last executing test programs:

19m7.803313264s ago: executing program 0 (id=2275):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000200)={0x48})
r2 = dup(0xffffffffffffffff)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
io_setup(0x8, &(0x7f0000004200)=<r3=>0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
io_submit(r3, 0x1, &(0x7f0000000080)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r4, 0x0}])
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000280)={0x0, 0x4}, 0x8)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000040), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000001100)=ANY=[@ANYBLOB="b7020000c54a4530bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b706000008ffffffcf6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe0000004f850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d62de53a1a53608c10556e5734eb84049761451ce2e2d9f8004e26f7fcc059c06220002595f6dba87b81d1106fb026cce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895c679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd6fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f2fcb6d753a78845d8363e0401861abebe428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30810400000000000000d63d716c0975e1ce4a655362e7062ff6ab3934555c01840219829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47911834118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2dff0f000000000000bf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f804924600273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c048d46362ea0d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b10700ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d120ea257bba458ecd989cb3581a3f270ad48255ac0dad4923e3e357e4e90583ce8d43ec65ed491d87a51d7c13f665dcf772e3ead71112008b16b0ea821f70aee1ccbd71c5a1c21e87d5b7b73d356337dbcf3456ff6cd0d6b98a258e3509a7d15b9dcae4d0d750ffa07909c955e718585b2456308beda2fa03bb9bcf03cdff31ee4b1665b987829c0f0872c006c6e4ed666fe23b343aae943923eedbdb0e7abee90e3da7b98b7d07d2d4816201ad1737798635b0a3ebd3aed120e4500c16e6c9dc729f2cb4ff5106419291d4222980b49ddb9527ce785822d8f4e2bc30a96767f500b9e26e3b12854da63083320d8bfe49d85e0842803dc59d6375bce2b8a93caf39c0ba767880b9bf9407e6a6c0f9a43d1ab51dabf9423b482e848fbe1653ff0c6161fa43543546ce17a42e6cddadaf0767d84407478ffe2d0b567d81201efc81e800d4c0874235ff5cd7f5f0ee71cc2b0193bfc9290627ceaeb0b02931a817688f3a51fa2861e70cbab50a5d434ed8d8841694dba46f3d5a95ae86e4d471684ccf427b2ba53a157b2a7cf7a4c10051bb77822190a14c2ab1f271a7cf9c240b99"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffffffffffe19, 0x0, 0xffffffffffffffff, 0x54}, 0x42)
socket$can_bcm(0x1d, 0x2, 0x2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd66a7400000000003be6026e60205f761ce85cdf75cdb95ca5d32b5bf87eed4184d49f8f48181ef2419efe82ebb18ee55772d562b3b49551714e805a5211a3f4e8e703c03e23b2074bc573dbb66d59e269b722637c4a2efb5241cae2f14774609ad91d66724c438455dc4fcf0b4c8fc235f6c190b4c82bb2556d1fbcd4468369e98e900c743162ce2c7e60610acf0c8e4ba94a7e7127c7de0e6c35acecee1b8434fdca4579f9ebc6a515f7d910b466eb583fb0a7e65fbecb2b8ee0e9da33afb88aa5da8da3a5e0e58fcb48de6f165826b046a8951a47e040bd419d0efa0f54e8e3694085a7bde6f6494968d8200000000000"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37}, 0x48)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r6, 0x1, 0x1000000000000f, &(0x7f0000000080)=0x7fffffff, 0x4)
setsockopt$sock_attach_bpf(r6, 0x1, 0x34, &(0x7f0000000040)=r5, 0x4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
r8 = dup2(r7, r5)
setsockopt$sock_attach_bpf(r6, 0x1, 0x34, &(0x7f00000000c0)=r8, 0x4)

19m6.198071758s ago: executing program 0 (id=2278):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
fsopen(&(0x7f0000000000)='9p\x00', 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
ioctl$SNDRV_RAWMIDI_IOCTL_STATUS64(r2, 0xc0385720, &(0x7f00000000c0)={0x1})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x1a1)
fcntl$setlease(r3, 0x400, 0x1)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1, 0x21, &(0x7f0000000a40)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x0, 0x0)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r6, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
fsopen(0x0, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r7, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000000)={<r8=>0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e23, @local}]}, &(0x7f0000000200)=0x10)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r7, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value={r8}, 0x8)
r9 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_TRY_FMT(r9, 0xc0d05640, &(0x7f0000000900)={0x7, @win={{0x5e, 0xfffffffd, 0xffffffff, 0x40}, 0x6, 0x2ee3, &(0x7f00000004c0)={{0x7, 0x7, 0xd, 0xfffffffb}}, 0x8, 0x0, 0x2}})
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r7, 0x84, 0x10, &(0x7f0000000240)=@sack_info={r8, 0x6}, &(0x7f00000001c0)=0xc)

19m4.46687784s ago: executing program 0 (id=2283):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x481, 0x0, 0xfff, 0xfffffffffffffffd, 0xff, 0xfa11, 0xffffffff}, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, &(0x7f0000000000))
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000c40)=@raw={'raw\x00', 0x8, 0x3, 0x2a8, 0xe8, 0xa, 0x148, 0xe8, 0x60, 0x210, 0x2a8, 0x2a8, 0x210, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xc0, 0xe8, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@socket2={{0x28}, 0x1}, @common=@inet=@ecn={{0x28}, {0x1, 0x10, 0x7, 0x7f}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x1}}}, {{@uncond, 0x0, 0xc0, 0x128, 0x0, {}, [@common=@osf={{0x50}, {'syz0\x00', 0x0, 0x2, 0x0, 0x1}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x8, 0x2, 0x1, 0xd8cb, 'netbios-ns\x00', 'syz1\x00', {0xa000000000000000}}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x308)
r3 = fsopen(&(0x7f0000000340)='autofs\x00', 0x0)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000a40), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000fcdbdf25120000001800018014000200766574683000000000000000080000000800090000000000080007"], 0x3c}, 0x1, 0x0, 0x0, 0x400c000}, 0x2004c0a0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f00000003c0)='\xcfD\xc4\xbf\x95@q\xf0\x0f \x02\xa8\xff\xa7\xfdi\xa7\xd6j\'$\x1d\x14\xb7!\x8b\x84=r \xe34\xdb\x84\x00\xe7\xc9L\a\xfds1n@\x1e\x99\xcah\x85\xb8\xbeSAk\xf4\xb6 \xdf\xa0P\x18\x19\xae\x8c\x9a\x19mm\r<|\xe8\x9e\xa0x\x84p2\xf9\xe2\xed\xb0\r\x7f;\xf6J18G\x83\xe9]\xf4\x96\xbc\x9e\xfcG\xb5\x1b', &(0x7f0000000a80)='t+\xdb\xaaU\x8e\xd6\x9b\xaa\xe0\xc0\x00r\xa1\xf7\x12\xfb\xed\r\f:\xef\xff\xa7x mT\x14\xafZ\xfa\xb5\xe5\x04\x03\'7\xa9\xf8\xb1O0\x05\xee\xc5\x81\xfd\xa5\xa3\xfe\x81\x06\x00>\xcdF8\xd2x\xb4\x05\x10\x0e\xc2\x85\xfe\xd8b=\xf8q\xa96{\xf49\x88\xb1\xcb\x8cn\n.\xd0;7\xeb\xc5\xd8\x13\xfe\x13\x1a\x01\xa3nK3\xc2p\xb5\n\x0fU6\xc9\xc4\x1f`\x8a\xd6\xf1*~\fD\x8e\"\x1c\xa4\x19J3\xac5.E\xe8\x97K\x82Y\n\x0f\x15\xd7\xb0\xaf-\x89\xcc\xdb>\xd4\xa9F=\x7f\xd5`|MG\xf6FfJ\xcc\xa9(\xea\xb8\x82tXW\xeb\xbd\f/\xbd\x95\x01a\x86G\xbf$\xe3\xd7\x15\x8b\x84\xc4\xc0\xe4;\xcc\xda\xd0+\xc3\x1e\xc7\x12\x14\x95\xcf\x1d\x1a\xa0st\xd9^\x95\xbd\x14\x1e\xa5\xb7+\xa2\xd1\x7f\xae=\x96F\xb8\x94\xfd\xd5\xfdQ\xca\x17\n\x96\t\x1e\x8b%\x82)$\xb6\xca\xbe\x03\xd8\xc5\xde\x05\x81 \xcc\xa5\xb0Z\xfb\xae\xa5\x9b.\x88\x97\xbf\x0e\xa1\x86\x8a\xbb\xd2\x7f\xc5p\xc0vI\x80\f\x871C\xda .\xdc\xf7\xef\x1a\xdc\x97Y-\x04\xc0\xc7\xd3\xa8\xf6yy)\x15FK\xaa\xc4\xd5B\x90\xfe\xd6\xf0\xd6<\a\x91\x10\xf4\x8cl:\x90\x8fHt\x9e\xbb\x91!\x1a\xe7\x8ck\x8dE\xe9\xdcH\x16jK\xb57\x88\xebsvJ\xf1o\x9eC\xd9\x95E\x9aX%\x8a\xe1W\x7f\x1c\x0e\x86f\x93\aN\x02\"//\x14@8lYL\xc09\xc0Gu\xe7\x02\x9b]\xac\xa6!\x96\x91+>Z', 0x0)
readv(r3, &(0x7f0000000480)=[{&(0x7f0000002800)=""/4104, 0x1008}], 0x1)
syz_genetlink_get_family_id$fou(&(0x7f0000000180), r5)
ioctl$BTRFS_IOC_BALANCE_CTL(0xffffffffffffffff, 0x40049421, 0x3)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000000201000000dd81008000000000000096f163ff5691a3236f6cfd4da563"], 0x14}}, 0x0)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x400484c}, 0x40080)
socket$nl_netfilter(0x10, 0x3, 0xc)

19m2.533116625s ago: executing program 0 (id=2288):
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
r2 = openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_S_STD(r2, 0x40085618, &(0x7f0000000440)=0x2000)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8003, 0x0, 0x9, 0x8000, 0x3, 0x4, 0xfffbffff}, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
add_key(&(0x7f0000000280)='rxrpc\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)
socket$nl_xfrm(0x10, 0x3, 0x6)
fcntl$getownex(r0, 0x10, 0x0)
ptrace$cont(0x1f, 0x0, 0x100, 0x4)
socket(0x10, 0x803, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600707, 0x18)
unshare(0x2a060c00)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)

19m0.890504462s ago: executing program 0 (id=2293):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@broadcast, @in=@dev}}, {{@in6=@mcast2}, 0x0, @in6=@dev}}, &(0x7f0000000200)=0xe4)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r2 = socket(0x1, 0x3, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r3 = syz_open_dev$media(&(0x7f00000000c0), 0x8103, 0x0)
ptrace$ARCH_MAP_VDSO_64(0x1e, 0x0, 0x3, 0x2003)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r3, 0x80047c05, &(0x7f0000000080))
io_submit(0x0, 0x1, &(0x7f0000000040)=[0x0])
socket$kcm(0x10, 0x2, 0x4)
sendmsg$netlink(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x880}, 0x4001)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0)
fsopen(&(0x7f0000000100)='zonefs\x00', 0x1)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
fcntl$getownex(r4, 0x10, 0x0)
bind$inet(r5, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10)
connect$inet(r5, &(0x7f0000000480)={0x2, 0x4e21, @multicast2}, 0x10)
sendfile(r5, r4, 0x0, 0x20000023893)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a1f000000000000000000010000000900010073797a300000000058000000030a0104000000000000000001000000090003803d2175fbe782c2eb2b00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c08000140000000020800014000000030080002400000000308000140000000120800034000000000080003400000000a"], 0x122}, 0x1, 0x0, 0x0, 0x8840}, 0x8010)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)

19m0.276877014s ago: executing program 0 (id=2295):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap$xdp(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x13, 0x13, 0xffffffffffffffff, 0x80000000)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000880), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2003, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'netpci0\x00', 0x2})
ioctl$TUNSETTXFILTER(r3, 0x400454d1, &(0x7f0000000040)=ANY=[@ANYBLOB="01000a000180c2000001a5adb7138c1daaaaaaaaaa27aaaaaaaaaaaaffffffffffffffffffffffffaaaaaaaaaebbbbbbbbbbbbbb95ed440b40d40180c200"])
r4 = accept4(r0, 0x0, 0x0, 0x800)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = syz_open_dev$video4linux(&(0x7f00000001c0), 0x3, 0x40483)
ioctl$VIDIOC_DQEVENT(r6, 0x80885659, 0x0)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)}], 0x1, 0x40800)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000140)=ANY=[])
r7 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0xf8, r9, 0x1, 0xfffffffe, 0x0, {}, [@WGDEVICE_A_PEERS={0xd0, 0x8, 0x0, 0x1, [{0x48, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e23, 0x2, @mcast2, 0x6}}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}]}, {0x80, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "7b4326167f79726ecfae0aeee91d38ba98df91957e9dead91c7bebb4db027bf1"}, @WGPEER_A_FLAGS={0x8, 0x3, 0x5}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0xff2e}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x9, 0x40000007, @empty, 0xcd9}}, @WGPEER_A_ALLOWEDIPS={0x4}]}, {0x4}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0xf8}}, 0x40000)
ioctl$FS_IOC_ENABLE_VERITY(r7, 0x40806685, 0x0)

18m59.794624179s ago: executing program 32 (id=2295):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap$xdp(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x13, 0x13, 0xffffffffffffffff, 0x80000000)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000880), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2003, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'netpci0\x00', 0x2})
ioctl$TUNSETTXFILTER(r3, 0x400454d1, &(0x7f0000000040)=ANY=[@ANYBLOB="01000a000180c2000001a5adb7138c1daaaaaaaaaa27aaaaaaaaaaaaffffffffffffffffffffffffaaaaaaaaaebbbbbbbbbbbbbb95ed440b40d40180c200"])
r4 = accept4(r0, 0x0, 0x0, 0x800)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = syz_open_dev$video4linux(&(0x7f00000001c0), 0x3, 0x40483)
ioctl$VIDIOC_DQEVENT(r6, 0x80885659, 0x0)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)}], 0x1, 0x40800)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000140)=ANY=[])
r7 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0xf8, r9, 0x1, 0xfffffffe, 0x0, {}, [@WGDEVICE_A_PEERS={0xd0, 0x8, 0x0, 0x1, [{0x48, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e23, 0x2, @mcast2, 0x6}}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}]}, {0x80, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "7b4326167f79726ecfae0aeee91d38ba98df91957e9dead91c7bebb4db027bf1"}, @WGPEER_A_FLAGS={0x8, 0x3, 0x5}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0xff2e}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x9, 0x40000007, @empty, 0xcd9}}, @WGPEER_A_ALLOWEDIPS={0x4}]}, {0x4}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0xf8}}, 0x40000)
ioctl$FS_IOC_ENABLE_VERITY(r7, 0x40806685, 0x0)

18m50.059209344s ago: executing program 4 (id=2318):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
fsopen(&(0x7f0000000000)='9p\x00', 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
ioctl$SNDRV_RAWMIDI_IOCTL_STATUS64(r2, 0xc0385720, &(0x7f00000000c0)={0x1})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x1a1)
fcntl$setlease(r3, 0x400, 0x1)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1, 0x21, &(0x7f0000000a40)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x0, 0x0)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r6, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
fsopen(&(0x7f0000000140)='vfat\x00', 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r7, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, 0x0, &(0x7f0000000200))
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r7, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value, 0x8)
r8 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_TRY_FMT(r8, 0xc0d05640, &(0x7f0000000900)={0x7, @win={{0x5e, 0xfffffffd, 0xffffffff, 0x40}, 0x6, 0x2ee3, &(0x7f00000004c0)={{0x7, 0x7, 0xd, 0xfffffffb}}, 0x8, 0x0, 0x2}})
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r7, 0x84, 0x10, &(0x7f0000000240)=@sack_info={0x0, 0x6}, &(0x7f00000001c0)=0xc)

18m47.480334262s ago: executing program 4 (id=2324):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000005c0)={0x2c, &(0x7f0000000340)={0x20, 0x22, 0x83, {0x83, 0x2, "b792783c57964ba7a8349e195be5d6f33fad9523bc3cd88d47704816be91de3ccc2e302482930bb03d2b40eb2f0062d35ef0a137607f6d88722cd80796d71fd5875cecfad92c135d6b07052bae2a0971e6135a5357cc3438b14d6296fef3a808352afd574d59b11c9ec15e97b367b84c978dd67fa1dcde884954ca092f6268bdde"}}, &(0x7f00000004c0)=ANY=[@ANYBLOB="0003660000006603749bfaf50acb8065e6492b07000000000000009194f9bd441048511a17d86d2ff910f1aa05cc941c9a472f637ab7edd8e88e6c7537cfa82d0416cb0e11c4376dfb25f11b5acdd1bf2e33214654c590d88a015f75564d3e4c03c2152e6dd611a1202f7ddb"], &(0x7f00000002c0)={0x0, 0xf, 0x39, {0x5, 0xf, 0x39, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0xac, "7ef74f3bde675fdc67bea074edfef6fb"}, @ss_container_id={0x14, 0x10, 0x4, 0x80, "0bb3d778dd7b53c1f2394678a7d631d4"}, @ssp_cap={0xc, 0x10, 0xa, 0x2, 0x0, 0x7bd, 0xf00, 0x5}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x9, 0x18, 0x6, 0x0, "488bb8fd", "e1f5c948"}}, &(0x7f0000000540)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x4a, 0x0, 0x0, 0x6, 0xc, 0x998d, 0x5}}}, &(0x7f0000000c40)={0x84, &(0x7f0000000600)={0x0, 0xb, 0x63, "a1a0d14aacaf9ba9379a4e30c26c65398a340248b755e54d0263b00b15e7e7ac931b1cba0d60d40418248ac5c03147a739b62ca47014405349c1665988f4b5cc447d3baf44af443ac4c698b8aff6333bd367cb98bd8b0e36deaefcf377898bed4abd1b"}, &(0x7f0000000680)={0x0, 0xa, 0x1, 0x7}, 0x0, &(0x7f0000000700)={0x20, 0x0, 0x4, {0x1}}, &(0x7f0000000740)={0x20, 0x0, 0x4, {0x200, 0x8}}, &(0x7f0000000780)={0x40, 0x7, 0x2, 0xf912}, &(0x7f00000009c0)={0x40, 0x9, 0x1, 0x3}, &(0x7f0000000a00)={0x40, 0xb, 0x2, 'TA'}, &(0x7f0000000a40)={0x40, 0xf, 0x2, 0xa6c2}, &(0x7f0000000a80)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x36}}, &(0x7f0000000ac0)={0x40, 0x17, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, &(0x7f0000000b00)={0x40, 0x19, 0x2, "8b2c"}, &(0x7f0000000b40)={0x40, 0x1a, 0x2, 0x6}, &(0x7f0000000b80)={0x40, 0x1c, 0x1, 0x8}, &(0x7f0000000bc0)={0x40, 0x1e, 0x1, 0x8}, &(0x7f0000000c00)={0x40, 0x21, 0x1, 0x85}})

18m44.332772731s ago: executing program 4 (id=2330):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r0, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0xfffe, @dev}, 0x2}}, 0x2e)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
r3 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, 0x0, 0x0)
bind$tipc(r3, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
bind$tipc(0xffffffffffffffff, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10)
bind$tipc(r3, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000080)={0xa, 0x2, 0x200, @empty, 0x7}, 0x1c)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_FEATURES(r6, 0x4008af00, &(0x7f0000000040)=0x200000000)
r7 = dup2(r6, r6)
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f00000001c0)={0x0, 0x1, 0x0, &(0x7f0000000300)=""/107, 0x0, 0xeeef0000})
ioctl$VHOST_VSOCK_SET_RUNNING(r7, 0x4004af61, &(0x7f0000000000)=0x6)
read$FUSE(r7, &(0x7f00000016c0)={0x2020}, 0x2020)
write$vhost_msg_v2(r7, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000280)=""/128, 0x80, 0x0, 0x1, 0x2}}, 0x48)

18m42.376732904s ago: executing program 4 (id=2336):
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
r2 = openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_S_STD(r2, 0x40085618, &(0x7f0000000440)=0x2000)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8003, 0x0, 0x9, 0x8000, 0x3, 0x4, 0xfffbffff}, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
add_key(&(0x7f0000000280)='rxrpc\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)
socket$nl_xfrm(0x10, 0x3, 0x6)
fcntl$getownex(r0, 0x10, 0x0)
ptrace$cont(0x1f, 0x0, 0x100, 0x4)
socket(0x10, 0x803, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600707, 0x18)
unshare(0x2a060c00)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)

18m40.638672612s ago: executing program 4 (id=2341):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000005c0)={0x2c, &(0x7f0000000340)={0x20, 0x22, 0x83, {0x83, 0x2, "b792783c57964ba7a8349e195be5d6f33fad9523bc3cd88d47704816be91de3ccc2e302482930bb03d2b40eb2f0062d35ef0a137607f6d88722cd80796d71fd5875cecfad92c135d6b07052bae2a0971e6135a5357cc3438b14d6296fef3a808352afd574d59b11c9ec15e97b367b84c978dd67fa1dcde884954ca092f6268bdde"}}, &(0x7f00000004c0)=ANY=[@ANYBLOB="0003660000006603749bfaf50acb8065e6492b07000000000000009194f9bd441048511a17d86d2ff910f1aa05cc941c9a472f637ab7edd8e88e6c7537cfa82d0416cb0e11c4376dfb25f11b5acdd1bf2e33214654c590d88a015f75564d3e4c03c2152e6dd611a1202f7ddb"], &(0x7f00000002c0)={0x0, 0xf, 0x39, {0x5, 0xf, 0x39, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0xac, "7ef74f3bde675fdc67bea074edfef6fb"}, @ss_container_id={0x14, 0x10, 0x4, 0x80, "0bb3d778dd7b53c1f2394678a7d631d4"}, @ssp_cap={0xc, 0x10, 0xa, 0x2, 0x0, 0x7bd, 0xf00, 0x5}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x9, 0x18, 0x6, 0x0, "488bb8fd", "e1f5c948"}}, &(0x7f0000000540)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x4a, 0x0, 0x0, 0x6, 0xc, 0x998d, 0x5}}}, &(0x7f0000000c40)={0x84, &(0x7f0000000600)={0x0, 0xb, 0x63, "a1a0d14aacaf9ba9379a4e30c26c65398a340248b755e54d0263b00b15e7e7ac931b1cba0d60d40418248ac5c03147a739b62ca47014405349c1665988f4b5cc447d3baf44af443ac4c698b8aff6333bd367cb98bd8b0e36deaefcf377898bed4abd1b"}, &(0x7f0000000680)={0x0, 0xa, 0x1, 0x7}, 0x0, &(0x7f0000000700)={0x20, 0x0, 0x4, {0x1}}, &(0x7f0000000740)={0x20, 0x0, 0x4, {0x200, 0x8}}, &(0x7f0000000780)={0x40, 0x7, 0x2, 0xf912}, &(0x7f00000009c0)={0x40, 0x9, 0x1, 0x3}, &(0x7f0000000a00)={0x40, 0xb, 0x2, 'TA'}, &(0x7f0000000a40)={0x40, 0xf, 0x2, 0xa6c2}, &(0x7f0000000a80)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x36}}, &(0x7f0000000ac0)={0x40, 0x17, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, &(0x7f0000000b00)={0x40, 0x19, 0x2, "8b2c"}, &(0x7f0000000b40)={0x40, 0x1a, 0x2, 0x6}, &(0x7f0000000b80)={0x40, 0x1c, 0x1, 0x8}, &(0x7f0000000bc0)={0x40, 0x1e, 0x1, 0x8}, &(0x7f0000000c00)={0x40, 0x21, 0x1, 0x85}})

18m40.103892981s ago: executing program 4 (id=2343):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
fsopen(&(0x7f0000000000)='9p\x00', 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
ioctl$SNDRV_RAWMIDI_IOCTL_STATUS64(r2, 0xc0385720, &(0x7f00000000c0)={0x1})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x1a1)
fcntl$setlease(r3, 0x400, 0x1)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1, 0x21, &(0x7f0000000a40)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x0, 0x0)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r6, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
fsopen(&(0x7f0000000140)='vfat\x00', 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r7, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000000)={<r8=>0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e23, @local}]}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r7, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value={r8}, 0x8)
r9 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_TRY_FMT(r9, 0xc0d05640, &(0x7f0000000900)={0x7, @win={{0x5e, 0xfffffffd, 0xffffffff, 0x40}, 0x6, 0x2ee3, &(0x7f00000004c0)={{0x7, 0x7, 0xd, 0xfffffffb}}, 0x8, 0x0, 0x2}})
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r7, 0x84, 0x10, &(0x7f0000000240)=@sack_info={r8, 0x6}, &(0x7f00000001c0)=0xc)

18m39.730082699s ago: executing program 33 (id=2343):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
fsopen(&(0x7f0000000000)='9p\x00', 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
ioctl$SNDRV_RAWMIDI_IOCTL_STATUS64(r2, 0xc0385720, &(0x7f00000000c0)={0x1})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x1a1)
fcntl$setlease(r3, 0x400, 0x1)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1, 0x21, &(0x7f0000000a40)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x0, 0x0)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r6, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
fsopen(&(0x7f0000000140)='vfat\x00', 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r7, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000000)={<r8=>0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e23, @local}]}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r7, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value={r8}, 0x8)
r9 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_TRY_FMT(r9, 0xc0d05640, &(0x7f0000000900)={0x7, @win={{0x5e, 0xfffffffd, 0xffffffff, 0x40}, 0x6, 0x2ee3, &(0x7f00000004c0)={{0x7, 0x7, 0xd, 0xfffffffb}}, 0x8, 0x0, 0x2}})
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r7, 0x84, 0x10, &(0x7f0000000240)=@sack_info={r8, 0x6}, &(0x7f00000001c0)=0xc)

18m10.920477324s ago: executing program 6 (id=2402):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
fsopen(&(0x7f0000000000)='9p\x00', 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
ioctl$SNDRV_RAWMIDI_IOCTL_STATUS64(r2, 0xc0385720, &(0x7f00000000c0)={0x1})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x1a1)
fcntl$setlease(r3, 0x400, 0x1)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1, 0x21, &(0x7f0000000a40)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x0, 0x0)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r6, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
fsopen(&(0x7f0000000140)='vfat\x00', 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r7, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000000)={<r8=>0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e23, @local}]}, &(0x7f0000000200)=0x10)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r7, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value={r8}, 0x8)
r9 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_TRY_FMT(r9, 0xc0d05640, &(0x7f0000000900)={0x7, @win={{0x5e, 0xfffffffd, 0xffffffff, 0x40}, 0x6, 0x2ee3, 0x0, 0x8, 0x0, 0x2}})
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r7, 0x84, 0x10, &(0x7f0000000240)=@sack_info={r8, 0x6}, &(0x7f00000001c0)=0xc)

18m7.690385862s ago: executing program 6 (id=2408):
r0 = shmget$private(0x0, 0x3000, 0x400, &(0x7f0000674000/0x3000)=nil)
shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ppoll(&(0x7f0000000000)=[{r1, 0x100}], 0x1, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(0x0, r4)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r6 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r6, 0x0)
sendfile(r6, r6, 0x0, 0xffffffff)
r7 = getpid()
r8 = syz_pidfd_open(r7, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, 0x0, 0x0)
process_madvise(r8, &(0x7f00000007c0)=[{&(0x7f0000000480)="ab1d3c56054b1efc90bf54d80859b679851088dbc17787ed192898b3fe5e5d3effecfd3b5fc248f1bb62f468b468681b1c1197a91cf9e9601b5cc8477a9a1609359d4a6c717ef0848ed05f85a4447d08b880e1a61c30a4caafe8994d258052eae56b6afd4052181a6cf53ec3b25d7b0d85605565eef855e1f429476a0ed4313eb80897322ba662a7d085b021efc4347d1377336a5f0bf4510cc2b54daa7e0408c69bffb6a75e4a4f506aaaa6401b77753d07065703890749e9e832c89426efb903b5405e6ce74e75633a6ed5da7ae02dac997906177432c70483a383a5dd713f71ac24e315b2042d2b", 0xe9}, {&(0x7f0000000580)}, {&(0x7f0000000640)="641dcfe8abe1ac4aa44510665cd7f2f7646144ae87bd73d2f157a2b493d958b0a6784497c1b6e5434d4e532eea62b62e0476802fb7cf302a014c6ed88683534e09aa60", 0x43}, {0x0}, {0x0}, {&(0x7f00000001c0)="e86dbd7e1761e27592d1d2d21ef9764887cc1c22945802067181775dcca407071083ddbee2", 0x25}], 0x6, 0xc, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x74, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x48, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x23}, @NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x9c}}, 0x0)
close(r9)
process_madvise(r8, &(0x7f0000000900)=[{0x0}, {&(0x7f0000000080)}], 0x2, 0x18, 0x0)
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000180)={'netdevsim0\x00', <r11=>0x0})
sendmsg$nl_xfrm(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="5c0100001000130700000000fcdbdf25e0000001000000000000000000000000ff02000000000000000000000000000100040b6e4e2100020000000021000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fc010000000000000000000000000000000004d632000000e0000002000000000000000000000000000000000000000000000000000000000100008000000000010000000000008001000000ffffffff0000000000000000010000800000000043050000000000000400000000000000ffffffffffffff7f0000000000000000fdffffffffffffff0000000000000000000000002cbd70000035000002000000500000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000060000000210466d38547aa140db9a200000000c538c7cb7a0c001c00", @ANYRES32=r11], 0x15c}, 0x1, 0x0, 0x0, 0x880}, 0x2014)

18m4.44280567s ago: executing program 6 (id=2418):
r0 = shmget$private(0x0, 0x3000, 0x400, &(0x7f0000674000/0x3000)=nil)
shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ppoll(&(0x7f0000000000)=[{r1, 0x100}], 0x1, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(0x0, r4)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r6 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r6, 0x0)
sendfile(r6, r6, 0x0, 0xffffffff)
r7 = getpid()
r8 = syz_pidfd_open(r7, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, 0x0, 0x0)
process_madvise(r8, &(0x7f00000007c0), 0x0, 0xc, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x74, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x48, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x23}, @NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x9c}}, 0x0)
close(r9)
process_madvise(r8, &(0x7f0000000900)=[{&(0x7f0000000080)}], 0x1, 0x18, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="5c0100001000130700000000fcdbdf25e0000001000000000000000000000000ff02000000000000000000000000000100040b6e4e2100020000000021000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fc010000000000000000000000000000000004d632000000e0000002000000000000000000000000000000000000000000000000000000000100008000000000010000000000008001000000ffffffff0000000000000000010000800000000043050000000000000400000000000000ffffffffffffff7f0000000000000000fdffffffffffffff0000000000000000000000002cbd70000035000002000000500000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000060000000210466d38547aa140db9a200000000c538c7cb7a", @ANYRES32], 0x15c}, 0x1, 0x0, 0x0, 0x880}, 0x2014)

18m1.840364458s ago: executing program 6 (id=2425):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
r3 = openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_S_STD(r3, 0x40085618, &(0x7f0000000440)=0x2000)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8003, 0x0, 0x9, 0x8000, 0x3, 0x4, 0xfffbffff}, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
add_key(&(0x7f0000000280)='rxrpc\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)
socket$nl_xfrm(0x10, 0x3, 0x6)
fcntl$getownex(r1, 0x10, 0x0)
ptrace$cont(0x1f, 0x0, 0x100, 0x4)
socket(0x10, 0x803, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600707, 0x18)
unshare(0x2a060c00)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0/../file0/../file0\x00')
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001900)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f0000000000)={0x30, r6, 0x1, 0x70bd28, 0x25dfdbff, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0x18, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}]}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_DEBUG_HEADER={0x4}]}, 0x30}}, 0x10004000)
pipe(&(0x7f0000000080))

17m59.666566324s ago: executing program 6 (id=2432):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x481, 0x0, 0xfff, 0xfffffffffffffffd, 0xff, 0xfa11, 0xffffffff}, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, &(0x7f0000000000))
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000c40)=@raw={'raw\x00', 0x8, 0x3, 0x2a8, 0xe8, 0xa, 0x148, 0xe8, 0x60, 0x210, 0x2a8, 0x2a8, 0x210, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xc0, 0xe8, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@socket2={{0x28}, 0x1}, @common=@inet=@ecn={{0x28}, {0x1, 0x10, 0x7, 0x7f}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x1}}}, {{@uncond, 0x0, 0xc0, 0x128, 0x0, {}, [@common=@osf={{0x50}, {'syz0\x00', 0x0, 0x2, 0x0, 0x1}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x8, 0x2, 0x1, 0xd8cb, 'netbios-ns\x00', 'syz1\x00', {0xa000000000000000}}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x308)
r3 = fsopen(&(0x7f0000000340)='autofs\x00', 0x0)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000a40), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000fcdbdf25120000001800018014000200766574683000000000000000080000000800090000000000080007"], 0x3c}, 0x1, 0x0, 0x0, 0x400c000}, 0x2004c0a0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f00000003c0)='\xcfD\xc4\xbf\x95@q\xf0\x0f \x02\xa8\xff\xa7\xfdi\xa7\xd6j\'$\x1d\x14\xb7!\x8b\x84=r \xe34\xdb\x84\x00\xe7\xc9L\a\xfds1n@\x1e\x99\xcah\x85\xb8\xbeSAk\xf4\xb6 \xdf\xa0P\x18\x19\xae\x8c\x9a\x19mm\r<|\xe8\x9e\xa0x\x84p2\xf9\xe2\xed\xb0\r\x7f;\xf6J18G\x83\xe9]\xf4\x96\xbc\x9e\xfcG\xb5\x1b', &(0x7f0000000a80)='t+\xdb\xaaU\x8e\xd6\x9b\xaa\xe0\xc0\x00r\xa1\xf7\x12\xfb\xed\r\f:\xef\xff\xa7x mT\x14\xafZ\xfa\xb5\xe5\x04\x03\'7\xa9\xf8\xb1O0\x05\xee\xc5\x81\xfd\xa5\xa3\xfe\x81\x06\x00>\xcdF8\xd2x\xb4\x05\x10\x0e\xc2\x85\xfe\xd8b=\xf8q\xa96{\xf49\x88\xb1\xcb\x8cn\n.\xd0;7\xeb\xc5\xd8\x13\xfe\x13\x1a\x01\xa3nK3\xc2p\xb5\n\x0fU6\xc9\xc4\x1f`\x8a\xd6\xf1*~\fD\x8e\"\x1c\xa4\x19J3\xac5.E\xe8\x97K\x82Y\n\x0f\x15\xd7\xb0\xaf-\x89\xcc\xdb>\xd4\xa9F=\x7f\xd5`|MG\xf6FfJ\xcc\xa9(\xea\xb8\x82tXW\xeb\xbd\f/\xbd\x95\x01a\x86G\xbf$\xe3\xd7\x15\x8b\x84\xc4\xc0\xe4;\xcc\xda\xd0+\xc3\x1e\xc7\x12\x14\x95\xcf\x1d\x1a\xa0st\xd9^\x95\xbd\x14\x1e\xa5\xb7+\xa2\xd1\x7f\xae=\x96F\xb8\x94\xfd\xd5\xfdQ\xca\x17\n\x96\t\x1e\x8b%\x82)$\xb6\xca\xbe\x03\xd8\xc5\xde\x05\x81 \xcc\xa5\xb0Z\xfb\xae\xa5\x9b.\x88\x97\xbf\x0e\xa1\x86\x8a\xbb\xd2\x7f\xc5p\xc0vI\x80\f\x871C\xda .\xdc\xf7\xef\x1a\xdc\x97Y-\x04\xc0\xc7\xd3\xa8\xf6yy)\x15FK\xaa\xc4\xd5B\x90\xfe\xd6\xf0\xd6<\a\x91\x10\xf4\x8cl:\x90\x8fHt\x9e\xbb\x91!\x1a\xe7\x8ck\x8dE\xe9\xdcH\x16jK\xb57\x88\xebsvJ\xf1o\x9eC\xd9\x95E\x9aX%\x8a\xe1W\x7f\x1c\x0e\x86f\x93\aN\x02\"//\x14@8lYL\xc09\xc0Gu\xe7\x02\x9b]\xac\xa6!\x96\x91+>Z', 0x0)
readv(r3, &(0x7f0000000480)=[{&(0x7f0000002800)=""/4104, 0x1008}], 0x1)
syz_genetlink_get_family_id$fou(&(0x7f0000000180), r5)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000000201000000dd81008000000000000096f163ff5691a3236f6cfd4da563"], 0x14}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x400484c}, 0x40080)
socket$nl_netfilter(0x10, 0x3, 0xc)

17m58.935752352s ago: executing program 6 (id=2434):
r0 = shmget$private(0x0, 0x3000, 0x400, &(0x7f0000674000/0x3000)=nil)
shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ppoll(&(0x7f0000000000)=[{r1, 0x100}], 0x1, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(0x0, r4)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r6 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r6, 0x0)
sendfile(r6, r6, 0x0, 0xffffffff)
r7 = getpid()
r8 = syz_pidfd_open(r7, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, 0x0, 0x0)
process_madvise(r8, &(0x7f00000007c0)=[{&(0x7f0000000480)="ab1d3c56054b1efc90bf54d80859b679851088dbc17787ed192898b3fe5e5d3effecfd3b5fc248f1bb62f468b468681b1c1197a91cf9e9601b5cc8477a9a1609359d4a6c717ef0848ed05f85a4447d08b880e1a61c30a4caafe8994d258052eae56b6afd4052181a6cf53ec3b25d7b0d85605565eef855e1f429476a0ed4313eb80897322ba662a7d085b021efc4347d1377336a5f0bf4510cc2b54daa7e0408c69bffb6a75e4a4f506aaaa6401b77753d07065703890749e9e832c89426efb903b5405e6ce74e75633a6ed5da7ae02dac997906177432c70483a383a5dd713f71ac24e315b2042d2b", 0xe9}, {&(0x7f0000000580)}, {&(0x7f0000000640)="641dcfe8abe1ac4aa44510665cd7f2f7646144ae87bd73d2f157a2b493d958b0a6784497c1b6e5434d4e532eea62b62e0476802fb7cf302a014c6ed88683534e09aa60eda2fb7c2f6b9a16575d890c7b1723e29ccd9d9491b0c47b88fc89a14a7c48614cafd6657aa5c4a2f945c1ee47d5ad2e88b3073a550156e3a0a5522e71650cd84f3a", 0x85}, {0x0}, {0x0}, {&(0x7f00000001c0)="e86dbd7e1761e27592d1d2d21ef9764887cc1c22945802067181775dcca407071083ddbee2", 0x25}], 0x6, 0xc, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x74, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x48, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x23}, @NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x9c}}, 0x0)
close(r9)
process_madvise(r8, &(0x7f0000000900)=[{0x0}, {&(0x7f0000000080)}], 0x2, 0x18, 0x0)
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000180)={'netdevsim0\x00', <r11=>0x0})
sendmsg$nl_xfrm(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="5c0100001000130700000000fcdbdf25e0000001000000000000000000000000ff02000000000000000000000000000100040b6e4e2100020000000021000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fc010000000000000000000000000000000004d632000000e0000002000000000000000000000000000000000000000000000000000000000100008000000000010000000000008001000000ffffffff0000000000000000010000800000000043050000000000000400000000000000ffffffffffffff7f0000000000000000fdffffffffffffff0000000000000000000000002cbd70000035000002000000500000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000060000000210466d38547aa140db9a200000000c538c7cb7a0c001c00", @ANYRES32=r11], 0x15c}, 0x1, 0x0, 0x0, 0x880}, 0x2014)

17m58.283369437s ago: executing program 34 (id=2434):
r0 = shmget$private(0x0, 0x3000, 0x400, &(0x7f0000674000/0x3000)=nil)
shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ppoll(&(0x7f0000000000)=[{r1, 0x100}], 0x1, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(0x0, r4)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r6 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r6, 0x0)
sendfile(r6, r6, 0x0, 0xffffffff)
r7 = getpid()
r8 = syz_pidfd_open(r7, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, 0x0, 0x0)
process_madvise(r8, &(0x7f00000007c0)=[{&(0x7f0000000480)="ab1d3c56054b1efc90bf54d80859b679851088dbc17787ed192898b3fe5e5d3effecfd3b5fc248f1bb62f468b468681b1c1197a91cf9e9601b5cc8477a9a1609359d4a6c717ef0848ed05f85a4447d08b880e1a61c30a4caafe8994d258052eae56b6afd4052181a6cf53ec3b25d7b0d85605565eef855e1f429476a0ed4313eb80897322ba662a7d085b021efc4347d1377336a5f0bf4510cc2b54daa7e0408c69bffb6a75e4a4f506aaaa6401b77753d07065703890749e9e832c89426efb903b5405e6ce74e75633a6ed5da7ae02dac997906177432c70483a383a5dd713f71ac24e315b2042d2b", 0xe9}, {&(0x7f0000000580)}, {&(0x7f0000000640)="641dcfe8abe1ac4aa44510665cd7f2f7646144ae87bd73d2f157a2b493d958b0a6784497c1b6e5434d4e532eea62b62e0476802fb7cf302a014c6ed88683534e09aa60eda2fb7c2f6b9a16575d890c7b1723e29ccd9d9491b0c47b88fc89a14a7c48614cafd6657aa5c4a2f945c1ee47d5ad2e88b3073a550156e3a0a5522e71650cd84f3a", 0x85}, {0x0}, {0x0}, {&(0x7f00000001c0)="e86dbd7e1761e27592d1d2d21ef9764887cc1c22945802067181775dcca407071083ddbee2", 0x25}], 0x6, 0xc, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x74, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x48, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x23}, @NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x9c}}, 0x0)
close(r9)
process_madvise(r8, &(0x7f0000000900)=[{0x0}, {&(0x7f0000000080)}], 0x2, 0x18, 0x0)
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000180)={'netdevsim0\x00', <r11=>0x0})
sendmsg$nl_xfrm(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="5c0100001000130700000000fcdbdf25e0000001000000000000000000000000ff02000000000000000000000000000100040b6e4e2100020000000021000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fc010000000000000000000000000000000004d632000000e0000002000000000000000000000000000000000000000000000000000000000100008000000000010000000000008001000000ffffffff0000000000000000010000800000000043050000000000000400000000000000ffffffffffffff7f0000000000000000fdffffffffffffff0000000000000000000000002cbd70000035000002000000500000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000060000000210466d38547aa140db9a200000000c538c7cb7a0c001c00", @ANYRES32=r11], 0x15c}, 0x1, 0x0, 0x0, 0x880}, 0x2014)

16m36.400358204s ago: executing program 7 (id=2621):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000004040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0x400)
syz_usb_control_io(r1, &(0x7f0000000100)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="2006"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(aes)\x00'}, 0x58)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000040)={0x3, 0x6576, 0xd, 0x0, <r4=>0x0})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r3, 0x100000000)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00464b4, &(0x7f0000000080)={r4})
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000e40)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000800}], 0x1, 0x20004050)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x28c81, 0x0)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r7, 0x4004af61, &(0x7f00000000c0))
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_int(r8, 0x29, 0x4b, 0x0, 0xad)
setsockopt$sock_int(r8, 0x1, 0x9, &(0x7f0000000200), 0x4)
syz_usb_control_io(r1, &(0x7f00000005c0)={0x2c, &(0x7f0000000340)={0x20, 0x22, 0x82, {0x82, 0x2, "b792783c57964ba7a8349e195be5d6f33fad9523bc3cd88d47704816be91de3ccc2e302482930bb03d2b40eb2f0062d35ef0a137607f6d88722cd80796d71fd5875cecfad92c135d6b07052bae2a0971e6135a5357cc3438b14d6296fef3a808352afd574d59b11c9ec15e97b367b84c978dd67fa1dcde884954ca092f6268bd"}}, &(0x7f00000004c0)=ANY=[@ANYBLOB="0003660000006603749bfaf50acb8065e6492b07000000000000009194f9bd441048511a17d86d2ff910f1aa05cc941c9a472f637ab7edd8e88e6c7537cfa82d0416cb0e11c4376dfb25f11b5acdd1bf2e33214654c590d88a015f75564d3e4c03c2152e6dd611a1202f7ddb"], &(0x7f00000002c0)={0x0, 0xf, 0x39, {0x5, 0xf, 0x39, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0xac, "7ef74f3bde675fdc67bea074edfef6fb"}, @ss_container_id={0x14, 0x10, 0x4, 0x80, "0bb3d778dd7b53c1f2394678a7d631d4"}, @ssp_cap={0xc, 0x10, 0xa, 0x2, 0x0, 0x7bd, 0xf00, 0x5}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x9, 0x18, 0x6, 0x0, "488bb8fd", "e1f5c948"}}, &(0x7f0000000540)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x4a, 0x0, 0x0, 0x6, 0xc, 0x998d, 0x5}}}, &(0x7f0000000c40)={0x84, &(0x7f0000000600)={0x0, 0xb, 0x63, "a1a0d14aacaf9ba9379a4e30c26c65398a340248b755e54d0263b00b15e7e7ac931b1cba0d60d40418248ac5c03147a739b62ca47014405349c1665988f4b5cc447d3baf44af443ac4c698b8aff6333bd367cb98bd8b0e36deaefcf377898bed4abd1b"}, &(0x7f0000000680)={0x0, 0xa, 0x1, 0x7}, 0x0, &(0x7f0000000700)={0x20, 0x0, 0x4, {0x1}}, &(0x7f0000000740)={0x20, 0x0, 0x4, {0x200, 0x8}}, &(0x7f0000000780)={0x40, 0x7, 0x2, 0xf912}, &(0x7f00000009c0)={0x40, 0x9, 0x1, 0x3}, &(0x7f0000000a00)={0x40, 0xb, 0x2, 'TA'}, &(0x7f0000000a40)={0x40, 0xf, 0x2, 0xa6c2}, &(0x7f0000000a80)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x36}}, &(0x7f0000000ac0)={0x40, 0x17, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, &(0x7f0000000b00)={0x40, 0x19, 0x2, "8b2c"}, &(0x7f0000000b40)={0x40, 0x1a, 0x2, 0x6}, &(0x7f0000000b80)={0x40, 0x1c, 0x1, 0x8}, &(0x7f0000000bc0)={0x40, 0x1e, 0x1, 0x8}, &(0x7f0000000c00)={0x40, 0x21, 0x1, 0x85}})
close_range(r6, 0xffffffffffffffff, 0x0)
sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x20004000}, 0x8890)
sendmsg$nl_xfrm(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="ec0100005c8baebf10a8bf51d93734c417180010022bbd7000fbdbdf2500000000000000000000ffffac1e0001000000000000000000000000000000014e21c64b4e2200070a0000b02b000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000004d333000000fe88000000000000000000000000000106000000000000000300000000000000f7ffffffffffffff0200000000000000000000000100000006000000000000000b0000000000000000700000000000000000000024000000008000000000000080000000000000000300000000000000f400000008000000c56300002cbd7000073500000800040506000000000000000600000000000000bf000800bb000800007ab300fc4b8fc256d3797cc4228b74e0a496d4145b2b924596330f47e5ea8f04229fe0bfc026535c90ded1115b98daef9e9aceed491c33104f3f0f9cad481ebf73b5b5c7bfe9d68b012a7d9bcf2112bb082c3cbeffa72ae48b6792c4032d63af0f0d2bae0eb8f8197ba3f12d04d654a2e31a4450502365dc1d3a10d82f95b7225c2708f11a5ef0fe0e7a7d990a2b10089440e87edd5b6245795acf5027c02f3944982644ab9a4a762f7d5f49574994eae2727a95927600080018000600000008001d00060000001c00040001004e214e200000ac1414aa00000000000000000000000008001d00f5ffffff"], 0x1ec}, 0x1, 0x0, 0x0, 0x80}, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x3, 0x0, '\x00', 0x1, &(0x7f0000000140)})

16m33.178076534s ago: executing program 7 (id=2627):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_UNLINK(r3, 0x40044160, 0x3)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
r5 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r5, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4)
connect$inet6(r5, &(0x7f0000002140)={0xa, 0x4e25, 0x1, @mcast2, 0x7}, 0x1c)
setsockopt$inet6_udp_int(r5, 0x11, 0x65, &(0x7f00000002c0)=0x4, 0x4)
sendmmsg$inet6(r5, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4001c00)
connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs={0x3, 0x0, 0x4e20}, 0x6e)
r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101701)
ioctl$USBDEVFS_CLEAR_HALT(r6, 0xc0105502, &(0x7f0000000300)={0x1, 0x1})
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="01002bbd70000e001000540000"], 0x14}, 0x1, 0x0, 0x0, 0x20000850}, 0x4000000)
close(r2)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
io_uring_setup(0x1684, 0x0)
socket$kcm(0x2, 0xa, 0x2)
write$tun(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0xfdef)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_COMPAT_GET(r7, &(0x7f0000002840)={0x0, 0x0, &(0x7f0000002800)={0x0, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x4040010)
syz_usb_connect$cdc_ecm(0x2, 0x59, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000102505a1a440000000010109024700010100800309040007ff02020000052406000005240000000d240f0100000000000000000004241309032407"], 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x20000055, &(0x7f0000000300)={0xa, 0x4001, 0xfffb, @loopback}, 0x1c)

16m29.446462908s ago: executing program 7 (id=2636):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_int(r3, 0x11, 0x67, &(0x7f0000000000)=0x507, 0x4)
sendmmsg$inet(r3, &(0x7f0000000600)=[{{&(0x7f0000000080)={0x2, 0x4e20, @local}, 0x10, 0x0}}], 0x1, 0x2000c844)
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0900000004000000dd0000000a0000000000", @ANYRES32, @ANYBLOB="b0539a7d10ece7c02c53c54cfea7186b6d3ce20c42f15eeb7454f724e693d7e3f13595", @ANYRES32], 0x50)
r4 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
r5 = socket$netlink(0x10, 0x3, 0x8000000004)
connect$inet6(r4, &(0x7f0000000800)={0xa, 0x4e24, 0xc0, @ipv4={'\x00', '\xff\xff', @loopback}, 0xc58e}, 0x1c)
writev(r5, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff81004e230e227f000001925aa80020007b00090080007f000001e809000000ff0000f03ac710aa7d0000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
syz_open_dev$sg(0x0, 0x0, 0x40100)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x4)
preadv(r6, &(0x7f0000000300)=[{&(0x7f00000000c0)=""/4, 0x4}], 0x3e8, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={0xffffffffffffffff, 0x0, &(0x7f0000000640)=""/13, 0x2}, 0x20)
r8 = socket$netlink(0x10, 0x3, 0x0)
writev(r8, &(0x7f00000003c0)=[{&(0x7f0000000280)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
sendto$inet(r3, &(0x7f00000000c0)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95913e9c4f8cf31440606769ebdf12cfacae8e8c03f5db079da7d9ecda75e2a7d49d5cbcb370c4d789390a328ba42c9c60cf2154d1b659aa709e8980a522cfb72f23ad87fb7019706ccae98cfe7c4fd23e8297b8cabc46ede1ac3da78f1b488c6357e7edfcd417df6660af20a54ecdcb02f689ae15ee655d4b7b1ea733e88ee9f53669388dff487c1c49953f3bc142112bd4b582b29b35d43962ed245c2cd5d5df40a3e0ed6beaf3b641e84b0f0dfa121a9efe05269f9f4a0e9bcbf43c7a90a711f453668c730c3badedca687b71a9c27bab9e724cc4a4918713031596ea6fd01124f973f257ccd9665aee7df4a9d64f079d176abc00000000d7af3e2dd4396f72373fb0a787a6129ca41181f5087fb843212550b58e3707d5a0399de36c2503836cbe2133de4f574e9e05c96788b0de1bd13e390445433d96737b964fa8af2ac4b2f0f9390ca93d8d3d810044d024359e067c4553230ab748947d33f8fc115ce9a49e6571c45a05d786cbd49342c236537dbbeec666b07baab917252113a5b9a77283189b518f356debe42d80cf2d0687b9c64d0253a6a09286fded6e4f8557b8fb4f25ca4fb138af8945c74bbc98748eaaa030be5317646f195e6e085ac6ddb29542e3581961259987241f7e7061526a7afec8962e74215fea43703a4e543ee9d1a3c3f5f2a41977ece8fdadcf89ce331ce59bebae5f53513d0e10485d7ddbda60513bf339602510b3a23ea29a0d5d03a61e34d12942ea4a847c884b27b5344a456d02a55f8929cc567e7c792c01fab7a7b32780a14c361000609b817dd91507b04d875279527946fdb8fb92a512485e234d092c28f1d0a0498731ccc0eb10515d510e8945839307b46512ceca6f495fdd2c6ae5eb2ef3b2a40ebdc7edf0048e3fb5e3d97a9ea5113a6b70d20ad5c43f0df95d88c0f121a1884da21a21f0ba47420f8391a97921cc51871dbb272e43710fe71d5e342c3afd10608a8b02f00e8fbd8d570b6faace86c494ecea8913233391e7b7cec3d571bb3032181ed58e1b513e511f79ee562c8cde9b3b74c2e95dcde7fadb5a666bdc0c1684794620ce8cf0c0aee8e90b3ef6e7160d3f055cb4d1ced32e4edc15e7d102952d3237e6c02c591a95a182bf190c0124abc7f1225332ff1c5e1b94e4e9bf02c1a18bd7bfce20707f7298da322560bc1a4cf298d46f5bf8ff41da21e25aa17f65f9ee43ca890b5ef6a3ccf3efedf3ca60a9acef1352ad0c43e6cf375108cf0974ce89a99adba7e6a3f8949dc573440fafe0e3abdd0066057a2d868e8386080f18a421568d8e7a89536a4173861bd55245c8fcf7dcba18edce36d2e85b9630fbc218db9ebd16abb11ac06fdbf2bc3e6394d4c6e7ae71813d30772d487743a2856348fee09989ce03331e7848770fc91e62191c20fe5f4a73c5dae467dd612bdb63b1e50921d38271305d7412103d5a6214d6d534d1d530b9169f882b6926bbd338f0282a8bd9a44603934e5249e83f1d0947b39f82a7843d2b6f796d8abf7ff3e66cfd4519324d71cebbf6580dffc10d555e479e9acaa12c3c59e3732c181aa4223d0fcdac514e9d7c7963c2634964520286b028f60a4ae612b8e6049315139e884cbffd6836253094ad023329183496cf663366ad4d7f7f5f1bd2db9b0d33f106c041fba4494c7da404d45d8955e5459ca4a62862721ec1fa534fd95e262c5814426816e60000000000000000001aa4fb6f40ec24f42f6949cc28d2a0d4eb61cb1664627582d962523586539445b81e9759321652280ecb", 0xffe3, 0x6000000000000000, 0x0, 0x0)

16m27.45080695s ago: executing program 7 (id=2641):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
r3 = openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_S_STD(r3, 0x40085618, &(0x7f0000000440)=0x2000)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
add_key(&(0x7f0000000280)='rxrpc\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)
socket$nl_xfrm(0x10, 0x3, 0x6)
ptrace$cont(0x1f, 0x0, 0x100, 0x4)
socket(0x10, 0x803, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600707, 0x18)
unshare(0x2a060c00)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(0x0, &(0x7f00000001c0)='./file0/../file0/../file0/../file0\x00')
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001900)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f0000000000)={0x30, r6, 0x1, 0x70bd28, 0x25dfdbff, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0x18, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}]}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_DEBUG_HEADER={0x4}]}, 0x30}}, 0x10004000)
pipe(&(0x7f0000000080))

16m25.500299097s ago: executing program 7 (id=2644):
r0 = shmget$private(0x0, 0x3000, 0x400, &(0x7f0000674000/0x3000)=nil)
shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ppoll(&(0x7f0000000000)=[{r1, 0x100}], 0x1, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r5 = dup(r4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r5, 0x0)
sendfile(r5, r5, 0x0, 0xffffffff)

16m25.031765334s ago: executing program 7 (id=2647):
r0 = shmget$private(0x0, 0x3000, 0x400, &(0x7f0000674000/0x3000)=nil)
shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ppoll(&(0x7f0000000000)=[{r1, 0x100}], 0x1, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(0x0, r4)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r6 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r6, 0x0)
sendfile(r6, r6, 0x0, 0xffffffff)
r7 = getpid()
r8 = syz_pidfd_open(r7, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, 0x0, 0x0)
process_madvise(r8, &(0x7f00000007c0)=[{&(0x7f0000000480)="ab1d3c56054b1efc90bf54d80859b679851088dbc17787ed192898b3fe5e5d3effecfd3b5fc248f1bb62f468b468681b1c1197a91cf9e9601b5cc8477a9a1609359d4a6c717ef0848ed05f85a4447d08b880e1a61c30a4caafe8994d258052eae56b6afd4052181a6cf53ec3b25d7b0d85605565eef855e1f429476a0ed4313eb80897322ba662a7d085b021efc4347d1377336a5f0bf4510cc2b54daa7e0408c69bffb6a75e4a4f506aaaa6401b77753d07065703890749e9e832c89426efb903b5405e6ce74e75633a6ed5da7ae02dac997906177432c70483a383a5dd713f71ac24e315b2042d2b", 0xe9}, {&(0x7f0000000580)}, {&(0x7f0000000640)="641dcfe8abe1ac4aa44510665cd7f2f7646144ae87bd73d2f157a2b493d958b0a6784497c1b6e5434d4e532eea62b62e0476802fb7cf302a014c6ed88683534e09aa60eda2fb7c2f6b9a16575d890c7b1723e29ccd9d9491b0c47b88fc89a14a7c48614cafd6657aa5c4a2f945c1ee47d5ad2e88b3073a550156e3a0a5522e71650cd84f3ad4", 0x86}, {0x0}, {0x0}, {&(0x7f00000001c0)="e86dbd7e1761e27592d1d2d21ef9764887cc1c22945802067181775dcca407071083ddbee2", 0x25}], 0x6, 0xc, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x74, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x48, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x23}, @NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x9c}}, 0x0)
close(r9)
process_madvise(r8, &(0x7f0000000900)=[{0x0}, {&(0x7f0000000080)}], 0x2, 0x18, 0x0)
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, 0x0)
sendmsg$nl_xfrm(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="5c0100001000130700000000fcdbdf25e0000001000000000000000000000000ff02000000000000000000000000000100040b6e4e2100020000000021000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fc010000000000000000000000000000000004d632000000e0000002000000000000000000000000000000000000000000000000000000000100008000000000010000000000008001000000ffffffff0000000000000000010000800000000043050000000000000400000000000000ffffffffffffff7f0000000000000000fdffffffffffffff0000000000000000000000002cbd70000035000002000000500000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000060000000210466d38547aa140db9a200000000c538c7cb7a0c001c00", @ANYRES32], 0x15c}, 0x1, 0x0, 0x0, 0x880}, 0x2014)

16m24.208499201s ago: executing program 35 (id=2647):
r0 = shmget$private(0x0, 0x3000, 0x400, &(0x7f0000674000/0x3000)=nil)
shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ppoll(&(0x7f0000000000)=[{r1, 0x100}], 0x1, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(0x0, r4)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r6 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r6, 0x0)
sendfile(r6, r6, 0x0, 0xffffffff)
r7 = getpid()
r8 = syz_pidfd_open(r7, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, 0x0, 0x0)
process_madvise(r8, &(0x7f00000007c0)=[{&(0x7f0000000480)="ab1d3c56054b1efc90bf54d80859b679851088dbc17787ed192898b3fe5e5d3effecfd3b5fc248f1bb62f468b468681b1c1197a91cf9e9601b5cc8477a9a1609359d4a6c717ef0848ed05f85a4447d08b880e1a61c30a4caafe8994d258052eae56b6afd4052181a6cf53ec3b25d7b0d85605565eef855e1f429476a0ed4313eb80897322ba662a7d085b021efc4347d1377336a5f0bf4510cc2b54daa7e0408c69bffb6a75e4a4f506aaaa6401b77753d07065703890749e9e832c89426efb903b5405e6ce74e75633a6ed5da7ae02dac997906177432c70483a383a5dd713f71ac24e315b2042d2b", 0xe9}, {&(0x7f0000000580)}, {&(0x7f0000000640)="641dcfe8abe1ac4aa44510665cd7f2f7646144ae87bd73d2f157a2b493d958b0a6784497c1b6e5434d4e532eea62b62e0476802fb7cf302a014c6ed88683534e09aa60eda2fb7c2f6b9a16575d890c7b1723e29ccd9d9491b0c47b88fc89a14a7c48614cafd6657aa5c4a2f945c1ee47d5ad2e88b3073a550156e3a0a5522e71650cd84f3ad4", 0x86}, {0x0}, {0x0}, {&(0x7f00000001c0)="e86dbd7e1761e27592d1d2d21ef9764887cc1c22945802067181775dcca407071083ddbee2", 0x25}], 0x6, 0xc, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x74, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x48, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x23}, @NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x9c}}, 0x0)
close(r9)
process_madvise(r8, &(0x7f0000000900)=[{0x0}, {&(0x7f0000000080)}], 0x2, 0x18, 0x0)
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, 0x0)
sendmsg$nl_xfrm(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="5c0100001000130700000000fcdbdf25e0000001000000000000000000000000ff02000000000000000000000000000100040b6e4e2100020000000021000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fc010000000000000000000000000000000004d632000000e0000002000000000000000000000000000000000000000000000000000000000100008000000000010000000000008001000000ffffffff0000000000000000010000800000000043050000000000000400000000000000ffffffffffffff7f0000000000000000fdffffffffffffff0000000000000000000000002cbd70000035000002000000500000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000060000000210466d38547aa140db9a200000000c538c7cb7a0c001c00", @ANYRES32], 0x15c}, 0x1, 0x0, 0x0, 0x880}, 0x2014)

22.251486643s ago: executing program 1 (id=7622):
socket$packet(0x11, 0x3, 0x300)
syz_emit_ethernet(0x32, &(0x7f0000000a40)={@remote, @multicast, @void, {@ipv4={0x800, @dccp={{0x5, 0x4, 0x0, 0x1e, 0x24, 0x67, 0x0, 0x4, 0x21, 0x0, @multicast2, @rand_addr=0x64010101}, {{0x4e21, 0x4e20, 0x4, 0x1, 0x6, 0x0, 0x0, 0x7, 0x0, "e0dfec", 0xa9, "79009a"}}}}}}, 0x0)

22.212970487s ago: executing program 1 (id=7623):
pipe(&(0x7f0000000440)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x129c81, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f00000001c0)=ANY=[], 0xff2e)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$TCSETS(r1, 0x40045431, &(0x7f00000000c0)={0x0, 0x5, 0x400007f, 0x4000006, 0x0, "42341f9b1000007e4f00"})
r2 = syz_open_pts(r1, 0x60300)
dup3(r2, r1, 0x0)
splice(r1, 0x0, r0, 0x0, 0x7ffff000, 0x0)

22.1642926s ago: executing program 1 (id=7624):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000840)='./file0\x00', &(0x7f0000000700), 0x18)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)={<r0=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x111, 0x6}}, 0x20)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000940), 0x2, 0x0)
ppoll(&(0x7f0000000300)=[{r0, 0x4236}], 0x1, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x2, 0x4}}, 0x20)
writev(r1, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

22.01557549s ago: executing program 1 (id=7625):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x13, &(0x7f0000000040)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x107a655, 0x0, 0x0, 0x0, 0x10}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='GPL\x00', 0x7, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x0, 0x8, 0x0, &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

22.015377024s ago: executing program 1 (id=7626):
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f00000001c0)=0x6)
unlinkat(0xffffffffffffffff, 0x0, 0x200)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0xfffd, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000140)=@newqdisc={0x38, 0x24, 0xd0f, 0x70bd2c, 0x25dfdbfb, {0x60, 0x0, 0x0, r3, {}, {0xffe0, 0xa}, {0xfff3, 0xe}}, [@qdisc_kind_options=@q_pfifo={{0xa}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x55}, 0xc010)
sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0)

20.988234217s ago: executing program 1 (id=7636):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000005200ff030000000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x40091}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r0)

20.663288335s ago: executing program 36 (id=7636):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000005200ff030000000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x40091}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r0)

11.619944745s ago: executing program 3 (id=7732):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, 0x0}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

9.855180656s ago: executing program 3 (id=7751):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, 0x0, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
syz_emit_ethernet(0x4a, &(0x7f0000003540)={@local, @multicast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x14, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x34}, @local, {[], {{0x2, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0xffff}}}}}}}, 0x0)

9.3274807s ago: executing program 3 (id=7756):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r1, 0x4008ae93, &(0x7f0000000040)=0x4)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000080)={0x3, 0xbde, 0x0, &(0x7f0000000180)="a1984ec3aec3fc2e025f90eda6dbc903939aac644fd36f1e65174cae030c42cbacc392851a695f247112e91f059460a2c031929dc0515ac7cd20775ff9da9c2b6c", 0x0, 0x41})
ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4400ae8f, &(0x7f0000000140)=@x86={0x7, 0x2, 0xc5, 0x0, 0x1ff, 0x9, 0x4, 0x6, 0x1, 0xf8, 0x0, 0x3, 0x0, 0x7, 0x6, 0x6, 0x45, 0x4, 0xfe, '\x00', 0x4, 0x4})
ioctl$KVM_RUN(r1, 0xae80, 0x0)

8.975611756s ago: executing program 3 (id=7760):
syz_emit_ethernet(0x1000e, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b600002e302c03cb697a653e336f000000500000000000ff02000000000000000000000000000102000003"], 0x0)

8.963719034s ago: executing program 3 (id=7761):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140))
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = fsopen(&(0x7f0000000100)='tmpfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x1)
fchdir(r1)
r2 = io_uring_setup(0x1b7e, &(0x7f0000000040)={0x0, 0x200c89f, 0xc000, 0x7, 0x20002f6})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000240), 0x0, 0x501, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x50)
r3 = socket$inet(0x2, 0x80001, 0x84)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{0x0, 0x10}], 0x1}, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='8', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)

8.770471154s ago: executing program 3 (id=7764):
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
io_uring_setup(0x2ddf, &(0x7f0000000040)={0x0, 0x100aeb9, 0xd000, 0x5, 0x60})
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)

5.1544073s ago: executing program 5 (id=7811):
fsopen(&(0x7f00000002c0)='gfs2\x00', 0x1)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r1 = fcntl$dupfd(r0, 0x406, r0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200047fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000002c0)='bbr', 0x37)
sendmsg$TCPDIAG_GETSOCK(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)={0x4c, 0x12, 0x10, 0x70bd27, 0x25dfdbfc, {0xf, 0x8, 0x6, 0x7, {0x4e20, 0x4e20, [0x39, 0x4, 0x1ff, 0xc], [0x5, 0xaf58, 0x3, 0x80005], 0x0, [0x1, 0x9]}, 0xc000000, 0x80000000}}, 0x4c}, 0x1, 0x0, 0x0, 0x8}, 0xc4)
write$binfmt_elf64(r1, &(0x7f0000000f80)=ANY=[], 0x540)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r1)
writev(r1, &(0x7f0000001f80)=[{&(0x7f0000000dc0)="44ad1120960e8f51c8a5a15546d57b4ac2b63b382d16f1e42ab248ba6bfff5388771a2d4380e4f3c190d21fc81d79b0c3c4637d27c800829b6704f2f52a28836c055149c068534e06919e00c0cecb812be1f8d5048252590bd10c40a5ce2994ed6e350ee3c02639d97fcadb501dbe8431f7f2ded2b1bdaa062b28eed48f5f397f18238545974708aef2f104b885f9699e05b02749281563a372c99c3ac366e61743767858101a181716d8945c9b684cb6ff20309d6395da4840e1707fa035a365550156381924f4d57db6266f156e7de142b54d64899e9b2fc82e7246487d3baf47d8709dd3b49ecedfab35cea946d70b57acf93f2f8576c5ca9468b70df21695aadfcfdd240ca4cd9b714344f3547a54274148065926dcea71ee998ba1ab89a0b69912d53493fb4f0bd9f065260eea77215aeed3a3c2f338bd29e4ee504ff03b3d184872c8e2ece9550a2ae2cc53d96e837fede31c06266089e9466ef512b940cfdd2de2fe773eca039eea100b6f1f99be3bf60d23064315673c22988c87b5257cbc1d1594b43f8f9aabcee6ef370cb06175a6bef8bf60c70ca729c856119b6dfd4c2308d0a3ce16765ec3ebba3ff0677122f06a9330ec88a8c450d299a0c46d62a613b707f1aa0e3644af5491eb80f0410a88b8a3f44ebe3668be722252a8ed9276cee6ad9f5823e25b99f95548deacd3dc935c2b0783c524484130729783e07be07253eeb2670677ce92866720c0f17bda5c7c9efc4f6c26a29a0eb90a9bfcfd300f704b4bc68111beb68ab457a280038c9a66ed2d87fff21db36f2b03120c314304786416559a0f48b3eebc592e382a57e3c9ee957636bca9bf4cb57df8244f95795ecc1112a0caaf4da3b6a9bed4b473500f420cb9d9fe8f359a0f5ef796b3eb7f86f216c7d3e7870440024d4b7998e9e3d526275fa6849d90e90f62930211bb461f1246b602550d77e883d74d7d66d250a56b29bfaf22b70492154f1d6e9c7016c080cd0a6c5384247e811dd2cc503188c564b1f7d53715292eb3db6aa923c6502fffbc9341bf3b21446b9be0aeadc9bff6fc0132cafd7e866d603b5012134c24b376332e9aadb894eca8bf4e8310bc7dd5f9b90ab7f7f84e42cc1a8625f2d21265a183c1bd125d11bf7d36fbdea23a94891ed67b8eaf84050f07fff6ea58742a6e1b8bfc679b37dc5cb6021e79a93a7233fdeaec203e67ffc1d0d2eec907fa2507c6835301a7ffeea2913fd21f6587abc275a8fb848f542aff4f305a756dc75894934d4bc5a3eef46ba8f9d618f1a2cf2349f55f750ddc65648002788891d16cacb81310a4a0bf705d3ce8c12671ff9e621538a74feb9b7c7d0b3d180d5a84b54f2ca9f3b33e0cc70ff124e8db9a928d49c6c3e271a8861cb10646434f786d572d79a4419271060c0865b09bdc2eda8548df6073aff8d903776606f9edfac0c290aaca27a929c16a309d50a2d14513b6c7e452cbc76f0e9b3e8d6d1cb139246385d793c7310ca74ce03e4d1ac7208b8ab659f0420825d0cf340216248e5571214218670a5dea497d5a47d69ccab6ebd055759f5110afec785ef439e29a5a1b8e50f664f163fed0ee66e291c46a935466c40415ef89b4320ea7bd3d2ccf4f6507e70e3c3a0d4345dedf46f1c06e01f82e35b22b3d4dd3675e2f7ecaf6075c062b33399f8f5ebdc1bb11cdbe3a92e075ab4b323e49cd4e6ffc35db250d00cbeb4e6a7327e971ef394f3316ca11cc70aa84075bd673e24273a6d66ee8cbacc71a197f508ea7c9f8bcc62efe51bfdc395c428d44d95ad62011ef1b6b08b2ad8774f9a78f8562d8bd70c1975ea37450c05b763dba5a694a602e537f8fbacf4f415be44794febf2f4b838d2c5c50397cf2b1f9d847df68fe5625d5f0bba8f63e9d70ab7a72fd32014357153acff2c4c24815782d435b31f7dc60a6dd95a7e8b016ebaf46989429fed944c9110e42ccf346d7f18809f11cf95c4d23aa8168c7c74ca5ba1847d5c301d6d5e17beea91bdf09e3fe16cd89cad9914844d6cf4ddc18e23c6639b1ae82d885bfc404218d349f41ce3a192e15cfcdb6bd839be4bc77328d158d61ce853ff1cd3d129d75ad44629867adc4037ebc68c61a289e63713f7f93c94f2744979c27d146df4fc03501bd4f963d6364a003a5a65e11562166da41bd95f90a90657dfb85a07f2bf43c2f24ad25d70ed036d55e7429edccd466a0ded5759a92e7be1da757272e4494789669d1dea5bb0b776067a5584483629fafb1ea59df738c8961ea04622e3bb15775150922c97adaf69d3aea46ce8b31c9d0cf831", 0x662}], 0x1)

4.236745896s ago: executing program 5 (id=7825):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x40002, 0x0)
pwrite64(r0, 0x0, 0x0, 0xaf6)
sched_setattr(0x0, &(0x7f0000000380)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xffffffff}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r1, 0x0, r2, 0x0, 0x401, 0xa)

1.147789841s ago: executing program 5 (id=7871):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newlink={0x44, 0x10, 0x401, 0xfffffffc, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x1503}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_MODE={0x6, 0x1, 0x2}]}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x44}, 0x1, 0x0, 0x0, 0x240088d0}, 0x0)

1.121509622s ago: executing program 5 (id=7873):
syz_open_procfs(0x0, &(0x7f0000000040)='net/ptype\x00')
fanotify_init(0x200, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_GET(0xffffffffffffffff, 0x0, 0x40800)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
prlimit64(0x0, 0x6, &(0x7f0000000140)={0x0, 0x4}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02080000040000000100000009000100000000", @ANYRES32, @ANYBLOB='\x00\x00'], 0x48)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000180)={[0x9]}, 0x8, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000140)={0xe000200c})

1.038578562s ago: executing program 5 (id=7874):
syz_mount_image$fuse(0x0, 0x0, 0x30040a9, 0x0, 0xf, 0x0, 0x0)
memfd_create(&(0x7f0000000740)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa\x1aX\x87\xf5\x1aP\x06\x9a\xa9\xa0\x98 )\xe3\xa1\xa2\xb1D\xe0\x15S\x89/m\xb71%\x80\x04Q\x1dN\xb0\x19\x81\x16@\xc0\xc4\"g\xd7Z\xb3\x17\xd1\xe7\x1b\xbd\xdck\x95\x16\x17\x95\xce\xa6\x92_\xe4\x9a\xaeA-\x02\x161\x8c\xe7\xa6.)\xadpM\x19\x1c\xcd\xf6S\x9a(:\x90\xb1\x8ft\xeb#\x82\x17\x8d\x00\xcaY\xe9\xf7\xee\x91\bx\x80\xa4\xa0\x16\b\x8b,\xdb\x88\x1e\xc1m\x91\xf0S\xc4\xc9\xefEBT\x8e\xff6\xff\xbb\xd4\xbe&\xf5St\v\xe1\x98;q\\\x1c\xe9\xcc\xfeV\xc3M5\xa9\xec\xc9\x8a\xee7\xbb\xa4\x1f\xc8\xfb\xaar15\xdf\\\xf4d\xc0\xc7\xf3\x88\x13\x94^01\xfc_\x91B\xacp\x8f\xfdx\xa5\xa9_t\x86\xe3%\xf1q\x00\x89c\x05H\x92\xa6\x93je\xfa\xd148\xd0N7', 0x2)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x4009004}, 0x4040004)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newlinkprop={0x44, 0x6c, 0x701, 0x70bd2d, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x40, 0x400}, [@IFLA_MAP={0x24, 0xe, {0x3, 0x2, 0x4, 0x8, 0x7, 0x7}}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x20040040)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000020000000000000000000005ff070000000000000300000d"], &(0x7f0000000f40)=""/4089, 0x4a, 0xff9, 0xa, 0x32e}, 0x28)
setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00])
read$FUSE(r0, &(0x7f0000001180)={0x2020}, 0x2020)

867.664463ms ago: executing program 5 (id=7875):
socket$key(0xf, 0x3, 0x2)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x1000001, 0x13, r0, 0x8cee000)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2d}}, 0x6}, 0x1c)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
sendmmsg$inet(r1, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000000380)=[{0x0}], 0x1}}], 0x1, 0x40000)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ff2000/0xd000)=nil, 0xd000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000240)=0x40)

825.577432ms ago: executing program 9 (id=7877):
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f0000000080)="d8df0f23b3b9ce000000b807000000ba000000000f301b8154fea900c1210680320000c4e28ddc8dcd000000c182fd3f0000c8b950020000b801000400b9a6080000b80000010026b87aeabbc900bbc9000f302f300fc79d53bf0000c4b9e16dc30101220f01c3", 0x67}], 0x1, 0x14, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x5, 0x7, 0xe51, 0x3, 0x5479, 0x103d, 0x6, 0x1, 0x32a, 0xffffffffffffffff, 0xffffffff, 0x1, 0x40000000009, 0x5, 0x6a], 0x2000, 0x808d6})
ioctl$KVM_SET_GUEST_DEBUG_x86(r2, 0x4048ae9b, &(0x7f0000000040)={0x160003, 0x0, {[0x7f, 0xf971, 0x0, 0x80000000, 0x17c1, 0xefc, 0x80000000, 0x20000]}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

496.156728ms ago: executing program 9 (id=7881):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x7, 0x1, 0x7e, 0x1, 0xffffffffffffffff, 0x2}, 0x50)

469.705827ms ago: executing program 9 (id=7883):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xf, &(0x7f0000000000)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

420.27916ms ago: executing program 8 (id=7884):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xecd316dd39d9d0f7, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x9}}, &(0x7f0000000140)='GPL\x00', 0x5, 0x0, 0x0, 0x41000, 0x41, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)

389.345115ms ago: executing program 9 (id=7885):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

388.797401ms ago: executing program 2 (id=7886):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240))
openat$procfs(0xffffffffffffff9c, &(0x7f0000002b40)='/proc/tty/ldiscs\x00', 0x0, 0x0)
memfd_secret(0x80000)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x5, &(0x7f00000000c0), 0x111, 0x6}}, 0x20)
r1 = socket$unix(0x1, 0x2, 0x0)
ppoll(&(0x7f0000000300)=[{r1, 0x4236}], 0x1, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x2, 0x4}}, 0x20)
writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

324.203203ms ago: executing program 8 (id=7887):
r0 = socket$kcm(0xa, 0x3, 0x3a)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x3c}, 0x1, 0x0, 0x0, 0x4000850}, 0x24044010)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0xfe80000000000000, 0xac14140c}, 0x0, 0x1}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000880)="00bc49eb00000009cecefb5d97e5a3", 0xf}], 0x1, 0x0, 0x0, 0x900}, 0x60)

310.181067ms ago: executing program 2 (id=7888):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'macvtap0\x00', &(0x7f0000000240)=@ethtool_per_queue_op={0x4b, 0x21, [0x8, 0x1, 0x4, 0xc, 0x9, 0xf94, 0x4000f1, 0x37, 0x405, 0x6, 0x1, 0x6, 0x1, 0x5, 0x80, 0x2, 0x80000000, 0x2, 0x0, 0xc, 0x8, 0x5, 0x7, 0x2, 0x6, 0x1675, 0x1, 0xff, 0x4, 0x200, 0x4, 0x4107a2b1, 0x358827d1, 0x6, 0x2, 0x1, 0x80000001, 0x3, 0x9c, 0x4, 0x2, 0x5, 0x3, 0xfffffffc, 0x200, 0x50, 0x4, 0x5, 0x0, 0x1, 0x1, 0x0, 0x4928, 0x3, 0xffffffff, 0x7, 0x4, 0x5, 0x80000004, 0x20000000, 0x9733, 0x6, 0x80000001, 0x8, 0x9fd8, 0x5, 0x9, 0x8, 0x8, 0x4, 0x101, 0x9, 0x71, 0x20000000, 0x6, 0x8, 0x3, 0x5, 0x165, 0x9, 0x6, 0x4, 0x9, 0x4000008, 0x40, 0x6, 0x1000, 0x7, 0x0, 0x3, 0x2, 0x2, 0x0, 0x2, 0xffffffff, 0x470, 0x4, 0x0, 0x7, 0x3, 0xe, 0x1000, 0x3, 0x2, 0xb, 0xffff, 0x80, 0x4, 0x4, 0x2, 0x40, 0xb, 0xfffffffd, 0x5, 0x7, 0x0, 0x2, 0x2, 0x0, 0x7, 0x5, 0x8000, 0x1, 0xa, 0x200ffff, 0xa1, 0x6, 0x100009]}})
sendmsg$nl_route(r0, 0x0, 0x20000800)

264.911131ms ago: executing program 8 (id=7889):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x200000000000005e)
sendto$inet(r0, &(0x7f0000000bc0)="6d1d91f42ae60c83edd828280228d57d5f07385ee739a4b3a471b5586dea", 0x1e, 0x24008015, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, 0x0, 0x0)
sendto$inet(r0, &(0x7f00000004c0)='<', 0x381, 0x805, 0x0, 0x0)

217.689169ms ago: executing program 2 (id=7890):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_mems\x00', 0x275a, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x17e)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0)
fcntl$notify(r0, 0x402, 0x1a)
openat$cgroup_ro(r0, 0x0, 0x275a, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040))
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000740)={<r2=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r1, 0xc0182101, &(0x7f00000000c0)={r2})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f00000001c0)={<r3=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r1, 0x40182103, &(0x7f0000000080)={r3, 0x3, r1, 0x5})

216.250942ms ago: executing program 9 (id=7891):
openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f0000000000), 0x1000000, &(0x7f0000000380)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x6000}})
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x89901)
statx(r1, 0x0, 0x1000, 0x6000, 0x0)

170.654537ms ago: executing program 2 (id=7892):
munmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000)
munlock(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

141.871657ms ago: executing program 8 (id=7893):
write$RDMA_USER_CM_CMD_LISTEN(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x5, &(0x7f0000000040)=0xfffffff9, 0x4)
syz_emit_ethernet(0x4e, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa3986dd6c370c8900182b01fe800000000000000000000000000025fe8000000000000000000000000000aaff"], 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003a00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=""/6, 0x6}}], 0x1, 0x0, 0x0)

108.85973ms ago: executing program 9 (id=7894):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0)
getsockname$packet(r3, &(0x7f0000000380)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=@newqdisc={0x50, 0x24, 0xe0b, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0xffe0, 0xd064db0e491fa98f}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x20, 0x2, [@TCA_CAKE_INGRESS={0x8, 0xf, 0x1}, @TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x81}, @TCA_CAKE_MEMORY={0x8, 0xa, 0x842}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x4000080)
bind$packet(r1, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @remote}, 0x14)
sendto$inet6(r1, &(0x7f0000000800), 0x0, 0x880, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000000)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x14, 0xc, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x6}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x3c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

108.364059ms ago: executing program 2 (id=7895):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f00000001c0)="c744240077dd0000c74424027fbe0000c7442406000000000f011c24b8010000000f01c1450f01ca470f01f866baf80cb8e4f61882ef66bafc0c66b8795966ef40250000000066b8de000f00d02e0f005ffa0f01c92e640fc71f", 0x5a}], 0x1, 0xe8, 0x0, 0x0)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2800003, 0x31, 0xffffffffffffffff, 0x231cd000)
ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f0000000300)=@x86={0x38, 0x8, 0x81, 0x0, 0x0, 0x6, 0x67, 0x80, 0x2, 0xfb, 0x0, 0x9, 0x0, 0x5, 0x4, 0x3, 0xf3, 0x7a, 0x3, '\x00', 0x5, 0x44c6})
ioctl$KVM_RUN(r0, 0xae80, 0x0)

4.246271ms ago: executing program 8 (id=7896):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f00000002c0)=0x7, 0x4)
syz_emit_ethernet(0x4a, &(0x7f00000004c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000000c0)={@local, @random="b84fbdff8a20", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "00730f", 0x14, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x74}, @local, {[], {{0x2, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2}}}}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3f}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "560400", 0x14, 0x6, 0xff, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x0, 0x0, 0x4}}}}}}}, 0x0)

4.047736ms ago: executing program 2 (id=7897):
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x10)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa04, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, 0x0, 0xc000)
syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000400)={'veth0_to_hsr\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0x0, 0xffe1}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x9}}]}}]}, 0x48}}, 0xc840)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=@newtfilter={0x54, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x6}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_u32={{0x8}, {0x28, 0x2, [@TCA_U32_SEL={0x24, 0x5, {0xd, 0x7, 0x1, 0x3d3f, 0x0, 0xfff, 0xb709, 0x58f, [{0x0, 0x20008000, 0x4, 0x1}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x24040084)
recvmmsg$unix(r1, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/219, 0xdb}], 0x1}}], 0x1, 0x60, 0x0)
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)={0x2c, 0x0, 0x1, 0x2, 0x25dfdbfe, {}, [@GTPA_LINK={0x8}, @GTPA_I_TEI={0x8, 0x8, 0x1}, @GTPA_FLOW={0x6, 0x6, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4004054}, 0x4000044)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[], 0xc3}, 0x1, 0x100000000000000, 0x0, 0x2000}, 0x40400c0)
r3 = socket(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0)

0s ago: executing program 8 (id=7898):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240))
openat$procfs(0xffffffffffffff9c, &(0x7f0000002b40)='/proc/tty/ldiscs\x00', 0x0, 0x0)
memfd_secret(0x80000)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x5, &(0x7f00000000c0), 0x111, 0x6}}, 0x20)
r1 = socket$unix(0x1, 0x2, 0x0)
ppoll(&(0x7f0000000300)=[{r1, 0x4236}], 0x1, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x2, 0x4}}, 0x20)
writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

kernel console output (not intermixed with test programs):

69][T30919]  dump_stack_lvl+0xe8/0x150
[ 1822.236488][T30919]  should_fail_ex+0x412/0x560
[ 1822.236509][T30919]  should_failslab+0xa8/0x100
[ 1822.236524][T30919]  __kmalloc_noprof+0xe8/0x760
[ 1822.236536][T30919]  ? ima_write_template_field_data+0x47/0x490
[ 1822.236550][T30919]  ima_write_template_field_data+0x47/0x490
[ 1822.236565][T30919]  ima_eventname_init_common+0x1dd/0x250
[ 1822.236582][T30919]  ? __pfx_ima_eventname_init_common+0x10/0x10
[ 1822.236602][T30919]  ? __kmalloc_noprof+0x37d/0x760
[ 1822.236613][T30919]  ? ima_alloc_init_template+0x183/0x700
[ 1822.236625][T30919]  ? __kmalloc_noprof+0x1b8/0x760
[ 1822.236637][T30919]  ? __pfx_ima_eventname_ng_init+0x10/0x10
[ 1822.236648][T30919]  ima_alloc_init_template+0x323/0x700
[ 1822.236665][T30919]  ima_store_measurement+0x1ce/0x670
[ 1822.236683][T30919]  ? __pfx_ima_store_measurement+0x10/0x10
[ 1822.236695][T30919]  ? ima_d_path+0x16b/0x230
[ 1822.236712][T30919]  ? __pfx_ima_get_hash_algo+0x10/0x10
[ 1822.236727][T30919]  process_measurement+0x13e5/0x1c80
[ 1822.236748][T30919]  ? __pfx_process_measurement+0x10/0x10
[ 1822.236777][T30919]  ? tomoyo_find_next_domain+0x1730/0x1aa0
[ 1822.236799][T30919]  ima_bprm_check+0x121/0x180
[ 1822.236812][T30919]  ? __pfx_ima_bprm_check+0x10/0x10
[ 1822.236822][T30919]  ? tomoyo_bprm_check_security+0xef/0x180
[ 1822.236835][T30919]  ? tomoyo_bprm_check_security+0xef/0x180
[ 1822.236846][T30919]  ? tomoyo_bprm_check_security+0xef/0x180
[ 1822.236857][T30919]  ? tomoyo_bprm_check_security+0x161/0x180
[ 1822.236870][T30919]  security_bprm_check+0xcd/0x240
[ 1822.236886][T30919]  bprm_execve+0x896/0x1460
[ 1822.236905][T30919]  ? __pfx_bprm_execve+0x10/0x10
[ 1822.236918][T30919]  ? alloc_bprm+0x508/0x5c0
[ 1822.236928][T30919]  ? count+0x1cb/0x230
[ 1822.236940][T30919]  do_execveat_common+0x50d/0x690
[ 1822.236956][T30919]  __x64_sys_execveat+0xc7/0xf0
[ 1822.236969][T30919]  do_syscall_64+0x14d/0xf80
[ 1822.236983][T30919]  ? trace_irq_disable+0x3b/0x150
[ 1822.236992][T30919]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1822.237003][T30919]  ? clear_bhb_loop+0x40/0x90
[ 1822.237016][T30919]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1822.237025][T30919] RIP: 0033:0x7f3c93b9c819
[ 1822.237036][T30919] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1822.237044][T30919] RSP: 002b:00007f3c94a81028 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[ 1822.237056][T30919] RAX: ffffffffffffffda RBX: 00007f3c93e15fa0 RCX: 00007f3c93b9c819
[ 1822.237063][T30919] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1822.237071][T30919] RBP: 00007f3c94a81090 R08: 0000000000000000 R09: 0000000000000000
[ 1822.237077][T30919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1822.237083][T30919] R13: 00007f3c93e16038 R14: 00007f3c93e15fa0 R15: 00007f3c93f3fa48
[ 1822.237099][T30919]  </TASK>
[ 1822.238854][   T30] kauditd_printk_skb: 978 callbacks suppressed
[ 1822.238864][   T30] audit: type=1804 audit(1775703749.971:2070): pid=30919 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.2.6447" name="/newroot/1315/file1" dev="tmpfs" ino=6857 res=0 errno=0
[ 1823.213533][   T30] audit: type=1800 audit(1775703750.941:2071): pid=30946 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.6455" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=125536 res=0 errno=0
[ 1823.384059][ T5188] usb 4-1: new full-speed USB device number 123 using dummy_hcd
[ 1823.391797][T22796] usb 6-1: new high-speed USB device number 67 using dummy_hcd
[ 1823.548263][ T5188] usb 4-1: config 150 has an invalid interface number: 204 but max is 2
[ 1823.563402][ T5188] usb 4-1: config 150 has an invalid descriptor of length 0, skipping remainder of the config
[ 1823.577973][T22796] usb 6-1: Using ep0 maxpacket: 8
[ 1823.589953][T22796] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[ 1823.599678][ T5188] usb 4-1: config 150 has 1 interface, different from the descriptor's value: 3
[ 1823.612025][T22796] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1823.637011][ T5188] usb 4-1: config 150 has no interface number 0
[ 1823.649404][T22796] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1823.679665][ T5188] usb 4-1: config 150 interface 204 has no altsetting 0
[ 1823.720210][T22796] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1823.766722][ T5188] usb 4-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb
[ 1823.785505][T22796] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1823.805874][ T5188] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1823.831492][ T5188] usb 4-1: Product: syz
[ 1823.853260][T22796] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1823.864303][ T5188] usb 4-1: Manufacturer: syz
[ 1823.894838][ T5188] usb 4-1: SerialNumber: syz
[ 1823.914330][T22796] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1824.036796][T30951] mac80211_hwsim hwsim3 syzkaller0: entered promiscuous mode
[ 1824.168895][ T5188] usb 4-1: USB disconnect, device number 123
[ 1824.324091][T15477] usb 3-1: new high-speed USB device number 114 using dummy_hcd
[ 1824.493626][T15477] usb 3-1: Using ep0 maxpacket: 16
[ 1824.500316][T15477] usb 3-1: config 0 has an invalid interface number: 49 but max is 0
[ 1824.508523][T15477] usb 3-1: config 0 has no interface number 0
[ 1824.515377][T15477] usb 3-1: config 0 interface 49 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 16
[ 1824.525479][T15477] usb 3-1: config 0 interface 49 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1824.537205][T15477] usb 3-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=76.b7
[ 1824.546402][T15477] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1824.554429][T15477] usb 3-1: Product: syz
[ 1824.558685][T15477] usb 3-1: Manufacturer: syz
[ 1824.563276][T15477] usb 3-1: SerialNumber: syz
[ 1824.569905][T15477] usb 3-1: config 0 descriptor??
[ 1824.576418][T30951] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[ 1824.848603][T15477] usb 3-1: USB disconnect, device number 114
[ 1824.866544][T30955] usbtmc 6-1:16.0: simple usb_control_msg returned 0
[ 1825.213636][ T5188] usb 9-1: new high-speed USB device number 96 using dummy_hcd
[ 1825.383674][ T5188] usb 9-1: Using ep0 maxpacket: 16
[ 1825.400335][ T5188] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1825.434532][ T5188] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1825.459624][ T5188] usb 9-1: config 0 interface 0 has no altsetting 0
[ 1825.479346][ T5188] usb 9-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[ 1825.500119][ T5188] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1825.538229][ T5188] usb 9-1: config 0 descriptor??
[ 1825.672428][   T24] usb 6-1: USB disconnect, device number 67
[ 1826.214859][ T5188] usbhid 9-1:0.0: can't add hid device: -71
[ 1826.241680][ T5188] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[ 1826.268120][ T5188] usb 9-1: USB disconnect, device number 96
[ 1826.490786][T30998] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6472'.
[ 1826.516552][T30998] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6472'.
[ 1826.535770][T30998] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6472'.
[ 1826.873959][   T24] usb 4-1: new high-speed USB device number 124 using dummy_hcd
[ 1827.033648][   T24] usb 4-1: Using ep0 maxpacket: 16
[ 1827.055477][   T24] usb 4-1: config 0 has no interfaces?
[ 1827.070805][   T24] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1827.093769][   T24] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1827.094645][ T5188] usb 3-1: new high-speed USB device number 115 using dummy_hcd
[ 1827.157955][   T24] usb 4-1: Manufacturer: syz
[ 1827.192278][   T24] usb 4-1: config 0 descriptor??
[ 1827.283986][ T5188] usb 3-1: Using ep0 maxpacket: 32
[ 1827.305868][ T5188] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[ 1827.323285][ T5188] usb 3-1: config 0 has no interface number 0
[ 1827.345063][ T5188] usb 3-1: config 0 interface 12 has no altsetting 0
[ 1827.369332][ T5188] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[ 1827.401052][ T5188] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1827.419960][ T5188] usb 3-1: Product: syz
[ 1827.445844][ T5188] usb 3-1: Manufacturer: syz
[ 1827.459456][T31000] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1827.473734][ T5188] usb 3-1: SerialNumber: syz
[ 1827.494447][ T5188] usb 3-1: config 0 descriptor??
[ 1827.681042][T31000] bond2: option miimon: invalid value (18446744073709551607)
[ 1827.690895][T31000] bond2: option miimon: allowed values 0 - 2147483647
[ 1827.713883][   T24] usb 6-1: new high-speed USB device number 68 using dummy_hcd
[ 1827.801836][T31000] bond2 (unregistering): Released all slaves
[ 1827.913728][   T24] usb 6-1: Using ep0 maxpacket: 32
[ 1827.923350][   T24] usb 6-1: config index 0 descriptor too short (expected 156, got 27)
[ 1827.952510][   T24] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[ 1827.995803][   T24] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[ 1828.024629][   T24] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[ 1828.067808][   T24] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1828.098690][   T24] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[ 1828.122132][   T24] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[ 1828.139808][   T24] usb 6-1: Product: syz
[ 1828.148833][   T24] usb 6-1: Manufacturer: syz
[ 1828.159191][   T24] usb 6-1: SerialNumber: syz
[ 1828.175773][   T24] usb 6-1: config 0 descriptor??
[ 1828.197414][   T24] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[ 1828.235712][   T24] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[ 1828.414302][T31020] ldusb 6-1:0.0: Write buffer overflow, 64885 bytes dropped
[ 1828.634941][    C1] ldusb 6-1:0.0: usb_submit_urb failed (-19)
[ 1828.646782][   T24] usb 6-1: USB disconnect, device number 68
[ 1828.676340][   T24] ldusb 6-1:0.0: LD USB Device #0 now disconnected
[ 1829.370694][ T5188] f81534 3-1:0.12: f81534_get_register: reg: 1003 failed: -71
[ 1829.381121][ T5188] f81534 3-1:0.12: f81534_find_config_idx: read failed: -71
[ 1829.400436][ T5188] f81534 3-1:0.12: f81534_calc_num_ports: find idx failed: -71
[ 1829.416863][ T5188] f81534 3-1:0.12: probe with driver f81534 failed with error -71
[ 1829.453410][ T5188] usb 3-1: USB disconnect, device number 115
[ 1829.708361][T12785] usb 4-1: USB disconnect, device number 124
[ 1829.998520][T31040] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6485'.
[ 1830.073241][T31040] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6485'.
[ 1830.088793][T31040] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6485'.
[ 1830.113664][ T5188] usb 6-1: new high-speed USB device number 69 using dummy_hcd
[ 1830.305489][T31041] syz.3.6483 (31041): drop_caches: 1
[ 1830.323665][ T5188] usb 6-1: Using ep0 maxpacket: 16
[ 1830.344025][T15477] usb 3-1: new high-speed USB device number 116 using dummy_hcd
[ 1830.353411][ T5188] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1830.391419][ T5188] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1830.462470][ T5188] usb 6-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[ 1830.506321][ T5188] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1830.543207][ T5188] usb 6-1: config 0 descriptor??
[ 1830.551145][T15477] usb 3-1: Using ep0 maxpacket: 32
[ 1830.571988][T15477] usb 3-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[ 1830.583784][T31041] syz.3.6483 (31041): drop_caches: 1
[ 1830.593189][T15477] usb 3-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[ 1830.605656][T15477] usb 3-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1830.623802][T15477] usb 3-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[ 1830.657388][T15477] usb 3-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[ 1830.693871][T15477] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1830.731505][T15477] usb 3-1: Product: syz
[ 1830.736102][T15477] usb 3-1: Manufacturer: syz
[ 1830.740738][T15477] usb 3-1: SerialNumber: syz
[ 1830.800325][    C0] imon 3-1:155.0: imon usb_rx_callback_intf0: status(-71)
[ 1830.825327][T31057] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6492'.
[ 1830.841341][T15477] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/input/input192
[ 1831.024276][ T5188] kye 0003:0458:5016.00A9: control desc unexpectedly large
[ 1831.074906][T15477] imon 3-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[ 1831.083610][ T5188] input: HID 0458:5016 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5016.00A9/input/input194
[ 1831.103729][T15477]  (id 0x00)
[ 1831.190189][ T5188] input: HID 0458:5016 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5016.00A9/input/input195
[ 1831.331303][ T5188] kye 0003:0458:5016.00A9: input,hiddev0,hidraw0: USB HID v0.09 Device [HID 0458:5016] on usb-dummy_hcd.5-1/input0
[ 1831.333677][T12785] usb 9-1: new high-speed USB device number 97 using dummy_hcd
[ 1831.473726][T15477] rc_core: IR keymap rc-imon-pad not found
[ 1831.486840][T15477] Registered IR keymap rc-empty
[ 1831.500751][T15477] imon 3-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[ 1831.511985][T22796] usb 4-1: new high-speed USB device number 125 using dummy_hcd
[ 1831.533709][T12785] usb 9-1: Using ep0 maxpacket: 16
[ 1831.545365][T15477] imon 3-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[ 1831.545818][T12785] usb 9-1: config 0 has no interfaces?
[ 1831.569020][T12785] usb 9-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1831.578906][T12785] usb 9-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1831.587769][T12785] usb 9-1: Manufacturer: syz
[ 1831.595901][T15477] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/rc/rc0
[ 1831.607354][T12785] usb 9-1: config 0 descriptor??
[ 1831.628582][T12785] usb 6-1: USB disconnect, device number 69
[ 1831.653371][T15477] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/rc/rc0/input193
[ 1831.672965][T31069] fido_id[31069]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/report_descriptor': No such file or directory
[ 1831.704760][T22796] usb 4-1: Using ep0 maxpacket: 32
[ 1831.736359][T22796] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[ 1831.749098][T15477] imon 3-1:155.0: iMON device (15c2:ffdc, intf0) on usb<3:116> initialized
[ 1831.769658][T22796] usb 4-1: config 0 has no interface number 0
[ 1831.828958][T22796] usb 4-1: config 0 interface 12 has no altsetting 0
[ 1831.861256][T22796] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[ 1831.909251][T22796] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1831.956725][T22796] usb 4-1: Product: syz
[ 1831.992673][T22796] usb 4-1: Manufacturer: syz
[ 1832.004266][T31063] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1832.021403][T22796] usb 4-1: SerialNumber: syz
[ 1832.058052][T12785] usb 3-1: USB disconnect, device number 116
[ 1832.079983][T22796] usb 4-1: config 0 descriptor??
[ 1832.138164][T31077] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6497'.
[ 1832.169883][T31064] bond5: option miimon: invalid value (18446744073709551607)
[ 1832.207431][T31064] bond5: option miimon: allowed values 0 - 2147483647
[ 1832.241523][T31080] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6497'.
[ 1832.278641][T31080] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6497'.
[ 1832.295805][T31064] bond5 (unregistering): Released all slaves
[ 1832.933647][T15477] usb 3-1: new high-speed USB device number 117 using dummy_hcd
[ 1832.992607][T31092] syzkaller0: entered promiscuous mode
[ 1832.998497][T31092] syzkaller0: entered allmulticast mode
[ 1833.122327][T15477] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1833.164527][T15477] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1833.203923][T15477] usb 3-1: Product: syz
[ 1833.227772][T15477] usb 3-1: Manufacturer: syz
[ 1833.248924][T15477] usb 3-1: SerialNumber: syz
[ 1833.279626][T22796] f81534 4-1:0.12: f81534_get_register: reg: 1003 failed: -71
[ 1833.298434][T15477] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1833.320628][T22796] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71
[ 1833.350137][ T5188] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1833.360374][T22796] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71
[ 1833.400182][T22796] f81534 4-1:0.12: probe with driver f81534 failed with error -71
[ 1833.428410][T22796] usb 4-1: USB disconnect, device number 125
[ 1834.206310][T31105] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1834.217403][T31105] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1834.226618][T31105] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1834.236663][T31105] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1834.244464][T31105] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1834.347484][T31108] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6501'.
[ 1834.383904][T15681] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1834.391610][T15681] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1834.400216][T15681] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1834.412673][T15681] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1834.423314][T15681] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1834.643771][T12785] usb 9-1: USB disconnect, device number 97
[ 1834.745346][T31108] bond0 (unregistering): Released all slaves
[ 1834.983617][ T5188] usb 3-1: Service connection timeout for: 256
[ 1835.025467][T31111] syz.3.6505 (31111): drop_caches: 1
[ 1835.051523][ T5188] ath9k_htc 3-1:1.0: ath9k_htc: Unable to initialize HTC services
[ 1835.151979][ T5188] ath9k_htc: Failed to initialize the device
[ 1835.199516][ T5188] usb 3-1: ath9k_htc: USB layer deinitialized
[ 1835.352945][T31111] syz.3.6505 (31111): drop_caches: 1
[ 1835.838553][ T7770] bond0: (slave netdevsim0): Releasing backup interface
[ 1835.927571][T31112] chnl_net:caif_netlink_parms(): no params data found
[ 1836.201347][T31133] netlink: 156 bytes leftover after parsing attributes in process `syz.8.6511'.
[ 1836.257711][T31137] netlink: 156 bytes leftover after parsing attributes in process `syz.8.6511'.
[ 1836.313443][T31139] netlink: 12 bytes leftover after parsing attributes in process `syz.8.6511'.
[ 1836.387613][T31133] netlink: 28 bytes leftover after parsing attributes in process `syz.8.6511'.
[ 1836.394489][T31112] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1836.421969][T31112] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1836.433322][T31112] bridge_slave_0: entered allmulticast mode
[ 1836.438252][T31133] netlink: 28 bytes leftover after parsing attributes in process `syz.8.6511'.
[ 1836.441511][T31112] bridge_slave_0: entered promiscuous mode
[ 1836.507367][T31112] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1836.566122][T31112] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1836.593733][T15681] Bluetooth: hci5: command tx timeout
[ 1836.604383][T31112] bridge_slave_1: entered allmulticast mode
[ 1836.622111][T31112] bridge_slave_1: entered promiscuous mode
[ 1836.891343][T31112] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1836.981870][T12785] usb 3-1: USB disconnect, device number 117
[ 1837.180028][ T7770] ip6gretap0 (unregistering): left promiscuous mode
[ 1837.444772][T12785] usb 3-1: new high-speed USB device number 118 using dummy_hcd
[ 1837.508394][ T7770] bridge0 (unregistering): left promiscuous mode
[ 1837.617092][T12785] usb 3-1: Using ep0 maxpacket: 16
[ 1837.660147][T12785] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1837.693458][T12785] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1837.712922][ T7770] bond0 (unregistering): Released all slaves
[ 1837.736933][ T7770] bond1 (unregistering): Released all slaves
[ 1837.743969][T12785] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1837.770311][ T7770] bond2 (unregistering): Released all slaves
[ 1837.774495][T12785] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1837.822618][T12785] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1837.848514][ T7770] bond3 (unregistering): Released all slaves
[ 1837.885092][T12785] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1837.909157][ T7770] bond4 (unregistering): Released all slaves
[ 1837.914512][T12785] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1837.923138][T12785] usb 3-1: Manufacturer: syz
[ 1837.966527][ T7770] bond5 (unregistering): Released all slaves
[ 1837.989388][T12785] usb 3-1: config 0 descriptor??
[ 1837.999393][ T7770] bond6 (unregistering): Released all slaves
[ 1838.058782][T31112] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1838.155462][T31112] team0: Port device team_slave_0 added
[ 1838.196076][T31112] team0: Port device team_slave_1 added
[ 1838.245416][T31112] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1838.262927][T31112] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1838.296350][T31112] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1838.327169][T31112] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1838.352506][T31112] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1838.448646][T31112] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1838.459364][T22796] usb 9-1: new high-speed USB device number 98 using dummy_hcd
[ 1838.468527][T12785] rc_core: IR keymap rc-hauppauge not found
[ 1838.499120][T12785] Registered IR keymap rc-empty
[ 1838.533182][T12785] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1838.573757][T12785] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1838.622430][T12785] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[ 1838.664717][T15681] Bluetooth: hci5: command tx timeout
[ 1838.670266][T22796] usb 9-1: Using ep0 maxpacket: 16
[ 1838.690065][T12785] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input196
[ 1838.738393][T12785] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1838.756050][T22796] usb 9-1: config 0 has no interfaces?
[ 1838.778538][T22796] usb 9-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1838.780198][T12785] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1838.821032][T22796] usb 9-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1838.869690][T12785] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1838.891883][T22796] usb 9-1: Manufacturer: syz
[ 1838.894046][T12785] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1838.923753][T12785] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1838.954130][T12785] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1838.962398][T22796] usb 9-1: config 0 descriptor??
[ 1838.973825][T12785] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1838.997319][T12785] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1839.026332][T12785] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1839.063324][T31112] hsr_slave_0: entered promiscuous mode
[ 1839.076204][T12785] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1839.092365][T31112] hsr_slave_1: entered promiscuous mode
[ 1839.104202][T31112] debugfs: 'hsr0' already exists in 'hsr'
[ 1839.109977][T31112] Cannot create hsr debugfs directory
[ 1839.128836][T12785] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1
[ 1839.162379][T12785] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1839.216267][T31171] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1839.252163][T12785] usb 3-1: USB disconnect, device number 118
[ 1839.525512][T31189] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1839.700909][T31171] bond5: option miimon: invalid value (18446744073709551607)
[ 1839.715623][T31171] bond5: option miimon: allowed values 0 - 2147483647
[ 1839.750291][T31171] bond5 (unregistering): Released all slaves
[ 1839.915599][ T7770] hsr_slave_0: left promiscuous mode
[ 1839.939379][ T7770] hsr_slave_1: left promiscuous mode
[ 1840.744892][T15681] Bluetooth: hci5: command tx timeout
[ 1841.155697][T31208] fuse: Bad value for 'group_id'
[ 1841.171573][T31208] fuse: Bad value for 'group_id'
[ 1841.477022][T31112] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1841.521278][T31112] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1841.579228][T31112] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1841.645411][T31112] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1841.840714][T12785] usb 9-1: USB disconnect, device number 98
[ 1842.682400][T31241] trusted_key: encrypted_key: insufficient parameters specified
[ 1842.836099][T15681] Bluetooth: hci5: command tx timeout
[ 1843.024790][T31112] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1843.109962][T31112] 8021q: adding VLAN 0 to HW filter on device team0
[ 1843.182502][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1843.189622][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1843.336240][ T7770] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1843.343353][ T7770] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1843.626009][   T24] usb 9-1: new high-speed USB device number 99 using dummy_hcd
[ 1843.808851][T31112] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1843.822447][   T24] usb 9-1: Using ep0 maxpacket: 8
[ 1843.850944][T31112] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1843.888708][T31112] veth0_vlan: entered promiscuous mode
[ 1843.905665][T31112] veth1_vlan: entered promiscuous mode
[ 1843.921860][   T24] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1843.942774][T31112] veth0_macvtap: entered promiscuous mode
[ 1843.948840][   T24] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1843.962081][T31112] veth1_macvtap: entered promiscuous mode
[ 1843.968205][T12785] usb 3-1: new high-speed USB device number 119 using dummy_hcd
[ 1843.983499][   T24] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1844.012335][T31112] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1844.019977][   T24] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1844.046140][T31112] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1844.054021][   T24] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1844.063048][   T24] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1844.089587][   T49] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1844.133745][T22796] usb 4-1: new high-speed USB device number 126 using dummy_hcd
[ 1844.141530][   T49] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1844.150468][T12785] usb 3-1: Using ep0 maxpacket: 16
[ 1844.162996][T12785] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1844.186230][T12785] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1844.210265][   T49] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1844.221042][T12785] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1844.231095][   T49] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1844.299593][T22796] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1844.321798][T22796] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1844.344026][T22796] usb 4-1: Product: syz
[ 1844.350164][T22796] usb 4-1: Manufacturer: syz
[ 1844.355865][T22796] usb 4-1: SerialNumber: syz
[ 1844.429712][T12785] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1844.445462][T12785] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1844.489373][T12785] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1844.500187][T12785] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1844.529963][   T24] usb 9-1: GET_CAPABILITIES returned 0
[ 1844.540171][   T24] usbtmc 9-1:16.0: can't read capabilities
[ 1844.550619][T12785] usb 3-1: Manufacturer: syz
[ 1844.569264][T12785] usb 3-1: config 0 descriptor??
[ 1844.742470][T20056] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1844.765723][T20056] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1844.859964][T22796] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[ 1844.901476][  T177] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1844.901481][T22796] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[ 1844.946719][  T177] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1844.954664][T12785] rc_core: IR keymap rc-hauppauge not found
[ 1844.961977][T12785] Registered IR keymap rc-empty
[ 1844.968115][T12785] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1845.023923][T12785] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1845.068117][T12785] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[ 1845.109386][T12785] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input197
[ 1845.162804][T12785] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1845.227057][T12785] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1845.267031][T12785] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1845.303901][T12785] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1845.350326][T12785] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1845.371814][T22796] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[ 1845.407884][T22796] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1845.430048][T12785] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1845.437672][T22796] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1845.477769][T12785] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1845.492486][T22796] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -32
[ 1845.514894][T12785] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1845.546419][T12785] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1845.573982][T12785] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1845.607643][T12785] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1
[ 1845.656471][T12785] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1845.700900][T12785] usb 3-1: USB disconnect, device number 119
[ 1845.903785][T22796] usb 6-1: new high-speed USB device number 70 using dummy_hcd
[ 1846.063836][T22796] usb 6-1: Using ep0 maxpacket: 16
[ 1846.100592][T22796] usb 6-1: config 0 has no interfaces?
[ 1846.147731][T22796] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1846.223630][T22796] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1846.249902][T22796] usb 6-1: Manufacturer: syz
[ 1846.281389][T22796] usb 6-1: config 0 descriptor??
[ 1846.319955][ T5188] usb 9-1: USB disconnect, device number 99
[ 1846.562763][T31105] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1846.574845][T31105] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1846.583359][T31105] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1846.592763][T31105] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1846.601425][T31105] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1846.646833][T31312] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1846.809200][T31313] bond1: option miimon: invalid value (18446744073709551607)
[ 1846.816758][T31313] bond1: option miimon: allowed values 0 - 2147483647
[ 1846.862571][T31313] bond1 (unregistering): Released all slaves
[ 1847.458312][T31328] chnl_net:caif_netlink_parms(): no params data found
[ 1847.520127][   T24] usb 4-1: USB disconnect, device number 126
[ 1847.615269][T12785] usb 9-1: new high-speed USB device number 100 using dummy_hcd
[ 1847.648778][T31328] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1847.656151][T31328] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1847.663913][T31328] bridge_slave_0: entered allmulticast mode
[ 1847.671678][T31328] bridge_slave_0: entered promiscuous mode
[ 1847.680568][T31328] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1847.689193][T31328] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1847.698302][T31328] bridge_slave_1: entered allmulticast mode
[ 1847.711601][T31328] bridge_slave_1: entered promiscuous mode
[ 1847.778843][T12785] usb 9-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[ 1847.792406][T12785] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1847.805517][T12785] usb 9-1: Product: syz
[ 1847.810209][T12785] usb 9-1: Manufacturer: syz
[ 1847.812127][T31328] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1847.824117][T12785] usb 9-1: SerialNumber: syz
[ 1847.903671][T31328] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1847.988066][T31328] team0: Port device team_slave_0 added
[ 1847.997196][T31328] team0: Port device team_slave_1 added
[ 1848.051991][T31328] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1848.061522][T31328] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1848.090477][T31328] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1848.124616][T31328] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1848.133404][T31328] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1848.162427][T31328] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1848.363649][T31328] hsr_slave_0: entered promiscuous mode
[ 1848.380719][T31328] hsr_slave_1: entered promiscuous mode
[ 1848.402058][T12785] rtl8150 9-1:1.0: couldn't reset the device
[ 1848.418438][T12785] rtl8150 9-1:1.0: probe with driver rtl8150 failed with error -5
[ 1848.455662][T12785] usb 9-1: USB disconnect, device number 100
[ 1848.672716][T31105] Bluetooth: hci4: command tx timeout
[ 1848.821949][T12785] usb 6-1: USB disconnect, device number 70
[ 1848.984139][T28575] usb 4-1: new high-speed USB device number 127 using dummy_hcd
[ 1849.039838][T31328] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1849.050961][T31328] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1849.157246][T31328] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1849.168967][T28575] usb 4-1: Using ep0 maxpacket: 32
[ 1849.184579][T28575] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[ 1849.203526][T28575] usb 4-1: config 0 has no interface number 0
[ 1849.210052][T28575] usb 4-1: config 0 interface 12 has no altsetting 0
[ 1849.216973][T31328] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1849.260364][T28575] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[ 1849.268012][T31368] netlink: 68 bytes leftover after parsing attributes in process `syz.8.6544'.
[ 1849.288950][T28575] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1849.302505][T28575] usb 4-1: Product: syz
[ 1849.308868][T28575] usb 4-1: Manufacturer: syz
[ 1849.319340][T28575] usb 4-1: SerialNumber: syz
[ 1849.337505][T28575] usb 4-1: config 0 descriptor??
[ 1849.343413][T31328] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1849.343716][T12785] usb 6-1: new high-speed USB device number 71 using dummy_hcd
[ 1849.376083][T31328] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1849.544292][T12785] usb 6-1: Using ep0 maxpacket: 8
[ 1849.555120][T31328] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1849.570127][T12785] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1849.580595][T12785] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1849.600748][T12785] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1849.612424][T12785] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1849.623932][T31328] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1849.630552][T12785] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1849.648786][T12785] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1849.888473][T12785] usb 6-1: GET_CAPABILITIES returned 0
[ 1849.894255][T12785] usbtmc 6-1:16.0: can't read capabilities
[ 1850.027869][T31328] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1850.060341][T31328] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1850.090617][T31328] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1850.124923][T31328] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1850.312245][T31328] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1850.376989][T31328] 8021q: adding VLAN 0 to HW filter on device team0
[ 1850.419890][ T7770] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1850.427018][ T7770] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1850.490165][T20056] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1850.497298][T20056] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1850.698726][T31328] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1850.743748][T31105] Bluetooth: hci4: command tx timeout
[ 1850.805755][T28575] f81534 4-1:0.12: f81534_get_register: reg: 1003 failed: -71
[ 1850.820218][T28575] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71
[ 1850.829690][T28575] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71
[ 1850.838136][T28575] f81534 4-1:0.12: probe with driver f81534 failed with error -71
[ 1850.872777][T31328] veth0_vlan: entered promiscuous mode
[ 1850.887584][T28575] usb 4-1: USB disconnect, device number 127
[ 1850.911949][T31328] veth1_vlan: entered promiscuous mode
[ 1850.981299][T31328] veth0_macvtap: entered promiscuous mode
[ 1851.000659][T31328] veth1_macvtap: entered promiscuous mode
[ 1851.023516][T31328] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1851.045772][T31328] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1851.059959][  T177] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1851.069899][  T177] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1851.080401][  T177] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1851.090437][  T177] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1851.179296][T20056] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1851.193495][T20056] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1851.211684][T31386] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[ 1851.249754][T20056] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1851.268329][T20056] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1851.645346][T31393] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1851.948952][T15681] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1851.969620][T15681] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1851.980824][T15681] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1852.007083][T15681] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1852.018090][T15681] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1852.824458][T15681] Bluetooth: hci4: command tx timeout
[ 1852.986074][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1852.992478][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1853.109429][T31400] chnl_net:caif_netlink_parms(): no params data found
[ 1853.276994][  T177] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1853.324451][  T177] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1853.562172][  T177] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1853.585617][  T177] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1853.685232][T30065] usb 6-1: USB disconnect, device number 71
[ 1853.782485][T31425] netlink: 68 bytes leftover after parsing attributes in process `syz.5.6554'.
[ 1853.841506][  T177] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1853.872758][  T177] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1854.103685][T15681] Bluetooth: hci0: command tx timeout
[ 1854.195435][  T177] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1854.228755][  T177] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1854.261978][T31400] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1854.310024][T31400] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1854.330076][T31400] bridge_slave_0: entered allmulticast mode
[ 1854.346336][T31400] bridge_slave_0: entered promiscuous mode
[ 1854.373689][T31400] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1854.401916][T31400] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1854.421064][T31400] bridge_slave_1: entered allmulticast mode
[ 1854.440566][T31400] bridge_slave_1: entered promiscuous mode
[ 1854.523659][ T5188] usb 3-1: new high-speed USB device number 120 using dummy_hcd
[ 1854.688422][T31400] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1854.703801][ T5188] usb 3-1: Using ep0 maxpacket: 8
[ 1854.721070][ T5188] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[ 1854.755866][ T5188] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1854.795903][ T5188] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1854.829409][ T5188] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1854.856661][ T5188] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1854.900072][ T5188] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1854.902422][T31400] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1854.911574][T31105] Bluetooth: hci4: command tx timeout
[ 1854.939254][ T5188] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1855.029023][T31400] team0: Port device team_slave_0 added
[ 1855.056736][T31400] team0: Port device team_slave_1 added
[ 1855.087142][  T177] bridge_slave_1: left allmulticast mode
[ 1855.096501][  T177] bridge_slave_1: left promiscuous mode
[ 1855.102211][  T177] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1855.135108][  T177] bridge_slave_0: left allmulticast mode
[ 1855.148772][  T177] bridge_slave_0: left promiscuous mode
[ 1855.157276][  T177] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1855.408438][  T177] ip6gretap0 (unregistering): left promiscuous mode
[ 1855.669316][  T177] bridge0 (unregistering): left promiscuous mode
[ 1855.679430][T31458] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1855.781797][  T177] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1855.802870][  T177] bond0 (unregistering): Released all slaves
[ 1855.826565][  T177] bond1 (unregistering): (slave veth31): Releasing active interface
[ 1855.846937][  T177] bond1 (unregistering): Released all slaves
[ 1855.865109][T31446] usbtmc 3-1:16.0: simple usb_control_msg returned 0
[ 1855.892055][T31400] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1855.899458][T31400] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1855.956181][T31400] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1856.016970][T31400] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1856.026236][T31400] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1856.062353][T31400] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1856.118812][  T177] tipc: Left network mode
[ 1856.195184][T31105] Bluetooth: hci0: command tx timeout
[ 1856.292093][T31400] hsr_slave_0: entered promiscuous mode
[ 1856.328538][T31400] hsr_slave_1: entered promiscuous mode
[ 1856.345864][T31400] debugfs: 'hsr0' already exists in 'hsr'
[ 1856.375753][T31400] Cannot create hsr debugfs directory
[ 1856.396126][T31467] fuse: Bad value for 'fd'
[ 1856.425662][   T30] audit: type=1326 audit(1775703784.161:2072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31463 comm="syz.1.6559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3bd79c819 code=0x7ffc0000
[ 1856.513735][   T30] audit: type=1326 audit(1775703784.161:2073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31463 comm="syz.1.6559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3bd79c819 code=0x7ffc0000
[ 1856.597839][   T30] audit: type=1326 audit(1775703784.201:2074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31463 comm="syz.1.6559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=199 compat=0 ip=0x7fa3bd79c819 code=0x7ffc0000
[ 1856.597887][   T30] audit: type=1326 audit(1775703784.201:2075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31463 comm="syz.1.6559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3bd79c819 code=0x7ffc0000
[ 1856.597925][   T30] audit: type=1326 audit(1775703784.201:2076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31463 comm="syz.1.6559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3bd79c819 code=0x7ffc0000
[ 1856.597962][   T30] audit: type=1326 audit(1775703784.201:2077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31463 comm="syz.1.6559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa3bd75d04e code=0x7ffc0000
[ 1856.597997][   T30] audit: type=1326 audit(1775703784.201:2078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31463 comm="syz.1.6559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3bd79c819 code=0x7ffc0000
[ 1856.598032][   T30] audit: type=1326 audit(1775703784.201:2079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31463 comm="syz.1.6559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3bd79c819 code=0x7ffc0000
[ 1856.598068][   T30] audit: type=1326 audit(1775703784.201:2080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31463 comm="syz.1.6559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7fa3bd79c819 code=0x7ffc0000
[ 1856.598112][   T30] audit: type=1326 audit(1775703784.201:2081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31463 comm="syz.1.6559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3bd79c819 code=0x7ffc0000
[ 1856.836812][ T5188] usb 3-1: USB disconnect, device number 120
[ 1857.389790][  T177] hsr_slave_0: left promiscuous mode
[ 1857.413034][  T177] hsr_slave_1: left promiscuous mode
[ 1857.433535][  T177] veth1_macvtap: left promiscuous mode
[ 1857.439948][  T177] veth0_macvtap: left promiscuous mode
[ 1857.677225][T31495] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[ 1857.809394][  T177] team0 (unregistering): Port device team_slave_1 removed
[ 1857.866109][  T177] team0 (unregistering): Port device team_slave_0 removed
[ 1858.264094][T31105] Bluetooth: hci0: command tx timeout
[ 1858.821088][T28575] usb 6-1: new high-speed USB device number 72 using dummy_hcd
[ 1858.994829][T28575] usb 6-1: Using ep0 maxpacket: 16
[ 1859.011813][T28575] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1859.069571][T28575] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1859.133508][T28575] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1859.183353][T28575] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1859.223068][T28575] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1859.317528][T28575] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1859.348728][T28575] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1859.398207][T28575] usb 6-1: Manufacturer: syz
[ 1859.423309][T28575] usb 6-1: config 0 descriptor??
[ 1859.445753][T31400] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1859.474482][T31400] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1859.501736][T31400] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1859.526252][T31400] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1859.806886][T31400] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1859.879913][T31400] 8021q: adding VLAN 0 to HW filter on device team0
[ 1859.923632][T28575] rc_core: IR keymap rc-hauppauge not found
[ 1859.924836][T28478] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1859.929557][T28575] Registered IR keymap rc-empty
[ 1859.936725][T28478] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1860.003774][T28575] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1860.043900][T28575] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1860.097444][T28575] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[ 1860.121998][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1860.129184][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1860.136242][T28575] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input198
[ 1860.158844][T28575] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1860.184599][T28575] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1860.219754][T28575] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1860.264148][T28575] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1860.324314][T28575] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1860.354390][T31105] Bluetooth: hci0: command tx timeout
[ 1860.383673][T30065] usb 9-1: new high-speed USB device number 101 using dummy_hcd
[ 1860.419736][T28575] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1860.524153][T28575] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1860.543888][T30065] usb 9-1: Using ep0 maxpacket: 8
[ 1860.564470][T28575] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1860.573676][  T797] usb 3-1: new high-speed USB device number 121 using dummy_hcd
[ 1860.594849][T28575] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1860.604953][T30065] usb 9-1: config index 0 descriptor too short (expected 301, got 45)
[ 1860.620545][T30065] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1860.642501][T30065] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1860.658614][T28575] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1860.668858][T30065] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1860.695907][T28575] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1
[ 1860.705922][T30065] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1860.719645][T31400] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1860.726885][T30065] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1860.737358][T30065] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1860.744016][T28575] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1860.766114][  T797] usb 3-1: Using ep0 maxpacket: 16
[ 1860.778503][  T797] usb 3-1: config 0 has no interfaces?
[ 1860.800069][  T797] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1860.811298][  T797] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1860.814082][T28575] usb 6-1: USB disconnect, device number 72
[ 1860.820040][  T797] usb 3-1: Manufacturer: syz
[ 1860.854893][  T797] usb 3-1: config 0 descriptor??
[ 1861.098382][T31553] FAULT_INJECTION: forcing a failure.
[ 1861.098382][T31553] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1861.108125][T31536] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1861.164352][T31553] CPU: 0 UID: 0 PID: 31553 Comm: syz.5.6572 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1861.164382][T31553] Tainted: [L]=SOFTLOCKUP
[ 1861.164389][T31553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1861.164399][T31553] Call Trace:
[ 1861.164407][T31553]  <TASK>
[ 1861.164414][T31553]  dump_stack_lvl+0xe8/0x150
[ 1861.164443][T31553]  should_fail_ex+0x412/0x560
[ 1861.164480][T31553]  _copy_from_iter+0x1d3/0x1670
[ 1861.164504][T31553]  ? rcu_is_watching+0x15/0xb0
[ 1861.164532][T31553]  ? __pfx__copy_from_iter+0x10/0x10
[ 1861.164557][T31553]  ? __alloc_skb+0x4e5/0x7d0
[ 1861.164575][T31553]  ? skb_put+0x11b/0x210
[ 1861.164597][T31553]  pfkey_sendmsg+0x265/0x1120
[ 1861.164638][T31553]  ? __pfx_pfkey_sendmsg+0x10/0x10
[ 1861.164665][T31553]  ? aa_sk_perm+0x6d5/0x900
[ 1861.164696][T31553]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1861.164719][T31553]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[ 1861.164745][T31553]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1861.164772][T31553]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1861.164796][T31553]  ____sys_sendmsg+0x972/0x9f0
[ 1861.164827][T31553]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1861.164857][T31553]  ? import_iovec+0x73/0xa0
[ 1861.164881][T31553]  ___sys_sendmsg+0x2a5/0x360
[ 1861.164908][T31553]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1861.164961][T31553]  ? __fget_files+0x2a/0x420
[ 1861.164978][T31553]  ? __fget_files+0x3a0/0x420
[ 1861.165003][T31553]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1861.165027][T31553]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1861.165058][T31553]  ? __pfx_ksys_write+0x10/0x10
[ 1861.165089][T31553]  do_syscall_64+0x14d/0xf80
[ 1861.165111][T31553]  ? trace_irq_disable+0x3b/0x150
[ 1861.165126][T31553]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1861.165145][T31553]  ? clear_bhb_loop+0x40/0x90
[ 1861.165171][T31553]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1861.165189][T31553] RIP: 0033:0x7f04c639c819
[ 1861.165207][T31553] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1861.165222][T31553] RSP: 002b:00007f04c718b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1861.165242][T31553] RAX: ffffffffffffffda RBX: 00007f04c6615fa0 RCX: 00007f04c639c819
[ 1861.165255][T31553] RDX: 0000000000000000 RSI: 00002000000014c0 RDI: 0000000000000003
[ 1861.165267][T31553] RBP: 00007f04c718b090 R08: 0000000000000000 R09: 0000000000000000
[ 1861.165278][T31553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1861.165289][T31553] R13: 00007f04c6616038 R14: 00007f04c6615fa0 R15: 00007f04c673fa48
[ 1861.165315][T31553]  </TASK>
[ 1861.597641][T31536] bond1: option miimon: invalid value (18446744073709551607)
[ 1861.621657][T31536] bond1: option miimon: allowed values 0 - 2147483647
[ 1861.650522][T31536] bond1 (unregistering): Released all slaves
[ 1861.744980][T31400] veth0_vlan: entered promiscuous mode
[ 1861.801210][T31400] veth1_vlan: entered promiscuous mode
[ 1861.903090][T31552] usbtmc 9-1:16.0: simple usb_control_msg returned 0
[ 1861.923526][T31400] veth0_macvtap: entered promiscuous mode
[ 1861.950556][T31400] veth1_macvtap: entered promiscuous mode
[ 1862.008963][T31400] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1862.045739][T31400] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1862.129336][   T49] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1862.165058][   T49] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1862.217442][   T49] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1862.268847][   T49] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1862.430317][T28478] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1862.482628][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1862.508932][T28478] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1862.528507][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1862.694488][T30065] usb 9-1: USB disconnect, device number 101
[ 1862.993748][  T797] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 1863.226240][  T797] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1863.252839][  T797] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1863.304460][  T797] usb 4-1: Product: syz
[ 1863.308672][  T797] usb 4-1: Manufacturer: syz
[ 1863.315667][T28575] usb 3-1: USB disconnect, device number 121
[ 1863.349146][  T797] usb 4-1: SerialNumber: syz
[ 1863.526152][T15681] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1863.541811][T15681] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1863.555910][T15681] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1863.564166][T15681] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1863.579850][T15681] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1863.844069][  T797] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[ 1863.886990][  T797] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[ 1863.907221][T21037] syz_tun (unregistering): left promiscuous mode
[ 1864.325621][  T797] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[ 1864.400174][  T797] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1864.435414][  T797] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1864.482676][  T797] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -32
[ 1864.520758][   T13] netdevsim netdevsim8 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1864.558491][   T13] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1864.609072][T31638] syz_tun: entered allmulticast mode
[ 1864.821457][   T13] netdevsim netdevsim8 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1864.886236][   T13] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1865.139891][   T13] netdevsim netdevsim8 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1865.193593][   T13] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1865.289774][T31602] chnl_net:caif_netlink_parms(): no params data found
[ 1865.437837][   T13] netdevsim netdevsim8 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1865.449056][   T13] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1865.624037][T31105] Bluetooth: hci2: command tx timeout
[ 1865.977591][T31602] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1866.005740][T31602] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1866.024250][T31602] bridge_slave_0: entered allmulticast mode
[ 1866.045494][T31602] bridge_slave_0: entered promiscuous mode
[ 1866.087045][T31602] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1866.103294][T31602] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1866.116440][T31602] bridge_slave_1: entered allmulticast mode
[ 1866.139033][T31602] bridge_slave_1: entered promiscuous mode
[ 1866.166593][   T13] bridge_slave_1: left allmulticast mode
[ 1866.172581][   T13] bridge_slave_1: left promiscuous mode
[ 1866.178909][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1866.191215][   T13] bridge_slave_0: left allmulticast mode
[ 1866.202703][   T13] bridge_slave_0: left promiscuous mode
[ 1866.217543][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1866.425340][   T13] ip6gretap0 (unregistering): left promiscuous mode
[ 1866.525978][T28575] usb 4-1: USB disconnect, device number 2
[ 1867.109484][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1867.138128][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1867.174770][   T13] bond0 (unregistering): Released all slaves
[ 1867.196083][   T13] bond1 (unregistering): Released all slaves
[ 1867.241348][   T13] bond2 (unregistering): Released all slaves
[ 1867.281709][   T13] bond3 (unregistering): Released all slaves
[ 1867.335671][   T13] bond4 (unregistering): Released all slaves
[ 1867.420819][T31602] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1867.479763][T31602] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1867.522678][   T13] tipc: Left network mode
[ 1867.638682][T31602] team0: Port device team_slave_0 added
[ 1867.648155][T31602] team0: Port device team_slave_1 added
[ 1867.704913][T31105] Bluetooth: hci2: command tx timeout
[ 1867.751593][T31602] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1867.815522][T31602] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1867.874201][T31602] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1867.979289][T31602] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1868.003669][T31602] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1868.087059][T31602] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1868.219535][T31780] loop6: detected capacity change from 0 to 7
[ 1868.242695][    C0] blk_print_req_error: 25 callbacks suppressed
[ 1868.242713][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1868.247012][T31602] hsr_slave_0: entered promiscuous mode
[ 1868.248962][    C0] buffer_io_error: 25 callbacks suppressed
[ 1868.248976][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1868.270639][T31602] hsr_slave_1: entered promiscuous mode
[ 1868.278600][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1868.293269][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1868.303227][T31602] debugfs: 'hsr0' already exists in 'hsr'
[ 1868.303425][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1868.318563][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1868.319524][T31602] Cannot create hsr debugfs directory
[ 1868.327817][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1868.341420][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1868.354374][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1868.363991][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1868.372008][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1868.381650][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1868.389700][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1868.399337][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1868.408241][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1868.417860][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1868.425844][T31780] ldm_validate_partition_table(): Disk read failed.
[ 1868.432614][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1868.442286][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1868.450495][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1868.460127][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1868.476334][T31780] Dev loop6: unable to read RDB block 0
[ 1868.487584][T31780]  loop6: unable to read partition table
[ 1868.503626][T31780] loop6: partition table beyond EOD, truncated
[ 1868.509834][T31780] loop_reread_partitions: partition scan of loop6 (���������-ý?���	���%��`��{������5FLQk݊A�) failed (rc=-5)
[ 1868.547012][   T13] hsr_slave_0: left promiscuous mode
[ 1868.614924][T31792] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6636'.
[ 1868.626533][   T13] hsr_slave_1: left promiscuous mode
[ 1868.642955][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1868.669277][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1868.705560][   T13] veth1_macvtap: left promiscuous mode
[ 1868.718845][   T13] veth0_macvtap: left promiscuous mode
[ 1868.732608][   T13] veth1_vlan: left promiscuous mode
[ 1868.759334][   T13] veth0_vlan: left promiscuous mode
[ 1869.515987][   T13] team0 (unregistering): Port device team_slave_1 removed
[ 1869.533083][   T13] team0 (unregistering): Port device team_slave_0 removed
[ 1869.749615][T31810] netlink: 'syz.2.6642': attribute type 49 has an invalid length.
[ 1869.799878][T31105] Bluetooth: hci2: command tx timeout
[ 1870.310188][T31828] syzkaller0: entered promiscuous mode
[ 1870.333871][T31828] syzkaller0: entered allmulticast mode
[ 1871.302592][T31865] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6653'.
[ 1871.873950][T31105] Bluetooth: hci2: command tx timeout
[ 1872.217475][T31890] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6664'.
[ 1873.319747][T31602] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1873.359947][T31602] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1873.391414][T31602] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1873.401543][T31913] sctp: [Deprecated]: $��\)�
[ 1873.401543][T31913]  (pid 31913) Use of int in max_burst socket option deprecated.
[ 1873.401543][T31913] Use struct sctp_assoc_value instead
[ 1873.449262][T31602] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1873.955016][T31602] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1873.975346][T31602] 8021q: adding VLAN 0 to HW filter on device team0
[ 1873.993179][ T7770] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1874.000338][ T7770] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1874.229273][ T7770] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1874.236511][ T7770] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1874.607287][T31602] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1874.906562][T31602] veth0_vlan: entered promiscuous mode
[ 1874.994698][T31602] veth1_vlan: entered promiscuous mode
[ 1875.132784][T31602] veth0_macvtap: entered promiscuous mode
[ 1875.216038][T31602] veth1_macvtap: entered promiscuous mode
[ 1875.309251][T31602] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1875.380980][T31602] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1875.448044][ T7770] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1875.479623][ T7770] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1875.518954][ T7770] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1875.563795][ T7770] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1875.861035][T28478] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1875.888572][T28478] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1875.979767][  T177] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1875.990790][T32017] pim6reg: tun_chr_ioctl cmd 1074288756
[ 1876.005220][T32017] pim6reg: tun_chr_ioctl cmd 1074025681
[ 1876.011854][  T177] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1876.937584][T15681] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1876.948116][T15681] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1876.957515][T15681] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1876.966435][T15681] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1876.978487][T15681] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1877.447929][T32078] netlink: 'syz.5.6730': attribute type 1 has an invalid length.
[ 1877.521554][T32078] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1877.556802][T32084] vlan2: entered allmulticast mode
[ 1877.579002][T32084] veth0_to_bond: entered allmulticast mode
[ 1877.619824][T32084] bond1: (slave vlan2): making interface the new active one
[ 1877.651082][T32084] bond1: (slave vlan2): Enslaving as an active interface with an up link
[ 1877.667796][T32066] chnl_net:caif_netlink_parms(): no params data found
[ 1877.724768][T28478] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1877.922675][T28478] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1878.177139][T28478] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1878.221679][T32066] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1878.243400][T32066] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1878.264910][T32066] bridge_slave_0: entered allmulticast mode
[ 1878.285525][T32066] bridge_slave_0: entered promiscuous mode
[ 1878.311977][T28478] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1878.330949][T32066] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1878.340399][T32066] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1878.349143][T32066] bridge_slave_1: entered allmulticast mode
[ 1878.359670][T32066] bridge_slave_1: entered promiscuous mode
[ 1878.439084][T32120] netlink: 'syz.3.6745': attribute type 29 has an invalid length.
[ 1878.460777][T32066] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1878.497148][T32066] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1878.681271][T32066] team0: Port device team_slave_0 added
[ 1878.702296][T32066] team0: Port device team_slave_1 added
[ 1878.822322][T32066] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1878.839489][T32066] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1878.867462][T32066] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1878.874517][T32140] sctp: [Deprecated]: syz.3.6754 (pid 32140) Use of int in max_burst socket option deprecated.
[ 1878.874517][T32140] Use struct sctp_assoc_value instead
[ 1878.880822][T32066] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1878.905907][T32066] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1878.932841][T32066] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1878.993309][T28478] bridge_slave_1: left allmulticast mode
[ 1879.015597][T28478] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1879.062712][T28478] bridge_slave_0: left allmulticast mode
[ 1879.068522][T31105] Bluetooth: hci3: command tx timeout
[ 1879.076050][T28478] bridge_slave_0: left promiscuous mode
[ 1879.082006][T28478] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1879.157668][T28478] ip6gretap0 (unregistering): left promiscuous mode
[ 1879.388921][T28478] bridge0 (unregistering): left promiscuous mode
[ 1879.541404][T28478] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1879.561473][T28478] bond0 (unregistering): Released all slaves
[ 1879.573077][T28478] bond1 (unregistering): Released all slaves
[ 1879.591519][T32066] hsr_slave_0: entered promiscuous mode
[ 1879.598389][T32066] hsr_slave_1: entered promiscuous mode
[ 1879.606956][T32066] debugfs: 'hsr0' already exists in 'hsr'
[ 1879.612872][T32066] Cannot create hsr debugfs directory
[ 1879.618754][T32145] netlink: 'syz.5.6757': attribute type 1 has an invalid length.
[ 1879.630687][T32145] netlink: 'syz.5.6757': attribute type 2 has an invalid length.
[ 1879.779410][T28478] tipc: Left network mode
[ 1880.038017][T28478] IPVS: stopping master sync thread 6599 ...
[ 1880.269839][T28575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1880.385047][T32191] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1880.405021][T32191] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1880.420104][T32191] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1880.441983][T32191] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1880.460100][T32191] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1880.470094][T32191] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1880.482954][T32191] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1880.492416][T32191] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1880.500974][T32191] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1880.596821][T32198] netlink: 'syz.5.6775': attribute type 1 has an invalid length.
[ 1880.641994][T28478] hsr_slave_0: left promiscuous mode
[ 1880.653362][T28478] hsr_slave_1: left promiscuous mode
[ 1880.660310][T28478] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1880.936308][T32210] netlink: 'syz.2.6778': attribute type 1 has an invalid length.
[ 1881.076032][T28478] team0 (unregistering): Port device team_slave_1 removed
[ 1881.108118][T28478] team0 (unregistering): Port device team_slave_0 removed
[ 1881.144815][T31105] Bluetooth: hci3: command tx timeout
[ 1881.360266][T32198] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1881.495763][T32210] bond1: entered promiscuous mode
[ 1881.510299][T32210] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1882.029308][T32066] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1882.041594][T32240] trusted_key: encrypted_key: insufficient parameters specified
[ 1882.117161][T32066] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1882.143031][T32066] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1882.168984][T32066] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1882.313777][T32260] netlink: 'syz.8.6790': attribute type 1 has an invalid length.
[ 1882.329648][T28478] IPVS: stop unused estimator thread 0...
[ 1882.696684][T32066] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1882.749581][T32066] 8021q: adding VLAN 0 to HW filter on device team0
[ 1882.790394][T20056] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1882.797593][T20056] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1882.886390][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1882.893585][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1883.193415][T32289] netlink: 'syz.2.6800': attribute type 1 has an invalid length.
[ 1883.224188][T31105] Bluetooth: hci3: command tx timeout
[ 1883.234663][T32289] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1883.331467][T32292] veth3: entered promiscuous mode
[ 1883.337558][T32292] veth3: entered allmulticast mode
[ 1883.349036][T32066] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1883.513532][T32066] veth0_vlan: entered promiscuous mode
[ 1883.532734][T32066] veth1_vlan: entered promiscuous mode
[ 1883.600192][T32066] veth0_macvtap: entered promiscuous mode
[ 1883.621229][T32066] veth1_macvtap: entered promiscuous mode
[ 1883.662831][T32066] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1883.709768][T32066] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1883.797608][T25185] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1883.825097][T25185] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1883.852473][T25185] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1883.862726][T25185] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1883.879482][T32309] netlink: 'syz.2.6810': attribute type 1 has an invalid length.
[ 1883.950389][T32309] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1883.969421][T32316] vlan2: entered allmulticast mode
[ 1883.975671][T32316] veth0_to_bond: entered allmulticast mode
[ 1884.062726][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1884.077656][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1884.157385][T25185] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1884.180848][T25185] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1884.479620][T32342] sctp: [Deprecated]: syz.8.6823 (pid 32342) Use of int in max_burst socket option deprecated.
[ 1884.479620][T32342] Use struct sctp_assoc_value instead
[ 1884.538944][T32345] loop6: detected capacity change from 0 to 7
[ 1884.561214][    C1] blk_print_req_error: 11 callbacks suppressed
[ 1884.561234][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1884.578105][    C1] buffer_io_error: 11 callbacks suppressed
[ 1884.578123][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1884.601239][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1884.610872][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1884.619091][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1884.628730][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1884.643765][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1884.653371][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1884.662234][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1884.671874][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1884.682508][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1884.692158][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1884.703573][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1884.713183][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1884.721067][T32345] ldm_validate_partition_table(): Disk read failed.
[ 1884.738217][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1884.747877][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1884.756069][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1884.765684][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1884.786724][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1884.796339][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1884.804794][T32345] Dev loop6: unable to read RDB block 0
[ 1884.818796][T32345]  loop6: unable to read partition table
[ 1884.846621][T32345] loop6: partition table beyond EOD, truncated
[ 1884.868529][T32345] loop_reread_partitions: partition scan of loop6 (���������-ý?���	���%��`��{������5FLQk݊A�) failed (rc=-5)
[ 1884.882944][T32356] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6828'.
[ 1885.090900][T32359] 8021q: adding VLAN 0 to HW filter on device bond4
[ 1885.109536][T32359] bond3: (slave bond4): Enslaving as an active interface with an up link
[ 1885.213988][T32377] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6832'.
[ 1885.303535][T32384] net_ratelimit: 44 callbacks suppressed
[ 1885.309259][T32384] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1885.318302][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1885.327517][T31105] Bluetooth: hci3: command tx timeout
[ 1885.461326][T32391] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1885.470732][T32391] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1885.479988][T32391] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1885.488644][T32391] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1885.502522][T32391] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1885.511212][T32391] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1885.521082][T32389] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1885.803032][T32401] loop6: detected capacity change from 0 to 7
[ 1885.812259][T32401] ldm_validate_partition_table(): Disk read failed.
[ 1885.826830][T32401] Dev loop6: unable to read RDB block 0
[ 1885.833241][T32401]  loop6: unable to read partition table
[ 1885.839227][T32401] loop6: partition table beyond EOD, truncated
[ 1885.865441][T32401] loop_reread_partitions: partition scan of loop6 (���������-ý?���	���%��`��{������5FLQk݊A�) failed (rc=-5)
[ 1886.509962][T28575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1890.168936][T32627] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6946'.
[ 1890.421681][T32635] netlink: 12 bytes leftover after parsing attributes in process `syz.8.6950'.
[ 1890.610874][T32646] loop6: detected capacity change from 0 to 7
[ 1890.619381][    C1] blk_print_req_error: 30 callbacks suppressed
[ 1890.619399][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1890.635253][    C1] buffer_io_error: 30 callbacks suppressed
[ 1890.635269][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1890.651806][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1890.661467][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1890.676770][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1890.681712][T15477] net_ratelimit: 24 callbacks suppressed
[ 1890.681727][T15477] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1890.686406][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1890.711931][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1890.721594][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1890.730472][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1890.740101][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1890.751367][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1890.760968][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1890.769937][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1890.779580][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1890.787623][ T5841] ldm_validate_partition_table(): Disk read failed.
[ 1890.797443][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1890.807107][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1890.836733][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1890.846397][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1890.856686][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1890.866325][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1890.883254][ T5841] Dev loop6: unable to read RDB block 0
[ 1890.913709][T12785] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1890.919041][ T5841]  loop6: unable to read partition table
[ 1890.931147][T32656] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6959'.
[ 1890.960280][ T5841] loop6: partition table beyond EOD, truncated
[ 1890.986820][T32646] ldm_validate_partition_table(): Disk read failed.
[ 1890.995834][T32646] Dev loop6: unable to read RDB block 0
[ 1891.014098][T32646]  loop6: unable to read partition table
[ 1891.019928][T32646] loop6: partition table beyond EOD, truncated
[ 1891.038097][T32646] loop_reread_partitions: partition scan of loop6 (���������-ý?���	���%��`��{������5FLQk݊A�) failed (rc=-5)
[ 1891.365880][T32673] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6964'.
[ 1891.497181][T32681] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1891.514815][T32681] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1891.533848][T32681] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1891.549722][T32684] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1891.607935][T32686] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6970'.
[ 1891.807596][T32692] loop6: detected capacity change from 0 to 7
[ 1891.826951][T32692] ldm_validate_partition_table(): Disk read failed.
[ 1891.837214][T32692] Dev loop6: unable to read RDB block 0
[ 1891.843648][T32692]  loop6: unable to read partition table
[ 1891.849909][T32692] loop6: partition table beyond EOD, truncated
[ 1891.856407][T32692] loop_reread_partitions: partition scan of loop6 (���������-ý?���	���%��`��{������5FLQk݊A�) failed (rc=-5)
[ 1892.373186][T32713] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6981'.
[ 1892.488575][T32721] loop6: detected capacity change from 0 to 7
[ 1892.504575][T32721] ldm_validate_partition_table(): Disk read failed.
[ 1892.517466][T32721] Dev loop6: unable to read RDB block 0
[ 1892.538830][T32721]  loop6: unable to read partition table
[ 1892.551802][T32721] loop6: partition table beyond EOD, truncated
[ 1892.568184][T32721] loop_reread_partitions: partition scan of loop6 (���������-ý?���	���%��`��{������5FLQk݊A�) failed (rc=-5)
[ 1892.837002][T32735] xt_hashlimit: size too large, truncated to 1048576
[ 1893.326001][T32762] xt_hashlimit: size too large, truncated to 1048576
[ 1894.173492][   T30] kauditd_printk_skb: 4 callbacks suppressed
[ 1894.173511][   T30] audit: type=1326 audit(1775703821.901:2086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=347 comm="syz.3.7018" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f72bcf9c819 code=0x0
[ 1896.204582][  T445] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1896.361957][  T455] loop6: detected capacity change from 0 to 7
[ 1896.380632][    C0] blk_print_req_error: 66 callbacks suppressed
[ 1896.380651][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1896.396470][    C0] buffer_io_error: 66 callbacks suppressed
[ 1896.396489][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1896.410493][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1896.420100][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1896.433102][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1896.442726][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1896.453179][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1896.459305][  T460] netlink: 48 bytes leftover after parsing attributes in process `syz.5.7072'.
[ 1896.462803][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1896.480082][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1896.489705][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1896.506256][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1896.515881][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1896.524938][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1896.534544][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1896.542776][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1896.552401][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1896.560957][ T5841] ldm_validate_partition_table(): Disk read failed.
[ 1896.569481][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1896.579103][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1896.587373][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1896.596987][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1896.608279][ T5841] Dev loop6: unable to read RDB block 0
[ 1896.616994][ T5841]  loop6: unable to read partition table
[ 1896.622759][ T5841] loop6: partition table beyond EOD, truncated
[ 1896.634848][  T455] ldm_validate_partition_table(): Disk read failed.
[ 1896.642124][  T455] Dev loop6: unable to read RDB block 0
[ 1896.651723][  T455]  loop6: unable to read partition table
[ 1896.658802][  T455] loop6: partition table beyond EOD, truncated
[ 1896.666220][  T455] loop_reread_partitions: partition scan of loop6 (���������-ý?���	���%��`��{������5FLQk݊A�) failed (rc=-5)
[ 1897.010203][  T483] netlink: 48 bytes leftover after parsing attributes in process `syz.3.7083'.
[ 1897.020472][  T484] netlink: 'syz.8.7084': attribute type 10 has an invalid length.
[ 1897.038604][  T484] netlink: 40 bytes leftover after parsing attributes in process `syz.8.7084'.
[ 1897.056971][  T484] batadv0: entered promiscuous mode
[ 1897.062667][  T484] batadv0: entered allmulticast mode
[ 1897.069156][  T484] bridge0: port 3(batadv0) entered blocking state
[ 1897.076196][  T484] bridge0: port 3(batadv0) entered disabled state
[ 1897.086365][  T484] bridge0: port 3(batadv0) entered blocking state
[ 1897.092953][  T484] bridge0: port 3(batadv0) entered forwarding state
[ 1897.171150][  T491] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7087'.
[ 1897.182873][  T491] openvswitch: netlink: Key 0 has unexpected len 4 expected 0
[ 1897.243819][T25185] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[ 1897.253529][T25185] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[ 1897.483802][ T7770] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1897.661510][  T521] netlink: 48 bytes leftover after parsing attributes in process `syz.5.7101'.
[ 1897.706383][  T523] syzkaller1: entered promiscuous mode
[ 1897.711934][  T523] syzkaller1: entered allmulticast mode
[ 1898.367931][  T543] netlink: 48 bytes leftover after parsing attributes in process `syz.1.7112'.
[ 1898.900223][  T576] netlink: 48 bytes leftover after parsing attributes in process `syz.5.7126'.
[ 1898.917866][  T578] xt_hashlimit: size too large, truncated to 1048576
[ 1899.294509][  T597] xt_hashlimit: size too large, truncated to 1048576
[ 1899.342611][  T602] syzkaller0: entered promiscuous mode
[ 1899.350005][  T602] syzkaller0: entered allmulticast mode
[ 1899.463282][  T607] netlink: 'syz.8.7137': attribute type 7 has an invalid length.
[ 1899.482452][  T607] netlink: 'syz.8.7137': attribute type 7 has an invalid length.
[ 1899.607701][T28478] netdevsim netdevsim8 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1899.826104][  T622] netlink: 56 bytes leftover after parsing attributes in process `syz.1.7144'.
[ 1900.099038][  T643] xt_hashlimit: size too large, truncated to 1048576
[ 1900.106118][  T644] netlink: 16 bytes leftover after parsing attributes in process `syz.5.7154'.
[ 1900.118638][  T644] netlink: 16 bytes leftover after parsing attributes in process `syz.5.7154'.
[ 1901.062035][  T648] bridge_slave_1: default FDB implementation only supports local addresses
[ 1901.343174][  T675] xt_hashlimit: size too large, truncated to 1048576
[ 1901.702608][  T685] __nla_validate_parse: 2 callbacks suppressed
[ 1901.702623][  T685] netlink: 4 bytes leftover after parsing attributes in process `syz.8.7170'.
[ 1903.581542][  T749] xt_hashlimit: size too large, truncated to 1048576
[ 1903.671012][  T635] Set syz1 is full, maxelem 65536 reached
[ 1904.187359][  T795] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7218'.
[ 1904.407017][  T808] xt_hashlimit: size too large, truncated to 1048576
[ 1904.843939][  T833] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7231'.
[ 1904.969952][  T838] netlink: 'syz.2.7233': attribute type 12 has an invalid length.
[ 1904.980402][  T838] netlink: 'syz.2.7233': attribute type 29 has an invalid length.
[ 1904.989058][  T838] netlink: 148 bytes leftover after parsing attributes in process `syz.2.7233'.
[ 1905.179966][  T846] xt_hashlimit: size too large, truncated to 1048576
[ 1905.581198][  T865] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7239'.
[ 1905.598458][  T865] vlan0: entered promiscuous mode
[ 1905.696101][  T865] gretap0: entered promiscuous mode
[ 1905.740564][   T30] audit: type=1326 audit(1775703833.471:2087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=873 comm="syz.1.7247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff38499c819 code=0x7ffc0000
[ 1905.769365][   T30] audit: type=1326 audit(1775703833.471:2088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=873 comm="syz.1.7247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff38499c819 code=0x7ffc0000
[ 1905.816172][   T30] audit: type=1326 audit(1775703833.501:2089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=873 comm="syz.1.7247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff38499c819 code=0x7ffc0000
[ 1905.845835][   T30] audit: type=1326 audit(1775703833.501:2090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=873 comm="syz.1.7247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff38499c819 code=0x7ffc0000
[ 1905.874911][   T30] audit: type=1326 audit(1775703833.501:2091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=873 comm="syz.1.7247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=238 compat=0 ip=0x7ff38499c819 code=0x7ffc0000
[ 1905.925284][   T30] audit: type=1326 audit(1775703833.501:2092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=873 comm="syz.1.7247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff38499c819 code=0x7ffc0000
[ 1905.988971][   T30] audit: type=1326 audit(1775703833.501:2093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=873 comm="syz.1.7247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff38499c819 code=0x7ffc0000
[ 1906.051994][   T30] audit: type=1326 audit(1775703833.531:2094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=873 comm="syz.1.7247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7ff38499c819 code=0x7ffc0000
[ 1906.118315][   T30] audit: type=1326 audit(1775703833.531:2095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=873 comm="syz.1.7247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7ff38499c819 code=0x7ffc0000
[ 1906.297845][  T890] xt_hashlimit: size too large, truncated to 1048576
[ 1906.483119][  T897] netlink: 'syz.8.7258': attribute type 27 has an invalid length.
[ 1906.733065][  T897] bridge0: port 3(batadv0) entered disabled state
[ 1906.739751][  T897] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1906.747433][  T897] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1907.021484][  T897] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1907.062230][  T897] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1907.138287][  T938] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7268'.
[ 1907.211799][  T944] xt_hashlimit: size too large, truncated to 1048576
[ 1907.555696][  T938] vlan2: entered promiscuous mode
[ 1907.560783][  T938] gretap0: entered promiscuous mode
[ 1907.604140][T25185] netdevsim netdevsim8 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1907.659754][T25185] netdevsim netdevsim8 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1907.717700][T25185] netdevsim netdevsim8 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1908.034543][  T975] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7278'.
[ 1908.533732][  T988] xt_hashlimit: size too large, truncated to 1048576
[ 1908.670329][  T994] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7285'.
[ 1908.859335][ T1001] kernel profiling enabled (shift: 63)
[ 1908.868254][ T1001] profiling shift: 63 too large
[ 1909.115382][ T1014] syzkaller0: entered promiscuous mode
[ 1909.121124][ T1014] syzkaller0: entered allmulticast mode
[ 1909.477747][ T1025] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7296'.
[ 1909.512449][ T1025] vlan3: entered promiscuous mode
[ 1909.530525][ T1025] gretap0: entered promiscuous mode
[ 1909.769815][ T1038] xt_hashlimit: size too large, truncated to 1048576
[ 1910.292736][ T1073] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7311'.
[ 1910.312892][ T1073] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7311'.
[ 1910.668626][ T1095] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7321'.
[ 1910.716890][ T1099] xt_hashlimit: size too large, truncated to 1048576
[ 1910.750918][ T1095] bridge1: port 1(gretap1) entered blocking state
[ 1910.751627][ T1101] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7323'.
[ 1910.778864][ T1101] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7323'.
[ 1910.853747][ T1095] bridge1: port 1(gretap1) entered disabled state
[ 1910.861511][ T1095] gretap1: entered allmulticast mode
[ 1910.871743][ T1095] gretap1: entered promiscuous mode
[ 1911.450896][ T1136] xt_hashlimit: size too large, truncated to 1048576
[ 1911.761028][ T1143] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1911.916819][ T1146] kvm: pic: non byte write
[ 1912.260211][ T1155] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7344'.
[ 1912.542211][ T1168] xt_hashlimit: size too large, truncated to 1048576
[ 1912.802452][ T1181] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7351'.
[ 1913.015754][ T1189] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7355'.
[ 1913.050649][   T30] audit: type=1326 audit(1775703840.781:2096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1191 comm="syz.8.7357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe06499c819 code=0x7ffc0000
[ 1913.080600][   T30] audit: type=1326 audit(1775703840.781:2097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1191 comm="syz.8.7357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe06499c819 code=0x7ffc0000
[ 1913.164263][   T30] audit: type=1326 audit(1775703840.781:2098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1191 comm="syz.8.7357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe06499c819 code=0x7ffc0000
[ 1913.192546][   T30] audit: type=1326 audit(1775703840.781:2099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1191 comm="syz.8.7357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe06499c819 code=0x7ffc0000
[ 1913.215155][   T30] audit: type=1326 audit(1775703840.811:2100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1191 comm="syz.8.7357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7fe06499c819 code=0x7ffc0000
[ 1913.288971][   T30] audit: type=1326 audit(1775703840.811:2101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1191 comm="syz.8.7357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe06499c819 code=0x7ffc0000
[ 1913.310319][ T1204] xt_hashlimit: size too large, truncated to 1048576
[ 1913.342942][   T30] audit: type=1326 audit(1775703840.811:2102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1191 comm="syz.8.7357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe06499c819 code=0x7ffc0000
[ 1913.368260][   T30] audit: type=1326 audit(1775703840.811:2103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1191 comm="syz.8.7357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe06499c819 code=0x7ffc0000
[ 1913.391867][   T30] audit: type=1326 audit(1775703840.811:2104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1191 comm="syz.8.7357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe06499c819 code=0x7ffc0000
[ 1913.440521][   T30] audit: type=1326 audit(1775703840.811:2105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1191 comm="syz.8.7357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fe06499c819 code=0x7ffc0000
[ 1913.512882][ T1210] netlink: 68 bytes leftover after parsing attributes in process `syz.3.7361'.
[ 1913.830302][ T1224] netlink: 4 bytes leftover after parsing attributes in process `syz.8.7368'.
[ 1914.350392][ T1261] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7381'.
[ 1914.428264][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1914.436069][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1914.491826][ T1270] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7385'.
[ 1914.692466][ T1280] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1914.699665][ T1280] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1915.970492][ T1354] fuse: Bad value for 'fd'
[ 1917.270472][ T1384] fuse: Bad value for 'fd'
[ 1918.784594][ T1454] netlink: 'syz.8.7457': attribute type 1 has an invalid length.
[ 1918.833291][ T1454] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1918.854875][ T1458] bond1: (slave ip6erspan0): making interface the new active one
[ 1918.865245][ T1458] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link
[ 1919.026819][ T1464] syzkaller0: entered promiscuous mode
[ 1919.044028][ T1464] syzkaller0: entered allmulticast mode
[ 1919.437111][ T1487] ip6gretap1: entered allmulticast mode
[ 1919.662821][ T1496] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1920.006622][ T1507] program syz.2.7479 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1920.971233][ T1566] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1921.305537][ T1584] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[ 1921.947664][ T1626] fuse: Bad value for 'fd'
[ 1922.168925][ T1639] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[ 1922.504264][ T1652] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1922.803097][ T1673] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7550'.
[ 1922.821343][ T1673] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7550'.
[ 1922.842716][  T177] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1922.856196][ T1673] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7550'.
[ 1922.869639][  T177] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1922.879890][ T1673] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7550'.
[ 1922.889129][  T177] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1922.901532][  T177] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1923.292328][ T1702] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7563'.
[ 1923.313095][ T1702] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7563'.
[ 1923.330012][T28478] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1923.330140][ T1702] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7563'.
[ 1923.341503][T28478] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1923.349273][ T1702] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7563'.
[ 1923.359480][T28478] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1923.562524][ T1715] ipvlan2: entered promiscuous mode
[ 1923.573653][ T1715] ipvlan2: entered allmulticast mode
[ 1923.582923][ T1715] gretap0: entered allmulticast mode
[ 1923.591220][ T1715] team0: Device ipvlan2 failed to register rx_handler
[ 1923.722057][ T1721] create_pit_timer: 1 callbacks suppressed
[ 1923.722078][ T1721] kvm: requested 23466 ns i8254 timer period limited to 200000 ns
[ 1923.778418][ T1721] kvm: requested 130742 ns i8254 timer period limited to 200000 ns
[ 1923.788071][ T1721] kvm: requested 176000 ns i8254 timer period limited to 200000 ns
[ 1923.801574][ T1721] kvm: requested 181028 ns i8254 timer period limited to 200000 ns
[ 1923.999016][ T1737] netlink: 'syz.8.7577': attribute type 1 has an invalid length.
[ 1924.067801][ T1739] netlink: 8 bytes leftover after parsing attributes in process `syz.8.7578'.
[ 1924.287568][ T1754] fuse: Bad value for 'fd'
[ 1924.296688][ T1755] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1924.306275][ T1754] fuse: Bad value for 'fd'
[ 1924.540513][ T1767] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap2
[ 1924.686323][ T1775] gre0: Master is either lo or non-ether device
[ 1924.825601][ T1783] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1925.004158][ T1795] fuse: Bad value for 'fd'
[ 1925.207475][ T1810] netlink: 'syz.8.7611': attribute type 1 has an invalid length.
[ 1925.240597][ T1810] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1925.299856][ T1815] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1925.919269][ T1846] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1926.079799][ T1848] fuse: Bad value for 'fd'
[ 1927.234824][ T1869] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7638'.
[ 1927.400675][T15681] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1927.412744][T15681] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1927.422196][T15681] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1927.446607][T15681] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1927.456999][T15681] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1927.833022][ T1880] chnl_net:caif_netlink_parms(): no params data found
[ 1927.961138][ T1880] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1927.968514][ T1880] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1927.975932][ T1880] bridge_slave_0: entered allmulticast mode
[ 1927.991073][ T1880] bridge_slave_0: entered promiscuous mode
[ 1928.001130][ T1880] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1928.009517][ T1880] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1928.016926][ T1880] bridge_slave_1: entered allmulticast mode
[ 1928.024711][ T1880] bridge_slave_1: entered promiscuous mode
[ 1928.078347][ T1880] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1928.094778][ T1880] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1928.136853][ T1880] team0: Port device team_slave_0 added
[ 1928.146504][ T1880] team0: Port device team_slave_1 added
[ 1928.222943][ T1880] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1928.230036][ T1880] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1928.258017][ T1880] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1928.289311][ T1880] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1928.304029][ T1880] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1928.383678][ T1880] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1928.400721][ T1901] __nla_validate_parse: 3 callbacks suppressed
[ 1928.400741][ T1901] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7648'.
[ 1928.434314][ T1901] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7648'.
[ 1928.478216][ T1901] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7648'.
[ 1928.495101][ T1880] hsr_slave_0: entered promiscuous mode
[ 1928.512765][ T1880] hsr_slave_1: entered promiscuous mode
[ 1928.526447][ T1901] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7648'.
[ 1928.528328][ T1880] debugfs: 'hsr0' already exists in 'hsr'
[ 1928.555225][ T1880] Cannot create hsr debugfs directory
[ 1928.724036][ T1826] Set syz1 is full, maxelem 65536 reached
[ 1928.843834][ T1880] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 1928.881160][ T1880] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 1928.926338][ T1880] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 1928.936028][ T1880] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 1929.059765][ T1880] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1929.090641][ T1880] 8021q: adding VLAN 0 to HW filter on device team0
[ 1929.110995][T20056] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1929.118188][T20056] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1929.151695][T20056] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1929.158875][T20056] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1929.255259][ T1880] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1929.336858][ T1880] veth0_vlan: entered promiscuous mode
[ 1929.357879][ T1880] veth1_vlan: entered promiscuous mode
[ 1929.451613][ T1938] vlan1: entered allmulticast mode
[ 1929.461481][ T1938] veth0_to_bond: entered allmulticast mode
[ 1929.576062][T15681] Bluetooth: hci1: command tx timeout
[ 1929.591232][ T1880] veth0_macvtap: entered promiscuous mode
[ 1929.602748][ T1880] veth1_macvtap: entered promiscuous mode
[ 1929.637107][ T1880] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1929.657940][ T1880] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1929.726672][   T13] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1929.756157][   T13] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1929.767711][   T13] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1929.936300][   T13] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1930.090831][T28478] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1930.127907][T28478] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1930.226479][T28478] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1930.237169][T28478] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1930.782464][ T1959] ipvlan2: entered promiscuous mode
[ 1930.799429][ T1959] ipvlan2: entered allmulticast mode
[ 1930.809542][ T1959] gretap0: entered allmulticast mode
[ 1931.623794][T15681] Bluetooth: hci1: command tx timeout
[ 1932.260081][ T1996] netlink: 24 bytes leftover after parsing attributes in process `syz.5.7684'.
[ 1932.788245][ T2005] syzkaller0: entered promiscuous mode
[ 1932.813869][ T2005] syzkaller0: entered allmulticast mode
[ 1932.875892][ T1936] Set syz1 is full, maxelem 65536 reached
[ 1932.995230][ T2016] netlink: 24 bytes leftover after parsing attributes in process `syz.5.7689'.
[ 1933.196117][ T2030] netlink: 24 bytes leftover after parsing attributes in process `syz.9.7695'.
[ 1933.302795][ T2034] netlink: 8 bytes leftover after parsing attributes in process `syz.9.7697'.
[ 1933.320557][ T2034] netlink: 12 bytes leftover after parsing attributes in process `syz.9.7697'.
[ 1933.351504][T28478] netdevsim netdevsim9 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1933.351635][ T2034] netlink: 8 bytes leftover after parsing attributes in process `syz.9.7697'.
[ 1933.360663][T28478] netdevsim netdevsim9 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1933.412210][T28478] netdevsim netdevsim9 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1933.451697][T28478] netdevsim netdevsim9 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1933.502209][ T2041] __nla_validate_parse: 1 callbacks suppressed
[ 1933.502228][ T2041] netlink: 4 bytes leftover after parsing attributes in process `syz.8.7700'.
[ 1933.547253][ T2041] team1: entered promiscuous mode
[ 1933.552790][ T2041] team1: entered allmulticast mode
[ 1933.555513][ T2042] kvm: requested 2514 ns i8254 timer period limited to 200000 ns
[ 1933.560548][ T2041] 8021q: adding VLAN 0 to HW filter on device team1
[ 1933.734930][T15681] Bluetooth: hci1: command tx timeout
[ 1933.884561][ T2049] vlan2: entered allmulticast mode
[ 1933.889779][ T2049] veth0_to_bond: entered allmulticast mode
[ 1934.020934][ T2059] netlink: 'syz.2.7708': attribute type 12 has an invalid length.
[ 1934.058172][ T2059] netlink: 'syz.2.7708': attribute type 29 has an invalid length.
[ 1934.067814][ T2059] netlink: 148 bytes leftover after parsing attributes in process `syz.2.7708'.
[ 1934.122051][ T2059] netlink: 51 bytes leftover after parsing attributes in process `syz.2.7708'.
[ 1934.236429][ T2066] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7710'.
[ 1934.524005][T20056] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1934.527504][ T2060] xt_hashlimit: size too large, truncated to 1048576
[ 1934.626117][ T2075] netlink: 'syz.2.7713': attribute type 1 has an invalid length.
[ 1934.722537][ T2075] 8021q: adding VLAN 0 to HW filter on device bond4
[ 1934.803357][T20056] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1934.981747][T20056] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1934.988686][ T2084] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7715'.
[ 1935.149855][T20056] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1935.220584][ T2094] netlink: 'syz.2.7719': attribute type 12 has an invalid length.
[ 1935.232102][ T2094] netlink: 'syz.2.7719': attribute type 29 has an invalid length.
[ 1935.240621][ T2094] netlink: 148 bytes leftover after parsing attributes in process `syz.2.7719'.
[ 1935.252177][ T2094] netlink: 51 bytes leftover after parsing attributes in process `syz.2.7719'.
[ 1935.476286][T20056] bridge_slave_1: left allmulticast mode
[ 1935.483212][T20056] bridge_slave_1: left promiscuous mode
[ 1935.504413][T20056] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1935.559368][T20056] bridge_slave_0: left allmulticast mode
[ 1935.570774][T20056] bridge_slave_0: left promiscuous mode
[ 1935.586119][T20056] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1935.795558][T15681] Bluetooth: hci1: command tx timeout
[ 1935.872882][ T2117] xt_hashlimit: size too large, truncated to 1048576
[ 1936.019299][ T2129] netlink: 'syz.5.7729': attribute type 4 has an invalid length.
[ 1936.079969][ T2132] netlink: 'syz.5.7729': attribute type 4 has an invalid length.
[ 1936.539558][ T2143] netlink: 'syz.3.7732': attribute type 1 has an invalid length.
[ 1936.796803][T20056] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1936.807829][T20056] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1936.817832][T20056] bond0 (unregistering): Released all slaves
[ 1937.327520][ T2143] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1937.349652][ T2148] netlink: 'syz.8.7734': attribute type 12 has an invalid length.
[ 1937.362995][ T2148] netlink: 'syz.8.7734': attribute type 29 has an invalid length.
[ 1937.371590][ T2148] netlink: 148 bytes leftover after parsing attributes in process `syz.8.7734'.
[ 1937.381132][ T2148] netlink: 51 bytes leftover after parsing attributes in process `syz.8.7734'.
[ 1938.000467][ T2193] netlink: 136 bytes leftover after parsing attributes in process `syz.2.7749'.
[ 1938.306404][ T2045] Set syz1 is full, maxelem 65536 reached
[ 1938.532333][ T2217] __nla_validate_parse: 1 callbacks suppressed
[ 1938.532353][ T2217] netlink: 12 bytes leftover after parsing attributes in process `syz.8.7755'.
[ 1938.576557][ T2215] netlink: 148 bytes leftover after parsing attributes in process `syz.9.7754'.
[ 1938.595446][ T2215] netlink: 51 bytes leftover after parsing attributes in process `syz.9.7754'.
[ 1938.724606][T20056] hsr_slave_0: left promiscuous mode
[ 1938.740088][T20056] hsr_slave_1: left promiscuous mode
[ 1938.747548][T20056] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1938.760494][T20056] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1938.769711][T20056] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1938.777289][T20056] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1938.798651][T20056] veth1_macvtap: left promiscuous mode
[ 1938.804355][T20056] veth0_macvtap: left promiscuous mode
[ 1938.810040][T20056] veth1_vlan: left promiscuous mode
[ 1938.818949][T20056] veth0_vlan: left promiscuous mode
[ 1939.031443][ T2241] netlink: 24 bytes leftover after parsing attributes in process `syz.8.7763'.
[ 1939.121694][T20056] team0 (unregistering): Port device team_slave_1 removed
[ 1939.156497][T20056] team0 (unregistering): Port device team_slave_0 removed
[ 1939.986517][ T2270] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7771'.
[ 1940.573955][ T2296] syzkaller0: entered promiscuous mode
[ 1940.600922][ T2296] syzkaller0: entered allmulticast mode
[ 1940.884802][ T2305] netlink: 12 bytes leftover after parsing attributes in process `syz.8.7783'.
[ 1941.114943][ T2314] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1941.150335][ T2317] validate_nla: 2 callbacks suppressed
[ 1941.150355][ T2317] netlink: 'syz.8.7787': attribute type 1 has an invalid length.
[ 1941.197378][ T2317] bond3: entered promiscuous mode
[ 1941.201952][ T2324] netlink: 4 bytes leftover after parsing attributes in process `syz.8.7787'.
[ 1941.202846][ T2317] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1941.268893][ T2320] bond_slave_0: entered promiscuous mode
[ 1941.275005][ T2320] bond_slave_1: entered promiscuous mode
[ 1941.321745][ T2320] vlan4: entered promiscuous mode
[ 1941.335058][ T2320] bond0: entered promiscuous mode
[ 1941.448842][ T2324] bond3: (slave veth3): making interface the new active one
[ 1941.470969][ T2324] veth3: entered promiscuous mode
[ 1941.486490][ T2324] bond3: (slave veth3): Enslaving as an active interface with an up link
[ 1941.698150][ T2346] syzkaller0: entered promiscuous mode
[ 1941.713919][ T2346] syzkaller0: entered allmulticast mode
[ 1942.086047][ T2364] ipvlan2: entered promiscuous mode
[ 1942.098173][ T2364] ipvlan2: entered allmulticast mode
[ 1943.038479][ T2407] netlink: 8 bytes leftover after parsing attributes in process `syz.9.7814'.
[ 1943.047643][ T2407] netlink: 12 bytes leftover after parsing attributes in process `syz.9.7814'.
[ 1943.057547][ T2407] netlink: 8 bytes leftover after parsing attributes in process `syz.9.7814'.
[ 1943.402111][ T2422] ipvlan2: entered promiscuous mode
[ 1943.410745][ T2422] ipvlan2: entered allmulticast mode
[ 1943.416755][ T2422] gretap0: entered allmulticast mode
[ 1943.771398][ T2447] fuse: Invalid gid '00000000000000000005'
[ 1944.370052][    T0] NOHZ tick-stop error: local softirq work is pending, handler #182!!!
[ 1944.715573][ T2470] fuse: Bad value for 'fd'
[ 1944.794121][ T2472] netlink: 'syz.8.7837': attribute type 1 has an invalid length.
[ 1945.288930][   T30] kauditd_printk_skb: 9 callbacks suppressed
[ 1945.288947][   T30] audit: type=1326 audit(1775703873.021:2115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2498 comm="syz.9.7847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9c799c819 code=0x7fc00000
[ 1945.342491][   T30] audit: type=1326 audit(1775703873.021:2116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2498 comm="syz.9.7847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fc9c799c819 code=0x7fc00000
[ 1946.688224][ T2578] ipvlan2: entered promiscuous mode
[ 1946.753903][   T30] audit: type=1326 audit(1775703874.491:2117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2579 comm="syz.9.7872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9c799c819 code=0x7ffc0000
[ 1946.796632][   T30] audit: type=1326 audit(1775703874.511:2118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2579 comm="syz.9.7872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9c799c819 code=0x7ffc0000
[ 1946.819690][   T30] audit: type=1326 audit(1775703874.511:2119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2579 comm="syz.9.7872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9c799c819 code=0x7ffc0000
[ 1946.848060][   T30] audit: type=1326 audit(1775703874.511:2120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2579 comm="syz.9.7872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9c799c819 code=0x7ffc0000
[ 1946.872355][   T30] audit: type=1326 audit(1775703874.511:2121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2579 comm="syz.9.7872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9c799c819 code=0x7ffc0000
[ 1946.895483][   T30] audit: type=1326 audit(1775703874.511:2122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2579 comm="syz.9.7872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc9c799c819 code=0x7ffc0000
[ 1946.946280][   T30] audit: type=1326 audit(1775703874.511:2123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2579 comm="syz.9.7872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9c799c819 code=0x7ffc0000
[ 1947.010792][   T30] audit: type=1326 audit(1775703874.511:2124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2579 comm="syz.9.7872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9c799c819 code=0x7ffc0000
[ 1947.666855][ T2630] fuse: Bad value for 'fd'
[ 1947.854836][ T2645] ------------[ cut here ]------------
[ 1947.860368][ T2645] memcpy: detected field-spanning write (size 32) of single field "&new->sel" at net/sched/cls_u32.c:855 (size 16)
[ 1947.872848][ T2645] WARNING: net/sched/cls_u32.c:855 at u32_change+0x1da0/0x2720, CPU#0: syz.2.7897/2645
[ 1947.882561][ T2645] Modules linked in:
[ 1947.886517][ T2645] CPU: 0 UID: 0 PID: 2645 Comm: syz.2.7897 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1947.897629][ T2645] Tainted: [L]=SOFTLOCKUP
[ 1947.901943][ T2645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1947.912050][ T2645] RIP: 0010:u32_change+0x1daf/0x2720
[ 1947.917353][ T2645] Code: 3d e6 c9 42 06 01 75 33 e8 9e cf 0c f8 eb 50 e8 97 cf 0c f8 48 8d 3d 40 fe 67 06 b9 10 00 00 00 4c 89 f6 48 c7 c2 c0 aa e1 8c <67> 48 0f b9 3a e9 af ee ff ff e8 72 cf 0c f8 eb 24 e8 6b cf 0c f8
[ 1947.937127][ T2645] RSP: 0018:ffffc90004746fc0 EFLAGS: 00010287
[ 1947.943186][ T2645] RAX: ffffffff89b8f059 RBX: ffff88805a545400 RCX: 0000000000000010
[ 1947.951585][ T2645] RDX: ffffffff8ce1aac0 RSI: 0000000000000020 RDI: ffffffff9020eea0
[ 1947.959823][ T2645] RBP: ffffc90004747178 R08: 0000000000000dc0 R09: 00000000ffffffff
[ 1947.967867][ T2645] R10: dffffc0000000000 R11: fffffbfff2023b17 R12: ffff88805a545ce8
[ 1947.975916][ T2645] R13: 0000000000000001 R14: 0000000000000020 R15: 0000000000000001
[ 1947.983940][ T2645] FS:  00007f680a7346c0(0000) GS:ffff888125454000(0000) knlGS:0000000000000000
[ 1947.992855][ T2645] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1947.999458][ T2645] CR2: 0000000000000000 CR3: 0000000067006000 CR4: 00000000003526f0
[ 1948.007447][ T2645] Call Trace:
[ 1948.010713][ T2645]  <TASK>
[ 1948.013668][ T2645]  ? __pfx_u32_change+0x10/0x10
[ 1948.018510][ T2645]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1948.024501][ T2645]  tc_new_tfilter+0xff8/0x1780
[ 1948.029276][ T2645]  ? __pfx_tc_new_tfilter+0x10/0x10
[ 1948.034687][ T2645]  ? __pfx_tc_new_tfilter+0x10/0x10
[ 1948.039896][ T2645]  rtnetlink_rcv_msg+0x7d5/0xbe0
[ 1948.044875][ T2645]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[ 1948.050527][ T2645]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1948.056325][ T2645]  ? ref_tracker_free+0x693/0x840
[ 1948.061343][ T2645]  ? __copy_skb_header+0xa3/0x4a0
[ 1948.066429][ T2645]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1948.071813][ T2645]  netlink_rcv_skb+0x232/0x4b0
[ 1948.076667][ T2645]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1948.082150][ T2645]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1948.087569][ T2645]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1948.092789][ T2645]  netlink_unicast+0x80f/0x9b0
[ 1948.097609][ T2645]  ? __pfx_netlink_unicast+0x10/0x10
[ 1948.102919][ T2645]  ? netlink_sendmsg+0x650/0xb40
[ 1948.108201][ T2645]  ? skb_put+0x11b/0x210
[ 1948.112472][ T2645]  netlink_sendmsg+0x813/0xb40
[ 1948.117419][ T2645]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1948.122719][ T2645]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1948.127687][ T2645]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1948.132989][ T2645]  ____sys_sendmsg+0x972/0x9f0
[ 1948.137789][ T2645]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1948.143095][ T2645]  ? import_iovec+0x73/0xa0
[ 1948.147625][ T2645]  ___sys_sendmsg+0x2a5/0x360
[ 1948.152318][ T2645]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1948.158507][ T2645]  ? __pfx_futex_wake_mark+0x10/0x10
[ 1948.163867][ T2645]  ? __fget_files+0x2a/0x420
[ 1948.168446][ T2645]  ? __fget_files+0x3a0/0x420
[ 1948.173151][ T2645]  __sys_sendmmsg+0x27c/0x4e0
[ 1948.177883][ T2645]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1948.183094][ T2645]  ? do_futex+0x333/0x420
[ 1948.187562][ T2645]  ? __pfx___se_sys_futex+0x10/0x10
[ 1948.192776][ T2645]  ? fd_install+0x306/0x3d0
[ 1948.197349][ T2645]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1948.202221][ T2645]  do_syscall_64+0x14d/0xf80
[ 1948.206841][ T2645]  ? trace_irq_disable+0x3b/0x150
[ 1948.211854][ T2645]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1948.217926][ T2645]  ? clear_bhb_loop+0x40/0x90
[ 1948.222593][ T2645]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1948.228516][ T2645] RIP: 0033:0x7f680979c819
[ 1948.232941][ T2645] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1948.252603][ T2645] RSP: 002b:00007f680a734028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1948.261380][ T2645] RAX: ffffffffffffffda RBX: 00007f6809a15fa0 RCX: 00007f680979c819
[ 1948.269838][ T2645] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000007
[ 1948.277918][ T2645] RBP: 00007f6809832c91 R08: 0000000000000000 R09: 0000000000000000
[ 1948.285946][ T2645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1948.293971][ T2645] R13: 00007f6809a16038 R14: 00007f6809a15fa0 R15: 00007f6809b3fa48
[ 1948.301976][ T2645]  </TASK>
[ 1948.305137][ T2645] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1948.312424][ T2645] CPU: 0 UID: 0 PID: 2645 Comm: syz.2.7897 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1948.323267][ T2645] Tainted: [L]=SOFTLOCKUP
[ 1948.327578][ T2645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1948.337619][ T2645] Call Trace:
[ 1948.340884][ T2645]  <TASK>
[ 1948.343803][ T2645]  vpanic+0x56c/0xa60
[ 1948.347784][ T2645]  ? __pfx__printk+0x10/0x10
[ 1948.352360][ T2645]  ? __pfx_vpanic+0x10/0x10
[ 1948.356855][ T2645]  ? is_bpf_text_address+0x292/0x2b0
[ 1948.362131][ T2645]  ? is_bpf_text_address+0x26/0x2b0
[ 1948.367331][ T2645]  panic+0xc5/0xd0
[ 1948.371058][ T2645]  ? __pfx_panic+0x10/0x10
[ 1948.375481][ T2645]  __warn+0x315/0x4f0
[ 1948.379456][ T2645]  ? u32_change+0x1da0/0x2720
[ 1948.384127][ T2645]  ? u32_change+0x1da0/0x2720
[ 1948.388797][ T2645]  __report_bug+0x29a/0x540
[ 1948.393290][ T2645]  ? ___sys_sendmsg+0x2a5/0x360
[ 1948.398130][ T2645]  ? __sys_sendmmsg+0x27c/0x4e0
[ 1948.402973][ T2645]  ? __x64_sys_sendmmsg+0xa0/0xc0
[ 1948.407995][ T2645]  ? u32_change+0x1da0/0x2720
[ 1948.412664][ T2645]  ? __pfx___report_bug+0x10/0x10
[ 1948.417697][ T2645]  report_bug_entry+0x19a/0x290
[ 1948.422573][ T2645]  ? u32_change+0x1daf/0x2720
[ 1948.427245][ T2645]  ? u32_change+0x1db4/0x2720
[ 1948.431914][ T2645]  handle_bug+0xce/0x200
[ 1948.436156][ T2645]  exc_invalid_op+0x1a/0x50
[ 1948.440661][ T2645]  asm_exc_invalid_op+0x1a/0x20
[ 1948.445501][ T2645] RIP: 0010:u32_change+0x1daf/0x2720
[ 1948.450781][ T2645] Code: 3d e6 c9 42 06 01 75 33 e8 9e cf 0c f8 eb 50 e8 97 cf 0c f8 48 8d 3d 40 fe 67 06 b9 10 00 00 00 4c 89 f6 48 c7 c2 c0 aa e1 8c <67> 48 0f b9 3a e9 af ee ff ff e8 72 cf 0c f8 eb 24 e8 6b cf 0c f8
[ 1948.470383][ T2645] RSP: 0018:ffffc90004746fc0 EFLAGS: 00010287
[ 1948.476453][ T2645] RAX: ffffffff89b8f059 RBX: ffff88805a545400 RCX: 0000000000000010
[ 1948.484416][ T2645] RDX: ffffffff8ce1aac0 RSI: 0000000000000020 RDI: ffffffff9020eea0
[ 1948.492377][ T2645] RBP: ffffc90004747178 R08: 0000000000000dc0 R09: 00000000ffffffff
[ 1948.500335][ T2645] R10: dffffc0000000000 R11: fffffbfff2023b17 R12: ffff88805a545ce8
[ 1948.508297][ T2645] R13: 0000000000000001 R14: 0000000000000020 R15: 0000000000000001
[ 1948.516265][ T2645]  ? u32_change+0x1d99/0x2720
[ 1948.520955][ T2645]  ? __pfx_u32_change+0x10/0x10
[ 1948.525797][ T2645]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1948.531445][ T2645]  tc_new_tfilter+0xff8/0x1780
[ 1948.536221][ T2645]  ? __pfx_tc_new_tfilter+0x10/0x10
[ 1948.541434][ T2645]  ? __pfx_tc_new_tfilter+0x10/0x10
[ 1948.546626][ T2645]  rtnetlink_rcv_msg+0x7d5/0xbe0
[ 1948.551560][ T2645]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[ 1948.556658][ T2645]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1948.562105][ T2645]  ? ref_tracker_free+0x693/0x840
[ 1948.567135][ T2645]  ? __copy_skb_header+0xa3/0x4a0
[ 1948.572166][ T2645]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1948.577533][ T2645]  netlink_rcv_skb+0x232/0x4b0
[ 1948.582305][ T2645]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1948.587783][ T2645]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1948.593081][ T2645]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1948.598279][ T2645]  netlink_unicast+0x80f/0x9b0
[ 1948.603051][ T2645]  ? __pfx_netlink_unicast+0x10/0x10
[ 1948.608338][ T2645]  ? netlink_sendmsg+0x650/0xb40
[ 1948.613269][ T2645]  ? skb_put+0x11b/0x210
[ 1948.617512][ T2645]  netlink_sendmsg+0x813/0xb40
[ 1948.622282][ T2645]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1948.627564][ T2645]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1948.632502][ T2645]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1948.637782][ T2645]  ____sys_sendmsg+0x972/0x9f0
[ 1948.642547][ T2645]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1948.647829][ T2645]  ? import_iovec+0x73/0xa0
[ 1948.652329][ T2645]  ___sys_sendmsg+0x2a5/0x360
[ 1948.657005][ T2645]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1948.662200][ T2645]  ? __pfx_futex_wake_mark+0x10/0x10
[ 1948.667504][ T2645]  ? __fget_files+0x2a/0x420
[ 1948.672084][ T2645]  ? __fget_files+0x3a0/0x420
[ 1948.676755][ T2645]  __sys_sendmmsg+0x27c/0x4e0
[ 1948.681434][ T2645]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1948.686625][ T2645]  ? do_futex+0x333/0x420
[ 1948.690969][ T2645]  ? __pfx___se_sys_futex+0x10/0x10
[ 1948.696160][ T2645]  ? fd_install+0x306/0x3d0
[ 1948.700667][ T2645]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1948.705513][ T2645]  do_syscall_64+0x14d/0xf80
[ 1948.710094][ T2645]  ? trace_irq_disable+0x3b/0x150
[ 1948.715108][ T2645]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1948.721171][ T2645]  ? clear_bhb_loop+0x40/0x90
[ 1948.725837][ T2645]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1948.731719][ T2645] RIP: 0033:0x7f680979c819
[ 1948.736130][ T2645] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1948.755726][ T2645] RSP: 002b:00007f680a734028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1948.764137][ T2645] RAX: ffffffffffffffda RBX: 00007f6809a15fa0 RCX: 00007f680979c819
[ 1948.772103][ T2645] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000007
[ 1948.780071][ T2645] RBP: 00007f6809832c91 R08: 0000000000000000 R09: 0000000000000000
[ 1948.788031][ T2645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1948.795995][ T2645] R13: 00007f6809a16038 R14: 00007f6809a15fa0 R15: 00007f6809b3fa48
[ 1948.803966][ T2645]  </TASK>
[ 1948.807307][ T2645] Kernel Offset: disabled
[ 1948.811614][ T2645] Rebooting in 86400 seconds..