last executing test programs:

16.824525914s ago: executing program 0 (id=236):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
r2 = open_tree(0xffffffffffffff9c, 0x0, 0x89901)
mount_setattr(r2, &(0x7f0000001d80)='.\x00', 0x8000, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0)
openat(r6, 0x0, 0x6a1c2, 0x50)
recvmmsg(r3, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r5, 0x0, 0x10, &(0x7f0000000400)={{{@in6=@mcast1, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in=@initdev}, 0x0, @in=@empty}}, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x1018ef8, &(0x7f0000000d40)={[{@data_writeback}, {@noauto_da_alloc}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x20}}, {@noload}, {@journal_dev={'journal_dev', 0x3d, 0x80000000000004}}, {@nodiscard}, {@errors_continue}, {@quota}], [{@dont_appraise}, {@uid_gt={'uid>', 0xee01}}, {@euid_lt={'euid<', r7}}, {@dont_measure}, {@smackfsfloor={'smackfsfloor', 0x3d, '](&/&\\g+..$+,'}}]}, 0x1, 0x644, &(0x7f00000006c0)="$eJzs3c9rHG0dAPDvzCZ5kzS+6SsiNigGPLQgTZNarHqxrQd7KFiwBxEPDU1SQ7c/SFKwtdAEPCgoiHgt0ov/gHfp3ZsI6s2zUEUqFrR0ZWZnm81mN7ttsrtJ5vOBzT7zzLN5nm9mn8wzM/vsBFBas9mPNOJUxNubScR007qpqK+cLcq9+teTW9kjiVrtu/9MIinyGuWT4vlEsTAeEX+8EvHpyu561x89vrNYrdU9jTi3cffBufVHj8+u3l28vXx7+d7C+a9duDj/9YULC00N/XAniuer177z+V/85IdfXflT9WwSl+LG6I+XoiWOgzIbs/G2CLE5fyQiLmaJNn+Xo+YYhFBqleL9OBoRn43pqORLddOx+vOhNg7oq1olora3pFsB4KjSvaGsGuOAxrF9b8fBN/o8Khmcl5frB0C74x8pTjmM58dGk6+SpiOj+rmNkwdQf1bHmyfjz948mXkWO85DvH63dUYOoJ5ONrci4nPt4k/ytp3MI83iT3cc6ycRMR8RY0X7vrWPNiRN6X6ch9lLj/FXsvibt0MaEZeK5yz/ygfW33paa9DxA1BOLy4XO/LNbGl7/5eNPRrjn9ge/zxtvG5q/5dkcsPe/3Ue/zX29+P5uCdtGYdlY5br7X/laGvG33529Ved6q+P/2aeNR5Z/Y2x4CC83IqYaYn/p1mwxfgniz9pM/7Nity81Fsd3/7zP652Wjfs+GvPI063Pf7ZHpVmqT2uT55bWa0uz9d/tq3j93/4wW871d8+/o/6EGl72faf7BB/0/ZPW1+X/U0etP+VW60Zv7v+/G6n+qe6bv/072NJ/XhzrMj50dbGxtpCxFhyrShS5C9ubKyd3zveepnXtfx5oR7/mS+17/873v8tUU00/mX24MH37rzqtO5D3v9NF5Pf1npsQydZ/Evdt/+u/p/l/bLHOv7z/Ydf6LSuffzJvmICAAAAAACAskrza7BJOvcunaZzc/X5sp+JybR6f33jyyv3H95bijiTfx5yNI00yT8yMl1fTlZWq8sLxedhG8vnW5a/EhGfRMSvKxP58tyt+9WlYQcPAAAAAAAAAAAAAAAAAAAAh8SJYv5/4z7V/67U5/8DJdH9BnO77v8AHBP9vMEkcLjl/X+vXfzHg2sLMFj2/1Be+j+Ul/4P5aX/Q3np/1Be+j+Ul/4P5aX/AwAAAMCx9MkXX/w1iYjNb0zkj8xYsc6kXzjeRt+rdKVv7QAGT4+G8np36d9gH0qnp/H/f4svB+x/c4AhSNpl5oOD2t6d/0XbV27b2n/bAAAAAAAAAAAAAIC606c6z/9/v7nBwFFj2h+U1z7m//vqADjifPU/lJdjfKDLLP4Y77Si2/x/AAAAAAAAAAAAAODATOWPJJ0r5gJPRZrOzUV8KiJOxmiyslpdno+IjyPiL5XRj7LlhWE3GgAAAAAAAAAAAAAAAAAAAI6Z9UeP7yxWq8trzYn/7co53onGXVC7F671UGbPxDfjPV8VyeD/LBMRMfSN0rfESFNOErGZbflD0bC19TgczcgTQ/7HBAAAAAAAAAAAAAAAAAAAJdQ097i9md8MuEUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMHjb9//vkliarL+gp8I7E8OOEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4mv4fAAD//6AzO/k=")
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0180000000000000000001000000000000000b00000000030014"], 0x28}}, 0x40000)

14.340145943s ago: executing program 0 (id=240):
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r0 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2)
ftruncate(r0, 0xffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, r0, 0x5925000)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
fcntl$addseals(r0, 0x409, 0x1)
gettid()
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
r4 = gettid()
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
ppoll(0x0, 0x0, 0x0, &(0x7f00000000c0)={[0x8001a0ffffffff]}, 0x8)
fcntl$setsig(r5, 0xa, 0x12)
ppoll(&(0x7f0000000100)=[{r6}], 0x1, 0x0, 0x0, 0x0)
dup2(r5, r6)
fcntl$setown(r6, 0x8, r4)
tkill(r4, 0x13)

11.051526966s ago: executing program 0 (id=251):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz0\x00', {0x0, 0x0, 0xb}, 0x0, [0x0, 0x3, 0x403, 0x100000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffffc, 0x0, 0x3, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x3, 0x10000000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xa9a4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedc0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0xfffffff8, 0x0, 0x0, 0x79, 0xfffffffd, 0x0, 0x0, 0x0, 0x2, 0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2000, 0xf1a, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x20], [0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0xffffffff, 0x89, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x80000000, 0x0, 0xfffffffe, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x351e, 0x0, 0xfffffffd, 0x0, 0x0, 0x6492, 0x8], [0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x200000, 0x0, 0x0, 0x10, 0x0, 0x0, 0x804, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x40, 0xd67c, 0x2, 0x0, 0x4, 0x0, 0xfd32, 0x6, 0x0, 0x0, 0x0, 0x2, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0xc0ac, 0x0, 0x0, 0x0, 0x100000]}, 0x45c)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

9.83951525s ago: executing program 0 (id=260):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000072"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r0)
r1 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x20008000)
r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="b4050000fdff7f006110a40000000000c60000000000000095000000000000009f33ef60916e6e713f1e6b0b725ad99b817fd98cd824498949714e32f21dcc4ae5437aca55f21f3ca9e822d182054d54d53cd2b6da714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed00000000000000000000000000000000000000006c63b40e0c00000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f79829c90bd2114252581567acae715cbe1b57d5cda432c5b9443999f7d24195405f2e76ba88454cc9227069ccb7b37b41215c000000003be991e5e897284cdd6043058cec00000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000500)=ANY=[@ANYRES32=r3, @ANYRES32=r2, @ANYBLOB="0500"], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r3}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20)
close(0x3)

9.715579432s ago: executing program 0 (id=261):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
r2 = open_tree(0xffffffffffffff9c, 0x0, 0x89901)
mount_setattr(r2, &(0x7f0000001d80)='.\x00', 0x8000, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0)
openat(r6, 0x0, 0x6a1c2, 0x50)
recvmmsg(r3, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r5, 0x0, 0x10, &(0x7f0000000400)={{{@in6=@mcast1, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in=@initdev}, 0x0, @in=@empty}}, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x1018ef8, &(0x7f0000000d40)={[{@data_writeback}, {@noauto_da_alloc}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x20}}, {@noload}, {@journal_dev={'journal_dev', 0x3d, 0x80000000000004}}, {@nodiscard}, {@errors_continue}, {@quota}], [{@dont_appraise}, {@uid_gt={'uid>', 0xee01}}, {@euid_lt={'euid<', r7}}, {@dont_measure}, {@smackfsfloor={'smackfsfloor', 0x3d, '](&/&\\g+..$+,'}}]}, 0x1, 0x644, &(0x7f00000006c0)="$eJzs3c9rHG0dAPDvzCZ5kzS+6SsiNigGPLQgTZNarHqxrQd7KFiwBxEPDU1SQ7c/SFKwtdAEPCgoiHgt0ov/gHfp3ZsI6s2zUEUqFrR0ZWZnm81mN7ttsrtJ5vOBzT7zzLN5nm9mn8wzM/vsBFBas9mPNOJUxNubScR007qpqK+cLcq9+teTW9kjiVrtu/9MIinyGuWT4vlEsTAeEX+8EvHpyu561x89vrNYrdU9jTi3cffBufVHj8+u3l28vXx7+d7C+a9duDj/9YULC00N/XAniuer177z+V/85IdfXflT9WwSl+LG6I+XoiWOgzIbs/G2CLE5fyQiLmaJNn+Xo+YYhFBqleL9OBoRn43pqORLddOx+vOhNg7oq1olora3pFsB4KjSvaGsGuOAxrF9b8fBN/o8Khmcl5frB0C74x8pTjmM58dGk6+SpiOj+rmNkwdQf1bHmyfjz948mXkWO85DvH63dUYOoJ5ONrci4nPt4k/ytp3MI83iT3cc6ycRMR8RY0X7vrWPNiRN6X6ch9lLj/FXsvibt0MaEZeK5yz/ygfW33paa9DxA1BOLy4XO/LNbGl7/5eNPRrjn9ge/zxtvG5q/5dkcsPe/3Ue/zX29+P5uCdtGYdlY5br7X/laGvG33529Ved6q+P/2aeNR5Z/Y2x4CC83IqYaYn/p1mwxfgniz9pM/7Nity81Fsd3/7zP652Wjfs+GvPI063Pf7ZHpVmqT2uT55bWa0uz9d/tq3j93/4wW871d8+/o/6EGl72faf7BB/0/ZPW1+X/U0etP+VW60Zv7v+/G6n+qe6bv/072NJ/XhzrMj50dbGxtpCxFhyrShS5C9ubKyd3zveepnXtfx5oR7/mS+17/873v8tUU00/mX24MH37rzqtO5D3v9NF5Pf1npsQydZ/Evdt/+u/p/l/bLHOv7z/Ydf6LSuffzJvmICAAAAAACAskrza7BJOvcunaZzc/X5sp+JybR6f33jyyv3H95bijiTfx5yNI00yT8yMl1fTlZWq8sLxedhG8vnW5a/EhGfRMSvKxP58tyt+9WlYQcPAAAAAAAAAAAAAAAAAAAAh8SJYv5/4z7V/67U5/8DJdH9BnO77v8AHBP9vMEkcLjl/X+vXfzHg2sLMFj2/1Be+j+Ul/4P5aX/Q3np/1Be+j+Ul/4P5aX/AwAAAMCx9MkXX/w1iYjNb0zkj8xYsc6kXzjeRt+rdKVv7QAGT4+G8np36d9gH0qnp/H/f4svB+x/c4AhSNpl5oOD2t6d/0XbV27b2n/bAAAAAAAAAAAAAIC606c6z/9/v7nBwFFj2h+U1z7m//vqADjifPU/lJdjfKDLLP4Y77Si2/x/AAAAAAAAAAAAAODATOWPJJ0r5gJPRZrOzUV8KiJOxmiyslpdno+IjyPiL5XRj7LlhWE3GgAAAAAAAAAAAAAAAAAAAI6Z9UeP7yxWq8trzYn/7co53onGXVC7F671UGbPxDfjPV8VyeD/LBMRMfSN0rfESFNOErGZbflD0bC19TgczcgTQ/7HBAAAAAAAAAAAAAAAAAAAJdQ097i9md8MuEUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMHjb9//vkliarL+gp8I7E8OOEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4mv4fAAD//6AzO/k=")
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0180000000000000000001000000000000000b00000000030014"], 0x28}}, 0x40000)

6.576557873s ago: executing program 1 (id=270):
setitimer(0x0, &(0x7f0000000440)={{0x0, 0xea60}, {0x77359400}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r3 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4)
setsockopt$inet6_int(r3, 0x29, 0x31, 0x0, 0x0)
sendmmsg$inet6(r3, &(0x7f0000000e00)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0}}], 0x1, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000009, 0x12, 0xffffffffffffffff, 0x0)
recvmmsg(r3, 0x0, 0x0, 0x12141, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

5.454363944s ago: executing program 1 (id=271):
bpf$MAP_CREATE(0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB="dfb672a593b040c400955906b6ff0fe339c1569243107f220b28", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/24], 0x50)
socket$packet(0x11, 0x3, 0x300)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg(r1, 0x0, 0x0)
sched_setattr(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_create(0x2, &(0x7f0000000780)={0x0, 0x16, 0x4, @thr={&(0x7f0000000680)="d253ab8a967c5732aaabb815554eb74d97e8f9be76d401e5ad32bccdc312dddb6945ecfd3dfe43f39272ff10cea6da4b3a5222f591d49d9c3c500732f0dcf36ecce80014c7110dd45400d9ae4a152065ef0436bd734ca06551abb2ca5796d07916c7b0d0ed81c4367bd601faadc3935fb81f8f295d9f71f25c49d74fec18c5671019f02a87840a9d989c5a10dc4aaf8fdd8decd7d604cb", &(0x7f0000002800)}}, &(0x7f00000007c0))
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'veth1\x00', 0x1})
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDGKBMETA(r3, 0x4bfa, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB], 0x2d0}, 0x1, 0x0, 0x0, 0x40408c1}, 0x40)
r4 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x8a2b81)
write$char_usb(r4, &(0x7f0000000040)="e2", 0x12d8)

5.031886833s ago: executing program 2 (id=273):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6(0xa, 0x2, 0x0)
mount(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0)
chroot(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r4}, 0x10)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
fcntl$dupfd(r0, 0x0, r0)

4.499181263s ago: executing program 1 (id=277):
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r0 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2)
ftruncate(r0, 0xffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, r0, 0x5925000)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
fcntl$addseals(r0, 0x409, 0x1)
gettid()
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
r4 = gettid()
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$int_in(r5, 0x5452, &(0x7f0000000180)=0xffffffffffffffff)
fcntl$setsig(r5, 0xa, 0x12)
ppoll(&(0x7f0000000100)=[{r6}], 0x1, 0x0, 0x0, 0x0)
dup2(r5, r6)
fcntl$setown(r6, 0x8, r4)
tkill(r4, 0x13)

4.327685666s ago: executing program 3 (id=279):
setitimer(0x0, &(0x7f0000000440)={{0x0, 0xea60}, {0x77359400}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r3 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4)
setsockopt$inet6_int(r3, 0x29, 0x31, 0x0, 0x0)
sendmmsg$inet6(r3, &(0x7f0000000e00)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0}}], 0x1, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000009, 0x12, 0xffffffffffffffff, 0x0)
recvmmsg(r3, 0x0, 0x0, 0x12141, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

4.13190827s ago: executing program 0 (id=280):
bind$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x2, 0x1000, @empty}, 0x1c)
syz_emit_ethernet(0x3e, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsopen(&(0x7f00000003c0)='virtiofs\x00', 0x0)
ioctl$PPPIOCGFLAGS(0xffffffffffffffff, 0x8004745a, &(0x7f0000000140))

3.203135068s ago: executing program 2 (id=281):
r0 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000800b70099"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="90000000", @ANYRES16=r3, @ANYBLOB="010026bd7000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="0600cd00000000006c003300802009000802110000010802110000005050505050515f00ffffffffffffffff64000010000601010101010103012c0602ff0105030597052a01042d1a00041602000000000000007b00470011000000000000010000017107690001000107207606"], 0x90}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

3.129920919s ago: executing program 2 (id=282):
socket$kcm(0x11, 0x200000000000002, 0x300)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a80)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3cd2e7b3d6526bf5}}}, 0x68}}, 0x0)
r1 = socket$kcm(0x2, 0x3, 0x84)
sendmsg$inet(r1, &(0x7f0000001000)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001640)="5346f7f875528ef24043c68e04180a33", 0x10}], 0x1, &(0x7f0000000580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @loopback}}}], 0x20}, 0x0)

2.991613542s ago: executing program 3 (id=283):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000080)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "560400", 0x18, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x0, 0x0, 0x4, {[@mss={0x2, 0x4}]}}}}}}}}, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffff5f, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44\x8cm\xa0\x8dN\xd4\xa2\x88\x00\xd1l,'}, 0x30)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x80082, 0x0)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x11, r2, 0xfffffffffaa23000)
r3 = syz_open_dev$evdev(&(0x7f000001fa80), 0x20000000, 0x0)
ioctl$EVIOCSCLOCKID(r3, 0x40084504, &(0x7f0000ffcffc))
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00')
getdents64(r4, &(0x7f0000002f40)=""/4098, 0x1002)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, 0x0, 0x0)
r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r7 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r7, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r7, 0x0, 0xca, &(0x7f0000003d80)={0x1, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
setsockopt$inet_mreq(r6, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @address_request}}}}, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000080)=ANY=[], 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2.906278464s ago: executing program 2 (id=284):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@newsa={0x104, 0x1a, 0x7, 0x0, 0x0, {{@in6=@dev={0xfe, 0x80, '\x00', 0x1b}, @in=@multicast2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in=@remote, 0x0, 0x2b}, @in=@broadcast, {0x5a, 0xb400, 0x2, 0xfeffff7f00000001, 0x0, 0x60000}, {0x0, 0x200000, 0x7, 0xfffffffffffffffd}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x0)

2.191759877s ago: executing program 3 (id=285):
bpf$MAP_CREATE(0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB="dfb672a593b040c400955906b6ff0fe339c1569243107f220b28", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/24], 0x50)
socket$packet(0x11, 0x3, 0x300)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg(r1, 0x0, 0x0)
sched_setattr(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_create(0x2, &(0x7f0000000780)={0x0, 0x16, 0x4, @thr={&(0x7f0000000680)="d253ab8a967c5732aaabb815554eb74d97e8f9be76d401e5ad32bccdc312dddb6945ecfd3dfe43f39272ff10cea6da4b3a5222f591d49d9c3c500732f0dcf36ecce80014c7110dd45400d9ae4a152065ef0436bd734ca06551abb2ca5796d07916c7b0d0ed81c4367bd601faadc3935fb81f8f295d9f71f25c49d74fec18c5671019f02a87840a9d989c5a10dc4aaf8fdd8decd7d604cb", &(0x7f0000002800)}}, &(0x7f00000007c0))
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'veth1\x00', 0x1})
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDGKBMETA(r3, 0x4bfa, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB], 0x2d0}, 0x1, 0x0, 0x0, 0x40408c1}, 0x40)
r4 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x8a2b81)
write$char_usb(r4, &(0x7f0000000040)="e2", 0x12d8)

2.06476017s ago: executing program 1 (id=286):
rseq(&(0x7f00000004c0)={0x0, 0x0, 0x0, 0x3}, 0x20, 0x0, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{0x0}, {&(0x7f0000000300)=""/54, 0x36}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/81, 0x51}], 0x1, 0x0)

1.979562392s ago: executing program 2 (id=287):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz0\x00', {0x0, 0x0, 0xb}, 0x0, [0x0, 0x3, 0x403, 0x100000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffffc, 0x0, 0x3, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x3, 0x10000000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xa9a4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedc0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0xfffffff8, 0x0, 0x0, 0x79, 0xfffffffd, 0x0, 0x0, 0x0, 0x2, 0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2000, 0xf1a, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x20], [0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0xffffffff, 0x89, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x80000000, 0x0, 0xfffffffe, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x351e, 0x0, 0xfffffffd, 0x0, 0x0, 0x6492, 0x8], [0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x200000, 0x0, 0x0, 0x10, 0x0, 0x0, 0x804, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x40, 0xd67c, 0x2, 0x0, 0x4, 0x0, 0xfd32, 0x6, 0x0, 0x0, 0x0, 0x2, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0xc0ac, 0x0, 0x0, 0x0, 0x100000]}, 0x45c)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r0, 0x0, 0x0)

1.873172953s ago: executing program 2 (id=288):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
r2 = open_tree(0xffffffffffffff9c, 0x0, 0x89901)
mount_setattr(r2, &(0x7f0000001d80)='.\x00', 0x8000, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0)
openat(r6, 0x0, 0x6a1c2, 0x50)
recvmmsg(r3, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r5, 0x0, 0x10, &(0x7f0000000400)={{{@in6=@mcast1, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in=@initdev}, 0x0, @in=@empty}}, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x1018ef8, &(0x7f0000000d40)={[{@data_writeback}, {@noauto_da_alloc}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x20}}, {@noload}, {@journal_dev={'journal_dev', 0x3d, 0x80000000000004}}, {@nodiscard}, {@errors_continue}, {@quota}], [{@dont_appraise}, {@uid_gt={'uid>', 0xee01}}, {@euid_lt={'euid<', r7}}, {@dont_measure}, {@smackfsfloor={'smackfsfloor', 0x3d, '](&/&\\g+..$+,'}}]}, 0x1, 0x644, &(0x7f00000006c0)="$eJzs3c9rHG0dAPDvzCZ5kzS+6SsiNigGPLQgTZNarHqxrQd7KFiwBxEPDU1SQ7c/SFKwtdAEPCgoiHgt0ov/gHfp3ZsI6s2zUEUqFrR0ZWZnm81mN7ttsrtJ5vOBzT7zzLN5nm9mn8wzM/vsBFBas9mPNOJUxNubScR007qpqK+cLcq9+teTW9kjiVrtu/9MIinyGuWT4vlEsTAeEX+8EvHpyu561x89vrNYrdU9jTi3cffBufVHj8+u3l28vXx7+d7C+a9duDj/9YULC00N/XAniuer177z+V/85IdfXflT9WwSl+LG6I+XoiWOgzIbs/G2CLE5fyQiLmaJNn+Xo+YYhFBqleL9OBoRn43pqORLddOx+vOhNg7oq1olora3pFsB4KjSvaGsGuOAxrF9b8fBN/o8Khmcl5frB0C74x8pTjmM58dGk6+SpiOj+rmNkwdQf1bHmyfjz948mXkWO85DvH63dUYOoJ5ONrci4nPt4k/ytp3MI83iT3cc6ycRMR8RY0X7vrWPNiRN6X6ch9lLj/FXsvibt0MaEZeK5yz/ygfW33paa9DxA1BOLy4XO/LNbGl7/5eNPRrjn9ge/zxtvG5q/5dkcsPe/3Ue/zX29+P5uCdtGYdlY5br7X/laGvG33529Ved6q+P/2aeNR5Z/Y2x4CC83IqYaYn/p1mwxfgniz9pM/7Nity81Fsd3/7zP652Wjfs+GvPI063Pf7ZHpVmqT2uT55bWa0uz9d/tq3j93/4wW871d8+/o/6EGl72faf7BB/0/ZPW1+X/U0etP+VW60Zv7v+/G6n+qe6bv/072NJ/XhzrMj50dbGxtpCxFhyrShS5C9ubKyd3zveepnXtfx5oR7/mS+17/873v8tUU00/mX24MH37rzqtO5D3v9NF5Pf1npsQydZ/Evdt/+u/p/l/bLHOv7z/Ydf6LSuffzJvmICAAAAAACAskrza7BJOvcunaZzc/X5sp+JybR6f33jyyv3H95bijiTfx5yNI00yT8yMl1fTlZWq8sLxedhG8vnW5a/EhGfRMSvKxP58tyt+9WlYQcPAAAAAAAAAAAAAAAAAAAAh8SJYv5/4z7V/67U5/8DJdH9BnO77v8AHBP9vMEkcLjl/X+vXfzHg2sLMFj2/1Be+j+Ul/4P5aX/Q3np/1Be+j+Ul/4P5aX/AwAAAMCx9MkXX/w1iYjNb0zkj8xYsc6kXzjeRt+rdKVv7QAGT4+G8np36d9gH0qnp/H/f4svB+x/c4AhSNpl5oOD2t6d/0XbV27b2n/bAAAAAAAAAAAAAIC606c6z/9/v7nBwFFj2h+U1z7m//vqADjifPU/lJdjfKDLLP4Y77Si2/x/AAAAAAAAAAAAAODATOWPJJ0r5gJPRZrOzUV8KiJOxmiyslpdno+IjyPiL5XRj7LlhWE3GgAAAAAAAAAAAAAAAAAAAI6Z9UeP7yxWq8trzYn/7co53onGXVC7F671UGbPxDfjPV8VyeD/LBMRMfSN0rfESFNOErGZbflD0bC19TgczcgTQ/7HBAAAAAAAAAAAAAAAAAAAJdQ097i9md8MuEUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMHjb9//vkliarL+gp8I7E8OOEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4mv4fAAD//6AzO/k=")
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0180000000000000000001000000000000000b00000000030014"], 0x28}}, 0x40000)

1.326322985s ago: executing program 1 (id=289):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6(0xa, 0x2, 0x0)
mount(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0)
chroot(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r4}, 0x10)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
fcntl$dupfd(r0, 0x0, r0)

1.260247786s ago: executing program 3 (id=290):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32, @ANYBLOB="08002600940900000800b70099"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="90000000", @ANYRES16=r2, @ANYBLOB="010026bd7000000000003b00000008000300", @ANYRES32, @ANYBLOB="0600cd00000000006c003300802009000802110000010802110000005050505050515f00ffffffffffffffff64000010000601010101010103012c0602ff0105030597052a01042d1a00041602000000000000007b00470011000000000000010000017107690001000107207606"], 0x90}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

1.103468898s ago: executing program 3 (id=291):
setitimer(0x0, &(0x7f0000000440)={{0x0, 0xea60}, {0x77359400}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r3 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4)
setsockopt$inet6_int(r3, 0x29, 0x31, 0x0, 0x0)
sendmmsg$inet6(r3, &(0x7f0000000e00)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0}}], 0x1, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000009, 0x12, 0xffffffffffffffff, 0x0)
recvmmsg(r3, 0x0, 0x0, 0x12141, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

3.04613ms ago: executing program 1 (id=292):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x840}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0xffffffffffffffff}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x33}, @in=@broadcast, {}, {0x0, 0x0, 0x0, 0xfffffffffffffffd}, {}, 0x0, 0x0, 0x2}}}, 0xf8}}, 0x0)

0s ago: executing program 3 (id=293):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000080)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "560400", 0x18, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x0, 0x0, 0x4, {[@mss={0x2, 0x4}]}}}}}}}}, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffff5f, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44\x8cm\xa0\x8dN\xd4\xa2\x88\x00\xd1l,'}, 0x30)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x80082, 0x0)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x11, r2, 0xfffffffffaa23000)
r3 = syz_open_dev$evdev(&(0x7f000001fa80), 0x20000000, 0x0)
ioctl$EVIOCSCLOCKID(r3, 0x40084504, &(0x7f0000ffcffc))
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00')
getdents64(r4, &(0x7f0000002f40)=""/4098, 0x1002)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, 0x0, 0x0)
r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r7 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r7, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r7, 0x0, 0xca, &(0x7f0000003d80)={0x1, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
setsockopt$inet_mreq(r6, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @address_request}}}}, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000080)=ANY=[], 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.60' (ED25519) to the list of known hosts.
[   62.142380][ T5770] cgroup: Unknown subsys name 'net'
[   62.287923][ T5770] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   63.616605][ T5770] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   65.089292][ T5791] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   65.093056][ T5793] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   65.097178][ T5791] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   65.104579][ T5793] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   65.113611][ T5791] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   65.118556][ T5793] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   65.125901][ T5791] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   65.133625][ T5794] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   65.139561][ T5791] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   65.154132][ T5791] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   65.161801][ T5791] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   65.169201][ T5794] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   65.169838][ T5791] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   65.185995][ T5791] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   65.191155][ T5792] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   65.193339][ T5791] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   65.208521][ T5791] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   65.215987][ T5792] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   65.226429][ T5792] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   65.233803][ T5791] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   65.233942][ T5792] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   65.241471][ T5791] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   65.257280][ T5791] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   65.273272][   T50] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   65.625238][ T5780] chnl_net:caif_netlink_parms(): no params data found
[   65.640620][ T5782] chnl_net:caif_netlink_parms(): no params data found
[   65.836822][ T5783] chnl_net:caif_netlink_parms(): no params data found
[   65.860086][ T5780] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.867509][ T5780] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.875449][ T5780] bridge_slave_0: entered allmulticast mode
[   65.882363][ T5780] bridge_slave_0: entered promiscuous mode
[   65.889795][ T5782] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.896977][ T5782] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.904694][ T5782] bridge_slave_0: entered allmulticast mode
[   65.911270][ T5782] bridge_slave_0: entered promiscuous mode
[   65.929192][ T5781] chnl_net:caif_netlink_parms(): no params data found
[   65.952383][ T5780] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.959499][ T5780] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.966934][ T5780] bridge_slave_1: entered allmulticast mode
[   65.973698][ T5780] bridge_slave_1: entered promiscuous mode
[   65.989007][ T5782] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.996417][ T5782] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.003792][ T5782] bridge_slave_1: entered allmulticast mode
[   66.010358][ T5782] bridge_slave_1: entered promiscuous mode
[   66.065338][ T5782] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   66.080975][ T5782] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   66.093155][ T5780] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   66.105778][ T5780] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   66.170829][ T5783] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.178325][ T5783] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.186366][ T5783] bridge_slave_0: entered allmulticast mode
[   66.193548][ T5783] bridge_slave_0: entered promiscuous mode
[   66.224717][ T5783] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.232128][ T5783] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.239239][ T5783] bridge_slave_1: entered allmulticast mode
[   66.246512][ T5783] bridge_slave_1: entered promiscuous mode
[   66.256938][ T5782] team0: Port device team_slave_0 added
[   66.265378][ T5782] team0: Port device team_slave_1 added
[   66.274148][ T5780] team0: Port device team_slave_0 added
[   66.310231][ T5780] team0: Port device team_slave_1 added
[   66.366597][ T5781] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.373890][ T5781] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.380991][ T5781] bridge_slave_0: entered allmulticast mode
[   66.388710][ T5781] bridge_slave_0: entered promiscuous mode
[   66.397493][ T5783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   66.409351][ T5783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   66.420585][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.427805][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.453742][ T5782] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.465878][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.472969][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.498932][ T5780] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.510262][ T5781] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.517570][ T5781] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.524896][ T5781] bridge_slave_1: entered allmulticast mode
[   66.532605][ T5781] bridge_slave_1: entered promiscuous mode
[   66.547943][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.555020][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.581271][ T5782] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.598258][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.605555][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.631724][ T5780] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.700038][ T5781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   66.712143][ T5783] team0: Port device team_slave_0 added
[   66.720393][ T5783] team0: Port device team_slave_1 added
[   66.736387][ T5781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   66.779619][ T5782] hsr_slave_0: entered promiscuous mode
[   66.786173][ T5782] hsr_slave_1: entered promiscuous mode
[   66.832195][ T5780] hsr_slave_0: entered promiscuous mode
[   66.838429][ T5780] hsr_slave_1: entered promiscuous mode
[   66.844839][ T5780] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   66.853690][ T5780] Cannot create hsr debugfs directory
[   66.873300][ T5781] team0: Port device team_slave_0 added
[   66.886413][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.893681][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.919687][ T5783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.932352][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.939297][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.965323][ T5783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.987790][ T5781] team0: Port device team_slave_1 added
[   67.053874][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_0
[   67.060813][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   67.087263][ T5781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   67.133970][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_1
[   67.140920][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   67.168130][ T5781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   67.209923][ T5783] hsr_slave_0: entered promiscuous mode
[   67.216233][ T5783] hsr_slave_1: entered promiscuous mode
[   67.222604][ T5791] Bluetooth: hci1: command tx timeout
[   67.228248][ T5783] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   67.235851][ T5783] Cannot create hsr debugfs directory
[   67.296756][ T5781] hsr_slave_0: entered promiscuous mode
[   67.302530][ T5791] Bluetooth: hci3: command tx timeout
[   67.308676][ T5781] hsr_slave_1: entered promiscuous mode
[   67.312839][ T5791] Bluetooth: hci0: command tx timeout
[   67.319773][ T5781] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   67.327876][ T5781] Cannot create hsr debugfs directory
[   67.382010][ T5791] Bluetooth: hci2: command tx timeout
[   67.540683][ T5780] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   67.550946][ T5780] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   67.572452][ T5780] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   67.587634][ T5780] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   67.659139][ T5782] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   67.676136][ T5782] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   67.686041][ T5782] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   67.697209][ T5782] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   67.774836][ T5783] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   67.785782][ T5783] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   67.795785][ T5783] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   67.809449][ T5783] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   67.904374][ T5781] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   67.914879][ T5781] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   67.926323][ T5781] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   67.937408][ T5781] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   67.993148][ T5780] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.038308][ T5782] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.075829][ T5780] 8021q: adding VLAN 0 to HW filter on device team0
[   68.088783][   T48] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.096077][   T48] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.121185][ T5782] 8021q: adding VLAN 0 to HW filter on device team0
[   68.149247][ T1080] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.156400][ T1080] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.166338][ T1080] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.173497][ T1080] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.188494][ T1080] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.195595][ T1080] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.258251][ T5783] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.281324][ T5781] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.326174][ T5781] 8021q: adding VLAN 0 to HW filter on device team0
[   68.338399][ T5783] 8021q: adding VLAN 0 to HW filter on device team0
[   68.351088][   T48] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.358220][   T48] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.372314][ T5780] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   68.400251][   T48] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.407349][   T48] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.417392][   T48] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.424514][   T48] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.463507][   T48] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.470640][   T48] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.806513][ T5780] 8021q: adding VLAN 0 to HW filter on device batadv0
[   68.929630][ T5780] veth0_vlan: entered promiscuous mode
[   68.946264][ T5782] 8021q: adding VLAN 0 to HW filter on device batadv0
[   68.983324][ T5780] veth1_vlan: entered promiscuous mode
[   68.996148][ T5783] 8021q: adding VLAN 0 to HW filter on device batadv0
[   69.037346][ T5781] 8021q: adding VLAN 0 to HW filter on device batadv0
[   69.063657][ T5780] veth0_macvtap: entered promiscuous mode
[   69.090327][ T5780] veth1_macvtap: entered promiscuous mode
[   69.105415][ T5782] veth0_vlan: entered promiscuous mode
[   69.131571][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_0
[   69.157164][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_1
[   69.170251][ T5782] veth1_vlan: entered promiscuous mode
[   69.188094][ T5780] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   69.197286][ T5780] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   69.206685][ T5780] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   69.216110][ T5780] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   69.229245][ T5783] veth0_vlan: entered promiscuous mode
[   69.260905][ T5783] veth1_vlan: entered promiscuous mode
[   69.281309][ T5781] veth0_vlan: entered promiscuous mode
[   69.304500][ T5791] Bluetooth: hci1: command tx timeout
[   69.317080][ T5781] veth1_vlan: entered promiscuous mode
[   69.354403][ T5783] veth0_macvtap: entered promiscuous mode
[   69.382409][ T5791] Bluetooth: hci0: command tx timeout
[   69.382688][ T5789] Bluetooth: hci3: command tx timeout
[   69.396230][ T5782] veth0_macvtap: entered promiscuous mode
[   69.416450][ T5782] veth1_macvtap: entered promiscuous mode
[   69.425482][ T5783] veth1_macvtap: entered promiscuous mode
[   69.460869][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.462232][ T5781] veth0_macvtap: entered promiscuous mode
[   69.475516][ T5789] Bluetooth: hci2: command tx timeout
[   69.487605][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.495877][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   69.507312][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   69.518119][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_0
[   69.534662][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   69.545771][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   69.556113][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   69.566716][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   69.578694][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_0
[   69.598435][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   69.609051][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   69.620243][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_1
[   69.639171][ T5781] veth1_macvtap: entered promiscuous mode
[   69.648544][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   69.659834][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   69.671087][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   69.681615][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   69.693611][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_1
[   69.714486][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.729518][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.737020][ T5783] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   69.749521][ T5783] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   69.768100][ T5783] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   69.777574][ T5783] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   69.802122][ T5782] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   69.811514][ T5782] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   69.821646][ T5782] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   69.830466][ T5782] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   69.849300][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   69.861216][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   69.871700][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   69.882371][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   69.892260][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   69.902750][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   69.916726][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_0
[   69.939972][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   69.951634][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   69.966058][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   69.976821][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   69.986678][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   69.997706][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   70.009109][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_1
[   70.057415][ T5781] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   70.068072][ T5781] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   70.077036][ T5781] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   70.085777][ T5781] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   70.200647][ T1080] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   70.232600][ T1080] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   70.310056][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   70.330628][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   70.378052][   T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   70.407962][   T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   70.427643][   T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   70.450944][   T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   70.577924][ T3542] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   70.577957][ T3542] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   70.593982][ T3542] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   70.671795][ T3542] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   70.709757][ T5881] syz.0.6[5881]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   70.962325][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   71.095132][ T5884] loop3: detected capacity change from 0 to 128
[   71.108943][ T5888] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2'.
[   71.740047][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   71.748655][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[   71.755694][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[   71.772707][ T5791] Bluetooth: hci0: command tx timeout
[   71.778630][   T50] Bluetooth: hci3: command tx timeout
[   71.787236][ T5792] Bluetooth: hci2: command tx timeout
[   71.793049][ T5789] Bluetooth: hci1: command tx timeout
[   71.908754][ T5884] FAT-fs (loop3): error, corrupted directory (invalid entries)
[   72.047512][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   72.068021][ T5888] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2'.
[   72.147357][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   72.351996][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   72.367033][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   72.761683][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   72.867166][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   72.967008][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   72.980561][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   74.489345][ T5103] Bluetooth: hci4: Opcode 0x1003 failed: -110
[   74.496227][ T5787] Bluetooth: hci1: command tx timeout
[   74.501704][ T5787] Bluetooth: hci2: command tx timeout
[   74.510281][ T5787] Bluetooth: hci3: command tx timeout
[   74.516602][ T5789] Bluetooth: hci0: command tx timeout
[   74.522739][ T5787] Bluetooth: hci4: command 0x1003 tx timeout
[   74.930854][ T5904] netlink: 132 bytes leftover after parsing attributes in process `syz.1.10'.
[   75.192486][ T5910] netlink: 84 bytes leftover after parsing attributes in process `syz.2.13'.
[   76.887377][ T5922] loop2: detected capacity change from 0 to 1764
[   78.275852][ T5920] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10)
[   78.282656][ T5920] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[   78.291504][ T5920] vhci_hcd vhci_hcd.0: Device attached
[   78.394978][ T5927] vhci_hcd: connection closed
[   78.396691][ T3509] vhci_hcd: stop threads
[   78.412612][ T3509] vhci_hcd: release socket
[   78.422172][ T3509] vhci_hcd: disconnect device
[   78.897211][ T5933] netlink: 3 bytes leftover after parsing attributes in process `syz.1.17'.
[   79.757167][ T5937] loop2: detected capacity change from 0 to 1764
[   80.482845][ T5941] netlink: 132 bytes leftover after parsing attributes in process `syz.2.21'.
[   81.214312][ T5948] netlink: 'syz.2.22': attribute type 13 has an invalid length.
[   81.228731][ T5948] gretap0: refused to change device tx_queue_len
[   81.235535][ T5948] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   81.741330][   T28] cfg80211: failed to load regulatory.db
[   81.831749][ T5954] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   81.870398][ T5954] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   82.336832][ T5964] loop3: detected capacity change from 0 to 1024
[   82.359777][ T5964] =======================================================
[   82.359777][ T5964] WARNING: The mand mount option has been deprecated and
[   82.359777][ T5964]          and is ignored by this kernel. Remove the mand
[   82.359777][ T5964]          option from the mount to silence this warning.
[   82.359777][ T5964] =======================================================
[   84.292745][ T5972] fuse: Unknown parameter 'group_id00000000000000000000'
[   84.322358][ T5103] Bluetooth: Unknown LE signaling command 0x67
[   84.328834][ T5103] Bluetooth: Wrong link type (-22)
[   88.912988][ T6013] loop1: detected capacity change from 0 to 1764
[   89.528508][ T6013] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10)
[   89.535145][ T6013] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[   89.543515][ T6013] vhci_hcd vhci_hcd.0: Device attached
[   89.626425][ T6014] vhci_hcd: connection closed
[   89.636202][ T3479] vhci_hcd: stop threads
[   89.666669][ T3479] vhci_hcd: release socket
[   89.671199][ T3479] vhci_hcd: disconnect device
[   89.717746][ T5103] Bluetooth: Unknown LE signaling command 0x67
[   89.725124][ T5103] Bluetooth: Wrong link type (-22)
[   92.645125][ T6023] fuse: Bad value for 'user_id'
[   94.135322][ T5103] Bluetooth: Unknown LE signaling command 0x67
[   94.141646][ T5103] Bluetooth: Wrong link type (-22)
[   95.168634][ T6055] loop3: detected capacity change from 0 to 1764
[   95.482090][ T6054] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10)
[   95.488725][ T6054] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[   95.497190][ T6054] vhci_hcd vhci_hcd.0: Device attached
[   95.610569][ T6058] vhci_hcd: connection closed
[   95.610795][ T3509] vhci_hcd: stop threads
[   95.624665][ T3509] vhci_hcd: release socket
[   95.633226][ T3509] vhci_hcd: disconnect device
[   95.640288][ T6061] loop0: detected capacity change from 0 to 1024
[   95.910975][ T5878] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   99.133487][ T6074] fuse: Bad value for 'user_id'
[  100.373648][ T5103] Bluetooth: Unknown LE signaling command 0x67
[  100.380133][ T5103] Bluetooth: Wrong link type (-22)
[  101.178097][ T6097] loop2: detected capacity change from 0 to 1764
[  101.501652][ T6097] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10)
[  101.508291][ T6097] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  101.516183][ T6097] vhci_hcd vhci_hcd.0: Device attached
[  101.594424][ T6098] vhci_hcd: connection closed
[  101.594896][   T48] vhci_hcd: stop threads
[  101.665206][   T48] vhci_hcd: release socket
[  101.688487][   T48] vhci_hcd: disconnect device
[  103.389207][ T6108] sched: RT throttling activated
[  105.326669][ T6118] loop3: detected capacity change from 0 to 164
[  106.520321][ T6114] fuse: Bad value for 'user_id'
[  106.851294][ T5103] Bluetooth: Unknown LE signaling command 0x67
[  106.858193][ T5103] Bluetooth: Wrong link type (-22)
[  107.656331][ T6124] loop3: detected capacity change from 0 to 40434
[  107.694506][ T6124] F2FS-fs (loop3): invalid crc_offset: 0
[  107.700638][ T6124] F2FS-fs (loop3): invalid crc_offset: 0
[  107.706825][ T6124] F2FS-fs (loop3): Failed to get valid F2FS checkpoint
[  108.363261][ T6140] loop2: detected capacity change from 0 to 1764
[  108.732729][ T6140] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10)
[  108.739373][ T6140] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  108.747328][ T6140] vhci_hcd vhci_hcd.0: Device attached
[  108.753053][ T6141] vhci_hcd: connection closed
[  108.757950][ T6057] vhci_hcd: stop threads
[  108.767855][ T6057] vhci_hcd: release socket
[  108.772404][ T6057] vhci_hcd: disconnect device
[  112.090525][ T6160] loop3: detected capacity change from 0 to 128
[  112.141200][ T6160] FAT-fs (loop3): error, corrupted directory (invalid entries)
[  112.497267][ T6162] fuse: Bad value for 'fd'
[  114.162978][ T6175] loop2: detected capacity change from 0 to 1024
[  115.838192][ T6179] loop0: detected capacity change from 0 to 1764
[  116.302819][ T6178] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10)
[  116.309459][ T6178] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  116.317320][ T6178] vhci_hcd vhci_hcd.0: Device attached
[  116.404833][ T6180] vhci_hcd: connection closed
[  116.405248][ T1080] vhci_hcd: stop threads
[  116.467788][ T1080] vhci_hcd: release socket
[  116.504569][ T1080] vhci_hcd: disconnect device
[  118.425357][ T6188] loop1: detected capacity change from 0 to 128
[  118.518644][ T6188] FAT-fs (loop1): error, corrupted directory (invalid entries)
[  120.082029][ T6200] netlink: 'syz.0.95': attribute type 13 has an invalid length.
[  121.185252][ T6190] fuse: Bad value for 'fd'
[  121.615558][ T6200] gretap0: refused to change device tx_queue_len
[  121.625644][ T6200] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  122.524761][ T6214] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9)
[  122.531313][ T6214] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  122.539894][ T6214] vhci_hcd vhci_hcd.0: Device attached
[  122.840231][ T6216] vhci_hcd: connection closed
[  122.866663][ T3542] vhci_hcd: stop threads
[  123.289524][ T6223] loop1: detected capacity change from 0 to 1024
[  123.385615][ T3542] vhci_hcd: release socket
[  123.390613][ T3542] vhci_hcd: disconnect device
[  123.391992][   T23] usb 34-1: SetAddress Request (2) to port 0
[  123.414753][   T23] usb 34-1: new SuperSpeed USB device number 2 using vhci_hcd
[  123.604089][ T5878] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  124.853169][ T6232] loop3: detected capacity change from 0 to 128
[  124.913254][ T6232] FAT-fs (loop3): error, corrupted directory (invalid entries)
[  126.583038][ T6246] loop1: detected capacity change from 0 to 164
[  128.329005][ T3479] Bluetooth: hci4: Frame reassembly failed (-84)
[  128.390051][ T6242] fuse: Bad value for 'fd'
[  128.902364][   T23] usb 34-1: device descriptor read/8, error -110
[  129.212183][   T23] usb 34-1: SetAddress Request (3) to port 0
[  129.242592][   T23] usb 34-1: new SuperSpeed USB device number 3 using vhci_hcd
[  130.295463][ T6265] loop0: detected capacity change from 0 to 1024
[  130.337092][ T5103] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  131.072644][ T6266] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9)
[  131.079195][ T6266] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  131.088036][ T6266] vhci_hcd vhci_hcd.0: Device attached
[  131.093722][ T6267] vhci_hcd: connection closed
[  131.094995][   T48] vhci_hcd: stop threads
[  131.419885][ T5878] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  131.456224][   T48] vhci_hcd: release socket
[  131.566514][   T48] vhci_hcd: disconnect device
[  133.223825][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  133.230198][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  133.438407][ T6282] loop3: detected capacity change from 0 to 164
[  134.103469][ T5878] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  134.366995][   T23] usb 34-1: device descriptor read/8, error -110
[  134.509195][   T23] usb usb34-port1: attempt power cycle
[  134.762142][   T23] usb 34-1: SetAddress Request (4) to port 0
[  134.768679][ T6297] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9)
[  134.775200][ T6297] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  134.783265][ T6297] vhci_hcd vhci_hcd.0: Device attached
[  134.876346][   T23] usb 34-1: new SuperSpeed USB device number 4 using vhci_hcd
[  135.146419][ T6298] vhci_hcd: connection closed
[  135.147537][ T3479] vhci_hcd: stop threads
[  135.192045][ T3479] vhci_hcd: release socket
[  135.205742][ T3479] vhci_hcd: disconnect device
[  135.242807][  T786] usb 40-1: enqueue for inactive port 0
[  135.812371][  T786] usb usb40-port1: attempt power cycle
[  136.339041][ T6310] loop0: detected capacity change from 0 to 1024
[  136.358301][ T6313] loop3: detected capacity change from 0 to 164
[  136.483996][ T5773] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  136.542031][ T5878] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  136.871980][  T786] usb usb40-port1: unable to enumerate USB device
[  140.219543][   T23] usb 34-1: device descriptor read/8, error -110
[  140.511921][   T23] usb 34-1: SetAddress Request (5) to port 0
[  140.518088][   T23] usb 34-1: new SuperSpeed USB device number 5 using vhci_hcd
[  141.035538][ T6333] loop1: detected capacity change from 0 to 40427
[  141.116855][ T6333] F2FS-fs (loop1): Found nat_bits in checkpoint
[  141.307432][ T6333] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  143.324244][ T6362] netlink: 'syz.3.143': attribute type 13 has an invalid length.
[  144.072294][ T6362] gretap0: refused to change device tx_queue_len
[  144.079042][ T6362] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  145.497377][ T6374] loop3: detected capacity change from 0 to 128
[  145.577624][ T6374] FAT-fs (loop3): error, corrupted directory (invalid entries)
[  145.632232][   T23] usb 34-1: device descriptor read/8, error -110
[  145.756149][   T23] usb usb34-port1: unable to enumerate USB device
[  148.518298][ T6403] loop0: detected capacity change from 0 to 128
[  148.607697][ T6403] FAT-fs (loop0): error, corrupted directory (invalid entries)
[  149.581678][ T6411] fuse: Invalid rootmode
[  151.413967][ T6436] loop0: detected capacity change from 0 to 40427
[  151.512341][ T6436] F2FS-fs (loop0): Found nat_bits in checkpoint
[  151.801531][ T6439] loop1: detected capacity change from 0 to 1024
[  151.810169][ T6436] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  152.964761][ T5878] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  153.963363][ T6452] fuse: Invalid rootmode
[  154.179976][ T6460] netlink: 'syz.3.172': attribute type 13 has an invalid length.
[  154.228940][ T6460] gretap0: refused to change device tx_queue_len
[  154.237585][ T6460] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  157.153915][ T6479] loop2: detected capacity change from 0 to 40427
[  157.278350][ T6479] F2FS-fs (loop2): Found nat_bits in checkpoint
[  157.351503][ T6479] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  158.672167][ T6490] fuse: Invalid rootmode
[  159.308465][ T6502] netlink: 'syz.0.184': attribute type 13 has an invalid length.
[  159.868633][ T6502] gretap0: refused to change device tx_queue_len
[  159.877434][ T6502] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  162.520550][ T6526] loop3: detected capacity change from 0 to 40427
[  163.263387][ T6526] F2FS-fs (loop3): Found nat_bits in checkpoint
[  163.312099][ T6526] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  163.993382][ T6536] fuse: Bad value for 'rootmode'
[  165.387008][ T6552] loop3: detected capacity change from 0 to 1024
[  165.621885][ T5773] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  169.273429][ T6585] fuse: Bad value for 'rootmode'
[  175.606370][ T6623] fuse: Bad value for 'rootmode'
[  179.196943][ T6056] Bluetooth: hci4: Frame reassembly failed (-84)
[  180.611304][ T6659] loop2: detected capacity change from 0 to 1024
[  181.241987][ T5789] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  183.648009][ T6664] loop3: detected capacity change from 0 to 40427
[  183.695826][ T6664] F2FS-fs (loop3): Found nat_bits in checkpoint
[  183.820979][ T6664] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  188.379130][ T6705] loop0: detected capacity change from 0 to 1024
[  189.150026][ T5878] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  189.788883][ T6712] netlink: 137592 bytes leftover after parsing attributes in process `syz.2.241'.
[  191.301928][ T5791] Bluetooth: hci3: command 0x0406 tx timeout
[  191.315245][ T5789] Bluetooth: hci2: command 0x0406 tx timeout
[  191.321373][ T5789] Bluetooth: hci1: command 0x0406 tx timeout
[  191.322761][ T5791] Bluetooth: hci0: command 0x0406 tx timeout
[  191.604861][ T6734] loop1: detected capacity change from 0 to 1024
[  192.416131][ T5878] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  194.962716][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  194.969076][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  196.168910][ T6776] loop0: detected capacity change from 0 to 1024
[  196.242001][ T5878] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  198.956395][ T6800] netlink: set zone limit has 8 unknown bytes
[  202.935114][ T6847] loop2: detected capacity change from 0 to 1024
[  204.065322][ T6855] ==================================================================
[  204.073422][ T6855] BUG: KASAN: slab-use-after-free in xfrm_alloc_spi+0x598/0x11f0
[  204.081164][ T6855] Read of size 4 at addr ffff8880760bd8a0 by task syz.1.292/6855
[  204.088878][ T6855] 
[  204.091214][ T6855] CPU: 0 PID: 6855 Comm: syz.1.292 Not tainted syzkaller #0
[  204.098499][ T6855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  204.108569][ T6855] Call Trace:
[  204.111855][ T6855]  <TASK>
[  204.114798][ T6855]  dump_stack_lvl+0x16c/0x230
[  204.119491][ T6855]  ? __lock_acquire+0x7c80/0x7c80
[  204.124531][ T6855]  ? show_regs_print_info+0x20/0x20
[  204.129744][ T6855]  ? load_image+0x3b0/0x3b0
[  204.134265][ T6855]  ? __virt_addr_valid+0x469/0x540
[  204.139389][ T6855]  print_report+0xac/0x220
[  204.143821][ T6855]  ? xfrm_alloc_spi+0x598/0x11f0
[  204.148774][ T6855]  kasan_report+0x117/0x150
[  204.153289][ T6855]  ? xfrm_alloc_spi+0x598/0x11f0
[  204.158237][ T6855]  xfrm_alloc_spi+0x598/0x11f0
[  204.163018][ T6855]  ? xfrm_alloc_spi+0x2a1/0x11f0
[  204.167962][ T6855]  ? verify_spi_info+0x120/0x120
[  204.172911][ T6855]  ? xfrm_find_acq+0x79/0x90
[  204.177515][ T6855]  xfrm_alloc_userspi+0x5d1/0xa90
[  204.182547][ T6855]  ? end_current_label_crit_section+0x170/0x170
[  204.188798][ T6855]  ? apparmor_capable+0x137/0x1a0
[  204.193830][ T6855]  ? xfrm_dump_policy_done+0x90/0x90
[  204.199130][ T6855]  ? __nla_parse+0x40/0x50
[  204.203565][ T6855]  xfrm_user_rcv_msg+0x596/0x870
[  204.208510][ T6855]  ? lockdep_hardirqs_on+0x98/0x150
[  204.213727][ T6855]  ? xfrm_netlink_rcv+0x90/0x90
[  204.218598][ T6855]  ? __local_bh_enable_ip+0x12e/0x1c0
[  204.223985][ T6855]  ? __dev_queue_xmit+0x245/0x35a0
[  204.229098][ T6855]  ? __mutex_trylock_common+0x153/0x250
[  204.234642][ T6855]  netlink_rcv_skb+0x216/0x480
[  204.239394][ T6855]  ? xfrm_netlink_rcv+0x90/0x90
[  204.244227][ T6855]  ? netlink_ack+0x1110/0x1110
[  204.248983][ T6855]  ? netlink_deliver_tap+0x2e/0x1b0
[  204.254169][ T6855]  ? __lock_acquire+0x7c80/0x7c80
[  204.259181][ T6855]  xfrm_netlink_rcv+0x79/0x90
[  204.263884][ T6855]  netlink_unicast+0x751/0x8d0
[  204.268637][ T6855]  netlink_sendmsg+0x8c1/0xbe0
[  204.273392][ T6855]  ? netlink_getsockopt+0x580/0x580
[  204.278580][ T6855]  ? aa_sock_msg_perm+0x94/0x150
[  204.283501][ T6855]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  204.288769][ T6855]  ? security_socket_sendmsg+0x80/0xa0
[  204.294210][ T6855]  ? netlink_getsockopt+0x580/0x580
[  204.299392][ T6855]  ____sys_sendmsg+0x5bf/0x950
[  204.304147][ T6855]  ? __asan_memset+0x22/0x40
[  204.308726][ T6855]  ? __sys_sendmsg_sock+0x30/0x30
[  204.313739][ T6855]  ? __import_iovec+0x5f2/0x860
[  204.318585][ T6855]  ? import_iovec+0x73/0xa0
[  204.323074][ T6855]  ___sys_sendmsg+0x220/0x290
[  204.327737][ T6855]  ? __sys_sendmsg+0x270/0x270
[  204.332509][ T6855]  __se_sys_sendmsg+0x1a5/0x270
[  204.337347][ T6855]  ? __x64_sys_sendmsg+0x80/0x80
[  204.342276][ T6855]  ? lockdep_hardirqs_on+0x98/0x150
[  204.347467][ T6855]  do_syscall_64+0x55/0xb0
[  204.351872][ T6855]  ? clear_bhb_loop+0x40/0x90
[  204.356540][ T6855]  ? clear_bhb_loop+0x40/0x90
[  204.361199][ T6855]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  204.367084][ T6855] RIP: 0033:0x7fd6e238eec9
[  204.371495][ T6855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  204.391089][ T6855] RSP: 002b:00007fd6e3172038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  204.399486][ T6855] RAX: ffffffffffffffda RBX: 00007fd6e25e5fa0 RCX: 00007fd6e238eec9
[  204.407443][ T6855] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000003
[  204.415394][ T6855] RBP: 00007fd6e2411f91 R08: 0000000000000000 R09: 0000000000000000
[  204.423348][ T6855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  204.431303][ T6855] R13: 00007fd6e25e6038 R14: 00007fd6e25e5fa0 R15: 00007ffff58a4a38
[  204.439260][ T6855]  </TASK>
[  204.442261][ T6855] 
[  204.444577][ T6855] Allocated by task 6177:
[  204.448883][ T6855]  kasan_set_track+0x4e/0x70
[  204.453457][ T6855]  __kasan_slab_alloc+0x6c/0x80
[  204.458289][ T6855]  slab_post_alloc_hook+0x6e/0x4d0
[  204.463382][ T6855]  kmem_cache_alloc+0x11e/0x2e0
[  204.468216][ T6855]  xfrm_state_alloc+0x22/0x2a0
[  204.472963][ T6855]  __find_acq_core+0x7d8/0x19d0
[  204.477799][ T6855]  xfrm_find_acq+0x6a/0x90
[  204.482195][ T6855]  xfrm_alloc_userspi+0x57a/0xa90
[  204.487198][ T6855]  xfrm_user_rcv_msg+0x596/0x870
[  204.492114][ T6855]  netlink_rcv_skb+0x216/0x480
[  204.496881][ T6855]  xfrm_netlink_rcv+0x79/0x90
[  204.501547][ T6855]  netlink_unicast+0x751/0x8d0
[  204.506295][ T6855]  netlink_sendmsg+0x8c1/0xbe0
[  204.511049][ T6855]  ____sys_sendmsg+0x5bf/0x950
[  204.515806][ T6855]  ___sys_sendmsg+0x220/0x290
[  204.520472][ T6855]  __se_sys_sendmsg+0x1a5/0x270
[  204.525314][ T6855]  do_syscall_64+0x55/0xb0
[  204.529724][ T6855]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  204.535617][ T6855] 
[  204.537925][ T6855] The buggy address belongs to the object at ffff8880760bd800
[  204.537925][ T6855]  which belongs to the cache xfrm_state of size 848
[  204.551885][ T6855] The buggy address is located 160 bytes inside of
[  204.551885][ T6855]  freed 848-byte region [ffff8880760bd800, ffff8880760bdb50)
[  204.565678][ T6855] 
[  204.567988][ T6855] The buggy address belongs to the physical page:
[  204.574395][ T6855] page:ffffea0001d82f00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880760bdc00 pfn:0x760bc
[  204.585840][ T6855] head:ffffea0001d82f00 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  204.594767][ T6855] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  204.602753][ T6855] page_type: 0xffffffff()
[  204.607070][ T6855] raw: 00fff00000000840 ffff888140089000 dead000000000122 0000000000000000
[  204.615635][ T6855] raw: ffff8880760bdc00 000000008010000e 00000001ffffffff 0000000000000000
[  204.624210][ T6855] page dumped because: kasan: bad access detected
[  204.630628][ T6855] page_owner tracks the page as allocated
[  204.636325][ T6855] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 6160, tgid 6159 (syz.3.81), ts 112208748803, free_ts 112136493940
[  204.656805][ T6855]  post_alloc_hook+0x1cd/0x210
[  204.661564][ T6855]  get_page_from_freelist+0x195c/0x19f0
[  204.667098][ T6855]  __alloc_pages+0x1e3/0x460
[  204.671676][ T6855]  alloc_slab_page+0x5d/0x170
[  204.676339][ T6855]  new_slab+0x87/0x2e0
[  204.680394][ T6855]  ___slab_alloc+0xc6d/0x1300
[  204.685055][ T6855]  kmem_cache_alloc+0x1b7/0x2e0
[  204.689906][ T6855]  xfrm_state_alloc+0x22/0x2a0
[  204.694670][ T6855]  xfrm_state_find+0x2944/0x4510
[  204.699602][ T6855]  xfrm_resolve_and_create_bundle+0x727/0x2c20
[  204.705746][ T6855]  xfrm_lookup_with_ifid+0x261/0x19c0
[  204.711108][ T6855]  xfrm_lookup_route+0x3c/0x1b0
[  204.715947][ T6855]  rawv6_sendmsg+0xd07/0x17f0
[  204.720616][ T6855]  ____sys_sendmsg+0x5bf/0x950
[  204.725367][ T6855]  ___sys_sendmsg+0x220/0x290
[  204.730030][ T6855]  __sys_sendmmsg+0x275/0x4a0
[  204.734697][ T6855] page last free stack trace:
[  204.739351][ T6855]  free_unref_page_prepare+0x7ce/0x8e0
[  204.744814][ T6855]  free_unref_page+0x32/0x2e0
[  204.749475][ T6855]  __unfreeze_partials+0x1cf/0x210
[  204.754575][ T6855]  put_cpu_partial+0x17c/0x250
[  204.759339][ T6855]  __slab_free+0x31d/0x410
[  204.763761][ T6855]  qlist_free_all+0x75/0xe0
[  204.768254][ T6855]  kasan_quarantine_reduce+0x143/0x160
[  204.773703][ T6855]  __kasan_slab_alloc+0x22/0x80
[  204.778543][ T6855]  slab_post_alloc_hook+0x6e/0x4d0
[  204.783640][ T6855]  kmem_cache_alloc+0x11e/0x2e0
[  204.788478][ T6855]  getname_flags+0xbb/0x500
[  204.792968][ T6855]  do_sys_openat2+0xcb/0x1c0
[  204.797547][ T6855]  __x64_sys_openat+0x139/0x160
[  204.802382][ T6855]  do_syscall_64+0x55/0xb0
[  204.806796][ T6855]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  204.812680][ T6855] 
[  204.814988][ T6855] Memory state around the buggy address:
[  204.820596][ T6855]  ffff8880760bd780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  204.828640][ T6855]  ffff8880760bd800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  204.836681][ T6855] >ffff8880760bd880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  204.844721][ T6855]                                ^
[  204.849810][ T6855]  ffff8880760bd900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  204.857850][ T6855]  ffff8880760bd980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  204.865890][ T6855] ==================================================================
[  204.874073][ T6855] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  204.881268][ T6855] CPU: 0 PID: 6855 Comm: syz.1.292 Not tainted syzkaller #0
[  204.888557][ T6855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  204.898614][ T6855] Call Trace:
[  204.901894][ T6855]  <TASK>
[  204.904823][ T6855]  dump_stack_lvl+0x16c/0x230
[  204.909502][ T6855]  ? show_regs_print_info+0x20/0x20
[  204.914700][ T6855]  ? load_image+0x3b0/0x3b0
[  204.919212][ T6855]  panic+0x2c0/0x710
[  204.923114][ T6855]  ? bpf_jit_dump+0xd0/0xd0
[  204.927629][ T6855]  ? _raw_spin_unlock_irqrestore+0xa9/0x110
[  204.933518][ T6855]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  204.939405][ T6855]  ? _raw_spin_unlock+0x40/0x40
[  204.944249][ T6855]  ? print_memory_metadata+0x314/0x400
[  204.949707][ T6855]  ? xfrm_alloc_spi+0x598/0x11f0
[  204.954654][ T6855]  check_panic_on_warn+0x84/0xa0
[  204.959592][ T6855]  ? xfrm_alloc_spi+0x598/0x11f0
[  204.964527][ T6855]  end_report+0x6f/0x140
[  204.968770][ T6855]  kasan_report+0x128/0x150
[  204.973274][ T6855]  ? xfrm_alloc_spi+0x598/0x11f0
[  204.978216][ T6855]  xfrm_alloc_spi+0x598/0x11f0
[  204.982989][ T6855]  ? xfrm_alloc_spi+0x2a1/0x11f0
[  204.987933][ T6855]  ? verify_spi_info+0x120/0x120
[  204.992870][ T6855]  ? xfrm_find_acq+0x79/0x90
[  204.997461][ T6855]  xfrm_alloc_userspi+0x5d1/0xa90
[  205.002482][ T6855]  ? end_current_label_crit_section+0x170/0x170
[  205.008730][ T6855]  ? apparmor_capable+0x137/0x1a0
[  205.013753][ T6855]  ? xfrm_dump_policy_done+0x90/0x90
[  205.019034][ T6855]  ? __nla_parse+0x40/0x50
[  205.023456][ T6855]  xfrm_user_rcv_msg+0x596/0x870
[  205.028391][ T6855]  ? lockdep_hardirqs_on+0x98/0x150
[  205.033592][ T6855]  ? xfrm_netlink_rcv+0x90/0x90
[  205.038439][ T6855]  ? __local_bh_enable_ip+0x12e/0x1c0
[  205.043821][ T6855]  ? __dev_queue_xmit+0x245/0x35a0
[  205.048931][ T6855]  ? __mutex_trylock_common+0x153/0x250
[  205.054482][ T6855]  netlink_rcv_skb+0x216/0x480
[  205.059245][ T6855]  ? xfrm_netlink_rcv+0x90/0x90
[  205.064097][ T6855]  ? netlink_ack+0x1110/0x1110
[  205.068865][ T6855]  ? netlink_deliver_tap+0x2e/0x1b0
[  205.074063][ T6855]  ? __lock_acquire+0x7c80/0x7c80
[  205.079092][ T6855]  xfrm_netlink_rcv+0x79/0x90
[  205.083773][ T6855]  netlink_unicast+0x751/0x8d0
[  205.088549][ T6855]  netlink_sendmsg+0x8c1/0xbe0
[  205.093321][ T6855]  ? netlink_getsockopt+0x580/0x580
[  205.098520][ T6855]  ? aa_sock_msg_perm+0x94/0x150
[  205.103456][ T6855]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  205.108741][ T6855]  ? security_socket_sendmsg+0x80/0xa0
[  205.114197][ T6855]  ? netlink_getsockopt+0x580/0x580
[  205.119392][ T6855]  ____sys_sendmsg+0x5bf/0x950
[  205.124161][ T6855]  ? __asan_memset+0x22/0x40
[  205.128749][ T6855]  ? __sys_sendmsg_sock+0x30/0x30
[  205.133770][ T6855]  ? __import_iovec+0x5f2/0x860
[  205.138627][ T6855]  ? import_iovec+0x73/0xa0
[  205.143131][ T6855]  ___sys_sendmsg+0x220/0x290
[  205.147813][ T6855]  ? __sys_sendmsg+0x270/0x270
[  205.152600][ T6855]  __se_sys_sendmsg+0x1a5/0x270
[  205.157454][ T6855]  ? __x64_sys_sendmsg+0x80/0x80
[  205.162402][ T6855]  ? lockdep_hardirqs_on+0x98/0x150
[  205.167608][ T6855]  do_syscall_64+0x55/0xb0
[  205.172027][ T6855]  ? clear_bhb_loop+0x40/0x90
[  205.176704][ T6855]  ? clear_bhb_loop+0x40/0x90
[  205.181379][ T6855]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  205.187278][ T6855] RIP: 0033:0x7fd6e238eec9
[  205.191689][ T6855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  205.211300][ T6855] RSP: 002b:00007fd6e3172038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  205.219721][ T6855] RAX: ffffffffffffffda RBX: 00007fd6e25e5fa0 RCX: 00007fd6e238eec9
[  205.227697][ T6855] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000003
[  205.235670][ T6855] RBP: 00007fd6e2411f91 R08: 0000000000000000 R09: 0000000000000000
[  205.243642][ T6855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  205.251612][ T6855] R13: 00007fd6e25e6038 R14: 00007fd6e25e5fa0 R15: 00007ffff58a4a38
[  205.259587][ T6855]  </TASK>
[  205.262818][ T6855] Kernel Offset: disabled
[  205.267129][ T6855] Rebooting in 86400 seconds..