0, @empty}, 'lo\x00'})
r3 = socket$netlink(0x10, 0x3, 0x0)
writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0)
ioctl$PPPOEIOCSFWD(r0, 0x40047452, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001340)=ANY=[@ANYBLOB], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x48, &(0x7f0000000480)=ANY=[@ANYBLOB="180200009b1aecb600000000"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getdents(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

1m49.893595055s ago: executing program 6 (id=3501):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xc002)
eventfd2(0xe5c, 0x100000)
socket$key(0xf, 0x3, 0x2)
pipe2(&(0x7f0000000000), 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
ioctl$HIDIOCSREPORT(0xffffffffffffffff, 0x400c4808, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xfeffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
unshare(0x2040400)
r2 = fsopen(&(0x7f00000000c0)='tmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
socketpair(0x1, 0x100000005, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff})
getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r3, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r5}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)

1m47.731284312s ago: executing program 6 (id=3512):
socket(0xa, 0x1, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6(0xa, 0x2, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet_sctp(0x2, 0x5, 0x84)
openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
socket$kcm(0x2, 0xa, 0x2)
socket(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8811}, 0x0)

1m47.15467584s ago: executing program 6 (id=3516):
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
syz_usbip_server_init(0x1)
close(r2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x5c, 0x2, 0x6, 0x5, 0x0, 0x0, {0x7}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x11}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffff}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x810}, 0x4084)
socket$netlink(0x10, 0x3, 0x6)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
io_setup(0x8, &(0x7f0000004200)=<r4=>0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
io_submit(r4, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0}])
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="4808000010001f"], 0x3}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000100)={0xbd05, 0x7, 0x10, 0xf, 0x800}, 0x14)
splice(r0, 0x0, r2, 0x0, 0x4ffe2, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = syz_open_dev$ndb(&(0x7f0000000100), 0x0, 0x104200)
ioctl$BLKROTATIONAL(r8, 0x127e, &(0x7f0000000180))
r9 = syz_io_uring_setup(0x2b9, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x400000, 0x0, r7}, &(0x7f0000000180)=<r10=>0x0, &(0x7f0000000080)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r6, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r9, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r12 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x1, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r12}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x20}}, {{0x6, 0x0, 0x6}, {0x6, 0x0, 0x0, 0xb}}, [@printk={@d, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}, {0x56}}], {{0x4, 0x1, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000780)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1m32.925115897s ago: executing program 5 (id=3568):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), 0xffffffffffffffff)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
close(r2)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)={0x54, r1, 0x1, 0x70bd29, 0xfffffffd, {}, [@WGDEVICE_A_PEERS={0x2c, 0x8, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "a50cbddd302403754c0804f434e432a1dbb8a3b71a10e284ddbed33c241ed20c"}]}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0x4840}, 0x40000)

1m32.684921917s ago: executing program 5 (id=3570):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x70, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xf, 0xf}, {}, {0x7, 0xd}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x40, 0x2, [@TCA_CGROUP_EMATCHES={0x3c, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x800, 0x7, 0x1}, {{0x0, 0x0, 0x1}, {0x3, 0x1, 0x1}}}}, @TCF_EM_CMP={0x18, 0x2, 0x0, 0x0, {{0xe85, 0x6e4, 0xc}, {0x4, 0x80000000, 0x3, 0x1, 0xf, 0x1}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6e4}}]}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8848}, 0x20004004)

1m32.447019601s ago: executing program 5 (id=3572):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x4)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="2e00000011008188040f80ec59acbc0413a1810141000000000100fffa0000000e000a000f00000002800200121f", 0x2e}], 0x1}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x1, 0x4, 0x7, 0x9}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000940)=@base={0xd, 0x3, 0x4, 0x7, 0x1, r1, 0x15b4}, 0x50)

1m32.115726355s ago: executing program 36 (id=3516):
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
syz_usbip_server_init(0x1)
close(r2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x5c, 0x2, 0x6, 0x5, 0x0, 0x0, {0x7}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x11}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffff}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x810}, 0x4084)
socket$netlink(0x10, 0x3, 0x6)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
io_setup(0x8, &(0x7f0000004200)=<r4=>0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
io_submit(r4, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0}])
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="4808000010001f"], 0x3}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000100)={0xbd05, 0x7, 0x10, 0xf, 0x800}, 0x14)
splice(r0, 0x0, r2, 0x0, 0x4ffe2, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = syz_open_dev$ndb(&(0x7f0000000100), 0x0, 0x104200)
ioctl$BLKROTATIONAL(r8, 0x127e, &(0x7f0000000180))
r9 = syz_io_uring_setup(0x2b9, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x400000, 0x0, r7}, &(0x7f0000000180)=<r10=>0x0, &(0x7f0000000080)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r6, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r9, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r12 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x1, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r12}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x20}}, {{0x6, 0x0, 0x6}, {0x6, 0x0, 0x0, 0xb}}, [@printk={@d, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}, {0x56}}], {{0x4, 0x1, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000780)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1m32.081880736s ago: executing program 5 (id=3577):
socket(0xa, 0x1, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6(0xa, 0x2, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet_sctp(0x2, 0x5, 0x84)
openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
socket$kcm(0x2, 0xa, 0x2)
socket(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={0x0, 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0)

1m31.887128991s ago: executing program 5 (id=3580):
listen(0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000140)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000280)=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x1}}, 0x20)
sched_setattr(0x0, &(0x7f00000003c0)={0x38, 0x5, 0x75, 0x8000, 0xda, 0x401, 0x8000, 0x5, 0xc8, 0xa}, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000ba1000/0x1000)=nil, 0x1000, 0x0, 0x4, 0x1c0000)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x5ff, 0x2000)
timer_create(0x0, 0x0, 0x0)
r3 = syz_io_uring_setup(0x10d, 0x0, 0x0, 0x0)
r4 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x3}, &(0x7f00000002c0)="5332e7ff37fa65722f3b70e0", 0xc, 0x0)
preadv(r3, 0x0, 0x0, 0x7, 0x8)
r5 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), 0x0, 0x0, 0xfffffffffffffffd)
r6 = add_key$user(&(0x7f0000006400), &(0x7f0000000340)={'syz', 0x3}, &(0x7f0000000680)="3e12d23d346cfdeb1716f738274bc1c03bee4423fa20837e6e86b86592e9be8351aabbd6e24f37d5095f839fa4a3507df4f7526f2440e7988da94ccd868dd8741d1e43eba0b67b516be14a8b51a75bfd611b2d7ae6a21d056c2c5116a416a76b0204dc55ea62d43c809e0ed6e56163fdab317afd5c34d614367e4425bb9a97e38b8beb84ef6d549eed5aaa86dbe646fc77a9b3df93199c796fa597f452bed6b6fbcc812df9be8e35d8d15086609c033a5d2a42d5dcb0d103098fa302c5b1", 0xbe, 0xfffffffffffffffe)
socket$nl_xfrm(0x10, 0x3, 0x6)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="78010000190001000000000010000000e000000100"/32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff0100000000000000000000000000000000000000000000000100000000000000000000000000000080000000000000000000000000000000000000008000000000010000c4000500ac1414aa000000000000000000000000000000003c00000000000000fe8000000000000000000000000000fd00000000000000000008000000000000000000007f000001000000000000000000000000000000002b00000000000000e00000010000000000000000000000000000800003010000000000000000000000000000fe8000000000000000000000000000aa000004d46c00000000000000e000000100000000"], 0x178}, 0x1, 0x0, 0x0, 0x20004014}, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r4, r5, r6}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'sha3-512-generic\x00'}})
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', 0x0})
pipe(&(0x7f0000000240)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
io_setup(0x8, &(0x7f0000000500)=<r11=>0x0)
io_submit(r11, 0x2, &(0x7f0000000300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r9, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r10, &(0x7f00000001c0)='m', 0x1}])
write$binfmt_aout(r10, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

1m30.067154909s ago: executing program 5 (id=3588):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_SPLIT(r3, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)={0x70, r4, 0x300, 0x70bd29, 0x25dfdbfb, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0xd}}, {0x8}}]}, 0x70}, 0x1, 0x0, 0x0, 0x20000000}, 0x1)
ioctl$int_in(r2, 0x5421, &(0x7f0000000080)=0x7)
setsockopt$sock_int(r2, 0x1, 0x10, &(0x7f0000000000)=0x2, 0x4)
connect$unix(r2, &(0x7f00000004c0)=@file={0x1, './file0\x00'}, 0x6e)
connect$unix(r2, &(0x7f0000000340)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f00000001c0)={0x6, 0x0, [{0xfe, 0x0, 0x10001}, {0x8b, 0x0, 0x4}, {0x943, 0x0, 0x3}, {0x90b, 0x0, 0x9}, {0xbfd, 0x0, 0x7}, {0xa41, 0x0, 0x5}]})
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x50, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x10001}]}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}]}, 0x50}}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x1c, 0x15, 0x301, 0x0, 0x0, {0xc}, [@typed={0x8, 0x4, 0x0, 0x0, @u32=0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc000}, 0x4000000)

1m18.011109102s ago: executing program 9 (id=3624):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0x3, 0x1, 0x8}, 0x20)
r1 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x800, 0x0, 0x3, 0x9}, 0x20) (fail_nth: 2)

1m16.371100169s ago: executing program 9 (id=3626):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x70, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0xf, 0xf}, {}, {0x7, 0xd}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x40, 0x2, [@TCA_CGROUP_EMATCHES={0x3c, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x800, 0x7, 0x1}, {{0x0, 0x0, 0x1}, {0x3, 0x1, 0x1}}}}, @TCF_EM_CMP={0x18, 0x2, 0x0, 0x0, {{0xe85, 0x6e4, 0xc}, {0x4, 0x80000000, 0x3, 0x1, 0xf, 0x1}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6e4}}]}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000006100)=@delchain={0x24, 0x65, 0x1, 0x70bd2e, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xffff, 0xc}, {}, {0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x8848}, 0x20004004)

1m16.143566105s ago: executing program 9 (id=3629):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$ttyS3(0xffffff9c, 0x0, 0x200600, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000280), 0xffff, 0x14f600)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8044}, 0x810)
write$binfmt_misc(r3, &(0x7f0000000040), 0xe09)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1800000040000703fcffffff00000100037c000004"], 0x18}, 0x1, 0x0, 0x0, 0x4008011}, 0xc000)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000002c0)={r3, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x21800, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@newtfilter={0x7c, 0x2c, 0xd27, 0x70bd1f, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0x4, 0xe}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x4c, 0x2, [@TCA_FLOWER_ACT={0x48, 0x3, [@m_bpf={0x44, 0x1, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1, 0x0, 0x4, 0x2, 0x1}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x8848}, 0x80)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3b)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
r10 = socket$kcm(0x21, 0x2, 0xa)
sendmsg$kcm(r10, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x4e24, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000001240)=ANY=[@ANYBLOB="10000000100100000100000024030000"], 0x10}, 0xc010)
close_range(r9, 0xffffffffffffffff, 0x0)

1m14.93944632s ago: executing program 37 (id=3588):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_SPLIT(r3, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)={0x70, r4, 0x300, 0x70bd29, 0x25dfdbfb, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0xd}}, {0x8}}]}, 0x70}, 0x1, 0x0, 0x0, 0x20000000}, 0x1)
ioctl$int_in(r2, 0x5421, &(0x7f0000000080)=0x7)
setsockopt$sock_int(r2, 0x1, 0x10, &(0x7f0000000000)=0x2, 0x4)
connect$unix(r2, &(0x7f00000004c0)=@file={0x1, './file0\x00'}, 0x6e)
connect$unix(r2, &(0x7f0000000340)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f00000001c0)={0x6, 0x0, [{0xfe, 0x0, 0x10001}, {0x8b, 0x0, 0x4}, {0x943, 0x0, 0x3}, {0x90b, 0x0, 0x9}, {0xbfd, 0x0, 0x7}, {0xa41, 0x0, 0x5}]})
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x50, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x10001}]}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}]}, 0x50}}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x1c, 0x15, 0x301, 0x0, 0x0, {0xc}, [@typed={0x8, 0x4, 0x0, 0x0, @u32=0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc000}, 0x4000000)

1m14.128686396s ago: executing program 9 (id=3635):
socket$packet(0x11, 0x2, 0x300)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan1\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f0000000140)={0x1d, r1}, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(ecb-aes-aesni)\x00'}, 0x58)
r3 = openat$pfkey(0xffffff9c, &(0x7f0000000200), 0x40440, 0x0)
ioctl$UFFDIO_WRITEPROTECT(r3, 0xc018aa06, &(0x7f0000000240)={{&(0x7f0000ffa000/0x4000)=nil, 0x4000}})
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000180)="10797fcd6cd957d2b903c6bf46b4abf3629ff075475e4bd6e43be1712bf8b4dc", 0x20)
r4 = accept4(r2, 0x0, 0x0, 0x80000)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f00000008c0)=[{0x6, 0x0, 0x0, 0x8}]})
socket$inet6(0x10, 0x4, 0x8)
close_range(r5, 0xffffffffffffffff, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r6, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff})
getpeername$packet(r7, &(0x7f0000000000)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r6, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r8, 0x2f000000}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)
sendmsg$NFQNL_MSG_VERDICT(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x14, 0x1, 0x3, 0x401, 0x0, 0x0, {0x3, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x2400c804}, 0x40800)
recvmmsg(r0, &(0x7f0000007140)=[{{0x0, 0x0, 0x0}, 0x6}], 0x1, 0x40010000, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$can_raw(0x1d, 0x3, 0x1)
close(0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r10, 0x8933, &(0x7f0000000180)={'vxcan0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r11, {0xb, 0x6}, {0x3, 0xfff9}, {0x2}}}, 0x24}}, 0x0)
r12 = openat$nvram(0xffffff9c, &(0x7f0000000000), 0x2000, 0x0)
setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r12, 0x110, 0x3)
ioctl$VIDIOC_SUBDEV_S_SELECTION(0xffffffffffffffff, 0xc040563e, &(0x7f00000002c0)={0x0, 0x0, 0x102, 0x6, {0x6, 0x3, 0x6, 0x7fffffff}})

1m13.619981838s ago: executing program 9 (id=3639):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x70, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0xf, 0xf}, {}, {0x7, 0xd}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x40, 0x2, [@TCA_CGROUP_EMATCHES={0x3c, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x800, 0x7, 0x1}, {{0x0, 0x0, 0x1}, {0x3, 0x1, 0x1}}}}, @TCF_EM_CMP={0x18, 0x2, 0x0, 0x0, {{0xe85, 0x6e4, 0xc}, {0x4, 0x80000000, 0x3, 0x1, 0xf, 0x1}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6e4}}]}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000006100)=@delchain={0x24, 0x65, 0x1, 0x70bd2e, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xffff, 0xc}, {}, {0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x8848}, 0x20004004)

1m13.273305088s ago: executing program 9 (id=3642):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c0000000206010800000000000000000000003f0500010006000000050005000200000005000400000000000900020073797a310020000013000300686173683a6e65742c6966616365"], 0x4c}}, 0xc0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003200)=@newsa={0x138, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@private2, {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000740)=@newsa={0x140, 0x1a, 0x1, 0xfffffffe, 0x100, {{@in=@multicast2, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x5, 0xa, 0x0, 0x20, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, {0xfe, 0x1000000000000192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffe, 0x3fc}, 0x80, 0x3505, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @XFRMA_SET_MARK={0x8, 0x1d, 0xfffffeff}]}, 0x140}}, 0x844)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
sched_setscheduler(0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
move_pages(0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, 0x0)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c0000000906030200000000000000000200ffff240007800c00018008000140e0000001140017006261746164765f736cb580655f0800000900020073797a310000000005000100"], 0x4c}}, 0x40c0080)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x3, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)

57.395730477s ago: executing program 38 (id=3642):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c0000000206010800000000000000000000003f0500010006000000050005000200000005000400000000000900020073797a310020000013000300686173683a6e65742c6966616365"], 0x4c}}, 0xc0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003200)=@newsa={0x138, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@private2, {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000740)=@newsa={0x140, 0x1a, 0x1, 0xfffffffe, 0x100, {{@in=@multicast2, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x5, 0xa, 0x0, 0x20, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, {0xfe, 0x1000000000000192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffe, 0x3fc}, 0x80, 0x3505, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @XFRMA_SET_MARK={0x8, 0x1d, 0xfffffeff}]}, 0x140}}, 0x844)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
sched_setscheduler(0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
move_pages(0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, 0x0)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c0000000906030200000000000000000200ffff240007800c00018008000140e0000001140017006261746164765f736cb580655f0800000900020073797a310000000005000100"], 0x4c}}, 0x40c0080)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x3, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)

27.67172985s ago: executing program 7 (id=3726):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000180)={0x7a2a, 0x9}, 0x8)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x4)
r2 = open(&(0x7f0000001340)='./file0\x00', 0x40000, 0x0)
flock(r2, 0x2)
r3 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0)
flock(r3, 0x2)
r4 = open(&(0x7f0000001300)='./file0\x00', 0x10000, 0x50)
flock(r4, 0x1)
flock(r4, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f0000000500)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
fcntl$setstatus(r1, 0x4, 0x42000)
read$FUSE(r1, &(0x7f00000040c0)={0x2020}, 0x2020)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x101001, 0x0)
r5 = openat$thread_pidfd(0xffffff9c, &(0x7f00000000c0), 0x2000, 0x0)
writev(r5, &(0x7f0000000000)=[{&(0x7f0000000200)="bd3ddd9ff0d7275750d70df21ba9bd2333c5de2af6e3b6fc066d0ce647913c2f5b42a9918fc0241f4cf80e1561d742bd39e183788318d4b175816882047d65491d0093c30c83ee4b2d26b9553755d2c759229982b70d7a885c420e05e0d2e491b3145fa85387365689f74281", 0x92}], 0x1)
r6 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
keyctl$read(0xb, r6, &(0x7f0000000300)=""/4092, 0xffc)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000540)='\x00', 0x1}], 0x1, 0x0, 0x0, 0x2804c0c4}, 0x0)
rseq(&(0x7f0000001080)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0)
r7 = open(&(0x7f00009e1000)='./file0\x00', 0x149040, 0x10)
fcntl$setlease(r7, 0x400, 0x0)
timer_create(0x0, 0x0, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
truncate(&(0x7f0000000080)='./file0\x00', 0x4)
fcntl$setlease(r7, 0x400, 0x2)

25.87197748s ago: executing program 7 (id=3732):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000500)="936f444a7f2888c08cf607eff9272a23e3a2fa6bbf418d4209aaa8fab7b7f51e0c97e11ef36c949259519651ab6a8ff77513f2178d7d20bb5a66fdbbfa773c79c988d028077d8238f1ca7895fd0bd8d174384351b1cfd23c1a48a5bc9fa27b288d1f2c", 0x63}], 0x1, 0x0, 0x90}, 0x80)
syz_mount_image$fuse(0x0, &(0x7f0000000600)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x9801)
move_mount(r0, &(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
syz_mount_image$fuse(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', 0x20220a0, &(0x7f0000000500)=ANY=[], 0x0, 0xffffffff, 0x0)

25.500580012s ago: executing program 7 (id=3735):
syz_emit_ethernet(0x31e, &(0x7f00000002c0)=ANY=[@ANYBLOB="0180c20000020180c200000086dd6000cd0402e83afffe800000000000000000000000000027ff02000000000000000000000000000186009078000c01000000000000000000020aa78c000005dc8080a2030003004003493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e0600000000000000dac15084dbaf736b41e5af050204010000050000000000260004000018fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979ac000088eea07d68423e90280409de1657275f716a2bf3915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978331d06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d2555142d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000000b17dcea468000000000054740a5d4901b0aeff04c0300f3c700000000a83b89483b1084743475671545e65eb2bce9ac946a3f0e2bc4000091394c02bcfbbb7d71138537d68e2d2c6393a9f3ccc4dc265095b3e9c206f3600e07b8a3e10000a3e1100000006f00ffc0ffff00000000600000ff0bc0fe000000000000000000000000d9a027440000000000000000000000065e14ccb44d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d2618559c563a923eb9e39dcf3f7f0ad4fa1372d3aaf7dfd2e3486f7047585bcb637bb11cec8223de06ae2e4ea5231497a2880469a9922a0cadf20f8f2901db633af642d43b2ce862301931d5dfefb1afefe8a3de498370d2b818f56b0630ff6d5c545fc8347afd1712edb3e413d80b08662900bf011cdbffd3541b5cb776175990cf13d5ecb52018333e3f01c4030968b50164b29eb3eaab355035b5e23e16173c7ef6c062a2452d79131cdc4e05580000"], 0x0)
r0 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f0000000080), 0x4)
sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x8, @mcast1, 0x3, 0xffffffff}, 0x80, &(0x7f0000001880)=[{&(0x7f0000000200)="f4000900062b2b25fe80000000000000dc8b850f238466cc00007a000000ad6f911b51430437121d", 0x28}], 0x1}, 0x20008060)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r2, 0x40806685, 0x0)
pipe(&(0x7f0000000500)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(r3)
ioctl$TUNSETSTEERINGEBPF(r2, 0x800454e0, &(0x7f0000000040)=r3)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)={0x34, r4, 0x1, 0x70bd25, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKINFO_PORT={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20009085}, 0x40040c0)
syz_open_dev$loop(&(0x7f0000000080), 0x47ffffd, 0x503000)

25.231331096s ago: executing program 7 (id=3736):
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0xa00, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x80c80, 0x0)
r7 = syz_open_procfs(0xffffffffffffffff, 0x0)
pread64(r7, &(0x7f0000001300)=""/4118, 0x1016, 0x0)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r7, 0x8982, &(0x7f00000000c0)={0x7, 'ip6_vti0\x00', {}, 0x2})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r7, 0x89f3, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000040)={0x0, <r8=>0x0})
ioctl$TIOCSPGRP(r7, 0x5410, &(0x7f00000000c0)=r8)
r9 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r10, 0x4138ae84, &(0x7f0000000100)={{0xeeef0000, 0xdddd1000, 0x0, 0x0, 0xff, 0x8, 0xa, 0x2, 0x0, 0x6, 0x80, 0x10}, {0x8080000, 0x0, 0xc, 0x6, 0x7c, 0x0, 0x0, 0x0, 0x7, 0x7, 0x0, 0xff}, {0x2fff, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xdc}, {0x4000, 0xeeee8000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4, 0x1}, {0xf000, 0x3000, 0x9, 0xfd, 0x0, 0x4, 0x20, 0xe, 0x0, 0x3c}, {0x3000, 0x0, 0xd, 0x7, 0x0, 0x0, 0x2, 0xfe, 0x0, 0x0, 0x82, 0x4}, {0x10000, 0x0, 0xf, 0x6, 0x5, 0x0, 0x3, 0x0, 0x4, 0x0, 0x0, 0xfe}, {0x80a0000, 0xdddd0000, 0x0, 0x1, 0x0, 0x1, 0x0, 0xa, 0x26, 0x0, 0xf8}, {0x80a0000, 0x4}, {0x6000}, 0xfdfcffdb, 0x0, 0x0, 0x28, 0xb, 0x0, 0x0, [0x0, 0x0, 0x1, 0x400000000]})
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_GET_SREGS2(r10, 0x8140aecc, &(0x7f0000001680))

23.298124116s ago: executing program 7 (id=3738):
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40182, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f00000001c0)={0x1000200001ee0000, 0x3})
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_ENUMAUDOUT(r2, 0xc0345642, &(0x7f0000000040)={0x0, "21a56b7ad1e74f1ff6c21e909eafafb31880decf0dc803bdc16a04d86c57f195", 0x1, 0x1})
r3 = socket(0x1e, 0x2, 0x0)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$FIONREAD(r4, 0x541b, 0x0)
socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x4000000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x1000000000, 0x7, 0xfa11, 0xffffffff}, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000480)=[@mss={0x2, 0x3}, @mss={0x2, 0xaf0}, @timestamp, @mss={0x2, 0x8}, @window={0x3, 0x8000, 0x81}, @sack_perm, @timestamp], 0x7)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
getdents(r7, 0x0, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="400000002e00090027bd700000000000040000002900118031f9e05e2f826cfc31dc2af824704f63dac994ce05030024e5479795b50d9015743a8b75c2000000"], 0x40}, 0x1, 0x0, 0x0, 0x42804}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

19.979108623s ago: executing program 7 (id=3748):
socket$inet6(0xa, 0x3, 0xff)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x5, 0xffffffff}, 0x0)
syz_open_dev$video(&(0x7f0000000140), 0x1d24, 0x23635de98487b93e)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={0x0, 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000240), 0xffffffffffffffff)
r4 = syz_open_dev$media(&(0x7f0000000040), 0x5, 0x141800)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r4, 0x80047c05, &(0x7f0000000100))
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB, @ANYRES8=r3], 0xd0}}, 0x0)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
shmget(0x3, 0x2000, 0x540020c4, &(0x7f0000002000/0x2000)=nil)
openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {0x7, 0x0, 0x3}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000824)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r8, &(0x7f0000000140)={0x0, 0x1fff, &(0x7f0000000100)={&(0x7f0000000200)={0x20, r9, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8}]}]}, 0x20}}, 0x0)
write$UHID_CREATE2(r6, 0x0, 0x118)

15.968693013s ago: executing program 0 (id=3757):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="170372362e0102030109022405b7879a10000904bc00029e02020000090582022000000003000000000000000000"], 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f00000029c0)={0x2c, &(0x7f0000000080)={0x20, 0x3, 0x2, '~K'}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000002640)={0x44, &(0x7f0000002400)=ANY=[@ANYBLOB="200ee285945aa202"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000a80)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)={0x40, 0xb, 0x2, "1800"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f00000027c0)={0x18, &(0x7f0000002600)=ANY=[@ANYBLOB="201814"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000440)={0x24, &(0x7f00000001c0)={0x0, 0x1, 0x2, "70fc"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000000)={'ip6_vti0\x00', &(0x7f00000000c0)={'syztnl2\x00', 0x0, 0x0, 0xc2, 0x14, 0x4, 0x72, @empty, @empty, 0x40, 0xff10, 0x0, 0x10000}})
socket$caif_stream(0x25, 0x1, 0x3)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r1, 0x4001af84, &(0x7f0000000200))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0xffffffffffffffff, 0x2, 0x0)
sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x1, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched_retired(r6, 0x0, 0x40881)
unshare(0x2c060000)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x4000, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x88, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x60, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x30, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x10}, @NFTA_BITWISE_XOR={0x4}, @NFTA_BITWISE_MASK={0x8, 0x4, 0x0, 0x1, [@NFTA_DATA_VALUE={0x4}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xfc}}, 0x2000810)
unshare(0x24020400)
unlink(&(0x7f00000000c0)='./cgroup/cgroup.procs\x00')
openat$userio(0xffffffffffffff9c, 0x0, 0x2002, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r6, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8)

12.425865802s ago: executing program 0 (id=3767):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x800000, 0x900, {0x0, 0x0, 0x0, 0x0, 0x32b, 0x3069e}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'bond0\x00'}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_ALL_SLAVES_ACTIVE={0x5, 0x11, 0x1}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

11.714681831s ago: executing program 0 (id=3770):
set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0x7)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
pipe(0x0)
socket$kcm(0x29, 0x5, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
syz_80211_inject_frame(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="5000000008021100000108021100ddff07021100"/31], 0x40)
r2 = socket$xdp(0x2c, 0x3, 0x0)
r3 = syz_io_uring_setup(0x838, &(0x7f00000000c0)={0x0, 0x1998, 0x400, 0x2000006, 0x3ce}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000009968810524711004f320102030109021b000100000000090400"], 0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x39a904175f124fbf})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)

8.943402786s ago: executing program 1 (id=3775):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f00000000c0)={0x1, 0x0, [{0x259, 0x0, 0x800000000}]})

8.391964372s ago: executing program 1 (id=3777):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xffffffff}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, 0x0, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$inet6(0xa, 0x1, 0x84)
sendto$inet6(r3, &(0x7f0000000000)="cc34", 0x2, 0x0, &(0x7f00000000c0)={0xa, 0xfffc, 0x27b6a97, @private2, 0x9}, 0x1c)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
read(r2, &(0x7f00000004c0)=""/205, 0xcd)
mq_timedsend(0xffffffffffffffff, 0x0, 0x2000, 0x400000000000005, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000000f14010000008000fedbdf250c00450072fd45006973736d"], 0x28}, 0x1, 0x0, 0x0, 0x4004011}, 0x0)
sendmsg$IPSET_CMD_CREATE(r4, 0x0, 0x20040804)
r6 = gettid()
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r7=>0x0})
bind$can_raw(0xffffffffffffffff, &(0x7f00000001c0)={0x1d, r7}, 0x10)
connect$can_bcm(0xffffffffffffffff, &(0x7f0000000440)={0x1d, r7}, 0x10)
process_vm_writev(r6, &(0x7f00000001c0)=[{&(0x7f00000005c0)=""/228, 0xe4}, {&(0x7f00000006c0)=""/4096, 0x1000}, {&(0x7f0000000140)=""/31, 0x1f}, {&(0x7f00000016c0)=""/230, 0xe6}, {&(0x7f0000001d40)=""/4096, 0x1000}, {&(0x7f0000000380)=""/156, 0x9c}, {&(0x7f0000002d40)=""/235, 0xeb}], 0x7, &(0x7f0000000480)=[{&(0x7f0000000240)=""/35, 0x23}, {&(0x7f0000002e40)=""/252, 0xfc}, {&(0x7f00000002c0)=""/59, 0x3b}, {&(0x7f0000002f40)=""/203, 0xcb}, {&(0x7f00000017c0)=""/134, 0x86}, {&(0x7f0000003040)=""/109, 0x6d}, {0x0}, {&(0x7f0000000300)=""/18, 0x12}], 0x8, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r8, 0x6, 0x19, &(0x7f0000000000)=0x600, 0x4)
connect$inet6(r8, &(0x7f0000000200)={0xa, 0x0, 0xfffffffc, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000340), 0x3)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="40010000", @ANYRES16=r10, @ANYBLOB="01000000000004000000010000002400030000000000000000000000000000000000000000000000000000000000000000001400020077673100000000000000000000000000f4000880"], 0x140}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmsg$WG_CMD_SET_DEVICE(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000030c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="01002dbd7000fadbdf2501000000140002007767310000000000000000000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5428a090000000000003d68c95f014c37bcac5d92db688f5295f9b5b05e1e5520040d9c59db4886312ff9082cfa68df5b05cb3375b067e24fedad43e9d96c41c3d134bc9d12288367b7c83684c3c87d10b2c55281c73b800f565c320bd644"], 0x4c}, 0x1, 0x0, 0x0, 0x20d0}, 0x44000)

7.31844669s ago: executing program 2 (id=3778):
socket(0xa, 0x1, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6(0xa, 0x2, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet_sctp(0x2, 0x5, 0x84)
openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
socket$kcm(0x2, 0xa, 0x2)
socket(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0)

7.247673522s ago: executing program 0 (id=3779):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@newqdisc={0x38, 0x24, 0xf1d, 0xffffffff, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x5}]}, 0x38}}, 0x0)
unshare(0x28000600)
r3 = fsopen(&(0x7f00000001c0)='mqueue\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x8e)
unshare(0x8000280)
mknodat$loop(r4, &(0x7f0000000140)='./file0\x00', 0x4, 0x1)
r5 = syz_usb_connect$lan78xx(0x5, 0x3f, &(0x7f0000000dc0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
syz_usb_control_io$lan78xx(r5, 0x0, &(0x7f0000001140)={0x1c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r5, 0x0, &(0x7f0000001540)={0x1c, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip6_mr_vif\x00')
pread64(r7, &(0x7f00000002c0)=""/78, 0x34, 0x3)
sendmsg$NFT_BATCH(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000058000000060a010400000000000000000100000008000b4000000000300004802c00018008000100636d7000200002800c00038005000100ac000000080001400100000f08000240000000030900010073797a30"], 0xcc}}, 0x0)
syz_usb_control_io$lan78xx(r5, 0x0, 0x0)
syz_usb_control_io$lan78xx(r5, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r5, 0x0, &(0x7f0000003f00)={0x44, &(0x7f0000003b00)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r5, 0x0, &(0x7f0000000540)={0x1c, &(0x7f0000000100)=ANY=[@ANYRES64=r6], 0x0, 0x0, 0x0, 0x0, 0x0})
r8 = socket(0x1, 0x2, 0x0)
syz_usb_control_io(r5, &(0x7f0000000500)={0x18, &(0x7f0000000180)={0x40, 0xc, 0x20, {0x20, 0xd, "81515d7cf6051939fc3cdc8c8d03b17a65ae3d37f12af5b017aae9389e53"}}, &(0x7f0000000240)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x2409}}, &(0x7f0000000580)={0x0, 0xf, 0x140, {0x5, 0xf, 0x140, 0x6, [@generic={0xe1, 0x10, 0x4, "51cbb6e5325f285820566182833df6c3f698c00a8212f17c6cb63933ba731c7efbcc0fa608e2e49372171b6d5b6224b2aa41e513dbc7b10dad325861ba6722f2380e2378e189987cb979aa5443bc4be6a795a8e9a0ecb4a7bfd6d51268d1366bca431f54a5f2551998459ba7a908171bb1e1edc0b13d902cbab4b1e36fc284fc9c6ae84ee06de253684180a0cc6eb4b75f2775e919a59e035f364afc640c103146fcbe00bc895c651561fc5f41ca76293de88239d75cbba4943c81a96f003aaaf0bdf0c7bf8dd4dc90ead220c26d4614daf6d4d219d75ca67074c55c1db7"}, @ssp_cap={0x10, 0x10, 0xa, 0x7, 0x1, 0x1, 0xf00, 0x3, [0xff000f]}, @ext_cap={0x7, 0x10, 0x2, 0xc, 0x8, 0x9, 0x8001}, @ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0xc, "b2fa2710b23cc6475e227468751cfeac"}, @generic={0x2c, 0x10, 0xb, "27dcc86e3fa3129bef6a97a39b8865cc5c60f2ef3e7ac92d440ad8034a44f19a2cf0358dc42ab30dea"}]}}, &(0x7f0000000280)={0x20, 0x29, 0xf, {0xf, 0x29, 0x5, 0x4, 0x4, 0x0, "8df8a270", "98589736"}}, &(0x7f00000004c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x5, 0x80, 0x2, 0x3, 0xd, 0x88, 0x3}}}, &(0x7f0000000b40)={0x44, &(0x7f0000000700)={0x20, 0x7, 0x4c, "8f13b85ae7d110321b1fd11a0df338349798cb33e7a39276219e50642a43e6feee10e1b118b9c59d2dc0a4708855c9337e267d8716eeb5e827150f63b8256a2c7cf68c07a41ac22953216732"}, &(0x7f0000000780)={0x0, 0xa, 0x1, 0x2}, &(0x7f00000007c0)={0x0, 0x8, 0x1}, &(0x7f0000000800)={0x20, 0x0, 0x4, {0x3}}, &(0x7f0000000840)={0x20, 0x0, 0x8, {0xc0, 0x41, [0xf0ff]}}, &(0x7f0000000880)={0x40, 0x7, 0x2, 0x7fff}, &(0x7f00000008c0)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000900)={0x40, 0xb, 0x2, "9b20"}, &(0x7f0000000940)={0x40, 0xf, 0x2, 0x4}, &(0x7f0000000980)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x36}}, &(0x7f00000009c0)={0x40, 0x17, 0x6, @multicast}, &(0x7f0000000a00)={0x40, 0x19, 0x2, 'ng'}, &(0x7f0000000a40)={0x40, 0x1a, 0x2, 0x9}, &(0x7f0000000a80)={0x40, 0x1c, 0x1, 0x9}, &(0x7f0000000ac0)={0x40, 0x1e, 0x1, 0x2}, &(0x7f0000000b00)={0x40, 0x21, 0x1, 0x9}})
bind$unix(r8, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000dc0)=[{{&(0x7f0000000380)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x1}}], 0x1, 0x0)
setsockopt$inet6_tcp_TLS_TX(r8, 0x6, 0x1, &(0x7f0000000080)=@gcm_128={{0x304}, "27893ce60adde72a", "be07f2c0d0f47c2909b3f965b11848ce", "5239bf4d", "10fc405425abce7b"}, 0x28)
r9 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r9, 0xc008561c, &(0x7f0000000080)={0xf0f02a, 0x17})
syz_usb_control_io$lan78xx(r5, 0x0, 0x0)

6.998573136s ago: executing program 2 (id=3781):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="0400000000008e00"/17], 0x8)
setsockopt$inet6_buf(r0, 0x29, 0x6, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000400)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = syz_io_uring_setup(0xcaf, &(0x7f0000000100)={0x0, 0xb601, 0x1, 0x5, 0x9c3}, &(0x7f00000001c0)=<r5=>0x0, &(0x7f00000000c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r3, 0x4000000c000000, &(0x7f0000000000), 0x0, 0x1e})
io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x7, 0x0, 0x0, 0x0, 0x5, 0xbc, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback=0x16}, 0x94)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETFB(0xffffffffffffffff, 0xc01c64ad, &(0x7f00000003c0))
ioctl$TIOCSWINSZ(0xffffffffffffffff, 0x5414, 0x0)
r7 = inotify_init1(0x800)
inotify_add_watch(r7, &(0x7f0000000080)='.\x00', 0x2000775)
r8 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x11012, r8, 0x0)
modify_ldt$write(0x1, 0x0, 0x0)
syz_clone(0x640c7400, 0x0, 0x0, 0x0, 0x0, 0x0)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r9, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r9, 0x3)

6.459326718s ago: executing program 1 (id=3783):
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40182, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f00000001c0)={0x1000200001ee0000, 0x3})
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_ENUMAUDOUT(r3, 0xc0345642, &(0x7f0000000040)={0x0, "21a56b7ad1e74f1ff6c21e909eafafb31880decf0dc803bdc16a04d86c57f195", 0x1, 0x1})
r4 = socket(0x1e, 0x2, 0x0)
r5 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$FIONREAD(r5, 0x541b, 0x0)
socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, 0x0, 0x0)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x4000000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x1000000000, 0x7, 0xfa11, 0xffffffff}, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, &(0x7f0000000480)=[@mss={0x2, 0x3}, @mss={0x2, 0xaf0}, @timestamp, @mss={0x2, 0x8}, @window={0x3, 0x8000, 0x81}, @sack_perm, @timestamp], 0x7)
r8 = syz_open_procfs(0x0, 0x0)
getdents(r8, &(0x7f0000001fc0)=""/184, 0xb8)
r9 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0)
move_mount(0xffffffffffffff9c, 0x0, r9, 0x0, 0x64)
mknodat$loop(r8, &(0x7f0000000000)='./file0\x00', 0x4, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="400000002e00090027bd700000000000040000002900118031f9e05e2f826cfc31dc2af824704f63dac994ce05030024e5479795b50d9015743a8b75c2000000"], 0x40}, 0x1, 0x0, 0x0, 0x42804}, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

6.380789391s ago: executing program 8 (id=3784):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x1}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0xe}, @NFTA_CT_KEY={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$kcm(0x2, 0x200000000000001, 0x106)
r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x0)
fchdir(r6)
r7 = open(&(0x7f0000000300)='./file1\x00', 0x14b042, 0xc4)
ftruncate(r7, 0x2007ffb)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
sendfile(r7, r7, 0x0, 0x1000000201005)
ftruncate(r7, 0x6)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r8, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10)
connect$inet(r8, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)

5.106692848s ago: executing program 8 (id=3785):
r0 = socket$kcm(0x29, 0x2, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x5ff)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)=@o_path={&(0x7f0000000040)='./file0\x00', 0x0, 0x2000}, 0x14)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000013c0), 0x2, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x4b301, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x42002, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x20000023892) (fail_nth: 10)

3.391795714s ago: executing program 39 (id=3748):
socket$inet6(0xa, 0x3, 0xff)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x5, 0xffffffff}, 0x0)
syz_open_dev$video(&(0x7f0000000140), 0x1d24, 0x23635de98487b93e)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={0x0, 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000240), 0xffffffffffffffff)
r4 = syz_open_dev$media(&(0x7f0000000040), 0x5, 0x141800)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r4, 0x80047c05, &(0x7f0000000100))
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB, @ANYRES8=r3], 0xd0}}, 0x0)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
shmget(0x3, 0x2000, 0x540020c4, &(0x7f0000002000/0x2000)=nil)
openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {0x7, 0x0, 0x3}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000824)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r8, &(0x7f0000000140)={0x0, 0x1fff, &(0x7f0000000100)={&(0x7f0000000200)={0x20, r9, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8}]}]}, 0x20}}, 0x0)
write$UHID_CREATE2(r6, 0x0, 0x118)

3.315156176s ago: executing program 2 (id=3787):
openat(0xffffffffffffff9c, &(0x7f000000c380)='\x00', 0x121540, 0xd1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x2401, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000c80)={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x6, 0x4, 0x0, 0x0, 0x349, 0x9, 0x8, 0x0, 0x3}, 0x0)
getsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000240)={@multicast2, @loopback}, &(0x7f0000000280)=0xc)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x262)
r5 = openat$autofs(0xffffff9c, &(0x7f00000001c0), 0x22002, 0x0)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r5, 0xc018937a, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x400c806, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10)
sendto$inet(r2, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000580)={0x0, @in6={{0xa, 0x4e21, 0x1f0268bc, @empty, 0x6}}, 0x0, 0x0, 0x3fc, 0x1, 0x32, 0xb}, 0x9c)
bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @remote}}, 0x104, 0x300, 0x0, 0x2, 0x11}, 0x9c)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x41)
ioctl$KVM_SET_CPUID2(r6, 0x4008ae90, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYRES16, @ANYRESDEC=0x0])
mount_setattr(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000100)={0x200001, 0x81, 0x100000}, 0x20)
syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00')

3.314581705s ago: executing program 8 (id=3788):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x14}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)={{0x14, 0x10, 0x1, 0x2000000}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x14}]}}}]}]}], {0x14}}, 0x78}}, 0x90)

2.989797291s ago: executing program 1 (id=3789):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket$netlink(0x10, 0x3, 0x0)
socket$alg(0x26, 0x5, 0x0)
r1 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r1, 0x0, 0x20, &(0x7f0000000740)={@initdev={0xac, 0x1e, 0x1, 0x0}, @loopback}, 0xc)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000180), 0x40040, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r4 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0, 0xffffffffffffffbd, 0x0, 0x2}, 0x8000)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)='X', 0x1, 0x0, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f00000001c0)={0x0, 0x501, 0x5}, 0x8)
r7 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$BLKTRACESETUP(r7, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x8, 0x530, 0xc, 0xfffffffffffffffd, 0xfffffffffffff21d})
ioctl$SG_BLKTRACETEARDOWN(r7, 0x1276, 0x20000000)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000003340)=[{{0x0, 0xfffffffffffffed1, &(0x7f0000000280)=[{&(0x7f0000000600)='4', 0x1}], 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="100000000105000001000000"], 0x10, 0x40}}], 0x1, 0x0)
close(0x3)
syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000000))
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r8, 0x0, 0x487, &(0x7f0000000000)={{0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e1f, 0x3, 'lc\x00', 0x4, 0x81, 0x5}, {@rand_addr=0x64010102, 0x4e26, 0x10003, 0xcb, 0x12d5c, 0x12d5c}}, 0x44)
getsockopt$IP6T_SO_GET_REVISION_MATCH(r3, 0x29, 0x44, &(0x7f0000000040)={'ipvs\x00'}, &(0x7f00000000c0)=0x1e)

2.913596241s ago: executing program 8 (id=3790):
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0xa00, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x80c80, 0x0)
r7 = syz_open_procfs(0xffffffffffffffff, 0x0)
pread64(r7, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r7, 0x8982, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r7, 0x89f3, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000040)={0x0, <r8=>0x0})
ioctl$TIOCSPGRP(r7, 0x5410, &(0x7f00000000c0)=r8)
r9 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r10, 0x4138ae84, &(0x7f0000000100)={{0xeeef0000, 0xdddd1000, 0x0, 0x0, 0xff, 0x8, 0xa, 0x2, 0x0, 0x6, 0x80, 0x10}, {0x8080000, 0x0, 0xc, 0x6, 0x7c, 0x0, 0x0, 0x0, 0x7, 0x7, 0x0, 0xff}, {0x2fff, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xdc}, {0x4000, 0xeeee8000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4, 0x1}, {0xf000, 0x3000, 0x9, 0xfd, 0x0, 0x4, 0x20, 0xe, 0x0, 0x3c}, {0x3000, 0x0, 0xd, 0x7, 0x0, 0x0, 0x2, 0xfe, 0x0, 0x0, 0x82, 0x4}, {0x10000, 0x0, 0xf, 0x6, 0x5, 0x0, 0x3, 0x0, 0x4, 0x0, 0x0, 0xfe}, {0x80a0000, 0xdddd0000, 0x0, 0x1, 0x0, 0x1, 0x0, 0xa, 0x26, 0x0, 0xf8}, {0x80a0000, 0x4}, {0x6000}, 0xfdfcffdb, 0x0, 0x0, 0x28, 0xb, 0x0, 0x0, [0x0, 0x0, 0x1, 0x400000000]})
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_GET_SREGS2(r10, 0x8140aecc, &(0x7f0000001680))

1.499711142s ago: executing program 0 (id=3791):
socket(0xa, 0x1, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6(0xa, 0x2, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet_sctp(0x2, 0x5, 0x84)
openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
socket$kcm(0x2, 0xa, 0x2)
socket(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0)

1.179271524s ago: executing program 1 (id=3792):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
keyctl$reject(0x13, 0x0, 0x99d8, 0x0, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0)
r4 = landlock_create_ruleset(&(0x7f00000000c0)={0xa019, 0x1, 0x3}, 0x18, 0x0)
landlock_restrict_self(r4, 0x0)
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r5, 0x2285, 0x0)
r6 = fcntl$dupfd(r5, 0x0, r5)
write$sndseq(r6, &(0x7f0000000480)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time={0x3, 0x10000}, {}, {}, @time=@time={0xa, 0x4}}], 0x38)
write$sndseq(r6, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2, 0xaa9]}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time={0x4, 0x1f91b19e}, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick=0x64, {}, {}, @raw8={"448cc880fe353ca0f2c2e953"}}, {0xfc, 0x0, 0x0, 0xfe, @time, {0xfe}, {}, @connect={{}, {0x0, 0xfc}}}], 0xc4)
read$snapshot(r6, 0x0, 0xffffffbf)
ioctl$SG_GET_PACK_ID(r6, 0x227c, &(0x7f0000000000))
r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_EVBIT(r7, 0x80111500, 0x3)
sendmsg$nl_route_sched(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x78, 0x2c, 0xd27, 0x70bd21, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x4, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x48, 0x2, [@TCA_FLOWER_ACT={0x44, 0x3, [@m_bpf={0x40, 0x1, 0x0, 0x0, {{0x8}, {0x18, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x3}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x78}, 0x1, 0x0, 0x0, 0x8848}, 0x4080)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000001300)=@newchain={0x1d38, 0x64, 0x300, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0xf, 0x3}, {0x9, 0xe}, {0x4, 0xfff3}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x1d08, 0x2, [@TCA_CGROUP_POLICE={0x10d8, 0x2, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x5, 0x8001, 0xa, 0x5, 0x956, 0x2, 0x10, 0xa, 0x80, 0xffff, 0x7, 0x9, 0xa4, 0x2, 0x4, 0x6, 0x8, 0x4, 0xfffffff8, 0x6, 0x2, 0x1f88, 0x7, 0xffffff80, 0x4, 0xc7b, 0x2, 0x24, 0x5, 0x2, 0x8, 0x2, 0x9, 0x1, 0x2, 0xf9f, 0x7815, 0x7, 0x4, 0x2, 0x1, 0x0, 0x7fffffff, 0x9, 0x3, 0x7fffffff, 0x7, 0x9, 0x81, 0x0, 0x1, 0xa72, 0x5, 0x40, 0x3, 0x1, 0x7, 0x2, 0x6, 0x7fce9a7a, 0x0, 0x80000000, 0x4, 0x4, 0x9, 0x7, 0x7, 0x4, 0x6, 0x6f, 0x200, 0x1, 0x5, 0x7, 0x0, 0x0, 0x8, 0x9, 0xfffffffe, 0xfffffffb, 0x3, 0x7, 0xfffffffc, 0x3, 0x1, 0x9, 0x10001, 0xb, 0xffff, 0x5, 0x2, 0x5, 0x0, 0x7, 0x1, 0x58, 0x4, 0x8, 0x3, 0x0, 0x538, 0x5, 0x0, 0x4, 0x5, 0x8, 0xba, 0x6, 0x7, 0x9, 0x3, 0x2, 0x2, 0xffffff81, 0x6, 0x7, 0x8, 0x3, 0x5a, 0x7fffffff, 0x4, 0x1, 0x7, 0x2, 0xfffffa1f, 0x5, 0xa, 0xf8d3, 0x2, 0x6d, 0x400, 0x1, 0x0, 0x8, 0x8, 0xffff, 0x100, 0x80000001, 0x80a, 0x40, 0x9, 0x6970eaf9, 0x0, 0xc9e, 0x3, 0xbbb6, 0x60000, 0x8, 0x2, 0x0, 0x3ff, 0x7fff, 0x9ff3, 0xffffd6cb, 0x0, 0x6, 0x2e, 0x9, 0x2724, 0xfffffe01, 0x7f000, 0x3ff, 0x1, 0x0, 0x7, 0x4, 0x3c, 0x0, 0x70, 0xfffffe01, 0xf65, 0xd, 0x9, 0xffffffff, 0x4, 0x7, 0x7, 0x1075, 0x8, 0xb, 0x1, 0x9, 0x93d, 0x0, 0x9, 0x8ea, 0x10000, 0x0, 0xb, 0xdd, 0xd43, 0x0, 0x9, 0x40, 0x7, 0x5, 0xdc2a, 0x36d8, 0x3, 0x7a41, 0x8, 0x10000, 0x9, 0x4, 0x10000, 0x8, 0xffff2caa, 0x6, 0x7, 0x2, 0x2, 0x6e, 0x6, 0x6, 0x8, 0x8, 0xcc, 0x2a, 0x7, 0x9, 0x6, 0x6, 0x8, 0x20, 0x9000, 0x4, 0x86, 0x9, 0x2, 0x1, 0x6, 0x4, 0x1, 0x1, 0x8, 0x10001, 0x0, 0x9, 0x9, 0x7, 0x7, 0x4, 0x2, 0x8, 0x1, 0x8ca4, 0xc, 0x7, 0x0, 0x3, 0x7, 0x848db486, 0x7, 0x9, 0x9, 0x10001]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xd, 0x5, 0x0, 0x2, 0x1, {0x1, 0x0, 0x0, 0x8c, 0x4, 0x6}, {0xa4, 0x1, 0x80, 0x2, 0x8}, 0x8, 0xc2700000, 0x7}}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x8d0b}, @TCA_POLICE_RATE={0x404, 0x2, [0x4, 0x6, 0x200, 0x7, 0xfffffffe, 0x9, 0xd, 0x6, 0x7, 0x7, 0x80000001, 0x2, 0x3, 0x1, 0x0, 0x13d, 0x0, 0xfffffffd, 0x10, 0x2, 0xd, 0x1, 0x8, 0xffffffff, 0x2, 0xbcf1, 0x1, 0x4, 0x8, 0x1, 0x8, 0x800, 0x1, 0x9671, 0x101, 0x81, 0x3, 0xffffff77, 0x4, 0x6, 0x4dca, 0x0, 0xff, 0x61f, 0xffffff01, 0x0, 0x8, 0x2, 0xff, 0x2, 0x46, 0x7, 0x9, 0x5, 0x3, 0x9, 0x6, 0x8, 0x200, 0x3, 0x4, 0x7, 0x80, 0x1, 0x8001, 0x5, 0x6, 0x1, 0x0, 0x3, 0x81, 0x5, 0x8000, 0x8, 0xa5f3, 0xfc64, 0x3ff, 0x1, 0x2, 0xb8dc, 0x800, 0x4, 0x3, 0x3, 0xd24c, 0xffffffff, 0xb, 0x1, 0x8, 0x6, 0x1, 0x3, 0x80, 0x3, 0xffffffcd, 0x1, 0x2, 0x7960c829, 0x1, 0x4, 0x9, 0x6, 0x5, 0x10, 0x101, 0xfffffff8, 0x8, 0xc9d, 0xa8, 0x2, 0x1, 0x6, 0x4750, 0xfffffff9, 0x3713, 0x7, 0x7, 0x0, 0x2, 0x720000, 0x4, 0x6, 0xf, 0xf, 0x2, 0x7, 0xa, 0xef, 0xff, 0x8, 0x1, 0x3, 0x3, 0x1, 0x4, 0xfffffe00, 0x3, 0x8, 0x101, 0x81, 0x4, 0x6, 0xd57e, 0x1, 0x0, 0x6, 0x80, 0x9dc, 0x4, 0x100, 0xfffff000, 0x2, 0x6, 0x10000, 0x6, 0x0, 0xf5, 0x8, 0x2, 0x2, 0x3, 0x0, 0x420e, 0xfffffff8, 0x7fff, 0x1, 0x3, 0x4, 0x6, 0x0, 0x7, 0x7, 0x2, 0x1e, 0x7, 0x717c, 0xf74, 0xbaaf, 0x5, 0x5, 0x9, 0x3, 0x3ff, 0x9, 0xfffffff9, 0xb8a, 0x1, 0x4, 0x401, 0x5, 0x4, 0xfd25, 0xfffffff7, 0x8, 0xfffffff8, 0x40, 0x5, 0x7fff, 0x0, 0x4, 0x7, 0x0, 0xff, 0x4daf, 0xfffffffb, 0x3, 0x3, 0xc0, 0x8, 0x9, 0x8, 0x4, 0x2, 0x8, 0xc, 0x4, 0x5, 0x3, 0x6, 0xba1, 0x9, 0x5, 0x8, 0x6, 0x14000, 0xb, 0x3, 0x1, 0xacb7, 0x19, 0xffff0001, 0x1, 0x1a08, 0x400, 0x6, 0x7, 0x3, 0x2, 0x4, 0x7, 0x0, 0x7, 0x7, 0xc38a, 0x9, 0x1, 0x8, 0xffffffff, 0x7, 0x7, 0x2, 0x80000000, 0x6, 0x58d, 0x39dd, 0x9]}, @TCA_POLICE_RATE={0x404, 0x2, [0x3, 0x62, 0x0, 0xfff, 0x40000000, 0xf33, 0xda, 0xfffffff8, 0x3, 0x7fff, 0x5cf6, 0x6, 0x8, 0x0, 0x9, 0xe50, 0xc, 0x8, 0x2b, 0x5af, 0x7fff, 0x4, 0xfb1, 0x8, 0x1, 0x3, 0x6, 0x200, 0x6, 0x8e, 0xfff, 0x8, 0x3, 0x7fff, 0x3, 0xfffffffa, 0x6, 0x400, 0x6, 0x5, 0xff, 0x0, 0x1aa, 0x5, 0x5, 0x7fd, 0xffffffff, 0x937f, 0x0, 0x58, 0x98, 0x80000000, 0x7, 0x5, 0xff, 0xd0, 0x6, 0x5, 0x6, 0x5, 0x9, 0x5, 0x85b5, 0xfe69, 0x6, 0x8, 0xa6, 0x67, 0x40, 0x0, 0x10, 0x2, 0x7, 0x1, 0x7, 0x3, 0x2, 0x3, 0x1000, 0x6, 0x15, 0x80, 0x1, 0x7, 0x43a, 0x1b, 0x7, 0x8, 0xffffffff, 0xc, 0x0, 0xe, 0x9, 0xffff, 0x3, 0xf, 0x3, 0x8, 0x10, 0x5, 0x2, 0x4, 0x1a43, 0x6, 0x4, 0x328, 0x0, 0xb3, 0x8, 0x1000, 0x4d3, 0x400, 0x3, 0x6, 0x183, 0xfffff001, 0x4, 0x400, 0x4, 0x4, 0x3ff, 0x1, 0xd, 0xff, 0xe, 0x7ef363e6, 0x6, 0x9, 0x0, 0xe, 0x9, 0x25c2, 0x5, 0x5, 0x1000, 0x7, 0x3, 0x1000, 0x5, 0x4, 0xb3, 0x9d3b, 0x7f, 0x8, 0x1, 0x3, 0x1, 0x7ff, 0x4, 0x7, 0xff, 0x4, 0x7fffffff, 0x1ff, 0x9, 0x7, 0xffffd782, 0x8, 0x4, 0x7, 0x1, 0x400, 0x4, 0x288c, 0x3, 0x5, 0x5ea096f8, 0x7ff, 0x7fffffff, 0x9, 0xb6e5, 0xba73, 0x200, 0x9, 0x1, 0x14e9, 0x2, 0x7, 0xcdc0, 0x9, 0xff, 0x81, 0x8, 0x1ff, 0x0, 0x101, 0x9, 0xf, 0x1000000, 0xbdff, 0xffff, 0x4, 0x7fff, 0x0, 0x2, 0xcfb, 0x8, 0x8, 0x5c, 0x5, 0x8, 0x5, 0x3, 0x4, 0xffffffff, 0x8, 0x3, 0x1, 0x40, 0x70ee6e5f, 0xb, 0x4, 0xb4d4, 0x2, 0x7, 0x6, 0x2, 0x80000001, 0xfff, 0x81, 0x8, 0x6, 0x56, 0x4, 0x4, 0xec, 0x3d8f, 0x0, 0x2, 0x6, 0x8, 0x400, 0x2, 0x1, 0x3, 0x80, 0x0, 0x5, 0x3, 0x28, 0x7, 0x9, 0x5, 0x0, 0x6, 0x4, 0xd, 0x0, 0x3, 0x1, 0x3, 0x40000000, 0xfffffffb, 0xfffffeff, 0x1000, 0x3]}, @TCA_POLICE_RATE={0x404, 0x2, [0x6, 0x6, 0x100, 0x9, 0x4, 0x2bf4, 0xffffffff, 0x4, 0x8, 0x3, 0x7, 0x5, 0xfff, 0x3, 0x27, 0x4, 0x7, 0xfff, 0x4, 0x101, 0x6ea, 0x4, 0x1, 0x6, 0x5, 0xc, 0x0, 0x10, 0xf5c, 0xd96, 0x6, 0x1, 0x0, 0x2, 0x8000, 0x40, 0x100, 0xfffffffa, 0x3, 0xffffff0e, 0x1, 0x0, 0x3, 0x7, 0x401, 0x400, 0x8, 0x9, 0xfffffff0, 0x8, 0x1, 0xfffffff8, 0x1, 0x5, 0x5, 0x6, 0x1, 0x5, 0x8, 0x18, 0x2, 0xa, 0x8000, 0xffff8001, 0x1, 0xc6, 0x9, 0x2, 0x1, 0xfffffffb, 0x8, 0x2, 0x9, 0x4, 0x726, 0x9, 0x5, 0x2, 0x6, 0x3, 0x7f, 0x8, 0x0, 0x2, 0x8001, 0x566, 0x5, 0x5, 0x1, 0x3ff00000, 0x226, 0x0, 0x100, 0x7, 0x7, 0x2, 0x1c482b93, 0x31, 0x9e2b, 0x4, 0x7, 0xcd, 0xa, 0x1, 0x18, 0x401, 0x101, 0x400, 0x2, 0x1, 0x137, 0x8, 0x5, 0x7b93f02e, 0x800, 0x6, 0x7, 0xfffffff9, 0xc, 0x4, 0xfffffbff, 0x9, 0x8, 0x3, 0x8, 0x2, 0x3, 0x6, 0x3, 0x8, 0x9, 0x2, 0x6, 0xa00, 0x401, 0x1, 0x2, 0x0, 0x0, 0x2, 0x8, 0x22, 0x7, 0xf, 0x0, 0xfffffffd, 0x5, 0xb852, 0xffff0ff9, 0x3ff, 0x1, 0x10, 0x3, 0x4, 0x1, 0xd, 0x6, 0x401, 0x3, 0x10001, 0x78d1, 0x1, 0xb25, 0x43a2, 0x7fff, 0xfffffff9, 0xffffffff, 0x2, 0xa7, 0xfffffff6, 0x7, 0x77f7, 0x2, 0x10001, 0x4, 0x0, 0x3, 0x8, 0x7ff, 0x6, 0x2, 0x1, 0x2, 0x8, 0x4, 0x7fff, 0x7, 0x7, 0x3, 0x9, 0x4, 0x8001, 0xffffff0c, 0xd7af, 0x113, 0x4, 0x5, 0xbe97, 0x200, 0x7, 0xe, 0x6, 0x7, 0x7fff, 0x8, 0x10001, 0x11, 0xaa7, 0x4, 0x4, 0x7, 0x1, 0x3, 0x0, 0x2, 0x7, 0xf7, 0x5, 0x8, 0x780, 0x10, 0x0, 0x8f9, 0x8, 0x401, 0x8, 0x2, 0x4, 0x1ff, 0x1000, 0x6, 0x80000000, 0x7f, 0x800, 0x7fffffff, 0x2, 0xffff, 0x2, 0x0, 0x5, 0xfffffffc, 0xff, 0x401, 0x9300, 0x4, 0x3, 0x1, 0x1, 0x8, 0x4bc, 0x4, 0x5, 0x7ff, 0x8, 0x1, 0x401]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x6, 0x4, 0xf19f, 0x80, 0x7, {0x9, 0x1, 0xcb, 0x8000, 0x0, 0x7}, {0x4, 0x2, 0x95, 0xfa7f, 0x200, 0x80000000}, 0x4, 0x1, 0x3}}, @TCA_POLICE_TBF={0x3c, 0x1, {0x2, 0x6, 0x3, 0x7, 0x18, {0x1, 0x1, 0x3, 0x9, 0x59fd, 0x4}, {0x4, 0x0, 0x3, 0x500, 0x6, 0xe49}, 0x1, 0x4, 0x101}}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x8}]}, @TCA_CGROUP_POLICE={0x818, 0x2, [@TCA_POLICE_RATE={0x404, 0x2, [0x5, 0x5, 0xf91, 0x6, 0xffffff01, 0xb331, 0x8, 0x1, 0x6, 0x0, 0xf, 0xfbbc, 0x5, 0x5, 0x8, 0x6, 0x7fffffff, 0x2, 0x8, 0x3, 0x6db, 0x2, 0x4, 0x3, 0xdc0, 0x0, 0x0, 0x5, 0x401, 0xe12f, 0x4, 0x0, 0x7, 0x1, 0x800, 0x5, 0x0, 0xa, 0x9, 0xa, 0x4, 0x80000000, 0x7ff, 0x9, 0x0, 0x9, 0x5, 0x2, 0x1, 0x5, 0xfffffff7, 0xf, 0x40, 0xfffffff9, 0x4, 0x4, 0x8, 0x3e1, 0x6, 0x0, 0xf, 0x5, 0xe, 0x62, 0x9, 0x3, 0x101, 0x7db7, 0x1, 0x0, 0x4, 0xcef, 0x7fffffff, 0x1, 0x101, 0x9, 0x80000000, 0x9, 0x0, 0x2, 0x7, 0x6, 0x9, 0x0, 0x5, 0xb, 0x20d, 0x3, 0x4, 0x42406b8a, 0x6, 0x2, 0x19, 0x8, 0x6d, 0x8, 0xfffffff8, 0x7, 0x10001, 0x8, 0x3, 0x4, 0x8, 0x6, 0xe8, 0x10001, 0xfffffffa, 0x3ff, 0xe, 0x3, 0x5, 0x7, 0xffff8000, 0x0, 0x200, 0x9, 0x9, 0x5, 0x7f, 0x800, 0x2, 0x2, 0x4, 0x2, 0x6, 0xfffffff9, 0x1, 0x4, 0x4, 0x80, 0x3941, 0x7, 0x2, 0x3, 0x8b, 0xfa, 0x8, 0x8, 0x9, 0xc0000000, 0x2, 0x1, 0x100, 0x5, 0xf5f1, 0x7fffffff, 0x3, 0xffff, 0x9, 0x753, 0x8, 0x3b13, 0x4, 0x0, 0xfffffbff, 0x1, 0x6, 0x9, 0x4000, 0x9, 0x48, 0xc8c, 0x5131, 0x6, 0x2, 0x10001, 0xffffffff, 0x0, 0xbf, 0x9, 0x1, 0xec8, 0xff, 0x10001, 0x5, 0x3, 0x1, 0x5b2a5c7b, 0x4, 0x2, 0xff43, 0x0, 0x7f, 0x4cd, 0x8, 0x9, 0xf, 0x5, 0x2, 0x1ff, 0x7, 0x8, 0x5, 0xc4a0, 0xfffffffe, 0x524bdbce, 0x3, 0xfff, 0x6, 0x400, 0x80, 0x903, 0x9, 0x3, 0x1, 0x7f, 0xd0, 0x1, 0x7, 0x3, 0x8, 0xfffffff7, 0x8, 0x4, 0x2, 0x7f000000, 0x401, 0x5, 0x1ff, 0xeb2e, 0x8, 0x3, 0x8, 0xd, 0x0, 0x4a2, 0x1000, 0x407d150f, 0x9364, 0x7fffffff, 0x101, 0x6, 0x670c, 0x5, 0x6, 0xc93, 0x2, 0x8, 0x6, 0xd, 0x5, 0x0, 0x1, 0xfffffffd, 0x6, 0x7, 0x101, 0x7fff, 0x7fff, 0x0, 0x2, 0x1, 0x4, 0x4, 0x0, 0x66fb2d6e]}, @TCA_POLICE_RATE64={0xc, 0x8, 0x6}, @TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x800, 0x10000, 0x0, 0x8, 0x1, 0x4, 0x9, 0x401, 0x40, 0x7, 0x0, 0x3, 0x1, 0x1, 0x296dfc0d, 0x8, 0x7743, 0x0, 0x101, 0x1, 0x4, 0x3, 0x800, 0x8, 0xff, 0x186, 0x6, 0x0, 0x3, 0x3, 0x6, 0x2, 0x3, 0x1, 0x5, 0x9, 0x7fff, 0xe, 0xf768, 0x2, 0x9, 0x7, 0xe55, 0xffff, 0x31b, 0x9, 0x1, 0x6, 0x1, 0x9, 0x8, 0x5, 0x79c, 0x81, 0x2, 0x1, 0x9, 0x2, 0x0, 0x1, 0x1, 0x0, 0x1000, 0x0, 0x2, 0x2, 0x1, 0x1, 0xfffffff3, 0x5, 0x3, 0x8, 0x6, 0xe4fa, 0x1000, 0x10000, 0xfffffff7, 0xfffffffa, 0x1, 0x1, 0x0, 0xb, 0x10, 0x8001, 0x0, 0x0, 0x5, 0x4, 0xc, 0x7, 0x1, 0x6, 0x2, 0xffffff93, 0x100, 0xfff, 0x1, 0xff, 0x3, 0x4, 0x7, 0x0, 0xffffffff, 0x41, 0x3b, 0x7, 0x9, 0x7, 0xfffffff7, 0x1, 0x1, 0x9, 0xffffa8f5, 0x0, 0x6, 0x5464, 0x0, 0x200, 0x3, 0x1, 0x80, 0xffffffff, 0x6, 0x1, 0xb75, 0x70d5, 0x6, 0x2, 0x65cd, 0x4, 0x8, 0xfffffffc, 0x4, 0x4, 0x3, 0x401, 0x3, 0x5, 0x9f9f, 0x1, 0x2, 0xa870, 0x5, 0xfd2b, 0x1, 0x100, 0x101, 0x1, 0xffff9169, 0x5, 0x1, 0xffffff01, 0x0, 0x7, 0xfffffff8, 0x5, 0x3, 0x4, 0x200, 0x1, 0x1000, 0x37, 0x1, 0x8, 0x5, 0x8, 0x7, 0x648f, 0x6, 0xfffffffc, 0x1, 0x9b3, 0x47b2, 0x5, 0x0, 0xb0, 0x7f, 0x2, 0x6, 0x6, 0x8, 0x2, 0x4, 0x8, 0x6e, 0x4, 0x2af, 0x40, 0x3, 0x2, 0x1, 0xf0, 0xb53, 0x2, 0x5, 0xff, 0x2, 0x8, 0x4, 0x2, 0x1, 0x0, 0xfffff5b9, 0xfff, 0x7, 0x8, 0x7ff, 0x3, 0x80000000, 0xfffffff9, 0x1, 0x800, 0xfffffff0, 0x0, 0xffffffff, 0x4, 0xef, 0x2, 0x2, 0x8ab, 0xe, 0x9, 0xb, 0x0, 0x3b6, 0x7, 0x7, 0x0, 0x6, 0x2, 0x1, 0x15, 0x2, 0x9, 0x7, 0x6, 0x2, 0x6, 0x0, 0x0, 0x6, 0x8, 0x5, 0x6, 0x4, 0x6, 0x100, 0x0, 0x1, 0x101, 0x0, 0x0, 0xffffffff, 0x328, 0xfffffffd]}]}, @TCA_CGROUP_ACT={0x414, 0x1, [@m_gact={0x170, 0xb, 0x0, 0x0, {{0x9}, {0x58, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x0, 0x2a2, 0x1}}, @TCA_GACT_PARMS={0x18, 0x2, {0x1000, 0x332cfef5, 0x20000000, 0x7, 0x5}}, @TCA_GACT_PARMS={0x18, 0x2, {0x7f, 0x8, 0xffffffffffffffff, 0x8, 0x721}}, @TCA_GACT_PARMS={0x18, 0x2, {0x1, 0x3, 0x3, 0x1000, 0x81}}]}, {0xf0, 0x6, "c2e2383fdcca70e974dfb6f1bf3481befa39d574ac1ab6da93099729ec8c8d3e88473293a6d83d6126b85a0eed15e54ca06ff5f9d2d89d501fe2aa07fe5e320c1bdc4f4f6bc2cf4c8b129641ef5d36fd8999bdfdfc0a5b248c294782d75f838495ca7d4d1195efaea81b9ca513c76af67c5078f0e838b3e72008e8ed94851e5da5b6c2feda5ffe2facb89e9107be9c91449d58c2a7f20bc11eebe86d3826e6cf5cc2a5897020b69855987012f9bffafc9e8309df5915383e10d3c507378c47803447e9123d5a2198a152c3009f4341149c67adadeedc8cb7eccccc24c30136a9c7ef0b68f044b8cfc4ee81fd"}, {0xc}, {0xc, 0x8, {0x1, 0x208bfe7b479cf722}}}}, @m_bpf={0xa4, 0x4, 0x0, 0x0, {{0x8}, {0x34, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}, @TCA_ACT_BPF_FD={0x8, 0x5, r2}, @TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x8}, @TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x6}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}]}, {0x4a, 0x6, "c799ee1c3f7d499a388cd755a17f9d692c57b134f23edba803d98cedddf0a6b96b86cc1f57352b5a487e8e22506f4b0b46a67317d6e247baacabc88b2aa3d66ad829abeef8d4"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_nat={0x1fc, 0x4, 0x0, 0x0, {{0x8}, {0xf4, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x6, 0x3, 0x1, 0x8, 0xff}, @rand_addr=0x64010101, @broadcast, 0x0, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x2, 0x10001, 0x6, 0x71, 0xad}, @empty, @multicast1, 0xffffffff, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x9, 0x6, 0x6, 0x9}, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, 0x0, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x1, 0x6, 0x5, 0x64ec, 0x8}, @multicast1, @broadcast, 0x0, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x4, 0x2, 0x4f, 0x3}, @multicast1, @rand_addr=0x64010102}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x40, 0x0, 0x2, 0x7f, 0x5}, @private=0xa010102, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xff000000, 0x1}}]}, {0xe1, 0x6, "fc0d201d2831fbdcd3ed1efc4157b71b27be7eb7821eb6f966c923a89306c685da9312bd6ae97f253ed093c3e100d28106f45f707019a405e22760a1ea0d676abae14372182749328e30a8b5680ae2cc2218c16eea14dfe85a85a70ef156b7388a5f7ac724be81281557890409d2e00c1f073b4488e9a9d0975992414184616ccd7e555778e3088da1263f806803947e3e36878478d4d61ca871d9ebc59488026e2f8054f799c982c96fa7bcdb8ef1eb0c1e9271a56a434940b7fa6b8baa1994c80a5686194139fc581121d475ff29154d0d4415abf2c92a59c2a31bcc"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}]}]}}]}, 0x1d38}, 0x1, 0x0, 0x0, 0x4001}, 0x4000)

1.137073198s ago: executing program 2 (id=3793):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
listen(r0, 0x2)
socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
socket$inet6_sctp(0xa, 0x1, 0x84)
memfd_create(&(0x7f0000000540)='\x02A\xbb\xcc\x96\x0eo\x1f\xe2@\xcc\xb1Yg\x00\x00\x00\x00\x00\x00', 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_setup(0x78b7, &(0x7f0000000300)={0x0, 0xad81, 0x400, 0xffffffff, 0x3dc})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000200)={0x1, &(0x7f0000000500)=[{0x6, 0x4, 0x40, 0x7fff0000}]})
socket$inet(0x2, 0x4000000000000001, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
epoll_create1(0x80000)
socket$inet_tcp(0x2, 0x1, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000200), 0x2, 0x9}}, 0x20)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
writev(r3, &(0x7f0000000000)=[{&(0x7f0000000080)}, {&(0x7f0000000100)="16000000246837f73199aee6fdb9291b3091ec1a2d41d227975ad8ec309d59191b00867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0xff}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83", 0x801}], 0x3)

766.990687ms ago: executing program 1 (id=3794):
socket$l2tp6(0xa, 0x2, 0x73)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0)
close(r1)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0xfffffffffffffffd, 0x6, 0xfa11, 0xffffffff}, 0x0)
sched_getattr(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
r4 = socket$kcm(0x10, 0x400000002, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
write$cgroup_subtree(r4, &(0x7f00000003c0)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33)
recvmsg(r4, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000400)='net/softnet_stat\x00')
lseek(r5, 0x0, 0x4)
r6 = syz_open_procfs(0x0, &(0x7f0000000080)='net/netlink\x00')
pread64(r6, &(0x7f0000000100)=""/253, 0xfd, 0xadc)
setns(r6, 0x80)
r7 = openat$zero(0xffffffffffffff9c, &(0x7f0000000340), 0xd2043, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000300)={0x4a, 0x2, 0x1, "444900d730fae90100000004000000062ff697b900", 0x3234564e})
sendfile(0xffffffffffffffff, r7, 0x0, 0x5)
unshare(0x24060400)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'batadv0\x00', &(0x7f0000000380)=@ethtool_perm_addr={0x20, 0x18, "3ac0585e494a37ab0a084ebed325205583dc8e68cec54840"}})
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10, 0x0, 0x0)

695.458644ms ago: executing program 0 (id=3795):
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40182, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f00000001c0)={0x1000200001ee0000, 0x3})
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_ENUMAUDOUT(r2, 0xc0345642, &(0x7f0000000040)={0x0, "21a56b7ad1e74f1ff6c21e909eafafb31880decf0dc803bdc16a04d86c57f195", 0x1, 0x1})
r3 = socket(0x1e, 0x2, 0x0)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$FIONREAD(r4, 0x541b, 0x0)
socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x4000000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x1000000000, 0x7, 0xfa11, 0xffffffff}, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000480)=[@mss={0x2, 0x3}, @mss={0x2, 0xaf0}, @timestamp, @mss={0x2, 0x8}, @window={0x3, 0x8000, 0x81}, @sack_perm, @timestamp], 0x7)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
getdents(r7, 0x0, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="400000002e00090027bd700000000000040000002900118031f9e05e2f826cfc31dc2af824704f63dac994ce05030024e5479795b50d9015743a8b75c2000000"], 0x40}, 0x1, 0x0, 0x0, 0x42804}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

629.977356ms ago: executing program 2 (id=3796):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'bridge0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0xa)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f00000000c0)={r1, 0x1, 0x6, @local}, 0x10)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r2, 0x8983, &(0x7f00000002c0))
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
r5 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r5, 0x40045532, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x11, &(0x7f0000000040)=0x5, 0x4)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x218, 0x90, 0x11, 0x148, 0x0, 0x0, 0x184, 0x2a8, 0x2a8, 0x184, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0x90}, @unspec=@TRACE={0x20}}, {{@ip={@initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0xffffffff, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xcc, 0xf4, 0x0, {}, [@common=@ttl={{0x24}, {0x3, 0xb}}, @common=@unspec=@quota={{0x38}, {0x0, 0x0, 0x0, {0x40}}}]}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x3, 0x6, 0x2}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x274)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r2)
sendmsg$NL80211_CMD_NOTIFY_RADAR(r2, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20280000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x58, r7, 0x800, 0x70bd26, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x101, 0x46}}}}, [@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x359}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x6}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xffffffc0}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x5}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x2}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x72c9}]}, 0x58}}, 0x40)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000c80)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000001200)={0x0, 0xfe98, &(0x7f0000000000)={&(0x7f0000000680)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x18, 0x10, 0x3}, @TCA_FQ_FLOW_MAX_RATE={0x2, 0x2, 0x8000000}, @TCA_FQ_FLOW_MAX_RATE={0xfffffffffffffd87, 0x7, 0x3}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x38, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14615}, [@IFLA_MASTER={0x8, 0xa, r8}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4001}, 0x4004000)
setsockopt$inet6_mreq(r4, 0x29, 0x1c, &(0x7f0000000140)={@ipv4={'\x00', '\xff\xff', @remote}, r1}, 0x14)

621.827528ms ago: executing program 8 (id=3797):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x20000014})
openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
memfd_create(0x0, 0x0)
pselect6(0x40, &(0x7f0000000080)={0x5, 0xffffffff, 0x100000000000, 0x2, 0x500, 0x7, 0x1000001000, 0x49}, 0x0, &(0x7f0000000180)={0x3fe, 0x7, 0x0, 0x9, 0x86, 0x800, 0x80000002}, 0x0, 0x0)

240.981073ms ago: executing program 8 (id=3798):
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40182, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f00000001c0)={0x1000200001ee0000, 0x3})
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_ENUMAUDOUT(r2, 0xc0345642, &(0x7f0000000040)={0x0, "21a56b7ad1e74f1ff6c21e909eafafb31880decf0dc803bdc16a04d86c57f195", 0x1, 0x1})
r3 = socket(0x1e, 0x2, 0x0)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$FIONREAD(r4, 0x541b, 0x0)
socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x4000000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x1000000000, 0x7, 0xfa11, 0xffffffff}, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000480)=[@mss={0x2, 0x3}, @mss={0x2, 0xaf0}, @timestamp, @mss={0x2, 0x8}, @window={0x3, 0x8000, 0x81}, @sack_perm, @timestamp], 0x7)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
getdents(r7, &(0x7f0000001fc0)=""/184, 0xb8)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="400000002e00090027bd700000000000040000002900118031f9e05e2f826cfc31dc2af824704f63dac994ce05030024e5479795b50d9015743a8b75c2000000"], 0x40}, 0x1, 0x0, 0x0, 0x42804}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

0s ago: executing program 2 (id=3799):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
ioctl$TCXONC(r5, 0x540a, 0x0)
writev(r5, &(0x7f0000000040)=[{&(0x7f0000000140)="e8881b", 0x3}], 0x1)
ioctl$TIOCSERGETLSR(r5, 0x5459, &(0x7f0000000080))
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xfff3}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x2, 0x401, 0x7ffc, 0x9, 0x6, 0x7, 0x4, 0x400, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
mbind(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x4005, &(0x7f0000000200)=0x81, 0x5, 0x0)
set_mempolicy_home_node(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x0, 0x0)
set_mempolicy_home_node(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001000)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd2d, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0x0, 0x3}, {}, {0xfff3, 0xffe0}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x50}, 0x0)
r9 = socket(0x400000000010, 0x3, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
recvmsg$can_raw(r9, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x100)
sendmsg$nl_route_sched(r9, 0x0, 0x20004800)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r0, 0x8983, &(0x7f0000000040)={0x6, 'geneve1\x00', {0x2}, 0x2})
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000000280)={0x0, 'team_slave_0\x00', {}, 0xfff})

kernel console output (not intermixed with test programs):

ce found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1212.771816][T16978] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1212.779954][T16978] usb 7-1: Product: syz
[ 1212.784216][T16978] usb 7-1: Manufacturer: syz
[ 1212.789034][T16978] usb 7-1: SerialNumber: syz
[ 1212.843527][T16978] usb 7-1: config 0 descriptor??
[ 1212.871507][T16978] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1212.922931][T16978] em28xx 7-1:0.0: Audio interface 0 found (Vendor Class)
[ 1212.943537][T18884] ALSA: mixer_oss: invalid OSS volume ''
[ 1213.456709][T18904] IPVS: set_ctl: invalid protocol: 51 127.0.0.1:20001
[ 1213.519017][T18907] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!‚lü1Ü*ø$pOcÚÉ”Î'
[ 1213.532611][T16978] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[ 1213.557645][T16978] em28xx 7-1:0.0: Config register raw data: 0xfffffffb
[ 1213.618319][T18907] CPU: 1 UID: 0 PID: 18907 Comm: syz.5.3482 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1213.618357][T18907] Tainted: [L]=SOFTLOCKUP
[ 1213.618366][T18907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1213.618380][T18907] Call Trace:
[ 1213.618389][T18907]  <TASK>
[ 1213.618400][T18907]  dump_stack_lvl+0xe8/0x150
[ 1213.618436][T18907]  sysfs_warn_dup+0x8e/0xa0
[ 1213.618464][T18907]  sysfs_do_create_link_sd+0xc0/0x110
[ 1213.618492][T18907]  device_add_class_symlinks+0x1cf/0x240
[ 1213.618521][T18907]  device_add+0x475/0xb80
[ 1213.618549][T18907]  wiphy_register+0x1d2e/0x2d20
[ 1213.618601][T18907]  ? __pfx_wiphy_register+0x10/0x10
[ 1213.618638][T18907]  ? __pfx_netdev_run_todo+0x10/0x10
[ 1213.618670][T18907]  ? minstrel_ht_alloc+0x6e0/0x7e0
[ 1213.618705][T18907]  ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0
[ 1213.618736][T18907]  ieee80211_register_hw+0x34a7/0x4110
[ 1213.618765][T18907]  ? rcu_is_watching+0x15/0xb0
[ 1213.618808][T18907]  ? ieee80211_register_hw+0x1411/0x4110
[ 1213.618847][T18907]  ? __pfx_ieee80211_register_hw+0x10/0x10
[ 1213.618892][T18907]  ? __hrtimer_setup+0x181/0x200
[ 1213.618918][T18907]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[ 1213.618949][T18907]  mac80211_hwsim_new_radio+0x2f6d/0x52f0
[ 1213.619006][T18907]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[ 1213.619034][T18907]  ? hwsim_new_radio_nl+0xf41/0x1bd0
[ 1213.619076][T18907]  hwsim_new_radio_nl+0xf5b/0x1bd0
[ 1213.619109][T18907]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1213.619151][T18907]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1213.619184][T18907]  ? rcu_is_watching+0x15/0xb0
[ 1213.619217][T18907]  ? __nla_parse+0x40/0x60
[ 1213.619247][T18907]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 1213.619293][T18907]  genl_family_rcv_msg_doit+0x215/0x300
[ 1213.619325][T18907]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1213.619363][T18907]  ? bpf_lsm_capable+0x9/0x20
[ 1213.619388][T18907]  ? security_capable+0x7e/0x2e0
[ 1213.619422][T18907]  genl_rcv_msg+0x60e/0x790
[ 1213.619451][T18907]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1213.619473][T18907]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1213.619500][T18907]  ? __asan_memcpy+0x40/0x70
[ 1213.619543][T18907]  netlink_rcv_skb+0x208/0x470
[ 1213.619573][T18907]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1213.619597][T18907]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1213.619624][T18907]  ? genl_rcv+0x19/0x40
[ 1213.619663][T18907]  ? down_read+0x274/0x2e0
[ 1213.619687][T18907]  ? genl_rcv+0xd/0x40
[ 1213.619710][T18907]  genl_rcv+0x28/0x40
[ 1213.619729][T18907]  netlink_unicast+0x82f/0x9e0
[ 1213.619765][T18907]  ? __pfx_netlink_unicast+0x10/0x10
[ 1213.619790][T18907]  ? __alloc_skb+0x198/0x3a0
[ 1213.619814][T18907]  ? netlink_sendmsg+0x642/0xb30
[ 1213.619841][T18907]  ? skb_put+0x11b/0x210
[ 1213.619871][T18907]  netlink_sendmsg+0x805/0xb30
[ 1213.619912][T18907]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1213.619946][T18907]  ? __import_iovec+0x5d4/0x7f0
[ 1213.619971][T18907]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1213.620001][T18907]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1213.620022][T18907]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1213.620060][T18907]  __sock_sendmsg+0x21c/0x270
[ 1213.620098][T18907]  ____sys_sendmsg+0x505/0x820
[ 1213.620132][T18907]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1213.620168][T18907]  ? preempt_schedule_thunk+0x16/0x30
[ 1213.620198][T18907]  ___sys_sendmsg+0x21f/0x2a0
[ 1213.620229][T18907]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1213.620259][T18907]  ? futex_private_hash_put+0x13b/0x170
[ 1213.620297][T18907]  ? futex_wake+0x4b2/0x560
[ 1213.620374][T18907]  ? __fget_files+0x2a/0x420
[ 1213.620401][T18907]  ? __fget_files+0x3a0/0x420
[ 1213.620443][T18907]  __sys_sendmsg+0x164/0x220
[ 1213.620475][T18907]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1213.620519][T18907]  ? rcu_is_watching+0x15/0xb0
[ 1213.620561][T18907]  __do_fast_syscall_32+0x1dc/0x570
[ 1213.620588][T18907]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1213.620610][T18907]  ? do_fast_syscall_32+0x34/0x80
[ 1213.620636][T18907]  ? irqentry_exit+0x10f/0x670
[ 1213.620665][T18907]  do_fast_syscall_32+0x34/0x80
[ 1213.620693][T18907]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1213.620720][T18907] RIP: 0023:0xf7ff4539
[ 1213.620741][T18907] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1213.620762][T18907] RSP: 002b:00000000f54a455c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1213.620786][T18907] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000080000100
[ 1213.620802][T18907] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1213.620816][T18907] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1213.620830][T18907] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1213.620843][T18907] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1213.620879][T18907]  </TASK>
[ 1214.583335][T16978] em28xx 7-1:0.0: Unknown AC97 audio processor detected!
[ 1214.592420][T16978] em28xx 7-1:0.0: couldn't setup AC97 register 2
[ 1214.801080][T16374] Bluetooth: hci7: command tx timeout
[ 1215.033389][T16978] em28xx 7-1:0.0: couldn't setup AC97 register 4
[ 1215.052918][T18894] chnl_net:caif_netlink_parms(): no params data found
[ 1215.059908][T16978] em28xx 7-1:0.0: couldn't setup AC97 register 6
[ 1215.178466][T16978] em28xx 7-1:0.0: couldn't setup AC97 register 54
[ 1215.662502][T16978] em28xx 7-1:0.0: couldn't setup AC97 register 56
[ 1215.672994][T16978] usb 7-1: USB disconnect, device number 27
[ 1216.042179][T18894] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1216.049535][T18894] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1216.057917][T18894] bridge_slave_0: entered allmulticast mode
[ 1216.068890][T18894] bridge_slave_0: entered promiscuous mode
[ 1216.076500][T18918] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3484'.
[ 1216.096142][T18894] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1216.106076][T18894] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1216.118066][T18894] bridge_slave_1: entered allmulticast mode
[ 1216.135741][T18894] bridge_slave_1: entered promiscuous mode
[ 1216.248647][T18894] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1216.268180][T18894] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1216.385829][T18894] team0: Port device team_slave_0 added
[ 1216.462950][T18894] team0: Port device team_slave_1 added
[ 1216.701728][T18894] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1216.717089][T18894] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1216.752016][T18894] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1216.814084][T18894] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1216.825622][T18894] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1216.856330][T18894] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1216.897834][T16374] Bluetooth: hci7: command tx timeout
[ 1217.075050][T18894] hsr_slave_0: entered promiscuous mode
[ 1217.119359][T18894] hsr_slave_1: entered promiscuous mode
[ 1217.147923][T18894] debugfs: 'hsr0' already exists in 'hsr'
[ 1217.190866][T18894] Cannot create hsr debugfs directory
[ 1217.842671][T18942] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1218.117327][T18894] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1218.179121][T18894] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1218.189712][T18894] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1218.378375][T18894] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1218.939112][T18894] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1218.969849][T16374] Bluetooth: hci7: command tx timeout
[ 1218.992127][T18961] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3494'.
[ 1219.081935][T18894] 8021q: adding VLAN 0 to HW filter on device team0
[ 1219.169350][T15485] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1219.176540][T15485] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1219.185579][   T30] kauditd_printk_skb: 37 callbacks suppressed
[ 1219.185594][   T30] audit: type=1326 audit(1768422816.812:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18956 comm="syz.2.3494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708d539 code=0x7ffc0000
[ 1219.242067][   T30] audit: type=1326 audit(1768422816.812:1082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18956 comm="syz.2.3494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708d539 code=0x7ffc0000
[ 1219.275315][   T30] audit: type=1326 audit(1768422816.812:1083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18956 comm="syz.2.3494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf708d539 code=0x7ffc0000
[ 1219.306443][ T5984] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1219.313703][ T5984] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1219.375124][   T30] audit: type=1326 audit(1768422816.812:1084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18956 comm="syz.2.3494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708d539 code=0x7ffc0000
[ 1219.485263][   T30] audit: type=1326 audit(1768422816.812:1085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18956 comm="syz.2.3494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708d539 code=0x7ffc0000
[ 1219.566700][   T30] audit: type=1326 audit(1768422816.812:1086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18956 comm="syz.2.3494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=226 compat=1 ip=0xf708d539 code=0x7ffc0000
[ 1219.658856][   T30] audit: type=1326 audit(1768422816.812:1087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18956 comm="syz.2.3494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708d539 code=0x7ffc0000
[ 1219.721482][   T30] audit: type=1326 audit(1768422816.812:1088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18956 comm="syz.2.3494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf708d539 code=0x7ffc0000
[ 1219.798102][   T30] audit: type=1326 audit(1768422816.812:1089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18956 comm="syz.2.3494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708d539 code=0x7ffc0000
[ 1219.890388][T18972] debugfs: '1ùà^!‚lü1Ü*ø$pOcÚÉ”Î' already exists in 'ieee80211'
[ 1219.986847][T18894] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1220.010693][T18973] netlink: 'syz.6.3497': attribute type 4 has an invalid length.
[ 1220.032910][   T30] audit: type=1326 audit(1768422816.812:1090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18956 comm="syz.2.3494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=430 compat=1 ip=0xf708d539 code=0x7ffc0000
[ 1220.046968][T18894] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1220.638765][T18894] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1220.779898][T18987] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3502'.
[ 1220.911233][T18894] veth0_vlan: entered promiscuous mode
[ 1220.979727][T18894] veth1_vlan: entered promiscuous mode
[ 1221.055494][T16374] Bluetooth: hci7: command tx timeout
[ 1221.180844][T18894] veth0_macvtap: entered promiscuous mode
[ 1221.382621][T18894] veth1_macvtap: entered promiscuous mode
[ 1221.429575][T18894] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1221.490859][T18894] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1221.642290][T18993] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1221.671819][ T1341] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1221.767939][ T1341] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1221.811089][ T1341] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1221.819916][ T1341] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1222.226102][ T3668] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1222.244541][ T3668] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1222.479250][T13395] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1222.549023][T13395] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1223.274777][T19026] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(6)
[ 1223.281370][T19026] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1223.330424][T19026] vhci_hcd vhci_hcd.0: Device attached
[ 1223.480440][T19036] netlink: 2100 bytes leftover after parsing attributes in process `syz.6.3516'.
[ 1223.613386][T19040] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1223.628037][   T10] usb 45-1: new low-speed USB device number 2 using vhci_hcd
[ 1223.661170][T19042] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3518'.
[ 1224.055693][T19027] vhci_hcd: connection reset by peer
[ 1224.177447][T13395] vhci_hcd vhci_hcd.6: stop threads
[ 1224.185081][T13395] vhci_hcd vhci_hcd.6: release socket
[ 1224.191344][T13395] vhci_hcd vhci_hcd.6: disconnect device
[ 1225.172537][T19057] team_slave_0: entered promiscuous mode
[ 1225.179026][T19057] team_slave_1: entered promiscuous mode
[ 1225.192675][T19057] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 1225.244669][T19057] 8021q: adding VLAN 0 to HW filter on device macvlan3
[ 1226.945072][   T30] kauditd_printk_skb: 20 callbacks suppressed
[ 1226.945096][   T30] audit: type=1326 audit(1768422824.592:1111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19076 comm="syz.5.3530" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x0
[ 1227.388650][T19089] loop5: detected capacity change from 0 to 7
[ 1227.496102][T19090] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1227.537061][T19089] Dev loop5: unable to read RDB block 7
[ 1227.574850][T19089]  loop5: AHDI p3
[ 1227.588824][T19089] loop5: partition table partially beyond EOD, truncated
[ 1228.795028][   T10] vhci_hcd vhci_hcd.6: vhci_device speed not set
[ 1230.057418][T19112] tipc: Started in network mode
[ 1230.071143][T19112] tipc: Node identity 5a2e20292f47, cluster identity 4711
[ 1230.083371][T19112] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1230.112378][T19112] syzkaller0: entered promiscuous mode
[ 1230.118004][T19112] syzkaller0: entered allmulticast mode
[ 1230.161845][T19112] tipc: Resetting bearer <eth:syzkaller0>
[ 1230.173557][T19111] tipc: Resetting bearer <eth:syzkaller0>
[ 1230.193210][T19111] tipc: Disabling bearer <eth:syzkaller0>
[ 1230.563983][   T30] audit: type=1326 audit(1768422828.242:1112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19120 comm="syz.5.3542" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x0
[ 1230.782127][T19122] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3542'.
[ 1231.793104][T19139] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1235.235347][T19173] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[ 1235.761732][T19178] FAULT_INJECTION: forcing a failure.
[ 1235.761732][T19178] name failslab, interval 1, probability 0, space 0, times 0
[ 1235.811424][T19178] CPU: 0 UID: 0 PID: 19178 Comm: syz.8.3559 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1235.811464][T19178] Tainted: [L]=SOFTLOCKUP
[ 1235.811473][T19178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1235.811486][T19178] Call Trace:
[ 1235.811496][T19178]  <TASK>
[ 1235.811506][T19178]  dump_stack_lvl+0xe8/0x150
[ 1235.811539][T19178]  should_fail_ex+0x414/0x560
[ 1235.811580][T19178]  should_failslab+0xa8/0x100
[ 1235.811610][T19178]  kmem_cache_alloc_noprof+0x88/0x710
[ 1235.811642][T19178]  ? __netlink_lookup+0xbd/0x8a0
[ 1235.811674][T19178]  ? skb_clone+0x212/0x3a0
[ 1235.811707][T19178]  skb_clone+0x212/0x3a0
[ 1235.811740][T19178]  __netlink_deliver_tap+0x404/0x850
[ 1235.811782][T19178]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1235.811813][T19178]  netlink_deliver_tap+0x19c/0x1b0
[ 1235.811844][T19178]  netlink_unicast+0x7fa/0x9e0
[ 1235.811879][T19178]  ? __pfx_netlink_unicast+0x10/0x10
[ 1235.811904][T19178]  ? __alloc_skb+0x198/0x3a0
[ 1235.811928][T19178]  ? netlink_sendmsg+0x642/0xb30
[ 1235.811956][T19178]  ? skb_put+0x11b/0x210
[ 1235.811984][T19178]  netlink_sendmsg+0x805/0xb30
[ 1235.812031][T19178]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1235.812064][T19178]  ? __import_iovec+0x5d4/0x7f0
[ 1235.812089][T19178]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1235.812120][T19178]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1235.812140][T19178]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1235.812171][T19178]  __sock_sendmsg+0x21c/0x270
[ 1235.812208][T19178]  ____sys_sendmsg+0x505/0x820
[ 1235.812241][T19178]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1235.812275][T19178]  ? kstrtouint+0x6e/0xe0
[ 1235.812317][T19178]  ___sys_sendmsg+0x21f/0x2a0
[ 1235.812347][T19178]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1235.812374][T19178]  ? get_pid_task+0x20/0x1f0
[ 1235.812402][T19178]  ? get_pid_task+0x20/0x1f0
[ 1235.812427][T19178]  ? get_pid_task+0x20/0x1f0
[ 1235.812488][T19178]  ? __fget_files+0x2a/0x420
[ 1235.812514][T19178]  ? __fget_files+0x3a0/0x420
[ 1235.812552][T19178]  __sys_sendmsg+0x164/0x220
[ 1235.812582][T19178]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1235.812619][T19178]  ? __pfx_ksys_write+0x10/0x10
[ 1235.812653][T19178]  __do_fast_syscall_32+0x1dc/0x570
[ 1235.812679][T19178]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1235.812700][T19178]  ? do_fast_syscall_32+0x34/0x80
[ 1235.812725][T19178]  ? irqentry_exit+0x10f/0x670
[ 1235.812752][T19178]  do_fast_syscall_32+0x34/0x80
[ 1235.812779][T19178]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1235.812805][T19178] RIP: 0023:0xf702d539
[ 1235.812824][T19178] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1235.812844][T19178] RSP: 002b:00000000f541d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1235.812867][T19178] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200
[ 1235.812882][T19178] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1235.812895][T19178] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1235.812908][T19178] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1235.812921][T19178] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1235.812953][T19178]  </TASK>
[ 1236.447364][T19185] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3561'.
[ 1236.554043][T19187] netlink: 56 bytes leftover after parsing attributes in process `syz.8.3562'.
[ 1237.290300][ T5945] hid-generic 2002:0004:0009.0020: unknown main item tag 0x0
[ 1237.299946][ T5945] hid-generic 2002:0004:0009.0020: unknown main item tag 0x0
[ 1237.372993][ T5945] hid-generic 2002:0004:0009.0020: unknown main item tag 0x0
[ 1237.408066][ T5945] hid-generic 2002:0004:0009.0020: unknown main item tag 0x0
[ 1237.455899][ T5945] hid-generic 2002:0004:0009.0020: unknown main item tag 0x0
[ 1237.468905][ T5945] hid-generic 2002:0004:0009.0020: unknown main item tag 0x0
[ 1237.485885][ T5945] hid-generic 2002:0004:0009.0020: unknown main item tag 0x0
[ 1237.503122][ T5945] hid-generic 2002:0004:0009.0020: unknown main item tag 0x0
[ 1237.538618][ T5945] hid-generic 2002:0004:0009.0020: unknown main item tag 0x0
[ 1237.565789][ T5945] hid-generic 2002:0004:0009.0020: unknown main item tag 0x0
[ 1237.624000][ T5945] hid-generic 2002:0004:0009.0020: hidraw0: <UNKNOWN> HID v0.04 Device [syz0] on syz0
[ 1237.875388][T19209] fido_id[19209]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[ 1237.920799][T19215] netlink: 'syz.5.3572': attribute type 10 has an invalid length.
[ 1238.572355][ T5830] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[ 1238.583328][ T5830] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[ 1238.591636][ T5830] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[ 1238.606310][ T5830] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[ 1238.619330][ T5830] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[ 1238.928619][T19241] netlink: 196 bytes leftover after parsing attributes in process `syz.5.3580'.
[ 1239.354817][ T5830] Bluetooth: hci6: unexpected event for opcode 0x1804
[ 1239.413048][T19241] could not allocate digest TFM handle sha3-512-generic
[ 1240.046078][T19240] chnl_net:caif_netlink_parms(): no params data found
[ 1240.393400][T19240] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1240.420074][T19240] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1240.434064][T19240] bridge_slave_0: entered allmulticast mode
[ 1240.468081][T19240] bridge_slave_0: entered promiscuous mode
[ 1240.513612][T19240] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1240.521326][T19240] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1240.547528][T19240] bridge_slave_1: entered allmulticast mode
[ 1240.555397][T19240] bridge_slave_1: entered promiscuous mode
[ 1240.645491][T19240] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1240.680171][T19280] loop5: detected capacity change from 0 to 7
[ 1240.716879][T19240] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1240.722817][T19280] Dev loop5: unable to read RDB block 7
[ 1240.732794][ T5830] Bluetooth: hci8: command tx timeout
[ 1240.743590][T19280]  loop5: unable to read partition table
[ 1240.749642][T19280] loop5: partition table beyond EOD, truncated
[ 1240.757269][T19280] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1241.064971][T19240] team0: Port device team_slave_0 added
[ 1241.142400][T19240] team0: Port device team_slave_1 added
[ 1241.330197][T19240] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1241.361233][T19240] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1241.461299][T19240] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1241.482697][T19240] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1241.519249][T19240] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1241.591034][T19240] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1242.055274][T19240] hsr_slave_0: entered promiscuous mode
[ 1242.095759][T19240] hsr_slave_1: entered promiscuous mode
[ 1242.111192][T19240] debugfs: 'hsr0' already exists in 'hsr'
[ 1242.122718][T19240] Cannot create hsr debugfs directory
[ 1242.741068][T17202] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[ 1242.807331][ T5830] Bluetooth: hci8: command tx timeout
[ 1242.899623][T17202] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1242.924191][T17202] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1242.991150][T17202] usb 9-1: New USB device found, idVendor=060b, idProduct=0001, bcdDevice= 0.00
[ 1243.038932][T17202] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1243.093259][T17202] usb 9-1: config 0 descriptor??
[ 1243.237633][T19240] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 1243.257100][T19240] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 1243.296978][T19240] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 1243.312638][T19240] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 1243.574060][T17202] usbhid 9-1:0.0: can't add hid device: -71
[ 1243.580137][T17202] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[ 1243.617397][T19240] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1243.665002][T17202] usb 9-1: USB disconnect, device number 2
[ 1243.678742][T19240] 8021q: adding VLAN 0 to HW filter on device team0
[ 1243.717152][ T5984] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1243.724339][ T5984] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1243.774467][ T5984] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1243.781785][ T5984] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1243.851832][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1243.861823][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1243.952944][T19240] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1244.045651][T19240] veth0_vlan: entered promiscuous mode
[ 1244.098619][T19240] veth1_vlan: entered promiscuous mode
[ 1244.160586][T19240] veth0_macvtap: entered promiscuous mode
[ 1244.211994][T19240] veth1_macvtap: entered promiscuous mode
[ 1244.230741][T19240] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1244.270207][T19240] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1244.307911][T18219] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1244.366610][T18219] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1244.392261][T18219] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1244.407144][T18219] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1244.575088][T15488] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1244.575115][T15488] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1244.654257][T12222] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1244.671461][T12222] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1244.835989][T19341] debugfs: '1ùà^!‚lü1Ü*ø$pOcÚÉ”Î' already exists in 'ieee80211'
[ 1244.904894][ T5830] Bluetooth: hci8: command tx timeout
[ 1245.945095][T19349] debugfs: '1ùà^!‚lü1Ü*ø$pOcÚÉ”Î' already exists in 'ieee80211'
[ 1246.961202][ T5830] Bluetooth: hci8: command tx timeout
[ 1247.552631][T19361] fuse: Unknown parameter ''
[ 1247.851706][T18529] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[ 1248.021316][T18529] usb 10-1: New USB device found, idVendor=05ac, idProduct=0238, bcdDevice=f5.87
[ 1248.048254][T18529] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1248.142031][T18529] usb 10-1: config 0 descriptor??
[ 1248.164867][T18529] input: bcm5974 as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/input/input93
[ 1248.363979][ T5185] bcm5974 10-1:0.0: could not read from device
[ 1248.651826][ T5185] bcm5974 10-1:0.0: could not read from device
[ 1248.792996][T18529] usb 10-1: USB disconnect, device number 2
[ 1248.981143][T17799] bcm5974 10-1:0.0: could not read from device
[ 1249.420663][T17799] udevd[17799]: Error opening device "/dev/input/event4": No such file or directory
[ 1249.471176][T17799] udevd[17799]: Unable to EVIOCGABS device "/dev/input/event4"
[ 1249.478913][T17799] udevd[17799]: Unable to EVIOCGABS device "/dev/input/event4"
[ 1249.612044][T17799] udevd[17799]: Unable to EVIOCGABS device "/dev/input/event4"
[ 1249.635455][T17799] udevd[17799]: Unable to EVIOCGABS device "/dev/input/event4"
[ 1249.650549][T19375] loop5: detected capacity change from 0 to 7
[ 1249.681590][T19375] Dev loop5: unable to read RDB block 7
[ 1249.687294][T19375]  loop5: AHDI p3
[ 1249.691122][T19375] loop5: partition table partially beyond EOD, truncated
[ 1250.591048][ T5829] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[ 1250.785321][ T5829] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1250.832032][ T5829] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1250.842213][ T5829] usb 10-1: New USB device found, idVendor=060b, idProduct=0001, bcdDevice= 0.00
[ 1250.851513][ T5829] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1250.990143][ T5829] usb 10-1: config 0 descriptor??
[ 1251.478482][T19382] FAULT_INJECTION: forcing a failure.
[ 1251.478482][T19382] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1251.532856][T19382] CPU: 1 UID: 0 PID: 19382 Comm: syz.9.3616 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1251.532890][T19382] Tainted: [L]=SOFTLOCKUP
[ 1251.532900][T19382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1251.532914][T19382] Call Trace:
[ 1251.532924][T19382]  <TASK>
[ 1251.532935][T19382]  dump_stack_lvl+0xe8/0x150
[ 1251.532967][T19382]  should_fail_ex+0x414/0x560
[ 1251.533016][T19382]  _copy_to_user+0x31/0xb0
[ 1251.533047][T19382]  simple_read_from_buffer+0xe1/0x170
[ 1251.533080][T19382]  proc_fail_nth_read+0x1b3/0x220
[ 1251.533108][T19382]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1251.533136][T19382]  ? rw_verify_area+0x2a6/0x4d0
[ 1251.533170][T19382]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1251.533195][T19382]  vfs_read+0x200/0xa30
[ 1251.533214][T19382]  ? fdget_pos+0x247/0x320
[ 1251.533245][T19382]  ? __pfx___mutex_lock+0x10/0x10
[ 1251.533273][T19382]  ? __pfx_vfs_read+0x10/0x10
[ 1251.533296][T19382]  ? __fget_files+0x2a/0x420
[ 1251.533327][T19382]  ? __fget_files+0x3a0/0x420
[ 1251.533353][T19382]  ? __fget_files+0x2a/0x420
[ 1251.533390][T19382]  ksys_read+0x145/0x250
[ 1251.533415][T19382]  ? __pfx_ksys_read+0x10/0x10
[ 1251.533448][T19382]  __do_fast_syscall_32+0x1dc/0x570
[ 1251.533474][T19382]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1251.533496][T19382]  ? do_fast_syscall_32+0x34/0x80
[ 1251.533521][T19382]  ? irqentry_exit+0x10f/0x670
[ 1251.533549][T19382]  do_fast_syscall_32+0x34/0x80
[ 1251.533576][T19382]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1251.533602][T19382] RIP: 0023:0xf705d539
[ 1251.533620][T19382] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1251.533638][T19382] RSP: 002b:00000000f544d590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[ 1251.533660][T19382] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00000000f544d620
[ 1251.533675][T19382] RDX: 000000000000000f RSI: 00000000f73f6ff4 RDI: 0000000000000000
[ 1251.533689][T19382] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1251.533701][T19382] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1251.533714][T19382] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1251.533747][T19382]  </TASK>
[ 1251.794224][ T5829] usbhid 10-1:0.0: can't add hid device: -71
[ 1252.015137][ T5829] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[ 1252.095157][ T5829] usb 10-1: USB disconnect, device number 3
[ 1252.190183][T19401] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!‚lü1Ü*ø$pOcÚÉ”Î'
[ 1252.387819][T19401] CPU: 0 UID: 0 PID: 19401 Comm: syz.2.3620 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1252.387854][T19401] Tainted: [L]=SOFTLOCKUP
[ 1252.387864][T19401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1252.387878][T19401] Call Trace:
[ 1252.387889][T19401]  <TASK>
[ 1252.387900][T19401]  dump_stack_lvl+0xe8/0x150
[ 1252.387942][T19401]  sysfs_warn_dup+0x8e/0xa0
[ 1252.387969][T19401]  sysfs_do_create_link_sd+0xc0/0x110
[ 1252.387998][T19401]  device_add_class_symlinks+0x1cf/0x240
[ 1252.388028][T19401]  device_add+0x475/0xb80
[ 1252.388057][T19401]  wiphy_register+0x1d2e/0x2d20
[ 1252.388111][T19401]  ? __pfx_wiphy_register+0x10/0x10
[ 1252.388145][T19401]  ? __pfx_netdev_run_todo+0x10/0x10
[ 1252.388178][T19401]  ? minstrel_ht_alloc+0x6e0/0x7e0
[ 1252.388216][T19401]  ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0
[ 1252.388248][T19401]  ieee80211_register_hw+0x34a7/0x4110
[ 1252.388293][T19401]  ? ieee80211_register_hw+0x1411/0x4110
[ 1252.388333][T19401]  ? __pfx_ieee80211_register_hw+0x10/0x10
[ 1252.388381][T19401]  ? __hrtimer_setup+0x181/0x200
[ 1252.388409][T19401]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[ 1252.388441][T19401]  mac80211_hwsim_new_radio+0x2f6d/0x52f0
[ 1252.388500][T19401]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[ 1252.388523][T19401]  ? kstrndup+0xbf/0x160
[ 1252.388559][T19401]  hwsim_new_radio_nl+0xf5b/0x1bd0
[ 1252.388593][T19401]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1252.388635][T19401]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1252.388668][T19401]  ? rcu_is_watching+0x15/0xb0
[ 1252.388701][T19401]  ? __nla_parse+0x40/0x60
[ 1252.388732][T19401]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 1252.388766][T19401]  genl_family_rcv_msg_doit+0x215/0x300
[ 1252.388799][T19401]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1252.388837][T19401]  ? bpf_lsm_capable+0x9/0x20
[ 1252.388864][T19401]  ? security_capable+0x7e/0x2e0
[ 1252.388899][T19401]  genl_rcv_msg+0x60e/0x790
[ 1252.388938][T19401]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1252.388960][T19401]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1252.388988][T19401]  ? __asan_memcpy+0x40/0x70
[ 1252.389023][T19401]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1252.389045][T19401]  ? __skb_clone+0x63/0x7a0
[ 1252.389082][T19401]  netlink_rcv_skb+0x208/0x470
[ 1252.389115][T19401]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1252.389139][T19401]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1252.389166][T19401]  ? genl_rcv+0x19/0x40
[ 1252.389208][T19401]  ? down_read+0x274/0x2e0
[ 1252.389234][T19401]  ? genl_rcv+0xd/0x40
[ 1252.389257][T19401]  genl_rcv+0x28/0x40
[ 1252.389277][T19401]  netlink_unicast+0x82f/0x9e0
[ 1252.389315][T19401]  ? __pfx_netlink_unicast+0x10/0x10
[ 1252.389341][T19401]  ? __alloc_skb+0x198/0x3a0
[ 1252.389367][T19401]  ? netlink_sendmsg+0x642/0xb30
[ 1252.389396][T19401]  ? skb_put+0x11b/0x210
[ 1252.389427][T19401]  netlink_sendmsg+0x805/0xb30
[ 1252.389468][T19401]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1252.389503][T19401]  ? __import_iovec+0x5d4/0x7f0
[ 1252.389529][T19401]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1252.389561][T19401]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1252.389581][T19401]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1252.389614][T19401]  __sock_sendmsg+0x21c/0x270
[ 1252.389653][T19401]  ____sys_sendmsg+0x505/0x820
[ 1252.389689][T19401]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1252.389726][T19401]  ? preempt_schedule_thunk+0x16/0x30
[ 1252.389756][T19401]  ___sys_sendmsg+0x21f/0x2a0
[ 1252.389788][T19401]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1252.389818][T19401]  ? futex_private_hash_put+0x13b/0x170
[ 1252.389857][T19401]  ? futex_wake+0x4b2/0x560
[ 1252.389917][T19401]  ? __fget_files+0x2a/0x420
[ 1252.389952][T19401]  ? __fget_files+0x3a0/0x420
[ 1252.389994][T19401]  __sys_sendmsg+0x164/0x220
[ 1252.390026][T19401]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1252.390065][T19401]  ? rcu_is_watching+0x15/0xb0
[ 1252.390109][T19401]  __do_fast_syscall_32+0x1dc/0x570
[ 1252.390137][T19401]  ? do_fast_syscall_32+0x34/0x80
[ 1252.390170][T19401]  do_fast_syscall_32+0x34/0x80
[ 1252.390198][T19401]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1252.390227][T19401] RIP: 0023:0xf708d539
[ 1252.390247][T19401] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1252.390266][T19401] RSP: 002b:00000000f501855c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1252.390290][T19401] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000080000100
[ 1252.390307][T19401] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1252.390320][T19401] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1252.390334][T19401] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1252.390348][T19401] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1252.390383][T19401]  </TASK>
[ 1253.013720][T19404] FAULT_INJECTION: forcing a failure.
[ 1253.013720][T19404] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1253.042344][T19407] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3623'.
[ 1253.118079][T19404] CPU: 1 UID: 0 PID: 19404 Comm: syz.9.3624 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1253.118105][T19404] Tainted: [L]=SOFTLOCKUP
[ 1253.118111][T19404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1253.118121][T19404] Call Trace:
[ 1253.118128][T19404]  <TASK>
[ 1253.118135][T19404]  dump_stack_lvl+0xe8/0x150
[ 1253.118160][T19404]  should_fail_ex+0x414/0x560
[ 1253.118189][T19404]  _copy_from_user+0x2d/0xb0
[ 1253.118210][T19404]  ipv6_flowlabel_opt+0x136/0x2200
[ 1253.118241][T19404]  ? __lock_acquire+0x6b6/0x2cf0
[ 1253.118258][T19404]  ? __pfx_ipv6_flowlabel_opt+0x10/0x10
[ 1253.118289][T19404]  ? __lock_acquire+0x6b6/0x2cf0
[ 1253.118311][T19404]  ? do_raw_spin_lock+0x121/0x290
[ 1253.118331][T19404]  ? lock_sock_nested+0x6a/0x100
[ 1253.118357][T19404]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1253.118385][T19404]  ? __local_bh_enable_ip+0xd0/0x130
[ 1253.118405][T19404]  do_ipv6_setsockopt+0xdb0/0x2eb0
[ 1253.118434][T19404]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[ 1253.118456][T19404]  ? kstrtouint+0x6e/0xe0
[ 1253.118480][T19404]  ? get_pid_task+0x20/0x1f0
[ 1253.118500][T19404]  ? aa_label_sk_perm+0x4c4/0x610
[ 1253.118518][T19404]  ? get_pid_task+0x20/0x1f0
[ 1253.118543][T19404]  ? __pfx_aa_label_sk_perm+0x10/0x10
[ 1253.118561][T19404]  ? get_pid_task+0x20/0x1f0
[ 1253.118578][T19404]  ? get_pid_task+0x20/0x1f0
[ 1253.118605][T19404]  ? __lock_acquire+0x6b6/0x2cf0
[ 1253.118632][T19404]  ? __mutex_unlock_slowpath+0x1a1/0x730
[ 1253.118656][T19404]  ipv6_setsockopt+0x59/0x170
[ 1253.118681][T19404]  rawv6_setsockopt+0x23b/0x5b0
[ 1253.118706][T19404]  ? __pfx_rawv6_setsockopt+0x10/0x10
[ 1253.118727][T19404]  ? aa_sock_opt_perm+0xff/0x1a0
[ 1253.118749][T19404]  ? sock_common_setsockopt+0x36/0xc0
[ 1253.118764][T19404]  ? __pfx_sock_common_setsockopt+0x10/0x10
[ 1253.118781][T19404]  do_sock_setsockopt+0x17c/0x1b0
[ 1253.118803][T19404]  __ia32_sys_setsockopt+0x13f/0x1b0
[ 1253.118826][T19404]  __do_fast_syscall_32+0x1dc/0x570
[ 1253.118845][T19404]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1253.118866][T19404]  ? do_fast_syscall_32+0x34/0x80
[ 1253.118885][T19404]  ? irqentry_exit+0x10f/0x670
[ 1253.118904][T19404]  do_fast_syscall_32+0x34/0x80
[ 1253.118924][T19404]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1253.118945][T19404] RIP: 0023:0xf705d539
[ 1253.118959][T19404] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1253.118973][T19404] RSP: 002b:00000000f544d55c EFLAGS: 00000206 ORIG_RAX: 000000000000016e
[ 1253.118990][T19404] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000029
[ 1253.119001][T19404] RDX: 0000000000000020 RSI: 00000000800000c0 RDI: 0000000000000020
[ 1253.119011][T19404] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1253.119020][T19404] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1253.119030][T19404] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1253.119052][T19404]  </TASK>
[ 1253.811993][T19407] vlan2: entered promiscuous mode
[ 1253.817112][T19407] dummy0: entered promiscuous mode
[ 1254.246123][T19415] syz_tun: entered allmulticast mode
[ 1254.294379][T19415] pimreg: entered allmulticast mode
[ 1254.401399][T19423] loop5: detected capacity change from 0 to 7
[ 1254.558309][T19423] Dev loop5: unable to read RDB block 7
[ 1254.595777][T19423]  loop5: AHDI p3
[ 1254.603869][T19422] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3627'.
[ 1254.619767][T19423] loop5: partition table partially beyond EOD, truncated
[ 1254.691549][T19415] netlink: 104 bytes leftover after parsing attributes in process `syz.7.3627'.
[ 1254.751140][T19415] netlink: 104 bytes leftover after parsing attributes in process `syz.7.3627'.
[ 1254.866481][T19414] syz_tun: left allmulticast mode
[ 1255.399103][T19431] syzkaller0: entered promiscuous mode
[ 1255.481290][T19431] syzkaller0: entered allmulticast mode
[ 1255.632230][T19431] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3630'.
[ 1256.004288][T16374] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[ 1256.017733][T13279] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[ 1256.040637][T13279] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[ 1256.091902][T13279] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[ 1256.103690][T13279] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[ 1256.412312][   T30] audit: type=1326 audit(1768422854.092:1113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19445 comm="syz.9.3635" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf705d539 code=0x0
[ 1256.646611][T19455] syzkaller0: entered promiscuous mode
[ 1256.652833][T19455] syzkaller0: entered allmulticast mode
[ 1257.073374][T19441] chnl_net:caif_netlink_parms(): no params data found
[ 1257.508076][T19473] binder: 19464:19473 ioctl c0d05605 80000540 returned -22
[ 1258.020035][T19475] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3642'.
[ 1258.143248][T19475] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3642'.
[ 1258.186635][T13279] Bluetooth: hci9: command tx timeout
[ 1258.408755][T19470] syz.8.3641 (19470): drop_caches: 2
[ 1258.547927][T19479] netlink: 20 bytes leftover after parsing attributes in process `syz.8.3643'.
[ 1258.603338][T19480] netlink: 20 bytes leftover after parsing attributes in process `syz.8.3643'.
[ 1260.253280][T13279] Bluetooth: hci9: command tx timeout
[ 1262.325462][T13279] Bluetooth: hci9: command tx timeout
[ 1264.374762][T19467] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!‚lü1Ü*ø$pOcÚÉ”Î'
[ 1264.414727][T19467] CPU: 0 UID: 0 PID: 19467 Comm: syz.7.3640 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1264.414767][T19467] Tainted: [L]=SOFTLOCKUP
[ 1264.414773][T19467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1264.414783][T19467] Call Trace:
[ 1264.414791][T19467]  <TASK>
[ 1264.414798][T19467]  dump_stack_lvl+0xe8/0x150
[ 1264.414824][T19467]  sysfs_warn_dup+0x8e/0xa0
[ 1264.414841][T19467]  sysfs_do_create_link_sd+0xc0/0x110
[ 1264.414860][T19467]  device_add_class_symlinks+0x1cf/0x240
[ 1264.414881][T19467]  device_add+0x475/0xb80
[ 1264.414900][T19467]  wiphy_register+0x1d2e/0x2d20
[ 1264.414937][T19467]  ? __pfx_wiphy_register+0x10/0x10
[ 1264.414966][T19467]  ? __pfx_netdev_run_todo+0x10/0x10
[ 1264.414990][T19467]  ? minstrel_ht_alloc+0x6e0/0x7e0
[ 1264.415015][T19467]  ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0
[ 1264.415037][T19467]  ieee80211_register_hw+0x34a7/0x4110
[ 1264.415069][T19467]  ? ieee80211_register_hw+0x1411/0x4110
[ 1264.415096][T19467]  ? __pfx_ieee80211_register_hw+0x10/0x10
[ 1264.415128][T19467]  ? __hrtimer_setup+0x181/0x200
[ 1264.415151][T19467]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[ 1264.415174][T19467]  mac80211_hwsim_new_radio+0x2f6d/0x52f0
[ 1264.415214][T19467]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[ 1264.415230][T19467]  ? kstrndup+0xbf/0x160
[ 1264.415255][T19467]  hwsim_new_radio_nl+0xf5b/0x1bd0
[ 1264.415278][T19467]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1264.415307][T19467]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1264.415330][T19467]  ? rcu_is_watching+0x15/0xb0
[ 1264.415354][T19467]  ? __nla_parse+0x40/0x60
[ 1264.415375][T19467]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 1264.415398][T19467]  genl_family_rcv_msg_doit+0x215/0x300
[ 1264.415420][T19467]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1264.415447][T19467]  ? bpf_lsm_capable+0x9/0x20
[ 1264.415465][T19467]  ? security_capable+0x7e/0x2e0
[ 1264.415489][T19467]  genl_rcv_msg+0x60e/0x790
[ 1264.415510][T19467]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1264.415525][T19467]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1264.415544][T19467]  ? __asan_memcpy+0x40/0x70
[ 1264.415568][T19467]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1264.415583][T19467]  ? __skb_clone+0x63/0x7a0
[ 1264.415609][T19467]  netlink_rcv_skb+0x208/0x470
[ 1264.415631][T19467]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1264.415648][T19467]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1264.415667][T19467]  ? genl_rcv+0x19/0x40
[ 1264.415695][T19467]  ? down_read+0x274/0x2e0
[ 1264.415713][T19467]  ? genl_rcv+0xd/0x40
[ 1264.415729][T19467]  genl_rcv+0x28/0x40
[ 1264.415742][T19467]  netlink_unicast+0x82f/0x9e0
[ 1264.415768][T19467]  ? __pfx_netlink_unicast+0x10/0x10
[ 1264.415786][T19467]  ? __alloc_skb+0x198/0x3a0
[ 1264.415803][T19467]  ? netlink_sendmsg+0x642/0xb30
[ 1264.415823][T19467]  ? skb_put+0x11b/0x210
[ 1264.415843][T19467]  netlink_sendmsg+0x805/0xb30
[ 1264.415872][T19467]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1264.415895][T19467]  ? __import_iovec+0x5d4/0x7f0
[ 1264.415914][T19467]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1264.415936][T19467]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1264.415950][T19467]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1264.415978][T19467]  __sock_sendmsg+0x21c/0x270
[ 1264.416005][T19467]  ____sys_sendmsg+0x505/0x820
[ 1264.416029][T19467]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1264.416054][T19467]  ? __pfx_futex_wake_mark+0x10/0x10
[ 1264.416080][T19467]  ___sys_sendmsg+0x21f/0x2a0
[ 1264.416102][T19467]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1264.416120][T19467]  ? update_curr+0x226/0x500
[ 1264.416148][T19467]  ? futex_wait+0x285/0x360
[ 1264.416188][T19467]  ? __fget_files+0x2a/0x420
[ 1264.416208][T19467]  ? __fget_files+0x3a0/0x420
[ 1264.416236][T19467]  __sys_sendmsg+0x164/0x220
[ 1264.416257][T19467]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1264.416284][T19467]  ? rcu_is_watching+0x15/0xb0
[ 1264.416312][T19467]  __do_fast_syscall_32+0x1dc/0x570
[ 1264.416331][T19467]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1264.416347][T19467]  ? do_fast_syscall_32+0x34/0x80
[ 1264.416365][T19467]  ? irqentry_exit+0x10f/0x670
[ 1264.416384][T19467]  do_fast_syscall_32+0x34/0x80
[ 1264.416403][T19467]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1264.416423][T19467] RIP: 0023:0xf709d539
[ 1264.416438][T19467] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1264.416451][T19467] RSP: 002b:00000000f544b55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1264.416469][T19467] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000080000100
[ 1264.416480][T19467] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1264.416490][T19467] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1264.416499][T19467] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1264.416509][T19467] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1264.416533][T19467]  </TASK>
[ 1264.416978][T13279] Bluetooth: hci9: command tx timeout
[ 1265.213794][T19441] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1265.251303][T19441] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1265.258770][T19441] bridge_slave_0: entered allmulticast mode
[ 1265.302884][T19441] bridge_slave_0: entered promiscuous mode
[ 1265.323866][T19441] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1265.354262][T19441] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1265.374001][T19441] bridge_slave_1: entered allmulticast mode
[ 1265.479287][T19494] loop5: detected capacity change from 0 to 7
[ 1265.527195][T19441] bridge_slave_1: entered promiscuous mode
[ 1265.586774][T19494] Dev loop5: unable to read RDB block 7
[ 1265.592634][T19494]  loop5: AHDI p3
[ 1265.596325][T19494] loop5: partition table partially beyond EOD, truncated
[ 1265.760642][T19441] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1265.868173][T19492] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!‚lü1Ü*ø$pOcÚÉ”Î'
[ 1265.902844][T19492] CPU: 0 UID: 0 PID: 19492 Comm: syz.8.3645 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1265.902883][T19492] Tainted: [L]=SOFTLOCKUP
[ 1265.902892][T19492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1265.902907][T19492] Call Trace:
[ 1265.902916][T19492]  <TASK>
[ 1265.902927][T19492]  dump_stack_lvl+0xe8/0x150
[ 1265.902962][T19492]  sysfs_warn_dup+0x8e/0xa0
[ 1265.902987][T19492]  sysfs_do_create_link_sd+0xc0/0x110
[ 1265.903015][T19492]  device_add_class_symlinks+0x1cf/0x240
[ 1265.903044][T19492]  device_add+0x475/0xb80
[ 1265.903074][T19492]  wiphy_register+0x1d2e/0x2d20
[ 1265.903133][T19492]  ? __pfx_wiphy_register+0x10/0x10
[ 1265.903166][T19492]  ? __pfx_netdev_run_todo+0x10/0x10
[ 1265.903199][T19492]  ? minstrel_ht_alloc+0x6e0/0x7e0
[ 1265.903235][T19492]  ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0
[ 1265.903267][T19492]  ieee80211_register_hw+0x34a7/0x4110
[ 1265.903312][T19492]  ? ieee80211_register_hw+0x1411/0x4110
[ 1265.903355][T19492]  ? __pfx_ieee80211_register_hw+0x10/0x10
[ 1265.903390][T19492]  ? preempt_schedule_common+0x83/0xd0
[ 1265.903423][T19492]  ? __hrtimer_setup+0x181/0x200
[ 1265.903450][T19492]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[ 1265.903500][T19492]  mac80211_hwsim_new_radio+0x2f6d/0x52f0
[ 1265.903568][T19492]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[ 1265.903591][T19492]  ? kstrndup+0xbf/0x160
[ 1265.903627][T19492]  hwsim_new_radio_nl+0xf5b/0x1bd0
[ 1265.903660][T19492]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1265.903703][T19492]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1265.903735][T19492]  ? rcu_is_watching+0x15/0xb0
[ 1265.903767][T19492]  ? __nla_parse+0x40/0x60
[ 1265.903797][T19492]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 1265.903831][T19492]  genl_family_rcv_msg_doit+0x215/0x300
[ 1265.903863][T19492]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1265.903902][T19492]  ? bpf_lsm_capable+0x9/0x20
[ 1265.903927][T19492]  ? security_capable+0x7e/0x2e0
[ 1265.903962][T19492]  genl_rcv_msg+0x60e/0x790
[ 1265.903992][T19492]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1265.904013][T19492]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1265.904039][T19492]  ? __asan_memcpy+0x40/0x70
[ 1265.904073][T19492]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1265.904094][T19492]  ? __skb_clone+0x63/0x7a0
[ 1265.904129][T19492]  netlink_rcv_skb+0x208/0x470
[ 1265.904160][T19492]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1265.904184][T19492]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1265.904210][T19492]  ? genl_rcv+0x19/0x40
[ 1265.904251][T19492]  ? down_read+0x274/0x2e0
[ 1265.904275][T19492]  ? genl_rcv+0xd/0x40
[ 1265.904298][T19492]  genl_rcv+0x28/0x40
[ 1265.904317][T19492]  netlink_unicast+0x82f/0x9e0
[ 1265.904355][T19492]  ? __pfx_netlink_unicast+0x10/0x10
[ 1265.904380][T19492]  ? __alloc_skb+0x198/0x3a0
[ 1265.904404][T19492]  ? netlink_sendmsg+0x642/0xb30
[ 1265.904432][T19492]  ? skb_put+0x11b/0x210
[ 1265.904461][T19492]  netlink_sendmsg+0x805/0xb30
[ 1265.904502][T19492]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1265.904541][T19492]  ? __import_iovec+0x5d4/0x7f0
[ 1265.904566][T19492]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1265.904598][T19492]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1265.904619][T19492]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1265.904652][T19492]  __sock_sendmsg+0x21c/0x270
[ 1265.904688][T19492]  ____sys_sendmsg+0x505/0x820
[ 1265.904723][T19492]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1265.904760][T19492]  ? preempt_schedule_thunk+0x16/0x30
[ 1265.904791][T19492]  ___sys_sendmsg+0x21f/0x2a0
[ 1265.904823][T19492]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1265.904854][T19492]  ? futex_private_hash_put+0x13b/0x170
[ 1265.904892][T19492]  ? futex_wake+0x4b2/0x560
[ 1265.904951][T19492]  ? __fget_files+0x2a/0x420
[ 1265.904978][T19492]  ? __fget_files+0x3a0/0x420
[ 1265.905019][T19492]  __sys_sendmsg+0x164/0x220
[ 1265.905050][T19492]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1265.905089][T19492]  ? rcu_is_watching+0x15/0xb0
[ 1265.905135][T19492]  __do_fast_syscall_32+0x1dc/0x570
[ 1265.905161][T19492]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1265.905183][T19492]  ? do_fast_syscall_32+0x34/0x80
[ 1265.905208][T19492]  ? irqentry_exit+0x10f/0x670
[ 1265.905237][T19492]  do_fast_syscall_32+0x34/0x80
[ 1265.905263][T19492]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1265.905290][T19492] RIP: 0023:0xf702d539
[ 1265.905311][T19492] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1265.905331][T19492] RSP: 002b:00000000f53db55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1265.905355][T19492] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000080000100
[ 1265.905372][T19492] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1265.905385][T19492] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1265.905399][T19492] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1265.905413][T19492] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1265.905448][T19492]  </TASK>
[ 1266.399962][T19441] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1267.215655][T19441] team0: Port device team_slave_0 added
[ 1267.277069][T19441] team0: Port device team_slave_1 added
[ 1267.479114][T19441] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1267.519965][T19441] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1267.631018][T19441] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1267.687716][T19441] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1267.741152][T19441] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1267.852550][T19441] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1267.895148][   T30] audit: type=1326 audit(1768422865.572:1114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19512 comm="syz.7.3648" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf709d539 code=0x0
[ 1267.944947][T19515] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3649'.
[ 1267.976513][T19515] vlan2: entered promiscuous mode
[ 1268.019027][T19516] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3648'.
[ 1268.052753][T19441] hsr_slave_0: entered promiscuous mode
[ 1268.068846][T19441] hsr_slave_1: entered promiscuous mode
[ 1268.083029][T19441] debugfs: 'hsr0' already exists in 'hsr'
[ 1268.099077][T19441] Cannot create hsr debugfs directory
[ 1269.722159][T19441] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1270.088245][T19441] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1270.197390][T19543] xt_connbytes: Forcing CT accounting to be enabled
[ 1270.204593][T19543] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[ 1270.322760][T19441] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1270.478832][T19550] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!‚lü1Ü*ø$pOcÚÉ”Î'
[ 1270.491656][T19550] CPU: 1 UID: 0 PID: 19550 Comm: syz.8.3657 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1270.491691][T19550] Tainted: [L]=SOFTLOCKUP
[ 1270.491700][T19550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1270.491715][T19550] Call Trace:
[ 1270.491724][T19550]  <TASK>
[ 1270.491734][T19550]  dump_stack_lvl+0xe8/0x150
[ 1270.491766][T19550]  sysfs_warn_dup+0x8e/0xa0
[ 1270.491790][T19550]  sysfs_do_create_link_sd+0xc0/0x110
[ 1270.491816][T19550]  device_add_class_symlinks+0x1cf/0x240
[ 1270.491845][T19550]  device_add+0x475/0xb80
[ 1270.491872][T19550]  wiphy_register+0x1d2e/0x2d20
[ 1270.491924][T19550]  ? __pfx_wiphy_register+0x10/0x10
[ 1270.491957][T19550]  ? __pfx_netdev_run_todo+0x10/0x10
[ 1270.492003][T19550]  ? minstrel_ht_alloc+0x6e0/0x7e0
[ 1270.492039][T19550]  ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0
[ 1270.492070][T19550]  ieee80211_register_hw+0x34a7/0x4110
[ 1270.492116][T19550]  ? ieee80211_register_hw+0x1411/0x4110
[ 1270.492155][T19550]  ? __pfx_ieee80211_register_hw+0x10/0x10
[ 1270.492201][T19550]  ? __hrtimer_setup+0x181/0x200
[ 1270.492228][T19550]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[ 1270.492260][T19550]  mac80211_hwsim_new_radio+0x2f6d/0x52f0
[ 1270.492328][T19550]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[ 1270.492351][T19550]  ? kstrndup+0xbf/0x160
[ 1270.492387][T19550]  hwsim_new_radio_nl+0xf5b/0x1bd0
[ 1270.492419][T19550]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1270.492462][T19550]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1270.492494][T19550]  ? rcu_is_watching+0x15/0xb0
[ 1270.492526][T19550]  ? __nla_parse+0x40/0x60
[ 1270.492555][T19550]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 1270.492589][T19550]  genl_family_rcv_msg_doit+0x215/0x300
[ 1270.492624][T19550]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1270.492662][T19550]  ? bpf_lsm_capable+0x9/0x20
[ 1270.492688][T19550]  ? security_capable+0x7e/0x2e0
[ 1270.492722][T19550]  genl_rcv_msg+0x60e/0x790
[ 1270.492753][T19550]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1270.492775][T19550]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1270.492802][T19550]  ? __asan_memcpy+0x40/0x70
[ 1270.492847][T19550]  netlink_rcv_skb+0x208/0x470
[ 1270.492878][T19550]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1270.492903][T19550]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1270.492930][T19550]  ? genl_rcv+0x19/0x40
[ 1270.492970][T19550]  ? down_read+0x274/0x2e0
[ 1270.492996][T19550]  ? genl_rcv+0xd/0x40
[ 1270.493018][T19550]  genl_rcv+0x28/0x40
[ 1270.493039][T19550]  netlink_unicast+0x82f/0x9e0
[ 1270.493076][T19550]  ? __pfx_netlink_unicast+0x10/0x10
[ 1270.493102][T19550]  ? __alloc_skb+0x198/0x3a0
[ 1270.493127][T19550]  ? netlink_sendmsg+0x642/0xb30
[ 1270.493155][T19550]  ? skb_put+0x11b/0x210
[ 1270.493184][T19550]  netlink_sendmsg+0x805/0xb30
[ 1270.493225][T19550]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1270.493259][T19550]  ? __import_iovec+0x5d4/0x7f0
[ 1270.493291][T19550]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1270.493323][T19550]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1270.493344][T19550]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1270.493375][T19550]  __sock_sendmsg+0x21c/0x270
[ 1270.493413][T19550]  ____sys_sendmsg+0x505/0x820
[ 1270.493448][T19550]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1270.493485][T19550]  ? preempt_schedule_thunk+0x16/0x30
[ 1270.493514][T19550]  ___sys_sendmsg+0x21f/0x2a0
[ 1270.493545][T19550]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1270.493575][T19550]  ? futex_private_hash_put+0x13b/0x170
[ 1270.493612][T19550]  ? futex_wake+0x4b2/0x560
[ 1270.493670][T19550]  ? __fget_files+0x2a/0x420
[ 1270.493697][T19550]  ? __fget_files+0x3a0/0x420
[ 1270.493737][T19550]  __sys_sendmsg+0x164/0x220
[ 1270.493768][T19550]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1270.493807][T19550]  ? rcu_is_watching+0x15/0xb0
[ 1270.493848][T19550]  __do_fast_syscall_32+0x1dc/0x570
[ 1270.493874][T19550]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1270.493895][T19550]  ? do_fast_syscall_32+0x34/0x80
[ 1270.493920][T19550]  ? irqentry_exit+0x10f/0x670
[ 1270.493948][T19550]  do_fast_syscall_32+0x34/0x80
[ 1270.493975][T19550]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1270.494002][T19550] RIP: 0023:0xf702d539
[ 1270.494022][T19550] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1270.494041][T19550] RSP: 002b:00000000f53db55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1270.494065][T19550] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000080000100
[ 1270.494081][T19550] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1270.494094][T19550] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1270.494107][T19550] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1270.494121][T19550] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1270.494155][T19550]  </TASK>
[ 1271.196128][T19441] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1271.563212][T19557] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3658'.
[ 1271.592870][T19557] netlink: 'syz.2.3658': attribute type 10 has an invalid length.
[ 1271.642285][T19557] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1271.650660][T19557] bond0: entered promiscuous mode
[ 1271.797489][T19557] bond_slave_0: entered promiscuous mode
[ 1271.814093][T19557] bond_slave_1: entered promiscuous mode
[ 1271.834384][T19557] team0: Port device bond0 added
[ 1272.984148][T19562] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!‚lü1Ü*ø$pOcÚÉ”Î'
[ 1273.133074][T19562] CPU: 1 UID: 0 PID: 19562 Comm: syz.7.3659 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1273.133113][T19562] Tainted: [L]=SOFTLOCKUP
[ 1273.133120][T19562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1273.133130][T19562] Call Trace:
[ 1273.133136][T19562]  <TASK>
[ 1273.133143][T19562]  dump_stack_lvl+0xe8/0x150
[ 1273.133167][T19562]  sysfs_warn_dup+0x8e/0xa0
[ 1273.133195][T19562]  sysfs_do_create_link_sd+0xc0/0x110
[ 1273.133211][T19562]  device_add_class_symlinks+0x1cf/0x240
[ 1273.133230][T19562]  device_add+0x475/0xb80
[ 1273.133248][T19562]  wiphy_register+0x1d2e/0x2d20
[ 1273.133280][T19562]  ? __pfx_wiphy_register+0x10/0x10
[ 1273.133300][T19562]  ? __pfx_netdev_run_todo+0x10/0x10
[ 1273.133320][T19562]  ? minstrel_ht_alloc+0x6e0/0x7e0
[ 1273.133342][T19562]  ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0
[ 1273.133361][T19562]  ieee80211_register_hw+0x34a7/0x4110
[ 1273.133388][T19562]  ? ieee80211_register_hw+0x1411/0x4110
[ 1273.133411][T19562]  ? __pfx_ieee80211_register_hw+0x10/0x10
[ 1273.133439][T19562]  ? __hrtimer_setup+0x181/0x200
[ 1273.133456][T19562]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[ 1273.133477][T19562]  mac80211_hwsim_new_radio+0x2f6d/0x52f0
[ 1273.133512][T19562]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[ 1273.133526][T19562]  ? kstrndup+0xbf/0x160
[ 1273.133547][T19562]  hwsim_new_radio_nl+0xf5b/0x1bd0
[ 1273.133567][T19562]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1273.133593][T19562]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1273.133613][T19562]  ? rcu_is_watching+0x15/0xb0
[ 1273.133633][T19562]  ? __nla_parse+0x40/0x60
[ 1273.133651][T19562]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 1273.133672][T19562]  genl_family_rcv_msg_doit+0x215/0x300
[ 1273.133691][T19562]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1273.133716][T19562]  ? bpf_lsm_capable+0x9/0x20
[ 1273.133733][T19562]  ? security_capable+0x7e/0x2e0
[ 1273.133755][T19562]  genl_rcv_msg+0x60e/0x790
[ 1273.133774][T19562]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1273.133787][T19562]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1273.133804][T19562]  ? __asan_memcpy+0x40/0x70
[ 1273.133826][T19562]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1273.133840][T19562]  ? __skb_clone+0x63/0x7a0
[ 1273.133863][T19562]  netlink_rcv_skb+0x208/0x470
[ 1273.133883][T19562]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1273.133898][T19562]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1273.133915][T19562]  ? genl_rcv+0x19/0x40
[ 1273.133940][T19562]  ? down_read+0x274/0x2e0
[ 1273.133962][T19562]  ? genl_rcv+0xd/0x40
[ 1273.133977][T19562]  genl_rcv+0x28/0x40
[ 1273.133989][T19562]  netlink_unicast+0x82f/0x9e0
[ 1273.134039][T19562]  ? __pfx_netlink_unicast+0x10/0x10
[ 1273.134062][T19562]  ? __alloc_skb+0x198/0x3a0
[ 1273.134084][T19562]  ? netlink_sendmsg+0x642/0xb30
[ 1273.134109][T19562]  ? skb_put+0x11b/0x210
[ 1273.134134][T19562]  netlink_sendmsg+0x805/0xb30
[ 1273.134161][T19562]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1273.134182][T19562]  ? __import_iovec+0x5d4/0x7f0
[ 1273.134199][T19562]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1273.134219][T19562]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1273.134233][T19562]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1273.134253][T19562]  __sock_sendmsg+0x21c/0x270
[ 1273.134295][T19562]  ____sys_sendmsg+0x505/0x820
[ 1273.134318][T19562]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1273.134343][T19562]  ? preempt_schedule_thunk+0x16/0x30
[ 1273.134362][T19562]  ___sys_sendmsg+0x21f/0x2a0
[ 1273.134383][T19562]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1273.134404][T19562]  ? futex_private_hash_put+0x13b/0x170
[ 1273.134430][T19562]  ? futex_wake+0x4b2/0x560
[ 1273.134470][T19562]  ? __fget_files+0x2a/0x420
[ 1273.134488][T19562]  ? __fget_files+0x3a0/0x420
[ 1273.134515][T19562]  __sys_sendmsg+0x164/0x220
[ 1273.134536][T19562]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1273.134563][T19562]  ? rcu_is_watching+0x15/0xb0
[ 1273.134591][T19562]  __do_fast_syscall_32+0x1dc/0x570
[ 1273.134609][T19562]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1273.134624][T19562]  ? do_fast_syscall_32+0x34/0x80
[ 1273.134641][T19562]  ? irqentry_exit+0x10f/0x670
[ 1273.134655][T19562]  ? rcu_is_watching+0x15/0xb0
[ 1273.134676][T19562]  do_fast_syscall_32+0x34/0x80
[ 1273.134694][T19562]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1273.134716][T19562] RIP: 0023:0xf709d539
[ 1273.134730][T19562] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1273.134743][T19562] RSP: 002b:00000000f544b55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1273.134760][T19562] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000080000100
[ 1273.134771][T19562] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1273.134781][T19562] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1273.134790][T19562] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1273.134799][T19562] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1273.134821][T19562]  </TASK>
[ 1273.647313][T19441] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1273.733528][T19441] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1273.823115][   T30] audit: type=1326 audit(1768422871.502:1115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19566 comm="syz.8.3661" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf702d539 code=0x0
[ 1273.848958][T19441] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1273.940501][T13279] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[ 1273.946961][T19441] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1273.964554][T13279] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[ 1273.976390][T13279] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[ 1273.985063][T13279] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[ 1273.993037][T13279] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[ 1274.000903][T19569] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3661'.
[ 1274.366036][T19581] netlink: 1264 bytes leftover after parsing attributes in process `syz.7.3662'.
[ 1274.911962][T19441] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1275.114004][T19591] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!‚lü1Ü*ø$pOcÚÉ”Î'
[ 1275.135849][T19591] CPU: 0 UID: 0 PID: 19591 Comm: syz.8.3663 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1275.135889][T19591] Tainted: [L]=SOFTLOCKUP
[ 1275.135899][T19591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1275.135914][T19591] Call Trace:
[ 1275.135924][T19591]  <TASK>
[ 1275.135935][T19591]  dump_stack_lvl+0xe8/0x150
[ 1275.135972][T19591]  sysfs_warn_dup+0x8e/0xa0
[ 1275.135998][T19591]  sysfs_do_create_link_sd+0xc0/0x110
[ 1275.136026][T19591]  device_add_class_symlinks+0x1cf/0x240
[ 1275.136055][T19591]  device_add+0x475/0xb80
[ 1275.136094][T19591]  wiphy_register+0x1d2e/0x2d20
[ 1275.136147][T19591]  ? __pfx_wiphy_register+0x10/0x10
[ 1275.136181][T19591]  ? __pfx_netdev_run_todo+0x10/0x10
[ 1275.136215][T19591]  ? minstrel_ht_alloc+0x6e0/0x7e0
[ 1275.136250][T19591]  ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0
[ 1275.136279][T19591]  ieee80211_register_hw+0x34a7/0x4110
[ 1275.136320][T19591]  ? ieee80211_register_hw+0x1411/0x4110
[ 1275.136364][T19591]  ? __pfx_ieee80211_register_hw+0x10/0x10
[ 1275.136410][T19591]  ? __hrtimer_setup+0x181/0x200
[ 1275.136431][T19591]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[ 1275.136456][T19591]  mac80211_hwsim_new_radio+0x2f6d/0x52f0
[ 1275.136497][T19591]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[ 1275.136513][T19591]  ? kstrndup+0xbf/0x160
[ 1275.136540][T19591]  hwsim_new_radio_nl+0xf5b/0x1bd0
[ 1275.136564][T19591]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1275.136595][T19591]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1275.136618][T19591]  ? rcu_is_watching+0x15/0xb0
[ 1275.136641][T19591]  ? __nla_parse+0x40/0x60
[ 1275.136663][T19591]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 1275.136688][T19591]  genl_family_rcv_msg_doit+0x215/0x300
[ 1275.136711][T19591]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1275.136739][T19591]  ? bpf_lsm_capable+0x9/0x20
[ 1275.136758][T19591]  ? security_capable+0x7e/0x2e0
[ 1275.136783][T19591]  genl_rcv_msg+0x60e/0x790
[ 1275.136826][T19591]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1275.136842][T19591]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1275.136864][T19591]  ? __asan_memcpy+0x40/0x70
[ 1275.136890][T19591]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1275.136906][T19591]  ? __skb_clone+0x63/0x7a0
[ 1275.136933][T19591]  netlink_rcv_skb+0x208/0x470
[ 1275.136956][T19591]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1275.136974][T19591]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1275.136993][T19591]  ? genl_rcv+0x19/0x40
[ 1275.137022][T19591]  ? down_read+0x274/0x2e0
[ 1275.137065][T19591]  ? genl_rcv+0xd/0x40
[ 1275.137083][T19591]  genl_rcv+0x28/0x40
[ 1275.137098][T19591]  netlink_unicast+0x82f/0x9e0
[ 1275.137128][T19591]  ? __pfx_netlink_unicast+0x10/0x10
[ 1275.137148][T19591]  ? __alloc_skb+0x198/0x3a0
[ 1275.137167][T19591]  ? netlink_sendmsg+0x642/0xb30
[ 1275.137202][T19591]  ? skb_put+0x11b/0x210
[ 1275.137225][T19591]  netlink_sendmsg+0x805/0xb30
[ 1275.137277][T19591]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1275.137305][T19591]  ? __import_iovec+0x5d4/0x7f0
[ 1275.137327][T19591]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1275.137352][T19591]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1275.137370][T19591]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1275.137396][T19591]  __sock_sendmsg+0x21c/0x270
[ 1275.137427][T19591]  ____sys_sendmsg+0x505/0x820
[ 1275.137455][T19591]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1275.137484][T19591]  ? preempt_schedule_thunk+0x16/0x30
[ 1275.137507][T19591]  ___sys_sendmsg+0x21f/0x2a0
[ 1275.137545][T19591]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1275.137569][T19591]  ? futex_private_hash_put+0x13b/0x170
[ 1275.137599][T19591]  ? futex_wake+0x4b2/0x560
[ 1275.137642][T19591]  ? __fget_files+0x2a/0x420
[ 1275.137664][T19591]  ? __fget_files+0x3a0/0x420
[ 1275.137695][T19591]  __sys_sendmsg+0x164/0x220
[ 1275.137718][T19591]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1275.137748][T19591]  ? rcu_is_watching+0x15/0xb0
[ 1275.137809][T19591]  __do_fast_syscall_32+0x1dc/0x570
[ 1275.137831][T19591]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1275.137849][T19591]  ? do_fast_syscall_32+0x34/0x80
[ 1275.137869][T19591]  ? irqentry_exit+0x10f/0x670
[ 1275.137892][T19591]  do_fast_syscall_32+0x34/0x80
[ 1275.137914][T19591]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1275.137937][T19591] RIP: 0023:0xf702d539
[ 1275.137954][T19591] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1275.137969][T19591] RSP: 002b:00000000f53db55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1275.137990][T19591] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000080000100
[ 1275.138003][T19591] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1275.138015][T19591] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1275.138026][T19591] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1275.138038][T19591] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1275.138065][T19591]  </TASK>
[ 1276.160460][ T5830] Bluetooth: hci10: command tx timeout
[ 1276.545794][T19441] 8021q: adding VLAN 0 to HW filter on device team0
[ 1276.709917][T13731] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1276.717101][T13731] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1276.777897][T13731] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1276.785102][T13731] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1276.815964][T19578] chnl_net:caif_netlink_parms(): no params data found
[ 1277.327768][T19610] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3667'.
[ 1277.467957][T19441] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1277.503463][T19578] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1277.510643][T19578] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1277.518077][T19578] bridge_slave_0: entered allmulticast mode
[ 1277.528590][T19578] bridge_slave_0: entered promiscuous mode
[ 1277.560258][T19578] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1277.593258][T19578] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1277.611269][T19578] bridge_slave_1: entered allmulticast mode
[ 1277.750565][T19578] bridge_slave_1: entered promiscuous mode
[ 1278.025280][ T5830] Bluetooth: hci6: unexpected event for opcode 0x1804
[ 1278.242094][ T5830] Bluetooth: hci10: command tx timeout
[ 1278.329557][T19578] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1278.409223][T19578] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1278.638645][T19441] veth0_vlan: entered promiscuous mode
[ 1278.674596][T19578] team0: Port device team_slave_0 added
[ 1278.722635][T19441] veth1_vlan: entered promiscuous mode
[ 1278.736171][T19578] team0: Port device team_slave_1 added
[ 1279.121222][   T30] audit: type=1326 audit(1768422876.792:1116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19627 comm="syz.8.3671" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf702d539 code=0x0
[ 1279.341850][T19625] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!‚lü1Ü*ø$pOcÚÉ”Î'
[ 1279.351698][T19625] CPU: 0 UID: 0 PID: 19625 Comm: syz.2.3670 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1279.351732][T19625] Tainted: [L]=SOFTLOCKUP
[ 1279.351740][T19625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1279.351753][T19625] Call Trace:
[ 1279.351762][T19625]  <TASK>
[ 1279.351772][T19625]  dump_stack_lvl+0xe8/0x150
[ 1279.351804][T19625]  sysfs_warn_dup+0x8e/0xa0
[ 1279.351826][T19625]  sysfs_do_create_link_sd+0xc0/0x110
[ 1279.351851][T19625]  device_add_class_symlinks+0x1cf/0x240
[ 1279.351877][T19625]  device_add+0x475/0xb80
[ 1279.351901][T19625]  wiphy_register+0x1d2e/0x2d20
[ 1279.351948][T19625]  ? __pfx_wiphy_register+0x10/0x10
[ 1279.351975][T19625]  ? __pfx_netdev_run_todo+0x10/0x10
[ 1279.352002][T19625]  ? minstrel_ht_alloc+0x6e0/0x7e0
[ 1279.352033][T19625]  ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0
[ 1279.352061][T19625]  ieee80211_register_hw+0x34a7/0x4110
[ 1279.352085][T19625]  ? __lock_acquire+0x6b6/0x2cf0
[ 1279.352117][T19625]  ? ieee80211_register_hw+0x1411/0x4110
[ 1279.352151][T19625]  ? __pfx_ieee80211_register_hw+0x10/0x10
[ 1279.352209][T19625]  ? __hrtimer_setup+0x181/0x200
[ 1279.352233][T19625]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[ 1279.352264][T19625]  mac80211_hwsim_new_radio+0x2f6d/0x52f0
[ 1279.352318][T19625]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[ 1279.352347][T19625]  ? kstrndup+0xbf/0x160
[ 1279.352381][T19625]  hwsim_new_radio_nl+0xf5b/0x1bd0
[ 1279.352411][T19625]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1279.352450][T19625]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1279.352481][T19625]  ? rcu_is_watching+0x15/0xb0
[ 1279.352510][T19625]  ? __nla_parse+0x40/0x60
[ 1279.352537][T19625]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 1279.352567][T19625]  genl_family_rcv_msg_doit+0x215/0x300
[ 1279.352595][T19625]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1279.352630][T19625]  ? bpf_lsm_capable+0x9/0x20
[ 1279.352654][T19625]  ? security_capable+0x7e/0x2e0
[ 1279.352684][T19625]  genl_rcv_msg+0x60e/0x790
[ 1279.352712][T19625]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1279.352751][T19625]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1279.352778][T19625]  ? __asan_memcpy+0x40/0x70
[ 1279.352811][T19625]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1279.352832][T19625]  ? __skb_clone+0x63/0x7a0
[ 1279.352868][T19625]  netlink_rcv_skb+0x208/0x470
[ 1279.352898][T19625]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1279.352922][T19625]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1279.352949][T19625]  ? genl_rcv+0x19/0x40
[ 1279.352988][T19625]  ? down_read+0x274/0x2e0
[ 1279.353013][T19625]  ? genl_rcv+0xd/0x40
[ 1279.353036][T19625]  genl_rcv+0x28/0x40
[ 1279.353055][T19625]  netlink_unicast+0x82f/0x9e0
[ 1279.353092][T19625]  ? __pfx_netlink_unicast+0x10/0x10
[ 1279.353117][T19625]  ? __alloc_skb+0x198/0x3a0
[ 1279.353142][T19625]  ? netlink_sendmsg+0x642/0xb30
[ 1279.353170][T19625]  ? skb_put+0x11b/0x210
[ 1279.353199][T19625]  netlink_sendmsg+0x805/0xb30
[ 1279.353240][T19625]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1279.353273][T19625]  ? __import_iovec+0x5d4/0x7f0
[ 1279.353298][T19625]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1279.353335][T19625]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1279.353355][T19625]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1279.353387][T19625]  __sock_sendmsg+0x21c/0x270
[ 1279.353424][T19625]  ____sys_sendmsg+0x505/0x820
[ 1279.353458][T19625]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1279.353494][T19625]  ? __pfx_futex_wake_mark+0x10/0x10
[ 1279.353531][T19625]  ___sys_sendmsg+0x21f/0x2a0
[ 1279.353561][T19625]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1279.353598][T19625]  ? futex_wait+0x285/0x360
[ 1279.353656][T19625]  ? __fget_files+0x2a/0x420
[ 1279.353682][T19625]  ? __fget_files+0x3a0/0x420
[ 1279.353722][T19625]  __sys_sendmsg+0x164/0x220
[ 1279.353752][T19625]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1279.353819][T19625]  __do_fast_syscall_32+0x1dc/0x570
[ 1279.353842][T19625]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1279.353862][T19625]  ? do_fast_syscall_32+0x34/0x80
[ 1279.353885][T19625]  ? irqentry_exit+0x10f/0x670
[ 1279.353911][T19625]  do_fast_syscall_32+0x34/0x80
[ 1279.353935][T19625]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1279.353961][T19625] RIP: 0023:0xf708d539
[ 1279.353980][T19625] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1279.353999][T19625] RSP: 002b:00000000f543b55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1279.354022][T19625] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000080000100
[ 1279.354037][T19625] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1279.354050][T19625] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1279.354062][T19625] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1279.354075][T19625] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1279.354107][T19625]  </TASK>
[ 1280.323068][ T5830] Bluetooth: hci10: command tx timeout
[ 1280.471441][T19578] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1280.511194][T19578] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1280.646826][T19578] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1280.721584][T19578] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1280.741476][T19578] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1280.871519][T19578] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1281.317320][T19441] veth0_macvtap: entered promiscuous mode
[ 1281.631574][T19644] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!‚lü1Ü*ø$pOcÚÉ”Î'
[ 1281.667202][T19644] CPU: 1 UID: 0 PID: 19644 Comm: syz.8.3675 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1281.667240][T19644] Tainted: [L]=SOFTLOCKUP
[ 1281.667250][T19644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1281.667264][T19644] Call Trace:
[ 1281.667274][T19644]  <TASK>
[ 1281.667284][T19644]  dump_stack_lvl+0xe8/0x150
[ 1281.667319][T19644]  sysfs_warn_dup+0x8e/0xa0
[ 1281.667344][T19644]  sysfs_do_create_link_sd+0xc0/0x110
[ 1281.667371][T19644]  device_add_class_symlinks+0x1cf/0x240
[ 1281.667399][T19644]  device_add+0x475/0xb80
[ 1281.667428][T19644]  wiphy_register+0x1d2e/0x2d20
[ 1281.667480][T19644]  ? __pfx_wiphy_register+0x10/0x10
[ 1281.667513][T19644]  ? __pfx_netdev_run_todo+0x10/0x10
[ 1281.667545][T19644]  ? minstrel_ht_alloc+0x6e0/0x7e0
[ 1281.667581][T19644]  ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0
[ 1281.667612][T19644]  ieee80211_register_hw+0x34a7/0x4110
[ 1281.667638][T19644]  ? __lock_acquire+0x6b6/0x2cf0
[ 1281.667674][T19644]  ? ieee80211_register_hw+0x1411/0x4110
[ 1281.667704][T19644]  ? __pfx_ieee80211_register_hw+0x10/0x10
[ 1281.667741][T19644]  ? __hrtimer_setup+0x181/0x200
[ 1281.667763][T19644]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[ 1281.667788][T19644]  mac80211_hwsim_new_radio+0x2f6d/0x52f0
[ 1281.667833][T19644]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[ 1281.667850][T19644]  ? kstrndup+0xbf/0x160
[ 1281.667879][T19644]  hwsim_new_radio_nl+0xf5b/0x1bd0
[ 1281.667904][T19644]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1281.667924][T19644]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1281.667954][T19644]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1281.667972][T19644]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1281.668004][T19644]  ? rcu_is_watching+0x15/0xb0
[ 1281.668029][T19644]  ? __nla_parse+0x40/0x60
[ 1281.668051][T19644]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 1281.668077][T19644]  genl_family_rcv_msg_doit+0x215/0x300
[ 1281.668109][T19644]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1281.668139][T19644]  ? bpf_lsm_capable+0x9/0x20
[ 1281.668160][T19644]  ? security_capable+0x7e/0x2e0
[ 1281.668186][T19644]  genl_rcv_msg+0x60e/0x790
[ 1281.668210][T19644]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1281.668227][T19644]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1281.668248][T19644]  ? __asan_memcpy+0x40/0x70
[ 1281.668284][T19644]  netlink_rcv_skb+0x208/0x470
[ 1281.668308][T19644]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1281.668327][T19644]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1281.668348][T19644]  ? genl_rcv+0x19/0x40
[ 1281.668378][T19644]  ? down_read+0x274/0x2e0
[ 1281.668398][T19644]  ? genl_rcv+0xd/0x40
[ 1281.668416][T19644]  genl_rcv+0x28/0x40
[ 1281.668431][T19644]  netlink_unicast+0x82f/0x9e0
[ 1281.668459][T19644]  ? __pfx_netlink_unicast+0x10/0x10
[ 1281.668479][T19644]  ? __alloc_skb+0x198/0x3a0
[ 1281.668499][T19644]  ? netlink_sendmsg+0x642/0xb30
[ 1281.668521][T19644]  ? skb_put+0x11b/0x210
[ 1281.668544][T19644]  netlink_sendmsg+0x805/0xb30
[ 1281.668577][T19644]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1281.668603][T19644]  ? __import_iovec+0x5d4/0x7f0
[ 1281.668623][T19644]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1281.668648][T19644]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1281.668664][T19644]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1281.668689][T19644]  __sock_sendmsg+0x21c/0x270
[ 1281.668719][T19644]  ____sys_sendmsg+0x505/0x820
[ 1281.668747][T19644]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1281.668775][T19644]  ? preempt_schedule_thunk+0x16/0x30
[ 1281.668798][T19644]  ___sys_sendmsg+0x21f/0x2a0
[ 1281.668822][T19644]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1281.668846][T19644]  ? futex_private_hash_put+0x13b/0x170
[ 1281.668877][T19644]  ? futex_wake+0x4b2/0x560
[ 1281.668921][T19644]  ? __fget_files+0x2a/0x420
[ 1281.668943][T19644]  ? __fget_files+0x3a0/0x420
[ 1281.668974][T19644]  __sys_sendmsg+0x164/0x220
[ 1281.668998][T19644]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1281.669028][T19644]  ? rcu_is_watching+0x15/0xb0
[ 1281.669059][T19644]  __do_fast_syscall_32+0x1dc/0x570
[ 1281.669080][T19644]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1281.669098][T19644]  ? do_fast_syscall_32+0x34/0x80
[ 1281.669123][T19644]  ? irqentry_exit+0x10f/0x670
[ 1281.669140][T19644]  ? rcu_is_watching+0x15/0xb0
[ 1281.669163][T19644]  do_fast_syscall_32+0x34/0x80
[ 1281.669185][T19644]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1281.669206][T19644] RIP: 0023:0xf702d539
[ 1281.669222][T19644] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1281.669238][T19644] RSP: 002b:00000000f53db55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1281.669258][T19644] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000080000100
[ 1281.669271][T19644] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1281.669282][T19644] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1281.669293][T19644] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1281.669304][T19644] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1281.669331][T19644]  </TASK>
[ 1282.404548][ T5830] Bluetooth: hci10: command tx timeout
[ 1282.728758][T19578] hsr_slave_0: entered promiscuous mode
[ 1282.763686][T19578] hsr_slave_1: entered promiscuous mode
[ 1282.798636][T19578] debugfs: 'hsr0' already exists in 'hsr'
[ 1282.813266][T19578] Cannot create hsr debugfs directory
[ 1282.963847][T19441] veth1_macvtap: entered promiscuous mode
[ 1283.175155][T19441] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1283.270481][T19441] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1283.737964][T19660] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1283.749452][T19660] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1283.851102][   T30] audit: type=1326 audit(1768422881.472:1117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19663 comm="syz.8.3681" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf702d539 code=0x0
[ 1283.880771][T17697] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1283.925814][T19665] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3681'.
[ 1284.059469][T17697] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1284.094055][T17697] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1284.180057][T17697] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1284.595076][T19669] netlink: 20 bytes leftover after parsing attributes in process `syz.8.3682'.
[ 1285.462381][T19686] loop5: detected capacity change from 0 to 7
[ 1285.472205][T19686] Dev loop5: unable to read RDB block 7
[ 1285.478109][T19686]  loop5: AHDI p3
[ 1285.531180][T19686] loop5: partition table partially beyond EOD, truncated
[ 1285.978906][T19678] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!‚lü1Ü*ø$pOcÚÉ”Î'
[ 1286.037460][T19678] CPU: 0 UID: 0 PID: 19678 Comm: syz.8.3684 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1286.037499][T19678] Tainted: [L]=SOFTLOCKUP
[ 1286.037509][T19678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1286.037524][T19678] Call Trace:
[ 1286.037533][T19678]  <TASK>
[ 1286.037544][T19678]  dump_stack_lvl+0xe8/0x150
[ 1286.037580][T19678]  sysfs_warn_dup+0x8e/0xa0
[ 1286.037604][T19678]  sysfs_do_create_link_sd+0xc0/0x110
[ 1286.037637][T19678]  device_add_class_symlinks+0x1cf/0x240
[ 1286.037667][T19678]  device_add+0x475/0xb80
[ 1286.037694][T19678]  wiphy_register+0x1d2e/0x2d20
[ 1286.037747][T19678]  ? __pfx_wiphy_register+0x10/0x10
[ 1286.037778][T19678]  ? __pfx_netdev_run_todo+0x10/0x10
[ 1286.037811][T19678]  ? minstrel_ht_alloc+0x6e0/0x7e0
[ 1286.037847][T19678]  ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0
[ 1286.037877][T19678]  ieee80211_register_hw+0x34a7/0x4110
[ 1286.037922][T19678]  ? ieee80211_register_hw+0x1411/0x4110
[ 1286.037959][T19678]  ? __pfx_ieee80211_register_hw+0x10/0x10
[ 1286.037993][T19678]  ? preempt_schedule_common+0x83/0xd0
[ 1286.038026][T19678]  ? __hrtimer_setup+0x181/0x200
[ 1286.038053][T19678]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[ 1286.038085][T19678]  mac80211_hwsim_new_radio+0x2f6d/0x52f0
[ 1286.038142][T19678]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[ 1286.038165][T19678]  ? kstrndup+0xbf/0x160
[ 1286.038201][T19678]  hwsim_new_radio_nl+0xf5b/0x1bd0
[ 1286.038232][T19678]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1286.038274][T19678]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1286.038305][T19678]  ? rcu_is_watching+0x15/0xb0
[ 1286.038337][T19678]  ? __nla_parse+0x40/0x60
[ 1286.038366][T19678]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 1286.038399][T19678]  genl_family_rcv_msg_doit+0x215/0x300
[ 1286.038430][T19678]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1286.038468][T19678]  ? bpf_lsm_capable+0x9/0x20
[ 1286.038494][T19678]  ? security_capable+0x7e/0x2e0
[ 1286.038528][T19678]  genl_rcv_msg+0x60e/0x790
[ 1286.038558][T19678]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1286.038579][T19678]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1286.038606][T19678]  ? __asan_memcpy+0x40/0x70
[ 1286.038648][T19678]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1286.038669][T19678]  ? __skb_clone+0x63/0x7a0
[ 1286.038705][T19678]  netlink_rcv_skb+0x208/0x470
[ 1286.038736][T19678]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1286.038760][T19678]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1286.038786][T19678]  ? genl_rcv+0x19/0x40
[ 1286.038826][T19678]  ? down_read+0x274/0x2e0
[ 1286.038851][T19678]  ? genl_rcv+0xd/0x40
[ 1286.038873][T19678]  genl_rcv+0x28/0x40
[ 1286.038893][T19678]  netlink_unicast+0x82f/0x9e0
[ 1286.038929][T19678]  ? __pfx_netlink_unicast+0x10/0x10
[ 1286.038954][T19678]  ? __alloc_skb+0x198/0x3a0
[ 1286.038979][T19678]  ? netlink_sendmsg+0x642/0xb30
[ 1286.039006][T19678]  ? skb_put+0x11b/0x210
[ 1286.039036][T19678]  netlink_sendmsg+0x805/0xb30
[ 1286.039076][T19678]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1286.039109][T19678]  ? __import_iovec+0x5d4/0x7f0
[ 1286.039133][T19678]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1286.039164][T19678]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1286.039184][T19678]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1286.039215][T19678]  __sock_sendmsg+0x21c/0x270
[ 1286.039253][T19678]  ____sys_sendmsg+0x505/0x820
[ 1286.039287][T19678]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1286.039323][T19678]  ? preempt_schedule_thunk+0x16/0x30
[ 1286.039351][T19678]  ___sys_sendmsg+0x21f/0x2a0
[ 1286.039382][T19678]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1286.039412][T19678]  ? futex_private_hash_put+0x13b/0x170
[ 1286.039449][T19678]  ? futex_wake+0x4b2/0x560
[ 1286.039506][T19678]  ? __fget_files+0x2a/0x420
[ 1286.039532][T19678]  ? __fget_files+0x3a0/0x420
[ 1286.039572][T19678]  __sys_sendmsg+0x164/0x220
[ 1286.039603][T19678]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1286.039647][T19678]  ? rcu_is_watching+0x15/0xb0
[ 1286.039688][T19678]  __do_fast_syscall_32+0x1dc/0x570
[ 1286.039713][T19678]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1286.039735][T19678]  ? do_fast_syscall_32+0x34/0x80
[ 1286.039760][T19678]  ? irqentry_exit+0x10f/0x670
[ 1286.039782][T19678]  ? rcu_is_watching+0x15/0xb0
[ 1286.039812][T19678]  do_fast_syscall_32+0x34/0x80
[ 1286.039838][T19678]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1286.039865][T19678] RIP: 0023:0xf702d539
[ 1286.039885][T19678] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1286.039905][T19678] RSP: 002b:00000000f53db55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1286.039941][T19678] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000080000100
[ 1286.039957][T19678] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1286.039969][T19678] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1286.039982][T19678] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1286.039994][T19678] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1286.040027][T19678]  </TASK>
[ 1286.715988][T18219] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1286.795562][T18219] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1286.890661][T19699] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3686'.
[ 1286.997912][T19576] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1287.015527][T19699] netlink: 'syz.7.3686': attribute type 10 has an invalid length.
[ 1287.046094][T19699] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1287.114721][T19699] team0: Port device bond0 added
[ 1287.171094][T19576] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1287.558430][T19578] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1287.733460][T19578] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1287.887468][T19578] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1288.210610][T19578] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1288.798864][T19578] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1288.939237][T19578] 8021q: adding VLAN 0 to HW filter on device team0
[ 1289.004916][   T30] audit: type=1326 audit(1768422886.672:1118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19727 comm="syz.2.3690" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf708d539 code=0x0
[ 1289.215387][T15488] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1289.222630][T15488] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1289.298420][T17733] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1289.305666][T17733] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1289.707519][T19578] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1290.078980][T19578] veth0_vlan: entered promiscuous mode
[ 1290.153166][T19578] veth1_vlan: entered promiscuous mode
[ 1290.306245][T19578] veth0_macvtap: entered promiscuous mode
[ 1290.384873][T19578] veth1_macvtap: entered promiscuous mode
[ 1290.510701][T19578] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1290.535065][T19578] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1290.590467][T19754] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3696'.
[ 1290.625906][T19754] vlan2: entered promiscuous mode
[ 1290.678404][T19754] dummy0: entered promiscuous mode
[ 1290.827002][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1290.849783][   T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1290.932932][T19752] debugfs: '1ùà^!‚lü1Ü*ø$pOcÚÉ”Î' already exists in 'ieee80211'
[ 1292.152058][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1292.224924][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1292.807319][T13731] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1292.834373][   T30] audit: type=1326 audit(1768422890.512:1119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19782 comm="syz.7.3700" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf709d539 code=0x0
[ 1292.870904][T13731] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1293.310240][ T3472] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1293.366436][ T3472] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1293.622834][T19800] loop5: detected capacity change from 0 to 7
[ 1293.668108][T19800] Dev loop5: unable to read RDB block 7
[ 1293.702264][T19800]  loop5: AHDI p3
[ 1293.756841][T19800] loop5: partition table partially beyond EOD, truncated
[ 1295.627621][T19828] loop5: detected capacity change from 0 to 7
[ 1295.673164][T19828] Dev loop5: unable to read RDB block 7
[ 1295.711211][T19828]  loop5: AHDI p3
[ 1295.766353][T19828] loop5: partition table partially beyond EOD, truncated
[ 1295.903263][T19830] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1296.587265][T19843] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3710'.
[ 1296.831018][ T5945] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[ 1296.844219][T19849] loop5: detected capacity change from 0 to 7
[ 1296.914122][T19612] Dev loop5: unable to read RDB block 7
[ 1296.919714][T19612]  loop5: AHDI p3
[ 1296.924664][T19612] loop5: partition table partially beyond EOD, truncated
[ 1297.108987][T19849] Dev loop5: unable to read RDB block 7
[ 1297.121232][ T5945] usb 9-1: Using ep0 maxpacket: 32
[ 1297.138532][T19849]  loop5: AHDI p3
[ 1297.146871][T19849] loop5: partition table partially beyond EOD, truncated
[ 1297.194547][ T5945] usb 9-1: unable to get BOS descriptor or descriptor too short
[ 1297.269277][ T5945] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1297.300264][ T5945] usb 9-1: config 1 interface 0 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1297.345608][ T5945] usb 9-1: config 1 interface 0 has no altsetting 0
[ 1297.397535][ T5945] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1297.661252][ T5945] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1297.695736][ T5945] usb 9-1: Product: syz
[ 1297.731289][ T5945] usb 9-1: Manufacturer: syz
[ 1297.735956][ T5945] usb 9-1: SerialNumber: syz
[ 1297.896913][T19862] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1298.006098][ T5945] usb 9-1: bad CDC descriptors
[ 1298.061858][ T5945] usb 9-1: USB disconnect, device number 3
[ 1299.891317][T19897] loop5: detected capacity change from 0 to 7
[ 1299.901032][T19897] Dev loop5: unable to read RDB block 7
[ 1299.906759][T19897]  loop5: AHDI p3
[ 1299.910830][T19897] loop5: partition table partially beyond EOD, truncated
[ 1300.597442][T19904] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3722'.
[ 1301.215478][T19918] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!‚lü1Ü*ø$pOcÚÉ”Î'
[ 1301.271227][T19918] CPU: 1 UID: 0 PID: 19918 Comm: syz.2.3723 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1301.271276][T19918] Tainted: [L]=SOFTLOCKUP
[ 1301.271285][T19918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1301.271297][T19918] Call Trace:
[ 1301.271306][T19918]  <TASK>
[ 1301.271315][T19918]  dump_stack_lvl+0xe8/0x150
[ 1301.271347][T19918]  sysfs_warn_dup+0x8e/0xa0
[ 1301.271371][T19918]  sysfs_do_create_link_sd+0xc0/0x110
[ 1301.271388][T19918]  device_add_class_symlinks+0x1cf/0x240
[ 1301.271407][T19918]  device_add+0x475/0xb80
[ 1301.271426][T19918]  wiphy_register+0x1d2e/0x2d20
[ 1301.271459][T19918]  ? __pfx_wiphy_register+0x10/0x10
[ 1301.271481][T19918]  ? __pfx_netdev_run_todo+0x10/0x10
[ 1301.271502][T19918]  ? minstrel_ht_alloc+0x6e0/0x7e0
[ 1301.271525][T19918]  ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0
[ 1301.271545][T19918]  ieee80211_register_hw+0x34a7/0x4110
[ 1301.271563][T19918]  ? __lock_acquire+0x6b6/0x2cf0
[ 1301.271586][T19918]  ? ieee80211_register_hw+0x1411/0x4110
[ 1301.271610][T19918]  ? __pfx_ieee80211_register_hw+0x10/0x10
[ 1301.271639][T19918]  ? __hrtimer_setup+0x181/0x200
[ 1301.271657][T19918]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[ 1301.271678][T19918]  mac80211_hwsim_new_radio+0x2f6d/0x52f0
[ 1301.271715][T19918]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[ 1301.271729][T19918]  ? kstrndup+0xbf/0x160
[ 1301.271752][T19918]  hwsim_new_radio_nl+0xf5b/0x1bd0
[ 1301.271773][T19918]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1301.271799][T19918]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1301.271819][T19918]  ? rcu_is_watching+0x15/0xb0
[ 1301.271839][T19918]  ? __nla_parse+0x40/0x60
[ 1301.271858][T19918]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 1301.271879][T19918]  genl_family_rcv_msg_doit+0x215/0x300
[ 1301.271898][T19918]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1301.271922][T19918]  ? bpf_lsm_capable+0x9/0x20
[ 1301.271938][T19918]  ? security_capable+0x7e/0x2e0
[ 1301.271960][T19918]  genl_rcv_msg+0x60e/0x790
[ 1301.271978][T19918]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1301.272003][T19918]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1301.272018][T19918]  ? __asan_memcpy+0x40/0x70
[ 1301.272045][T19918]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1301.272059][T19918]  ? __skb_clone+0x63/0x7a0
[ 1301.272081][T19918]  netlink_rcv_skb+0x208/0x470
[ 1301.272100][T19918]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1301.272118][T19918]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1301.272134][T19918]  ? genl_rcv+0x19/0x40
[ 1301.272158][T19918]  ? down_read+0x274/0x2e0
[ 1301.272173][T19918]  ? genl_rcv+0xd/0x40
[ 1301.272186][T19918]  genl_rcv+0x28/0x40
[ 1301.272198][T19918]  netlink_unicast+0x82f/0x9e0
[ 1301.272219][T19918]  ? __pfx_netlink_unicast+0x10/0x10
[ 1301.272235][T19918]  ? __alloc_skb+0x198/0x3a0
[ 1301.272249][T19918]  ? netlink_sendmsg+0x642/0xb30
[ 1301.272266][T19918]  ? skb_put+0x11b/0x210
[ 1301.272284][T19918]  netlink_sendmsg+0x805/0xb30
[ 1301.272308][T19918]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1301.272329][T19918]  ? __import_iovec+0x5d4/0x7f0
[ 1301.272344][T19918]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1301.272363][T19918]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1301.272375][T19918]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1301.272394][T19918]  __sock_sendmsg+0x21c/0x270
[ 1301.272417][T19918]  ____sys_sendmsg+0x505/0x820
[ 1301.272438][T19918]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1301.272459][T19918]  ? preempt_schedule_thunk+0x16/0x30
[ 1301.272476][T19918]  ___sys_sendmsg+0x21f/0x2a0
[ 1301.272494][T19918]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1301.272512][T19918]  ? futex_private_hash_put+0x13b/0x170
[ 1301.272535][T19918]  ? futex_wake+0x4b2/0x560
[ 1301.272587][T19918]  ? __fget_files+0x2a/0x420
[ 1301.272604][T19918]  ? __fget_files+0x3a0/0x420
[ 1301.272629][T19918]  __sys_sendmsg+0x164/0x220
[ 1301.272649][T19918]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1301.272673][T19918]  ? rcu_is_watching+0x15/0xb0
[ 1301.272699][T19918]  __do_fast_syscall_32+0x1dc/0x570
[ 1301.272716][T19918]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1301.272730][T19918]  ? do_fast_syscall_32+0x34/0x80
[ 1301.272746][T19918]  ? irqentry_exit+0x10f/0x670
[ 1301.272764][T19918]  do_fast_syscall_32+0x34/0x80
[ 1301.272781][T19918]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1301.272799][T19918] RIP: 0023:0xf708d539
[ 1301.272812][T19918] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1301.272824][T19918] RSP: 002b:00000000f543b55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1301.272839][T19918] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000080000100
[ 1301.272850][T19918] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1301.272858][T19918] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1301.272866][T19918] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1301.272875][T19918] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1301.272896][T19918]  </TASK>
[ 1302.733615][T19926] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3725'.
[ 1304.958647][T19631] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[ 1305.123240][T19631] usb 9-1: New USB device found, idVendor=172f, idProduct=0032, bcdDevice= 0.00
[ 1305.132763][T19631] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1305.205187][T19631] usb 9-1: config 0 descriptor??
[ 1305.294233][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1305.310974][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1305.706268][T19631] waltop 0003:172F:0032.0021: item fetching failed at offset 1/5
[ 1305.762814][T19631] waltop 0003:172F:0032.0021: probe with driver waltop failed with error -22
[ 1307.273626][T19986] block device autoloading is deprecated and will be removed.
[ 1307.411319][T19993] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3739'.
[ 1307.430719][T19994] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!‚lü1Ü*ø$pOcÚÉ”Î'
[ 1307.440436][T19994] CPU: 1 UID: 0 PID: 19994 Comm: syz.7.3738 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1307.440473][T19994] Tainted: [L]=SOFTLOCKUP
[ 1307.440482][T19994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1307.440497][T19994] Call Trace:
[ 1307.440507][T19994]  <TASK>
[ 1307.440517][T19994]  dump_stack_lvl+0xe8/0x150
[ 1307.440554][T19994]  sysfs_warn_dup+0x8e/0xa0
[ 1307.440579][T19994]  sysfs_do_create_link_sd+0xc0/0x110
[ 1307.440606][T19994]  device_add_class_symlinks+0x1cf/0x240
[ 1307.440636][T19994]  device_add+0x475/0xb80
[ 1307.440666][T19994]  wiphy_register+0x1d2e/0x2d20
[ 1307.440719][T19994]  ? __pfx_wiphy_register+0x10/0x10
[ 1307.440754][T19994]  ? __pfx_netdev_run_todo+0x10/0x10
[ 1307.440787][T19994]  ? minstrel_ht_alloc+0x6e0/0x7e0
[ 1307.440823][T19994]  ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0
[ 1307.440856][T19994]  ieee80211_register_hw+0x34a7/0x4110
[ 1307.440902][T19994]  ? ieee80211_register_hw+0x1411/0x4110
[ 1307.440943][T19994]  ? __pfx_ieee80211_register_hw+0x10/0x10
[ 1307.440989][T19994]  ? __hrtimer_setup+0x181/0x200
[ 1307.441016][T19994]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[ 1307.441048][T19994]  mac80211_hwsim_new_radio+0x2f6d/0x52f0
[ 1307.441107][T19994]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[ 1307.441130][T19994]  ? kstrndup+0xbf/0x160
[ 1307.441166][T19994]  hwsim_new_radio_nl+0xf5b/0x1bd0
[ 1307.441198][T19994]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1307.441240][T19994]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1307.441271][T19994]  ? rcu_is_watching+0x15/0xb0
[ 1307.441303][T19994]  ? __nla_parse+0x40/0x60
[ 1307.441333][T19994]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 1307.441375][T19994]  genl_family_rcv_msg_doit+0x215/0x300
[ 1307.441409][T19994]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1307.441449][T19994]  ? bpf_lsm_capable+0x9/0x20
[ 1307.441477][T19994]  ? security_capable+0x7e/0x2e0
[ 1307.441513][T19994]  genl_rcv_msg+0x60e/0x790
[ 1307.441544][T19994]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1307.441566][T19994]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1307.441594][T19994]  ? __asan_memcpy+0x40/0x70
[ 1307.441641][T19994]  netlink_rcv_skb+0x208/0x470
[ 1307.441673][T19994]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1307.441699][T19994]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1307.441727][T19994]  ? genl_rcv+0x19/0x40
[ 1307.441768][T19994]  ? down_read+0x274/0x2e0
[ 1307.441795][T19994]  ? genl_rcv+0xd/0x40
[ 1307.441819][T19994]  genl_rcv+0x28/0x40
[ 1307.441838][T19994]  netlink_unicast+0x82f/0x9e0
[ 1307.441877][T19994]  ? __pfx_netlink_unicast+0x10/0x10
[ 1307.441903][T19994]  ? __alloc_skb+0x198/0x3a0
[ 1307.441929][T19994]  ? netlink_sendmsg+0x642/0xb30
[ 1307.441957][T19994]  ? skb_put+0x11b/0x210
[ 1307.441987][T19994]  netlink_sendmsg+0x805/0xb30
[ 1307.442029][T19994]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1307.442063][T19994]  ? __import_iovec+0x5d4/0x7f0
[ 1307.442089][T19994]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1307.442122][T19994]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1307.442143][T19994]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1307.442175][T19994]  __sock_sendmsg+0x21c/0x270
[ 1307.442214][T19994]  ____sys_sendmsg+0x505/0x820
[ 1307.442249][T19994]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1307.442287][T19994]  ? preempt_schedule_thunk+0x16/0x30
[ 1307.442317][T19994]  ___sys_sendmsg+0x21f/0x2a0
[ 1307.442349][T19994]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1307.442387][T19994]  ? futex_private_hash_put+0x13b/0x170
[ 1307.442425][T19994]  ? futex_wake+0x4b2/0x560
[ 1307.442484][T19994]  ? __fget_files+0x2a/0x420
[ 1307.442513][T19994]  ? __fget_files+0x3a0/0x420
[ 1307.442554][T19994]  __sys_sendmsg+0x164/0x220
[ 1307.442586][T19994]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1307.442626][T19994]  ? rcu_is_watching+0x15/0xb0
[ 1307.442669][T19994]  __do_fast_syscall_32+0x1dc/0x570
[ 1307.442695][T19994]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1307.442718][T19994]  ? do_fast_syscall_32+0x34/0x80
[ 1307.442744][T19994]  ? irqentry_exit+0x10f/0x670
[ 1307.442766][T19994]  ? rcu_is_watching+0x15/0xb0
[ 1307.442798][T19994]  do_fast_syscall_32+0x34/0x80
[ 1307.442826][T19994]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1307.442854][T19994] RIP: 0023:0xf709d539
[ 1307.442874][T19994] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1307.442894][T19994] RSP: 002b:00000000f544b55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1307.442918][T19994] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000080000100
[ 1307.442935][T19994] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1307.442948][T19994] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1307.442962][T19994] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1307.442976][T19994] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1307.443012][T19994]  </TASK>
[ 1308.155430][T16978] usb 9-1: USB disconnect, device number 4
[ 1312.423719][T20055] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3749'.
[ 1312.491831][ T5830] Bluetooth: hci2: command 0x0406 tx timeout
[ 1312.771501][T19102] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[ 1312.951444][T19102] usb 9-1: Using ep0 maxpacket: 32
[ 1312.975838][T19102] usb 9-1: config 4 has an invalid interface number: 128 but max is 0
[ 1312.993348][T20065] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3752'.
[ 1313.007070][T19102] usb 9-1: config 4 has no interface number 0
[ 1313.019199][T19102] usb 9-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1313.038882][T19102] usb 9-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1313.069611][T19102] usb 9-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1313.092405][T19102] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1313.161438][T19102] hub 9-1:4.128: USB hub found
[ 1313.368420][T20056] syzkaller0: entered promiscuous mode
[ 1313.374195][T20056] syzkaller0: entered allmulticast mode
[ 1313.482360][T19102] hub 9-1:4.128: 2 ports detected
[ 1313.487602][T19102] hub 9-1:4.128: Using single TT (err -22)
[ 1313.561123][T20073] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[ 1313.567709][T20073] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1313.683830][T20073] vhci_hcd vhci_hcd.0: Device attached
[ 1313.716082][T20079] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(7)
[ 1313.722669][T20079] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1313.750694][T20079] vhci_hcd vhci_hcd.0: Device attached
[ 1313.922621][T16978] usb 37-1: new low-speed USB device number 3 using vhci_hcd
[ 1314.070636][T12179] IPVS: starting estimator thread 0...
[ 1314.142382][T19102] hub 9-1:4.128: hub_hub_status failed (err = -71)
[ 1314.149841][T19102] hub 9-1:4.128: config failed, can't get hub status (err -71)
[ 1314.161739][T20088] IPVS: using max 27 ests per chain, 64800 per kthread
[ 1314.274740][T19102] usb 9-1: USB disconnect, device number 5
[ 1314.941095][T19102] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[ 1314.955681][T20080] vhci_hcd: connection closed
[ 1314.956936][T20074] vhci_hcd: connection reset by peer
[ 1314.991330][ T1341] vhci_hcd vhci_hcd.2: stop threads
[ 1315.011565][ T1341] vhci_hcd vhci_hcd.2: release socket
[ 1315.018142][ T1341] vhci_hcd vhci_hcd.2: disconnect device
[ 1315.030095][ T1341] vhci_hcd vhci_hcd.2: stop threads
[ 1315.062695][ T1341] vhci_hcd vhci_hcd.2: release socket
[ 1315.092609][ T1341] vhci_hcd vhci_hcd.2: disconnect device
[ 1315.173584][T19102] usb 1-1: device descriptor read/64, error -71
[ 1315.461184][T19102] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[ 1315.721059][T19102] usb 1-1: device descriptor read/64, error -71
[ 1315.743996][T20113] netlink: 212368 bytes leftover after parsing attributes in process `syz.8.3760'.
[ 1315.832091][T19102] usb usb1-port1: attempt power cycle
[ 1315.844908][T20114] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3760'.
[ 1316.203273][T19102] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[ 1316.284517][T19102] usb 1-1: device descriptor read/8, error -71
[ 1316.399131][T20120] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3761'.
[ 1316.523276][T19102] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[ 1316.651010][T19102] usb 1-1: device descriptor read/8, error -71
[ 1316.771291][T19102] usb usb1-port1: unable to enumerate USB device
[ 1316.868748][T20127] loop5: detected capacity change from 0 to 7
[ 1316.892172][T20127] Dev loop5: unable to read RDB block 7
[ 1316.897886][T20127]  loop5: AHDI p3
[ 1316.911344][T20127] loop5: partition table partially beyond EOD, truncated
[ 1317.478268][T20135] netlink: 'syz.2.3765': attribute type 10 has an invalid length.
[ 1317.545485][T20136] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3764'.
[ 1317.582758][T20135] syz_tun: entered promiscuous mode
[ 1317.590175][T20135] team0: Port device syz_tun added
[ 1318.325751][T20147] bond0: entered allmulticast mode
[ 1318.348991][T20147] bond_slave_0: entered allmulticast mode
[ 1318.411236][T20147] bond_slave_1: entered allmulticast mode
[ 1319.041187][T16978] vhci_hcd vhci_hcd.2: vhci_device speed not set
[ 1320.057115][T19102] usb 1-1: new full-speed USB device number 69 using dummy_hcd
[ 1320.686839][T19102] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1320.714437][T19102] usb 1-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[ 1320.725550][T19102] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1320.734722][T19102] usb 1-1: Product: syz
[ 1320.738987][T19102] usb 1-1: Manufacturer: syz
[ 1320.753677][T19102] usb 1-1: SerialNumber: syz
[ 1320.795138][T19102] usb 1-1: config 0 descriptor??
[ 1320.862732][T19102] hub 1-1:0.0: bad descriptor, ignoring hub
[ 1320.868739][T19102] hub 1-1:0.0: probe with driver hub failed with error -5
[ 1320.904349][T19102] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 1321.034054][T19102] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -2
[ 1321.268020][T19863] udevd[19863]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1321.674351][T20183] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3776'.
[ 1322.392501][T20192] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3777'.
[ 1322.929105][T20160] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1323.028138][ T5890] usb 1-1: USB disconnect, device number 69
[ 1323.091593][T20196] netlink: 68 bytes leftover after parsing attributes in process `syz.2.3778'.
[ 1323.330958][   T30] audit: type=1326 audit(1768422921.002:1120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20197 comm="syz.8.3780" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf702d539 code=0x0
[ 1324.328680][T20219] debugfs: '1ùà^!‚lü1Ü*ø$pOcÚÉ”Î' already exists in 'ieee80211'
[ 1324.391121][ T5890] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[ 1325.123895][ T5890] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1325.133670][ T5890] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1325.203172][ T5890] usb 1-1: Product: syz
[ 1325.211640][ T5890] usb 1-1: Manufacturer: syz
[ 1325.216299][ T5890] usb 1-1: SerialNumber: syz
[ 1326.264986][T20223] FAULT_INJECTION: forcing a failure.
[ 1326.264986][T20223] name failslab, interval 1, probability 0, space 0, times 0
[ 1326.283243][T20223] CPU: 0 UID: 0 PID: 20223 Comm: syz.8.3785 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1326.283275][T20223] Tainted: [L]=SOFTLOCKUP
[ 1326.283283][T20223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1326.283296][T20223] Call Trace:
[ 1326.283304][T20223]  <TASK>
[ 1326.283314][T20223]  dump_stack_lvl+0xe8/0x150
[ 1326.283346][T20223]  should_fail_ex+0x414/0x560
[ 1326.283388][T20223]  should_failslab+0xa8/0x100
[ 1326.283415][T20223]  __kmalloc_noprof+0xdf/0x800
[ 1326.283435][T20223]  ? copy_splice_read+0x143/0xa50
[ 1326.283466][T20223]  copy_splice_read+0x143/0xa50
[ 1326.283495][T20223]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 1326.283524][T20223]  ? __pfx_copy_splice_read+0x10/0x10
[ 1326.283553][T20223]  ? register_lock_class+0x31/0x2e0
[ 1326.283576][T20223]  ? file_end_write+0xd8/0x250
[ 1326.283603][T20223]  ? direct_splice_actor+0x10c/0x160
[ 1326.283629][T20223]  ? __pfx_copy_splice_read+0x10/0x10
[ 1326.283652][T20223]  splice_direct_to_actor+0x4a9/0xcc0
[ 1326.283695][T20223]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1326.283720][T20223]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1326.283756][T20223]  do_splice_direct+0x181/0x270
[ 1326.283783][T20223]  ? __pfx_do_splice_direct+0x10/0x10
[ 1326.283807][T20223]  ? common_file_perm+0x1b5/0x220
[ 1326.283833][T20223]  ? __pfx_direct_file_splice_eof+0x10/0x10
[ 1326.283878][T20223]  ? bpf_lsm_file_permission+0x9/0x20
[ 1326.283900][T20223]  ? security_file_permission+0x75/0x290
[ 1326.283921][T20223]  ? rw_verify_area+0x255/0x4d0
[ 1326.283953][T20223]  do_sendfile+0x4da/0x7e0
[ 1326.283984][T20223]  ? __pfx_do_sendfile+0x10/0x10
[ 1326.284010][T20223]  ? __pfx_ksys_write+0x10/0x10
[ 1326.284033][T20223]  ? __ia32_compat_sys_sendfile+0x180/0x1d0
[ 1326.284062][T20223]  __do_fast_syscall_32+0x1dc/0x570
[ 1326.284085][T20223]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1326.284104][T20223]  ? do_fast_syscall_32+0x34/0x80
[ 1326.284126][T20223]  ? irqentry_exit+0x10f/0x670
[ 1326.284169][T20223]  do_fast_syscall_32+0x34/0x80
[ 1326.284195][T20223]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1326.284221][T20223] RIP: 0023:0xf702d539
[ 1326.284240][T20223] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1326.284259][T20223] RSP: 002b:00000000f541d55c EFLAGS: 00000206 ORIG_RAX: 00000000000000bb
[ 1326.284281][T20223] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000006
[ 1326.284296][T20223] RDX: 0000000000000000 RSI: 0000000000023892 RDI: 0000000000000000
[ 1326.284310][T20223] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1326.284323][T20223] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1326.284336][T20223] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1326.284367][T20223]  </TASK>
[ 1326.797443][ T5890] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[ 1326.885628][ T5890] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1327.038664][ T5890] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1327.063187][ T5890] lan78xx 1-1:1.0: probe with driver lan78xx failed with error -32
[ 1327.235467][T20229] fuse: Bad value for 'user_id'
[ 1327.240396][T20229] fuse: Bad value for 'user_id'
[ 1327.975019][ T5830] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[ 1327.985629][ T5830] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[ 1328.011943][ T5830] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[ 1328.021445][ T5830] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[ 1328.036806][ T5830] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[ 1328.048536][T19102] usb 1-1: USB disconnect, device number 70
[ 1329.345597][T20254] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3791'.
[ 1329.482426][T20243] chnl_net:caif_netlink_parms(): no params data found
[ 1330.136800][ T5830] Bluetooth: hci11: command tx timeout
[ 1330.260768][T20243] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1330.285488][T20243] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1330.307932][T20243] bridge_slave_0: entered allmulticast mode
[ 1330.322782][T20243] bridge_slave_0: entered promiscuous mode
[ 1330.407281][T20243] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1330.426249][T20243] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1330.439583][T20243] bridge_slave_1: entered allmulticast mode
[ 1330.573336][T20243] bridge_slave_1: entered promiscuous mode
[ 1331.117664][T20274] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!‚lü1Ü*ø$pOcÚÉ”Î'
[ 1331.133136][T20274] CPU: 1 UID: 0 PID: 20274 Comm: syz.8.3798 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1331.133176][T20274] Tainted: [L]=SOFTLOCKUP
[ 1331.133187][T20274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1331.133202][T20274] Call Trace:
[ 1331.133212][T20274]  <TASK>
[ 1331.133223][T20274]  dump_stack_lvl+0xe8/0x150
[ 1331.133260][T20274]  sysfs_warn_dup+0x8e/0xa0
[ 1331.133285][T20274]  sysfs_do_create_link_sd+0xc0/0x110
[ 1331.133311][T20274]  device_add_class_symlinks+0x1cf/0x240
[ 1331.133342][T20274]  device_add+0x475/0xb80
[ 1331.133371][T20274]  wiphy_register+0x1d2e/0x2d20
[ 1331.133422][T20274]  ? __pfx_wiphy_register+0x10/0x10
[ 1331.133454][T20274]  ? __pfx_netdev_run_todo+0x10/0x10
[ 1331.133486][T20274]  ? minstrel_ht_alloc+0x6e0/0x7e0
[ 1331.133522][T20274]  ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0
[ 1331.133560][T20274]  ieee80211_register_hw+0x34a7/0x4110
[ 1331.133587][T20274]  ? __lock_acquire+0x6b6/0x2cf0
[ 1331.133622][T20274]  ? ieee80211_register_hw+0x1411/0x4110
[ 1331.133658][T20274]  ? __pfx_ieee80211_register_hw+0x10/0x10
[ 1331.133702][T20274]  ? __hrtimer_setup+0x181/0x200
[ 1331.133724][T20274]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[ 1331.133750][T20274]  mac80211_hwsim_new_radio+0x2f6d/0x52f0
[ 1331.133794][T20274]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[ 1331.133813][T20274]  ? kstrndup+0xbf/0x160
[ 1331.133841][T20274]  hwsim_new_radio_nl+0xf5b/0x1bd0
[ 1331.133865][T20274]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1331.133898][T20274]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1331.133923][T20274]  ? rcu_is_watching+0x15/0xb0
[ 1331.133948][T20274]  ? __nla_parse+0x40/0x60
[ 1331.133971][T20274]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 1331.133998][T20274]  genl_family_rcv_msg_doit+0x215/0x300
[ 1331.134023][T20274]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1331.134052][T20274]  ? bpf_lsm_capable+0x9/0x20
[ 1331.134073][T20274]  ? security_capable+0x7e/0x2e0
[ 1331.134104][T20274]  genl_rcv_msg+0x60e/0x790
[ 1331.134128][T20274]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1331.134149][T20274]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1331.134170][T20274]  ? __asan_memcpy+0x40/0x70
[ 1331.134199][T20274]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1331.134224][T20274]  netlink_rcv_skb+0x208/0x470
[ 1331.134249][T20274]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1331.134267][T20274]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1331.134289][T20274]  ? genl_rcv+0x19/0x40
[ 1331.134319][T20274]  ? down_read+0x274/0x2e0
[ 1331.134340][T20274]  ? genl_rcv+0xd/0x40
[ 1331.134365][T20274]  genl_rcv+0x28/0x40
[ 1331.134381][T20274]  netlink_unicast+0x82f/0x9e0
[ 1331.134411][T20274]  ? __pfx_netlink_unicast+0x10/0x10
[ 1331.134431][T20274]  ? __alloc_skb+0x198/0x3a0
[ 1331.134452][T20274]  ? netlink_sendmsg+0x642/0xb30
[ 1331.134475][T20274]  ? skb_put+0x11b/0x210
[ 1331.134499][T20274]  netlink_sendmsg+0x805/0xb30
[ 1331.134532][T20274]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1331.134564][T20274]  ? __import_iovec+0x5d4/0x7f0
[ 1331.134584][T20274]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1331.134610][T20274]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1331.134626][T20274]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1331.134652][T20274]  __sock_sendmsg+0x21c/0x270
[ 1331.134683][T20274]  ____sys_sendmsg+0x505/0x820
[ 1331.134712][T20274]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1331.134740][T20274]  ? preempt_schedule_thunk+0x16/0x30
[ 1331.134763][T20274]  ___sys_sendmsg+0x21f/0x2a0
[ 1331.134787][T20274]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1331.134813][T20274]  ? futex_private_hash_put+0x13b/0x170
[ 1331.134843][T20274]  ? futex_wake+0x4b2/0x560
[ 1331.134888][T20274]  ? __fget_files+0x2a/0x420
[ 1331.134909][T20274]  ? __fget_files+0x3a0/0x420
[ 1331.134940][T20274]  __sys_sendmsg+0x164/0x220
[ 1331.134964][T20274]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1331.134994][T20274]  ? rcu_is_watching+0x15/0xb0
[ 1331.135026][T20274]  __do_fast_syscall_32+0x1dc/0x570
[ 1331.135046][T20274]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1331.135064][T20274]  ? do_fast_syscall_32+0x34/0x80
[ 1331.135083][T20274]  ? irqentry_exit+0x10f/0x670
[ 1331.135105][T20274]  do_fast_syscall_32+0x34/0x80
[ 1331.135126][T20274]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1331.135148][T20274] RIP: 0023:0xf702d539
[ 1331.135170][T20274] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1331.135187][T20274] RSP: 002b:00000000f53db55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1331.135207][T20274] RAX: ffffffffffffffda RBX: 000000000000000f RCX: 0000000080000100
[ 1331.135220][T20274] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1331.135249][T20274] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1331.135260][T20274] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1331.135272][T20274] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1331.135299][T20274]  </TASK>
[ 1332.018393][T20243] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1332.091329][   T31] INFO: task syz.4.3356:18446 blocked for more than 143 seconds.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1332.161757][ T5830] Bluetooth: hci11: command tx timeout
[ 1332.174318][   T31]       Tainted: G             L      syzkaller #0
[ 1332.181705][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1332.201397][   T31] task:syz.4.3356      state:D stack:23936 pid:18446 tgid:18444 ppid:17322  task_flags:0x400140 flags:0x10080002
[ 1332.213824][   T31] Call Trace:
[ 1332.217146][   T31]  <TASK>
[ 1332.220124][   T31]  __schedule+0x149b/0x4fd0
[ 1332.225626][   T31]  ? __pfx___schedule+0x10/0x10
[ 1332.230548][   T31]  ? schedule+0x91/0x360
[ 1332.237534][   T31]  schedule+0x165/0x360
[ 1332.243558][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1332.249175][   T31]  __mutex_lock+0x7e6/0x1350
[ 1332.254914][   T31]  ? __mutex_lock+0x5bb/0x1350
[ 1332.259827][   T31]  ? load_settype+0x5f/0xe0
[ 1332.287777][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1332.361189][   T31]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1332.436703][   T31]  load_settype+0x5f/0xe0
[ 1332.445894][   T31]  ip_set_create+0x486/0x19c0
[ 1332.450660][   T31]  ? ip_set_create+0x49f/0x19c0
[ 1332.464018][   T31]  ? __pfx_ip_set_create+0x10/0x10
[ 1332.469195][   T31]  nfnetlink_rcv_msg+0xb4d/0x1130
[ 1332.551530][   T31]  ? unwind_get_return_address+0x4d/0x90
[ 1332.557256][   T31]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1332.571083][   T31]  ? nfnetlink_rcv_msg+0x20d/0x1130
[ 1332.576379][   T31]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[ 1332.613260][   T31]  netlink_rcv_skb+0x208/0x470
[ 1332.618138][   T31]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[ 1332.623832][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1332.629171][   T31]  ? bpf_lsm_capable+0x9/0x20
[ 1332.633928][   T31]  ? security_capable+0x7e/0x2e0
[ 1332.638877][   T31]  nfnetlink_rcv+0x282/0x2590
[ 1332.644273][   T31]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1332.678014][   T31]  ? __dev_queue_xmit+0x289/0x31c0
[ 1332.683429][   T31]  ? __local_bh_enable_ip+0xd0/0x130
[ 1332.688763][   T31]  ? __dev_queue_xmit+0x289/0x31c0
[ 1332.693987][   T31]  ? __dev_queue_xmit+0x19cb/0x31c0
[ 1332.775837][   T31]  ? ___sys_sendmsg+0x21f/0x2a0
[ 1332.780754][   T31]  ? __dev_queue_xmit+0x289/0x31c0
[ 1332.791952][   T31]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1332.797139][   T31]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1332.821095][   T31]  ? ref_tracker_free+0x63a/0x7d0
[ 1332.826282][   T31]  ? __asan_memcpy+0x40/0x70
[ 1332.882734][   T31]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1332.888200][   T31]  ? __skb_clone+0x63/0x7a0
[ 1332.892905][   T31]  ? __skb_clone+0x483/0x7a0
[ 1332.897513][   T31]  ? skb_clone+0x246/0x3a0
[ 1332.917741][   T31]  ? __netlink_deliver_tap+0x807/0x850
[ 1332.927261][   T31]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1332.943679][   T31]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1332.948980][   T31]  netlink_unicast+0x82f/0x9e0
[ 1332.981143][   T31]  ? __pfx_netlink_unicast+0x10/0x10
[ 1332.986515][   T31]  ? __alloc_skb+0x198/0x3a0
[ 1333.012120][   T31]  ? netlink_sendmsg+0x642/0xb30
[ 1333.017149][   T31]  ? skb_put+0x11b/0x210
[ 1333.072231][   T31]  netlink_sendmsg+0x805/0xb30
[ 1333.077102][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1333.091084][   T31]  ? __import_iovec+0x5d4/0x7f0
[ 1333.096025][   T31]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1333.146594][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1333.152170][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1333.176886][   T31]  __sock_sendmsg+0x21c/0x270
[ 1333.182406][   T31]  ____sys_sendmsg+0x505/0x820
[ 1333.191108][   T31]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1333.201337][   T31]  ? __pfx_futex_wake_mark+0x10/0x10
[ 1333.206707][   T31]  ___sys_sendmsg+0x21f/0x2a0
[ 1333.221470][   T31]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1333.226759][   T31]  ? futex_wait+0x285/0x360
[ 1333.232054][   T31]  ? __fget_files+0x2a/0x420
[ 1333.236711][   T31]  ? __fget_files+0x3a0/0x420
[ 1333.242917][   T31]  __sys_sendmsg+0x164/0x220
[ 1333.247576][   T31]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1333.258620][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1333.268279][   T31]  __do_fast_syscall_32+0x1dc/0x570
[ 1333.273926][   T31]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1333.279167][   T31]  ? do_fast_syscall_32+0x34/0x80
[ 1333.288202][   T31]  ? irqentry_exit+0x10f/0x670
[ 1333.293791][   T31]  do_fast_syscall_32+0x34/0x80
[ 1333.298699][   T31]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1333.305706][   T31] RIP: 0023:0xf703d539
[ 1333.309810][   T31] RSP: 002b:00000000f540c55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1333.318845][   T31] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080000040
[ 1333.327177][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1333.336487][   T31] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1333.344896][   T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1333.353995][   T31] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1333.371369][   T31]  </TASK>
[ 1333.374718][   T31] 
[ 1333.374718][   T31] Showing all locks held in the system:
[ 1333.407090][   T31] 1 lock held by rcu_exp_gp_kthr/18:
[ 1333.412742][   T31] 1 lock held by khungtaskd/31:
[ 1333.417630][   T31]  #0: ffffffff8df41aa0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1333.439802][   T31] 1 lock held by dhcpcd/5495:
[ 1333.447588][   T31]  #0: ffff8880b863a918 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[ 1333.467197][   T31] 2 locks held by getty/5588:
[ 1333.478572][   T31]  #0: ffff888034e9d0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1333.488931][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x449/0x1460
[ 1333.499440][   T31] 2 locks held by kworker/0:6/5906:
[ 1333.513829][   T31]  #0: ffff88813ff15948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770
[ 1333.525335][   T31]  #1: ffffc9000493fbc0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770
[ 1333.536052][   T31] 3 locks held by kworker/u8:15/5969:
[ 1333.541820][   T31]  #0: ffff88813ff29948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770
[ 1333.569252][   T31]  #1: ffffc90004d7fbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770
[ 1333.599561][   T31]  #2: ffffffff8f311e88 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
[ 1333.623675][   T31] 3 locks held by syz.0.2050/13142:
[ 1333.628948][   T31] 1 lock held by syz.4.3356/18446:
[ 1333.649539][   T31]  #0: ffffffff99de32f8 (nfnl_subsys_ipset){+.+.}-{4:4}, at: load_settype+0x5f/0xe0
[ 1333.696741][   T31] 1 lock held by syz.3.3430/18721:
[ 1333.702235][   T31]  #0: ffffffff99de32f8 (nfnl_subsys_ipset){+.+.}-{4:4}, at: nfnetlink_rcv_msg+0x9dc/0x1130
[ 1333.712799][   T31] 1 lock held by syz.6.3516/19031:
[ 1333.717941][   T31]  #0: ffffffff99de32f8 (nfnl_subsys_ipset){+.+.}-{4:4}, at: nfnetlink_rcv_msg+0x9dc/0x1130
[ 1333.734856][   T31] 1 lock held by syz.5.3588/19273:
[ 1333.740022][   T31]  #0: ffffffff99de32f8 (nfnl_subsys_ipset){+.+.}-{4:4}, at: nfnetlink_rcv_msg+0x9dc/0x1130
[ 1333.775162][   T31] 1 lock held by syz.9.3642/19474:
[ 1333.780362][   T31]  #0: ffffffff99de32f8 (nfnl_subsys_ipset){+.+.}-{4:4}, at: nfnetlink_rcv_msg+0x9dc/0x1130
[ 1333.791111][   T31] 1 lock held by syz.9.3642/19476:
[ 1333.796257][   T31]  #0: ffffffff99de32f8 (nfnl_subsys_ipset){+.+.}-{4:4}, at: nfnetlink_rcv_msg+0x9dc/0x1130
[ 1333.807162][   T31] 1 lock held by syz.9.3642/19477:
[ 1333.812853][   T31]  #0: ffffffff99de32f8 (nfnl_subsys_ipset){+.+.}-{4:4}, at: nfnetlink_rcv_msg+0x9dc/0x1130
[ 1333.839864][   T31] 5 locks held by syz-executor/19565:
[ 1333.845944][   T31]  #0: ffff8880a6e58ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x5b0
[ 1333.856405][   T31]  #1: ffff8880a6e580c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x640/0x1100
[ 1333.866597][   T31]  #2: ffffffff8f483a48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x260
[ 1333.878864][   T31]  #3: ffff8880b09b9b38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x7b/0x5b0
[ 1333.888704][   T31]  #4: ffffffff8df475f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x36e/0x6e0
[ 1333.921693][   T31] 1 lock held by syz-executor/19578:
[ 1333.927048][   T31]  #0: ffffffff8f311e88 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
[ 1333.936656][   T31] 1 lock held by syz.7.3748/20041:
[ 1333.943126][   T31]  #0: ffffffff99de32f8 (nfnl_subsys_ipset){+.+.}-{4:4}, at: nfnetlink_rcv_msg+0x9dc/0x1130
[ 1333.953617][   T31] 1 lock held by syz-executor/20243:
[ 1333.958932][   T31]  #0: ffffffff8f311e88 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8ec/0x1c90
[ 1333.968608][   T31] 1 lock held by syz.0.3795/20264:
[ 1333.991648][   T31]  #0: ffffffff8df474c0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[ 1334.003440][   T31] 2 locks held by syz.0.3795/20282:
[ 1334.011477][   T31]  #0: ffffffff8f379af0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1334.019739][   T31]  #1: ffffffff8f379908 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[ 1334.029596][   T31] 3 locks held by syz.8.3798/20274:
[ 1334.035099][   T31]  #0: ffffffff8f379af0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1334.043791][   T31]  #1: ffffffff8f379908 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[ 1334.058095][   T31]  #2: ffffffff8f311e88 (rtnl_mutex){+.+.}-{4:4}, at: ieee80211_register_hw+0x36fb/0x4110
[ 1334.081344][   T31] 2 locks held by syz.2.3799/20275:
[ 1334.086600][   T31]  #0: ffffffff8f311e88 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
[ 1334.096535][   T31]  #1: ffffffff8df475f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2b1/0x6e0
[ 1334.111253][   T31] 
[ 1334.113640][   T31] =============================================
[ 1334.113640][   T31] 
[ 1334.123164][   T31] NMI backtrace for cpu 0
[ 1334.123185][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1334.123214][   T31] Tainted: [L]=SOFTLOCKUP
[ 1334.123222][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1334.123235][   T31] Call Trace:
[ 1334.123244][   T31]  <TASK>
[ 1334.123253][   T31]  dump_stack_lvl+0xe8/0x150
[ 1334.123294][   T31]  nmi_cpu_backtrace+0x274/0x2d0
[ 1334.123325][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1334.123361][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1334.123394][   T31]  sys_info+0x135/0x170
[ 1334.123419][   T31]  watchdog+0xf95/0xfe0
[ 1334.123453][   T31]  ? watchdog+0x20a/0xfe0
[ 1334.123488][   T31]  kthread+0x711/0x8a0
[ 1334.123518][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1334.123546][   T31]  ? __pfx_kthread+0x10/0x10
[ 1334.123576][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1334.123595][   T31]  ? __pfx_kthread+0x10/0x10
[ 1334.123623][   T31]  ret_from_fork+0x510/0xa50
[ 1334.123646][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1334.123664][   T31]  ? __switch_to+0xc9e/0x1480
[ 1334.123698][   T31]  ? __pfx_kthread+0x10/0x10
[ 1334.123726][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1334.123803][   T31]  </TASK>
[ 1334.123811][   T31] Sending NMI from CPU 0 to CPUs 1:
[ 1334.255133][    C1] NMI backtrace for cpu 1
[ 1334.255155][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1334.255179][    C1] Tainted: [L]=SOFTLOCKUP
[ 1334.255186][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1334.255197][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[ 1334.255239][    C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 53 91 0e 00 f3 0f 1e fa fb f4 <e9> 08 e3 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[ 1334.255255][    C1] RSP: 0018:ffffc90000197e20 EFLAGS: 000002c6
[ 1334.255287][    C1] RAX: 0000000000e6a6f7 RBX: ffffffff8197149e RCX: 0000000080000001
[ 1334.255302][    C1] RDX: 0000000000000001 RSI: ffffffff8d792d31 RDI: ffffffff8bc086e0
[ 1334.255315][    C1] RBP: ffffc90000197f10 R08: ffff8880b87336db R09: 1ffff110170e66db
[ 1334.255329][    C1] R10: dffffc0000000000 R11: ffffed10170e66dc R12: ffffffff8f822470
[ 1334.255344][    C1] R13: 1ffff110038d6b70 R14: 0000000000000001 R15: 0000000000000001
[ 1334.255356][    C1] FS:  0000000000000000(0000) GS:ffff888125f1f000(0000) knlGS:0000000000000000
[ 1334.255371][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1334.255385][    C1] CR2: 0000000080202018 CR3: 000000000dd3a000 CR4: 00000000003526f0
[ 1334.255401][    C1] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083
[ 1334.255414][    C1] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1334.255427][    C1] Call Trace:
[ 1334.255435][    C1]  <TASK>
[ 1334.255442][    C1]  default_idle+0x13/0x20
[ 1334.255464][    C1]  default_idle_call+0x73/0xb0
[ 1334.255489][    C1]  do_idle+0x1be/0x4d0
[ 1334.255507][    C1]  ? lockdep_hardirqs_on+0x7b/0x110
[ 1334.255529][    C1]  ? __pfx_do_idle+0x10/0x10
[ 1334.255554][    C1]  cpu_startup_entry+0x44/0x60
[ 1334.255573][    C1]  start_secondary+0x101/0x110
[ 1334.255617][    C1]  common_startup_64+0x13e/0x147
[ 1334.255650][    C1]  </TASK>
[ 1334.263327][ T5830] Bluetooth: hci11: command tx timeout
[ 1334.519031][T20243] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1334.627334][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1334.634246][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1334.644924][   T31] Tainted: [L]=SOFTLOCKUP
[ 1334.649259][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1334.659313][   T31] Call Trace:
[ 1334.662600][   T31]  <TASK>
[ 1334.665537][   T31]  vpanic+0x1e0/0x670
[ 1334.669528][   T31]  panic+0xb9/0xc0
[ 1334.673251][   T31]  ? __pfx_panic+0x10/0x10
[ 1334.677667][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1334.683054][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[ 1334.689252][   T31]  watchdog+0xfdf/0xfe0
[ 1334.693459][   T31]  ? watchdog+0x20a/0xfe0
[ 1334.697845][   T31]  kthread+0x711/0x8a0
[ 1334.701946][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1334.706661][   T31]  ? __pfx_kthread+0x10/0x10
[ 1334.711288][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1334.716514][   T31]  ? __pfx_kthread+0x10/0x10
[ 1334.721110][   T31]  ret_from_fork+0x510/0xa50
[ 1334.725705][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1334.730859][   T31]  ? __switch_to+0xc9e/0x1480
[ 1334.735584][   T31]  ? __pfx_kthread+0x10/0x10
[ 1334.740209][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1334.744985][   T31]  </TASK>
[ 1334.748633][   T31] Kernel Offset: disabled
[ 1334.752960][   T31] Rebooting in 86400 seconds..