last executing test programs:

22m1.70033068s ago: executing program 1 (id=90):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e7", 0x9b}], 0x3, &(0x7f0000000380)}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

22m0.390445461s ago: executing program 1 (id=95):
r0 = creat(0x0, 0x8d)
socket$vsock_stream(0x28, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f00000000c0)={0x1})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r3, 0xffffffffffffffff, 0x0)

21m55.32005996s ago: executing program 1 (id=109):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r1, &(0x7f0000000440), &(0x7f0000000040)=@udp=r0}, 0x20)
recvfrom(r0, 0x0, 0x0, 0x12042, 0x0, 0x0)

21m54.443143953s ago: executing program 1 (id=111):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mount$cgroup2(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@favordynmods}]})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x2014800, 0x0)
getsockopt$inet_int(0xffffffffffffffff, 0x0, 0xf, 0x0, &(0x7f0000000080))
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r3, 0x0}, 0x20)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
mount$overlay(0x0, &(0x7f0000000280)='./cgroup.cpu/cgroup.procs\x00', &(0x7f00000000c0), 0x180011, &(0x7f0000000380)={[{@redirect_dir_nofollow}, {@redirect_dir_on}]})
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_DAEMON(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000000009000000440003800800010002000000140002007663616e300000000000000000000000080003000000000014000600ff"], 0x58}}, 0x0)

21m53.513924665s ago: executing program 1 (id=116):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="7800000010000304000000000000000000007400", @ANYRES32=0x0, @ANYBLOB="00000000600000005800128008000100677470004c000280080001", @ANYRES32=r1], 0x78}}, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r3 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000100)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x1, 0x0, 0x14}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1b, 0x1c, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x12}}, {0x4e24, 0x4e20, 0x8}}}, 0x2a)

21m51.124717152s ago: executing program 1 (id=122):
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000040)=0x90000)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
shutdown(0xffffffffffffffff, 0x0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x808}, 0x4040800)
openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r2, 0x40186f40, &(0x7f0000000080)={0x1, 0x0, 0xfffffffd, 0x0, 'syz1\x00', 0x5})

21m36.0667441s ago: executing program 32 (id=122):
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000040)=0x90000)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
shutdown(0xffffffffffffffff, 0x0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x808}, 0x4040800)
openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r2, 0x40186f40, &(0x7f0000000080)={0x1, 0x0, 0xfffffffd, 0x0, 'syz1\x00', 0x5})

15m3.543837125s ago: executing program 2 (id=1096):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x11000, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, 0x0, 0x0)
mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f0000000180)='.\x00', &(0x7f0000000140)='udf\x00', 0x1000040, 0x0)

15m2.215347263s ago: executing program 2 (id=1098):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setrlimit(0xf, &(0x7f0000000000)={0x1, 0x5})

14m58.567905281s ago: executing program 2 (id=1108):
sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$userio(0xffffffffffffff9c, 0x0, 0x80280, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000200)={0x2, 0xf}, 0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000010000004200000040"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240), &(0x7f00000003c0), 0x1003, r2}, 0x38)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8d40, 0x0)
ppoll(&(0x7f00000000c0)=[{r4, 0x1000}], 0x1, 0x0, 0x0, 0x0)
ioctl$TIOCPKT(r4, 0x5420, &(0x7f0000000300)=0xfffffffd)
ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000100)={0x0, 0xffffffff, 0x0, 0x4, 0x0, "00769a7d8200010000001495595915303d6000"})
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x101e01, 0x0)
socket$packet(0x11, 0x3, 0x300)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000001380)='ns/net\x00')
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000280)={0x0, 0xd, 0x0, 0x5, 0xffffffff, 0xfffffffd})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$inet(0x2, 0x2, 0x0)

14m51.566725679s ago: executing program 2 (id=1123):
socket$inet6_sctp(0xa, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
connect$x25(r1, &(0x7f0000000a80), 0x12)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
fsopen(&(0x7f0000000000)='cifs\x00', 0x0)

14m51.138585216s ago: executing program 2 (id=1125):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x40, 0x0, 0xfffffffb, 0x1, 0x0, 0x10000, 0x0, 0x0, {0x3}})
write$binfmt_script(r1, 0x0, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x48, 0x10, 0x401, 0x1, 0x0, {0x0, 0x0, 0x0, 0x0, 0xefff, 0x1040}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0x4}}}, @IFLA_IFNAME={0x14, 0x3, 'ip6gre0\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000380)=[{{&(0x7f0000000000)={0xa, 0x4e22, 0x4, @private1, 0xffffffff}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000040)="18", 0x1}], 0x1}}], 0x1, 0x0)
shutdown(0xffffffffffffffff, 0x1)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r6, 0x400455c8, 0x0)
bind$bt_hci(r5, 0x0, 0x0)

14m48.016452526s ago: executing program 2 (id=1129):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
recvmmsg(r0, &(0x7f0000001740)=[{{0x0, 0xc4, &(0x7f0000001400)=[{&(0x7f0000000400)=""/4096, 0x10c4}], 0x1}}], 0x4000210, 0x2, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0xd000}, 0x1, 0x0, 0x0, 0x10}, 0x0)

14m32.295979009s ago: executing program 33 (id=1129):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
recvmmsg(r0, &(0x7f0000001740)=[{{0x0, 0xc4, &(0x7f0000001400)=[{&(0x7f0000000400)=""/4096, 0x10c4}], 0x1}}], 0x4000210, 0x2, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0xd000}, 0x1, 0x0, 0x0, 0x10}, 0x0)

12m42.880772234s ago: executing program 0 (id=1463):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, 0x0)

12m41.800968623s ago: executing program 0 (id=1468):
r0 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000380)=@ethtool_dump={0x3e, 0x7f, 0xb5d, 0xa3, "63d43c664d9dff384fd1041b95e850c76af58b02433eb98788fe7cc75f0b337a8df438064aefaa4da1333ae999f7fbbffe5488237db51cdb3ea17ac5d69ef1a14242c48f45d287af6c9587b59937e9747991346043144ce6280e8cd7980a89992dee0881431dbe35aa0de9f7cadcd4f8937460126c5e2994138fbfb718d19efd06e608d790709ca294b03701cb49772a552fe8070f7e10bb9fdeebdfc6bd401e413941"}})
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
syz_io_uring_complete(0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102400, 0x19000)
syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x931e, 0x7780, 0x8000, 0xd6}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, 0x0, 0x0, 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$int_in(r6, 0x5452, 0x0)
syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r8 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r8, 0xc02064b2, &(0x7f0000000080)={0x8, 0x8169, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000280)={0x40, 0x403, 0xc})

12m38.627052912s ago: executing program 0 (id=1469):
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300))
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0)
socket$nl_crypto(0x10, 0x3, 0x15)
socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCXONC(r1, 0x540a, 0x0)
ioctl$TCSETSF2(r1, 0x402c542d, &(0x7f0000000040)={0x3, 0x4, 0x5, 0x2, 0x8, "5d2ca36a07330aee0c3d8b86dc41a6f45009d1", 0x2, 0x2})
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sysvipc/shm\x00', 0x0, 0x0)
preadv(r2, &(0x7f0000000480)=[{&(0x7f00000002c0)=""/23, 0x17}], 0x1, 0x2, 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='nr_inodes=1'])

12m30.936383719s ago: executing program 0 (id=1485):
socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(0xffffffffffffffff, 0x541b, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102384, 0x18ff0)
socket(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x14)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000440)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x8000}})
read$FUSE(r1, 0x0, 0x0)
syz_fuse_handle_req(r1, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)={0x20, 0x0, 0x3, {0x0, 0x1d}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

12m29.595736254s ago: executing program 0 (id=1490):
r0 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IMDELTIMER(0xffffffffffffffff, 0x80044941, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000740)={0x8180080, 0x0, 0x0, 0x0, {0x39}, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[0xffffffffffffffff], 0x1}, 0x58)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f00000003c0)={0x48, 0xc, r1, 0x0, 0x0, 0x200000000})
unshare(0x8000000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x4}}}, {0x14, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x9c}}, 0x0)

12m28.456678267s ago: executing program 0 (id=1493):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0)

12m12.324220432s ago: executing program 34 (id=1493):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0)

5m24.681064792s ago: executing program 6 (id=2943):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3cd2e7b3d6526bf5}}}, 0x54}}, 0x0)

5m24.535318741s ago: executing program 6 (id=2946):
r0 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
fsopen(&(0x7f0000000000)='exfat\x00', 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x44000, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom0\x00', 0x803, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000780))
r3 = gettid()
timer_create(0x4, &(0x7f0000533fa0)={0x0, 0x41, 0x800000000004, @tid=r3}, &(0x7f0000000340)=<r4=>0x0)
timer_settime(r4, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
prlimit64(r3, 0xa, &(0x7f0000000040)={0x2, 0xfffffdffffffffff}, &(0x7f00000001c0))
ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0xffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f909, 0x8000, '\x00', @p_u32=&(0x7f0000000080)=0x411b}})
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
r5 = shmget$private(0x0, 0x800000, 0x0, &(0x7f0000173000/0x800000)=nil)
shmat(r5, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
shmctl$SHM_UNLOCK(r5, 0xc)

5m23.399152035s ago: executing program 6 (id=2952):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x1, 0xbffffffd, 0x100, {{@in=@multicast1, @in6=@private0, 0x1, 0x314, 0x4e21, 0x9, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@remote, {0x0, 0x9, 0x6, 0xffff, 0x8251c, 0x2, 0xffffeffffffffff8}, {0x6, 0x0, 0x1f, 0x1ff}, {0x2, 0xfffffffc}, 0x70bd2e, 0x3504, 0xa, 0x1, 0xfc, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x10)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="380100001800010027bd700000010000fe880000000000000000000000000001fc010000000000000000000000000001000107144e230005000000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c00000000000000000000000000030000000000000000000000000004000000000000000600000000000000ffff0000000000001c250800000000000200000000000000f8ffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00000000000000feffffffffffffff02000000fcffffff000000002a132b79aa3500000a"], 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0)

5m23.288766999s ago: executing program 6 (id=2954):
openat$comedi(0xffffff9c, &(0x7f0000000080)='/dev/comedi1\x00', 0x2180, 0x0)
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
open_tree(0xffffffffffffff9c, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x42001)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet6(0xa, 0x805, 0x0)
ptrace$setregs(0xd, r0, 0x7531, &(0x7f0000000300))
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c0000001000010700000000000000000300002806000100"], 0x1c}}, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85513, &(0x7f0000002600)={{0x1, 0x2, 0x0, 0x0, 'syz0\x00'}, 0x1, [0xd, 0x0, 0x100000001, 0x3, 0x0, 0x10001, 0xff, 0x0, 0x1000000000000000, 0x100000000000000, 0x2, 0x0, 0x0, 0xffffffffffffffc0, 0x0, 0x3, 0x40000000000004, 0x0, 0x7, 0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0xc6c, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0xffffffff80000001, 0xdad, 0x0, 0x1, 0x7, 0x0, 0x8, 0x81, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x2, 0x0, 0x0, 0x3b, 0xffffffffffffffff, 0x0, 0x7b, 0x1, 0x3, 0x2, 0x0, 0x3, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xa, 0x0, 0x48a0, 0x0, 0x0, 0x4, 0x3, 0x8838, 0x0, 0x1, 0x4, 0x8000000, 0x2, 0x0, 0x3, 0xc291, 0x0, 0x40c, 0x0, 0x8000000000000020, 0x0, 0xfff, 0x8, 0x0, 0x5, 0x0, 0x1, 0x7, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x4, 0x0, 0x9, 0x0, 0x0, 0x3, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3f, 0x0, 0x7, 0x8001, 0x0, 0x1, 0x1000, 0x2, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x100009]})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES8, @ANYBLOB="000000000000800028"], 0x50}}, 0x4008840)
gettid()
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)

5m22.201124396s ago: executing program 6 (id=2956):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3cd2e7b3d6526bf5}}}, 0x54}}, 0x0)

5m21.760480441s ago: executing program 6 (id=2960):
r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', &(0x7f0000000340)={0x48000, 0x10, 0x1}, 0x18)
mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x1004, 0x1)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$usbmon(&(0x7f0000000000), 0x80000001, 0x82002)
r4 = syz_io_uring_setup(0x499, &(0x7f0000000400)={0x0, 0x7078, 0x0, 0xb, 0x284}, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r3, 0x0, 0x0})
io_uring_enter(r4, 0xe63, 0x0, 0x4, 0x0, 0x0)

5m6.520439209s ago: executing program 35 (id=2960):
r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', &(0x7f0000000340)={0x48000, 0x10, 0x1}, 0x18)
mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x1004, 0x1)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$usbmon(&(0x7f0000000000), 0x80000001, 0x82002)
r4 = syz_io_uring_setup(0x499, &(0x7f0000000400)={0x0, 0x7078, 0x0, 0xb, 0x284}, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r3, 0x0, 0x0})
io_uring_enter(r4, 0xe63, 0x0, 0x4, 0x0, 0x0)

9.556022443s ago: executing program 7 (id=4047):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket(0x2, 0x3, 0x1)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r0, 0x2)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, 0x0, 0x0)
accept4(r1, 0x0, 0x0, 0x800)
syz_emit_ethernet(0x4e, &(0x7f0000000600)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x18, 0x6, 0x1, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@fastopen={0x1e, 0x2}]}}}}}}}}, 0x0)

9.200991014s ago: executing program 7 (id=4048):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r0)
socket(0x23, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, 0x0)
r5 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r5, 0x29, 0x1d, 0x0, 0x0)
r6 = semget$private(0x0, 0x6, 0x40d)
semtimedop(r6, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0)
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x1000)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x664001)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_SET_COALESCE(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000080)={0x24, r9, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_COALESCE_RULE_CONDITION={0x8, 0x2, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x2400c891}, 0x0)
semop(r6, 0x0, 0x0)
semop(r6, &(0x7f0000001240)=[{}, {0x2, 0x0, 0x2000}], 0x2)
semctl$GETZCNT(r6, 0x1, 0xf, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

7.785782191s ago: executing program 7 (id=4049):
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4a, &(0x7f0000000040)=0x8, 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x7f, 0x584e4f53, 0x3, 0x2, 0x7, 0x7, 0x5, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000080))
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
ftruncate(r0, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvmmsg(r2, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
sendfile(r1, r0, 0x0, 0x578410eb)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc)

7.218673539s ago: executing program 4 (id=4051):
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x1000, 0x3, 0x1}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0/file0\x00', 0x1c0)
r1 = landlock_create_ruleset(&(0x7f00000000c0)={0x100}, 0x18, 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x200000, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000140)={0x100, r2}, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000240)={0x20}, 0x18, 0x0)
landlock_restrict_self(r3, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000300)='./file0/file0/file0\x00', 0x81c0, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000340)='./file0/file0/file0\x00', 0x0)

7.052473065s ago: executing program 3 (id=4052):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r3, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/rt_acct\x00')
r5 = socket(0x18, 0x800, 0x0)
sendfile(r5, r4, 0x0, 0x8)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r9, {0x4}, {}, {0x6, 0xffff}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}, @TCA_CHAIN={0x8, 0xb, 0x2}]}, 0x40}, 0x1, 0x0, 0x0, 0xc858}, 0x80)
sendmsg$nl_route_sched(r7, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdafd, {0x0, 0x0, 0x0, r9, {0xc, 0xc}, {0x0, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x4041080)
r10 = socket(0x400000000010, 0x3, 0x0)
r11 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r12, {0x4, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8848}, 0x80)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r7)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'})
syz_open_dev$tty1(0xc, 0x4, 0x1)

6.993360389s ago: executing program 4 (id=4053):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x11, 0x80a, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x11, 0x80a, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=r3, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c0002800800070003"], 0x3c}}, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181000b00000000010000000000000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaff0806"], 0x0)

6.395668677s ago: executing program 4 (id=4056):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)={0x34, 0x0, 0x1, 0x70ad2c, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x20, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x20}]}]}, 0x34}}, 0x0)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)={0x20, r1, 0x7, 0x70bd2b, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40050}, 0x0)

6.248237874s ago: executing program 7 (id=4057):
r0 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
fsopen(&(0x7f0000000000)='exfat\x00', 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x44000, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000780))
r3 = gettid()
timer_create(0x4, &(0x7f0000533fa0)={0x0, 0x41, 0x800000000004, @tid=r3}, &(0x7f0000000340)=<r4=>0x0)
timer_settime(r4, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
prlimit64(r3, 0xa, &(0x7f0000000040)={0x2, 0xfffffdffffffffff}, &(0x7f00000001c0))
ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0xffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f909, 0x8000, '\x00', @p_u32=&(0x7f0000000080)=0x411b}})
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
r5 = shmget$private(0x0, 0x800000, 0x0, &(0x7f0000173000/0x800000)=nil)
shmat(r5, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
shmctl$SHM_LOCK(r5, 0xb)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
shmctl$SHM_UNLOCK(r5, 0xc)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cgroup.controllers\x00', 0x0, 0x0)

5.900018312s ago: executing program 4 (id=4059):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r0)
socket(0x23, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, 0x0)
r5 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r5, 0x29, 0x1d, 0x0, 0x0)
r6 = semget$private(0x0, 0x6, 0x40d)
semtimedop(r6, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0)
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x1000)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x664001)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_SET_COALESCE(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000080)={0x24, r9, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_COALESCE_RULE_CONDITION={0x8, 0x2, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x2400c891}, 0x0)
semop(r6, 0x0, 0x0)
semop(r6, &(0x7f0000001240)=[{}, {0x2, 0x0, 0x2000}], 0x2)
semctl$GETZCNT(r6, 0x1, 0xf, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

5.607305486s ago: executing program 5 (id=4062):
openat$comedi(0xffffff9c, &(0x7f0000000080)='/dev/comedi1\x00', 0x2180, 0x0)
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x42001)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet6(0xa, 0x805, 0x0)
ptrace$setregs(0xd, r0, 0x7531, &(0x7f0000000300))
r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c0000001000010700000000000000000300002806000100"], 0x1c}}, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r3, 0xc4c85513, &(0x7f0000002600)={{0x1, 0x2, 0x0, 0x0, 'syz0\x00'}, 0x1, [0xd, 0x0, 0x100000001, 0x3, 0x0, 0x10001, 0xff, 0x0, 0x1000000000000000, 0x100000000000000, 0x2, 0x0, 0x0, 0xffffffffffffffc0, 0x0, 0x3, 0x40000000000004, 0x0, 0x7, 0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0xc6c, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0xffffffff80000001, 0xdad, 0x0, 0x1, 0x7, 0x0, 0x8, 0x81, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x2, 0x0, 0x0, 0x3b, 0xffffffffffffffff, 0x0, 0x7b, 0x1, 0x3, 0x2, 0x0, 0x3, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xa, 0x0, 0x48a0, 0x0, 0x0, 0x4, 0x3, 0x8838, 0x0, 0x1, 0x4, 0x8000000, 0x2, 0x0, 0x3, 0xc291, 0x0, 0x40c, 0x0, 0x8000000000000020, 0x0, 0xfff, 0x8, 0x0, 0x5, 0x0, 0x1, 0x7, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x4, 0x0, 0x9, 0x0, 0x0, 0x3, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3f, 0x0, 0x7, 0x8001, 0x0, 0x1, 0x1000, 0x2, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x100009]})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES8, @ANYBLOB="000000000000800028"], 0x50}}, 0x4008840)
gettid()
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)

4.558668043s ago: executing program 4 (id=4063):
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x1000, 0x3, 0x1}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0/file0\x00', 0x1c0)
r1 = landlock_create_ruleset(&(0x7f00000000c0)={0x100}, 0x18, 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x200000, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000140)={0x100, r2}, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000240)={0x20}, 0x18, 0x0)
landlock_restrict_self(r3, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000300)='./file0/file0/file0\x00', 0x81c0, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000340)='./file0/file0/file0\x00', 0x0)

4.374503908s ago: executing program 7 (id=4064):
syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]})
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000012c0)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24}, 0x1c)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x0)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000280)=@gcm_128={{0x304}, "ed197fbfb5c342b6", "28852cbbbeba35380ee5190047169f9d", "5f2307e0", "2ce6f8da8e55c427"}, 0x28)

4.304287897s ago: executing program 4 (id=4065):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea6086416", 0x1d}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x8080)
socketpair(0x1, 0x1, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="5c00000002060108000000000000000000000000050005000a000000050001000700000005000400000000000900020073797a310000000015000300686173683a69702c706f72742c6e6574000000000c00078008000640"], 0x5c}}, 0x20084884)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040007}, 0x0)

4.041685218s ago: executing program 8 (id=4066):
unshare(0x2c020400)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_PROMISC(r0, 0x6b, 0x2, 0x0, 0x0)

3.760863925s ago: executing program 8 (id=4067):
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80, 0x0, 0x3}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)

3.627518179s ago: executing program 7 (id=4068):
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
gettid()
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000009c0)=@migrate={0xa0, 0x21, 0x1, 0x0, 0x4, {{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x50, 0x11, [{@in6=@mcast2, @in=@private=0xa010100, @in=@private=0xa010100, @in=@rand_addr=0x6, 0x3c, 0x0, 0x0, 0x0, 0xa, 0xa}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x48000}, 0x0)

3.570756798s ago: executing program 8 (id=4069):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000004580)={0x1, 0xf, &(0x7f0000004280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x99f}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0xd4}, {0x7, 0x0, 0xb, 0x0, 0x0, 0x0, 0x6400}}}, &(0x7f0000004380)='syzkaller\x00', 0x6, 0x27, &(0x7f0000000140)=""/39, 0x40f00, 0xa, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)

3.463180639s ago: executing program 8 (id=4070):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)={0x3c, 0x0, 0x1, 0x70ad2c, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x20}]}]}, 0x3c}}, 0x0)
r1 = syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)={0x20, r1, 0x7, 0x70bd2b, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40050}, 0x0)

3.227326222s ago: executing program 8 (id=4071):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io$printer(r2, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000380)=ANY=[@ANYBLOB="1f9597c346960a000000000000ffd4d178788818f058d89a27dd1efb38864d911a55a96659853dfe5cc9febf080bd0640735529505d933180579a00ca40bcba71c01e25b746ef52665b99834efa4bdbcf1217e5a5b58657f49d2c0e749a24f018a50a994999f0ccbaad3decdca3ba715d2d8d1a196da9c84ecf0e654eed090b5687bed3b432daa1c0efe78124fa153daf43c3d1cd0c5ace1ee39f2682e0837f68b562d"], 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000001c0)={@in6={{0xa, 0x0, 0x0, @loopback, 0x80000}}, 0x0, 0x0, 0x0, 0x0, "aeb81d8ee3a82d67eea9e5bdf2247481041a5b9cddbc936efc471c56ae3d5f6945d296a285858a891a3b4e7bff572ef69992da867f406182d70f47773434b8349435f2ad628d62a3b45bb98872fb1900"}, 0xd8)
r4 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r4, &(0x7f0000000040)=[{&(0x7f0000000280)}], 0x1)
ioctl$HIDIOCGUSAGE(r3, 0x80045b09, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x800, &(0x7f00000003c0)=ANY=[])
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, &(0x7f00000001c0)=0x9c)
read$FUSE(r5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB], 0x40}}, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9902)
read$FUSE(0xffffffffffffffff, &(0x7f0000002640)={0x2020}, 0x2020)

3.036655362s ago: executing program 3 (id=4072):
r0 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
fsopen(&(0x7f0000000000)='exfat\x00', 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom0\x00', 0x803, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0)
gettid()
timer_settime(0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0xffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f909, 0x8000, '\x00', @p_u32=&(0x7f0000000080)=0x411b}})
shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
shmctl$SHM_LOCK(0x0, 0xb)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
shmctl$SHM_UNLOCK(0x0, 0xc)

2.498921428s ago: executing program 3 (id=4073):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r0)
socket(0x23, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, 0x0)
r5 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r5, 0x29, 0x1d, &(0x7f0000000100), 0x120)
r6 = semget$private(0x0, 0x6, 0x40d)
semtimedop(r6, 0x0, 0x0, 0x0)
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x1000)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x664001)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_SET_COALESCE(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000080)={0x24, r9, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_COALESCE_RULE_CONDITION={0x8, 0x2, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x2400c891}, 0x0)
semop(r6, 0x0, 0x0)
semop(r6, &(0x7f0000001240)=[{}, {0x2, 0x0, 0x2000}], 0x2)
semctl$GETZCNT(r6, 0x1, 0xf, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

2.214318865s ago: executing program 5 (id=4074):
r0 = syz_open_dev$I2C(&(0x7f0000000080), 0x0, 0x100)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f00000001c0)={&(0x7f0000000180)=[{0x2, 0x400, 0x3, &(0x7f0000000100)="0ea1e9"}], 0x1})

841.471338ms ago: executing program 3 (id=4075):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x50)
sendmsg$nl_xfrm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=ANY=[@ANYBLOB="b80000001300e9990500000000000000fc000000000000000000000000000000fc00000000000000000000000000000000000000000000000a0030"], 0xb8}}, 0x4000)

669.350629ms ago: executing program 3 (id=4076):
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x4000004)
syz_emit_ethernet(0x6a, &(0x7f0000000200)={@empty, @dev, @void, {@ipv4={0x800, @dccp={{0x13, 0x4, 0x1, 0x2, 0x5c, 0x66, 0x0, 0x1, 0x21, 0x0, @empty, @private=0xa010102, {[@timestamp_addr={0x44, 0x1c, 0x2d, 0x1, 0x8, [{@remote, 0xa}, {@broadcast, 0x80}, {@remote, 0x8}]}, @lsrr={0x83, 0xb, 0xd9, [@local, @empty]}, @rr={0x7, 0xb, 0x78, [@rand_addr=0x64010100, @multicast2]}, @lsrr={0x83, 0x3, 0xb7}]}}, {{0x4e22, 0x4e24, 0x4, 0x1, 0x7, 0x0, 0x0, 0x8, 0x7, "f9d4fc", 0xca, "e2f25f"}}}}}}, 0x0)

568.341893ms ago: executing program 5 (id=4077):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6c0000001000390428bd7000fedbdf2500000000", @ANYRES32=r1, @ANYBLOB="80000000800404004c0012800b000100697036746e6c00003c000280140002000000000000000000000000000000000108001400"], 0x6c}, 0x1, 0x0, 0x0, 0x4000004}, 0x2000c8c0)

463.525053ms ago: executing program 3 (id=4078):
syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]})
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000012c0)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24}, 0x1c)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x0)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000280)=@gcm_128={{0x304}, "ed197fbfb5c342b6", "28852cbbbeba35380ee5190047169f9d", "5f2307e0", "2ce6f8da8e55c427"}, 0x28)

445.586915ms ago: executing program 5 (id=4079):
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80, 0x0, 0x3}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)

177.192801ms ago: executing program 5 (id=4080):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10)
bind$inet(r0, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

304.823µs ago: executing program 5 (id=4081):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)={0x3c, 0x0, 0x1, 0x70ad2c, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x20}]}]}, 0x3c}}, 0x0)
r1 = syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)={0x20, r1, 0x7, 0x70bd2b, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40050}, 0x0)

0s ago: executing program 8 (id=4082):
unshare(0x22020600)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
pipe2$9p(&(0x7f0000000440)={<r0=>0xffffffffffffffff}, 0x84880)
fcntl$setpipe(r0, 0x407, 0x176)

kernel console output (not intermixed with test programs):

h: hci4: unexpected cc 0x1003 length: 249 > 9
[  711.250405][ T5810] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  711.257499][ T5635] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  711.258098][ T5810] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  711.270659][ T5810] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  711.361931][T11282] vxcan1 speed is unknown, defaulting to 1000
[  711.484520][ T5635] usb 7-1: New USB device found, idVendor=0582, idProduct=008d, bcdDevice=7a.ac
[  711.484548][ T5635] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  711.484567][ T5635] usb 7-1: Product: syz
[  711.484580][ T5635] usb 7-1: Manufacturer: syz
[  711.484592][ T5635] usb 7-1: SerialNumber: syz
[  711.583249][ T5635] usb 7-1: config 0 descriptor??
[  711.602918][ T5635] usb 7-1: interface 1 not found
[  712.434116][ T5635] usb 7-1: USB disconnect, device number 4
[  713.343085][ T5809] Bluetooth: hci4: command tx timeout
[  714.354138][T11307] vxcan1 speed is unknown, defaulting to 1000
[  715.501677][ T5809] Bluetooth: hci4: command tx timeout
[  717.626219][ T5810] Bluetooth: hci4: command tx timeout
[  717.947012][T11337] autofs: Unknown parameter 'fd00000000000000000000'
[  718.882752][ T5810] Bluetooth: hci1: command 0x0406 tx timeout
[  720.610228][ T5809] Bluetooth: hci4: command tx timeout
[  720.843584][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  721.105761][T11282] chnl_net:caif_netlink_parms(): no params data found
[  721.108484][T11378] capability: warning: `syz.4.1554' uses 32-bit capabilities (legacy support in use)
[  724.022864][T11400] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  724.103763][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  725.322050][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  725.364298][T11422] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  725.364298][T11422] The task syz.3.1560 (11422) triggered the difference, watch for misbehavior.
[  725.518170][T11282] bridge0: port 1(bridge_slave_0) entered blocking state
[  725.518373][T11282] bridge0: port 1(bridge_slave_0) entered disabled state
[  725.518565][T11282] bridge_slave_0: entered allmulticast mode
[  725.522646][T11282] bridge_slave_0: entered promiscuous mode
[  726.739273][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  726.852357][T11282] bridge0: port 2(bridge_slave_1) entered blocking state
[  726.852478][T11282] bridge0: port 2(bridge_slave_1) entered disabled state
[  726.852710][T11282] bridge_slave_1: entered allmulticast mode
[  726.855087][T11282] bridge_slave_1: entered promiscuous mode
[  727.013877][T11282] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  727.038573][T11282] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  727.103506][T11282] team0: Port device team_slave_0 added
[  727.114404][T11282] team0: Port device team_slave_1 added
[  727.162259][T11282] batman_adv: batadv0: Adding interface: batadv_slave_0
[  727.162277][T11282] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  727.162302][T11282] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  727.164629][T11282] batman_adv: batadv0: Adding interface: batadv_slave_1
[  727.164642][T11282] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  727.164667][T11282] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  727.342812][T11282] hsr_slave_0: entered promiscuous mode
[  727.344125][T11282] hsr_slave_1: entered promiscuous mode
[  727.345029][T11282] debugfs: 'hsr0' already exists in 'hsr'
[  727.345051][T11282] Cannot create hsr debugfs directory
[  731.405977][   T12] bridge_slave_1: left allmulticast mode
[  731.405997][   T12] bridge_slave_1: left promiscuous mode
[  731.406159][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  732.419524][   T12] bridge_slave_0: left allmulticast mode
[  732.419545][   T12] bridge_slave_0: left promiscuous mode
[  732.434863][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  734.508339][   T12] team0: Port device bridge1 removed
[  734.618413][   T12] team0: Port device bridge2 removed
[  734.728198][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  734.766323][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  734.780436][   T12] bond0 (unregistering): Released all slaves
[  734.789960][   T12] bond1 (unregistering): Released all slaves
[  734.806406][   T12] bond2 (unregistering): Released all slaves
[  734.822853][   T12] bond3 (unregistering): Released all slaves
[  735.443467][T11511] openvswitch: netlink: Flow actions attr not present in new flow.
[  736.833142][T11282] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  736.843575][   T12] IPVS: stopping backup sync thread 6176 ...
[  736.892228][T11282] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  737.070882][T11529] autofs: Unknown parameter 'fd00000000000000000000'
[  739.457995][T11555] openvswitch: netlink: Flow actions attr not present in new flow.
[  739.678082][T11282] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  740.213049][T11282] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  740.325164][T11566] netlink: 'syz.6.1605': attribute type 1 has an invalid length.
[  740.955179][T11571] autofs: Unknown parameter 'fd00000000000000000000'
[  745.046960][T11615] openvswitch: netlink: Flow actions attr not present in new flow.
[  745.099623][T11282] 8021q: adding VLAN 0 to HW filter on device bond0
[  745.200874][T11282] 8021q: adding VLAN 0 to HW filter on device team0
[  745.227713][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  745.227859][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  745.276579][ T1459] bridge0: port 2(bridge_slave_1) entered blocking state
[  745.297195][ T1459] bridge0: port 2(bridge_slave_1) entered forwarding state
[  745.310513][T11621] vxcan1 speed is unknown, defaulting to 1000
[  747.878646][T11640] overlayfs: failed to clone lowerpath
[  749.667288][   T12] hsr_slave_0: left promiscuous mode
[  749.757524][   T12] hsr_slave_1: left promiscuous mode
[  749.758604][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  749.758637][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  749.828863][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  749.828889][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  749.945769][   T12] veth1_macvtap: left promiscuous mode
[  749.945875][   T12] veth0_macvtap: left promiscuous mode
[  749.946142][   T12] veth1_vlan: left promiscuous mode
[  749.946312][   T12] veth0_vlan: left promiscuous mode
[  751.485552][T11659] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1623'.
[  751.485635][T11659] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1623'.
[  751.888121][   T12] team0 (unregistering): Port device team_slave_1 removed
[  751.929107][   T12] team0 (unregistering): Port device team_slave_0 removed
[  752.024586][  T151] smc: removing ib device syz2
[  752.107203][ T5799] vxcan1 speed is unknown, defaulting to 1000
[  752.107245][ T5799] syz2: Port: 1 Link DOWN
[  754.191260][T11282] 8021q: adding VLAN 0 to HW filter on device batadv0
[  757.564746][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  757.564815][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  757.911517][T11282] veth0_vlan: entered promiscuous mode
[  758.236487][T11282] veth1_vlan: entered promiscuous mode
[  758.658989][T11282] veth0_macvtap: entered promiscuous mode
[  758.731915][T11282] veth1_macvtap: entered promiscuous mode
[  758.814780][T11282] batman_adv: batadv0: Interface activated: batadv_slave_0
[  758.866584][T11282] batman_adv: batadv0: Interface activated: batadv_slave_1
[  758.985121][ T6734] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  758.987151][ T6734] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  758.987664][ T6734] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  758.987887][ T6734] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  759.812791][ T6734] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  759.812813][ T6734] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  760.278462][T11743] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1641'.
[  760.278486][T11743] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1641'.
[  760.450663][ T1459] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  760.450683][ T1459] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  760.905655][T11750] netlink: 'syz.3.1637': attribute type 1 has an invalid length.
[  765.327533][T11793] netlink: 'syz.6.1652': attribute type 1 has an invalid length.
[  765.468612][T11802] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1654'.
[  765.490147][  T809] IPVS: starting estimator thread 0...
[  765.577546][T11803] IPVS: using max 8 ests per chain, 19200 per kthread
[  765.638138][   T36] audit: type=1326 audit(1771612893.784:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11804 comm="syz.5.1656" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f58f086c629 code=0x0
[  768.654269][T11829] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1645'.
[  768.796110][T11831] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1661'.
[  768.796160][T11831] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1661'.
[  770.359403][T11844] netlink: 'syz.4.1664': attribute type 1 has an invalid length.
[  772.925557][T11879] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1675'.
[  772.956273][T11879] bridge0: port 2(bridge_slave_1) entered disabled state
[  772.957187][T11879] bridge0: port 1(bridge_slave_0) entered disabled state
[  773.346635][ T5810] Bluetooth: hci3: command 0x0406 tx timeout
[  773.360527][ T5809] Bluetooth: hci3: Opcode 0x206a failed: -110
[  773.448136][T11884] netlink: 'syz.7.1676': attribute type 1 has an invalid length.
[  776.228304][T11932] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1691'.
[  776.261051][T11932] bridge0: port 2(bridge_slave_1) entered disabled state
[  776.263312][T11932] bridge0: port 1(bridge_slave_0) entered disabled state
[  781.483368][   T43] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  782.016716][   T43] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  782.016744][   T43] usb 8-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  782.016762][   T43] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  782.016807][   T43] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  782.028337][   T43] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  782.028366][   T43] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  782.028383][   T43] usb 8-1: Product: syz
[  782.028396][   T43] usb 8-1: Manufacturer: syz
[  782.250857][   T43] cdc_wdm 8-1:1.0: skipping garbage
[  782.250899][   T43] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22
[  784.830990][    T9] usb 8-1: USB disconnect, device number 2
[  804.134971][T12210] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1764'.
[  804.134993][T12210] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1764'.
[  804.135032][T12210] netlink: 'syz.4.1764': attribute type 15 has an invalid length.
[  804.657409][   T36] audit: type=1326 audit(1771612932.794:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12216 comm="syz.5.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58f086c629 code=0x7ffc0000
[  804.667388][   T36] audit: type=1326 audit(1771612932.794:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12216 comm="syz.5.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f58f086c629 code=0x7ffc0000
[  804.667434][   T36] audit: type=1326 audit(1771612932.794:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12216 comm="syz.5.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58f086c629 code=0x7ffc0000
[  804.681568][   T36] audit: type=1326 audit(1771612932.794:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12216 comm="syz.5.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f58f086c629 code=0x7ffc0000
[  804.681627][   T36] audit: type=1326 audit(1771612932.794:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12216 comm="syz.5.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58f086c629 code=0x7ffc0000
[  804.681667][   T36] audit: type=1326 audit(1771612932.794:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12216 comm="syz.5.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f58f086c629 code=0x7ffc0000
[  804.681703][   T36] audit: type=1326 audit(1771612932.794:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12216 comm="syz.5.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58f086c629 code=0x7ffc0000
[  804.681743][   T36] audit: type=1326 audit(1771612932.794:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12216 comm="syz.5.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=249 compat=0 ip=0x7f58f086c629 code=0x7ffc0000
[  804.681782][   T36] audit: type=1326 audit(1771612932.794:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12216 comm="syz.5.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58f086c629 code=0x7ffc0000
[  804.681821][   T36] audit: type=1326 audit(1771612932.804:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12216 comm="syz.5.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f58f086c629 code=0x7ffc0000
[  804.966075][T12226] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1769'.
[  806.869028][T12231] vivid-007: =================  START STATUS  =================
[  806.869230][T12231] vivid-007: Enable Output Cropping: true
[  806.869254][T12231] vivid-007: Enable Output Composing: true
[  806.869263][T12231] vivid-007: Enable Output Scaler: true
[  806.869289][T12231] vivid-007: Tx RGB Quantization Range: Automatic
[  806.869300][T12231] vivid-007: Transmit Mode: HDMI
[  806.869308][T12231] vivid-007: Hotplug Present: 0x00000000
[  806.869318][T12231] vivid-007: RxSense Present: 0x00000000
[  806.869326][T12231] vivid-007: EDID Present: 0x00000000
[  806.869353][T12231] vivid-007: ==================  END STATUS  ==================
[  806.876444][T12231] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1759'.
[  806.876466][T12231] netlink: 20 bytes leftover after parsing attributes in process `syz.7.1759'.
[  806.876857][T12231] netlink: 32 bytes leftover after parsing attributes in process `syz.7.1759'.
[  806.876872][T12231] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1759'.
[  806.876879][T12231] netlink: 20 bytes leftover after parsing attributes in process `syz.7.1759'.
[  806.907646][ T5810] Bluetooth: hci3: Unknown advertising packet type: 0x77
[  806.907670][ T5810] Bluetooth: hci3: adv larger than maximum supported
[  806.907681][ T5810] Bluetooth: hci3: Malformed LE Event: 0x0d
[  811.067599][T12267] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1781'.
[  811.081552][ T5863] IPVS: starting estimator thread 0...
[  811.187488][T12268] IPVS: using max 15 ests per chain, 36000 per kthread
[  812.260562][T12277] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  815.786073][T12326] autofs: Unknown parameter 'fd00000000000000000000'
[  819.460315][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  819.460411][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  819.796081][T12363] autofs: Unknown parameter 'fd00000000000000000000'
[  820.197424][   T10] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  820.347452][   T10] usb 8-1: Using ep0 maxpacket: 16
[  820.351490][   T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  820.351522][   T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  820.351542][   T10] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  820.351580][   T10] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  820.351600][   T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  820.372641][   T10] usb 8-1: config 0 descriptor??
[  821.860992][   T10] microsoft 0003:045E:07DA.0002: ignoring exceeding usage max
[  821.880610][   T10] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  821.880632][   T10] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  821.880647][   T10] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  821.880662][   T10] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  821.880677][   T10] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  821.880691][   T10] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  821.880708][   T10] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  821.880722][   T10] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  821.880736][   T10] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  821.880750][   T10] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0
[  822.015495][   T10] microsoft 0003:045E:07DA.0002: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.7-1/input0
[  822.015542][   T10] microsoft 0003:045E:07DA.0002: no inputs found
[  822.015570][   T10] microsoft 0003:045E:07DA.0002: could not initialize ff, continuing anyway
[  822.139650][T12404] autofs: Unknown parameter 'fd00000000000000000000'
[  822.353460][T12411] trusted_key: encrypted_key: insufficient parameters specified
[  822.405817][  T809] usb 8-1: USB disconnect, device number 3
[  824.520679][T12429] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1839'.
[  824.520701][T12429] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1839'.
[  827.252764][ T5810] Bluetooth: hci1: Unknown advertising packet type: 0x77
[  827.252793][ T5810] Bluetooth: hci1: Malformed LE Event: 0x0d
[  827.366554][T12462] ref_ctr going negative. vaddr: 0x200000ffd002, curr val: -11243, delta: 1
[  827.366579][T12462] ref_ctr increment failed for inode: 0xce offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff8880384c72c0
[  827.366811][   T36] kauditd_printk_skb: 29 callbacks suppressed
[  827.366825][   T36] audit: type=1804 audit(1771612955.514:86): pid=12462 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.7.1850" name="/newroot/36/file0" dev="tmpfs" ino=206 res=1 errno=0
[  827.455463][T12452] ref_ctr going negative. vaddr: 0x200000ffd002, curr val: -11243, delta: -1
[  827.455485][T12452] ref_ctr decrement failed for inode: 0xce offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff8880384c72c0
[  827.455600][T12452] uprobe: syz.7.1850:12452 failed to unregister, leaking uprobe
[  827.783560][T12467] autofs: Unknown parameter 'fd00000000000000000000'
[  830.100240][T12492] comedi comedi3: comedi_config --init_data is deprecated
[  830.694125][T12502] autofs: Unknown parameter 'fd00000000000000000000'
[  830.705974][T12503] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1852'.
[  830.705995][T12503] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1852'.
[  831.631733][T12522] loop5: detected capacity change from 0 to 7
[  831.862969][T12319]  loop5: [CUMANA/ADFS] p1 [ADFS] p1
[  831.863009][T12319] loop5: partition table partially beyond EOD, truncated
[  831.863304][T12319] loop5: p1 size 2989602745 extends beyond EOD, truncated
[  831.892380][T12533] autofs: Unknown parameter 'fd00000000000000000000'
[  831.987500][T12522]  loop5: [CUMANA/ADFS] p1 [ADFS] p1
[  831.987529][T12522] loop5: partition table partially beyond EOD, truncated
[  831.987794][T12522] loop5: p1 size 2989602745 extends beyond EOD, truncated
[  832.165033][T12541] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1879'.
[  832.165055][T12541] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1879'.
[  832.225839][T12319] udevd[12319]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory
[  832.506968][T12319] udevd[12319]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory
[  833.429963][T12562] autofs: Unknown parameter 'fd00000000000000000000'
[  833.597412][    T9] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  833.759997][    T9] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  833.760035][    T9] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  833.760057][    T9] usb 8-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  833.762780][    T9] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  833.762796][    T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  833.762812][    T9] usb 8-1: Product: syz
[  833.762821][    T9] usb 8-1: Manufacturer: syz
[  833.762828][    T9] usb 8-1: SerialNumber: syz
[  833.896547][    T9] cdc_ncm 8-1:1.0: skipping garbage
[  833.896560][    T9] cdc_ncm 8-1:1.0: NCM or ECM functional descriptors missing
[  833.896583][    T9] cdc_ncm 8-1:1.0: bind() failure
[  833.961655][    T9] cdc_ncm 8-1:1.1: CDC Union missing and no IAD found
[  833.961700][    T9] cdc_ncm 8-1:1.1: bind() failure
[  834.156698][ T5964] usb 8-1: USB disconnect, device number 4
[  834.520149][T12584] overlayfs: failed to clone upperpath
[  835.973891][T12596] autofs: Unknown parameter 'fd00000000000000000000'
[  836.173690][    T9] IPVS: starting estimator thread 0...
[  836.282610][T12600] IPVS: using max 15 ests per chain, 36000 per kthread
[  836.437852][ T5810] Bluetooth: hci4: command 0x0406 tx timeout
[  837.287550][T12629] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1912'.
[  837.706586][   T36] audit: type=1326 audit(1771612965.754:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12630 comm="syz.3.1913" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f236c67c629 code=0x0
[  839.465788][T12642] netlink: 3 bytes leftover after parsing attributes in process `syz.5.1915'.
[  841.919101][   T36] audit: type=1804 audit(1771612970.064:88): pid=12658 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.7.1921" name="/newroot/51/file0" dev="tmpfs" ino=282 res=1 errno=0
[  842.114436][T12663] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1924'.
[  842.149943][ T5799] Process accounting resumed
[  842.615248][T12670] input: syz1 as /devices/virtual/input/input17
[  844.997821][   T36] audit: type=1804 audit(1771612973.144:89): pid=12709 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.5.1936" name="file0" dev="tmpfs" ino=1863 res=1 errno=0
[  847.079444][T12738] loop3: detected capacity change from 0 to 7
[  847.329602][    C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  847.329830][    C1] Buffer I/O error on dev loop3, logical block 0, async page read
[  847.450217][    C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  847.450265][    C1] Buffer I/O error on dev loop3, logical block 0, async page read
[  847.454534][    C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  847.454579][    C1] Buffer I/O error on dev loop3, logical block 0, async page read
[  847.502938][    C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  847.503040][    C1] Buffer I/O error on dev loop3, logical block 0, async page read
[  847.534806][    C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  847.534945][    C1] Buffer I/O error on dev loop3, logical block 0, async page read
[  847.565982][    C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  847.566020][    C1] Buffer I/O error on dev loop3, logical block 0, async page read
[  847.590576][    C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  847.590619][    C1] Buffer I/O error on dev loop3, logical block 0, async page read
[  847.590767][T12738] ldm_validate_partition_table(): Disk read failed.
[  847.594884][    C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  847.594966][    C1] Buffer I/O error on dev loop3, logical block 0, async page read
[  847.662204][    C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  847.662303][    C1] Buffer I/O error on dev loop3, logical block 0, async page read
[  847.693374][    C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  847.693445][    C1] Buffer I/O error on dev loop3, logical block 0, async page read
[  847.766423][T12738] Dev loop3: unable to read RDB block 0
[  847.948508][T12738]  loop3: unable to read partition table
[  847.948645][T12738] loop3: partition table beyond EOD, truncated
[  847.948671][T12738] loop_reread_partitions: partition scan of loop3 (úùƒå¡™‰ü�¾SêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆŠ5) failed (rc=-5)
[  849.422451][   T36] audit: type=1804 audit(1771612977.574:90): pid=12757 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.5.1955" name="file0" dev="tmpfs" ino=1890 res=1 errno=0
[  849.944544][ T6083] Bluetooth: Error in BCSP hdr checksum
[  853.650269][ T5809] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  854.106447][T12777] overlayfs: failed to clone upperpath
[  854.487722][ T5810] Bluetooth: hci0: Unknown advertising packet type: 0x77
[  854.487749][ T5810] Bluetooth: hci0: adv larger than maximum supported
[  854.487761][ T5810] Bluetooth: hci0: Malformed LE Event: 0x0d
[  857.729993][T12868] autofs: Unknown parameter 'fd00000000000000000000'
[  859.015543][T12885] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1995'.
[  859.015566][T12885] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1995'.
[  862.117453][T12931] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2010'.
[  862.117475][T12931] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2010'.
[  865.453422][T12979] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2024'.
[  865.453438][T12979] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2024'.
[  870.037899][T13015] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2035'.
[  870.037924][T13015] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2035'.
[  874.103910][T13056] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2050'.
[  874.103932][T13056] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2050'.
[  876.813660][T13099] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2065'.
[  876.813676][T13099] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2065'.
[  878.565766][T13120] overlayfs: failed to clone lowerpath
[  878.579769][T13124] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2073'.
[  879.772658][T13136] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  879.849384][   T36] audit: type=1804 audit(1771613007.984:91): pid=13139 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.2076" name="file0" dev="tmpfs" ino=2082 res=1 errno=0
[  879.958709][T13144] wg1: entered promiscuous mode
[  879.958749][T13144] wg1: entered allmulticast mode
[  880.453984][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  880.454068][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  886.419099][T13212] mmap: syz.3.2089 (13212) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  900.269213][T13317] syz.4.2130 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  900.280714][T13317] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2130'.
[  903.034187][T13345] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2133'.
[  903.034235][T13345] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2133'.
[  906.351541][T13388] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2156'.
[  906.351565][T13388] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2156'.
[  906.351591][T13388] netlink: 'syz.4.2156': attribute type 15 has an invalid length.
[  907.291917][T13383] netlink: 212408 bytes leftover after parsing attributes in process `syz.5.2154'.
[  907.442826][   T36] audit: type=1326 audit(1771613035.594:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13395 comm="syz.4.2157" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f28ff84c629 code=0x0
[  909.093485][T13426] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2168'.
[  909.093508][T13426] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2168'.
[  909.093533][T13426] netlink: 'syz.5.2168': attribute type 15 has an invalid length.
[  910.554374][T13449] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.2177'.
[  911.695430][   T36] audit: type=1326 audit(1771613039.844:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13458 comm="syz.6.2179" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcf79ccc629 code=0x0
[  914.224462][T13512] autofs: Unknown parameter 'fd00000000000000000000'
[  914.377181][T13520] cgroup: Unknown subsys name 'uid>00000000000000000000'
[  914.380375][T13520] fuse: Bad value for 'fd'
[  917.012284][   T36] audit: type=1804 audit(1771613045.164:94): pid=13544 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.5.2205" name="file0" dev="tmpfs" ino=2176 res=1 errno=0
[  917.133971][T13546] netlink: 11 bytes leftover after parsing attributes in process `syz.3.2209'.
[  917.207901][T13550] autofs: Unknown parameter 'fd00000000000000000000'
[  918.003416][T13566] autofs: Unknown parameter 'fd00000000000000000000'
[  920.429888][ T5863] libceph: connect (1)[c::]:6789 error -101
[  920.430071][ T5863] libceph: mon0 (1)[c::]:6789 connect error
[  920.540288][T13606] autofs: Unknown parameter 'fd00000000000000000000'
[  920.592505][T13604] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2228'.
[  920.696286][ T5863] libceph: connect (1)[c::]:6789 error -101
[  920.696456][ T5863] libceph: mon0 (1)[c::]:6789 connect error
[  920.811621][T13600] ceph: No mds server is up or the cluster is laggy
[  921.250823][T13610] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2231'.
[  922.378389][T13645] autofs: Unknown parameter 'fd00000000000000000000'
[  922.686974][   T36] audit: type=1326 audit(1771613050.834:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13649 comm="syz.4.2244" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f28ff84c629 code=0x0
[  923.612680][T13674] netlink: 212368 bytes leftover after parsing attributes in process `syz.6.2252'.
[  924.797926][T13673] autofs: Unknown parameter 'fd00000000000000000000'
[  924.807985][ T5799] IPVS: starting estimator thread 0...
[  924.862665][T13679] netlink: 11 bytes leftover after parsing attributes in process `syz.4.2254'.
[  924.917587][T13683] IPVS: using max 15 ests per chain, 36000 per kthread
[  925.098965][T13687] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2255'.
[  926.457418][   T36] audit: type=1326 audit(1771613054.604:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13707 comm="syz.4.2264" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f28ff84c629 code=0x0
[  927.519896][T13719] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.2267'.
[  928.808500][T13724] autofs: Unknown parameter 'fd00000000000000000000'
[  930.022950][T13756] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2277'.
[  930.339652][   T36] audit: type=1326 audit(1771613058.494:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13759 comm="syz.5.2280" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f58f086c629 code=0x0
[  930.863893][T13767] autofs: Unknown parameter 'fd00000000000000000000'
[  934.898576][   T36] audit: type=1326 audit(1771613063.054:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13801 comm="syz.6.2299" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcf79ccc629 code=0x0
[  942.358135][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  942.358202][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  943.095001][   T36] audit: type=1326 audit(1771613071.244:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13853 comm="syz.7.2311" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbcbc8dc629 code=0x0
[  947.106693][   T36] audit: type=1326 audit(1771613075.254:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13904 comm="syz.3.2327" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f236c67c629 code=0x0
[  947.356346][T13910] netlink: 64 bytes leftover after parsing attributes in process `syz.6.2329'.
[  950.959784][   T36] audit: type=1326 audit(1771613079.104:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13946 comm="syz.4.2343" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f28ff84c629 code=0x0
[  951.998753][T13960] autofs: Unknown parameter 'fd00000000000000000000'
[  952.570794][   T10] libceph: connect (1)[c::]:6789 error -101
[  952.570992][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  952.827765][   T10] libceph: connect (1)[c::]:6789 error -101
[  952.831107][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  953.268437][T13976] ceph: No mds server is up or the cluster is laggy
[  953.385157][    T9] libceph: connect (1)[c::]:6789 error -101
[  953.385366][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  953.634943][T13988] fuse: Unknown parameter '0xffffffffffffffff'
[  955.079502][T13998] autofs: Unknown parameter 'fd00000000000000000000'
[  959.624184][T14039] autofs: Unknown parameter 'fd00000000000000000000'
[  963.770518][T14092] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2386'.
[  967.487801][   T36] audit: type=1326 audit(1771613095.634:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14128 comm="syz.6.2400" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcf79ccc629 code=0x0
[  967.592539][T14148] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2404'.
[  968.833782][T14167] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2412'.
[  968.834412][T14167] bridge0: port 3(team0) entered disabled state
[  968.836928][T14167] bridge0: port 2(bridge_slave_1) entered disabled state
[  968.837067][T14167] bridge0: port 1(bridge_slave_0) entered disabled state
[  975.057049][T14221] netlink: 48 bytes leftover after parsing attributes in process `syz.6.2428'.
[  975.778094][ T5810] Bluetooth: hci1: Unknown advertising packet type: 0x77
[  975.778124][ T5810] Bluetooth: hci1: adv larger than maximum supported
[  975.778138][ T5810] Bluetooth: hci1: Malformed LE Event: 0x0d
[  977.138525][T14236] netlink: 64 bytes leftover after parsing attributes in process `syz.6.2431'.
[  977.758961][T14249] autofs: Unknown parameter 'fd00000000000000000000'
[  978.804503][ T5810] Bluetooth: hci3: Unknown advertising packet type: 0x77
[  978.804528][ T5810] Bluetooth: hci3: adv larger than maximum supported
[  978.804542][ T5810] Bluetooth: hci3: Malformed LE Event: 0x0d
[  981.023553][T14287] autofs: Unknown parameter 'fd00000000000000000000'
[  981.046969][T14285] netlink: 40 bytes leftover after parsing attributes in process `syz.6.2450'.
[  981.046985][T14285] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2450'.
[  981.198470][ T5810] Bluetooth: hci4: Unknown advertising packet type: 0x77
[  981.198488][ T5810] Bluetooth: hci4: adv larger than maximum supported
[  981.198495][ T5810] Bluetooth: hci4: Malformed LE Event: 0x0d
[  982.785436][T14311] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2460'.
[  986.328410][T14333] syz_tun: entered allmulticast mode
[  986.346837][T14331] syz_tun: left allmulticast mode
[  986.738965][T14342] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2471'.
[  986.848898][T14343] ±ÿ: renamed from lo (while UP)
[  991.952034][T14383] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2482'.
[  995.210827][T14415] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2496'.
[  995.233658][T14415] bridge0: port 2(bridge_slave_1) entered disabled state
[  995.269242][T14415] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1001.343917][   T36] audit: type=1804 audit(1771613129.494:103): pid=14513 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.7.2533" name="file0" dev="tmpfs" ino=796 res=1 errno=0
[ 1002.027625][T14537] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 1002.036049][T14537] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2545'.
[ 1002.036174][T14537] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1002.153042][T14537] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1003.247592][T14546] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2548'.
[ 1003.322433][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[ 1003.322527][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[ 1004.365559][T14567] fuse: Unknown parameter 'dyn'
[ 1004.475074][T14575] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2561'.
[ 1004.477057][T14575] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1004.478786][T14575] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1007.800039][T14614] IPv6: NLM_F_CREATE should be specified when creating new route
[ 1007.800562][T14614] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2575'.
[ 1008.052697][T14619] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2574'.
[ 1009.902885][T14648] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2588'.
[ 1010.791446][T14654] netlink: 60 bytes leftover after parsing attributes in process `syz.7.2591'.
[ 1010.791461][T14654] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2591'.
[ 1011.320504][T14678] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.2601'.
[ 1011.452169][T14687] autofs: Unknown parameter 'fd00000000000000000000'
[ 1011.477616][   T36] audit: type=1804 audit(1771613139.624:104): pid=14688 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.6.2603" name="file0" dev="tmpfs" ino=1582 res=1 errno=0
[ 1011.905195][T14700] netlink: 60 bytes leftover after parsing attributes in process `syz.7.2610'.
[ 1011.905217][T14700] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2610'.
[ 1013.819791][T14738] netlink: 60 bytes leftover after parsing attributes in process `syz.6.2625'.
[ 1013.819807][T14738] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2625'.
[ 1015.022559][T14755] netlink: 11 bytes leftover after parsing attributes in process `syz.5.2633'.
[ 1015.022578][T14755] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2633'.
[ 1015.022589][T14755] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2633'.
[ 1016.208295][T14767] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[ 1016.210331][T14768] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[ 1016.488677][T14775] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2637'.
[ 1016.517693][T14780] openvswitch: netlink: Flow actions attr not present in new flow.
[ 1016.948048][T14793] netlink: 11 bytes leftover after parsing attributes in process `syz.7.2644'.
[ 1016.948065][T14793] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2644'.
[ 1016.948077][T14793] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2644'.
[ 1017.112495][ T5810] Bluetooth: hci4: unexpected event for opcode 0x2027
[ 1017.234420][T14806] openvswitch: netlink: Flow actions attr not present in new flow.
[ 1017.508572][T14816] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2655'.
[ 1019.173440][T14850] __nla_validate_parse: 3 callbacks suppressed
[ 1019.173482][T14850] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.2666'.
[ 1020.664695][T14872] netlink: 11 bytes leftover after parsing attributes in process `syz.5.2673'.
[ 1020.664712][T14872] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2673'.
[ 1020.664724][T14872] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2673'.
[ 1021.695364][T14891] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2679'.
[ 1021.695388][T14891] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2679'.
[ 1021.854889][T14893] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.2680'.
[ 1022.799420][ T5809] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1022.832686][ T5809] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1022.834089][ T5809] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1022.835605][ T5809] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1022.836413][ T5809] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1022.921368][T14902] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2681'.
[ 1024.122211][T14903] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.2682'.
[ 1024.953191][T14895] chnl_net:caif_netlink_parms(): no params data found
[ 1025.672507][T14934] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2691'.
[ 1026.636780][ T5809] Bluetooth: hci2: command tx timeout
[ 1027.892445][   T36] audit: type=1326 audit(1771613155.374:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14939 comm="syz.4.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28ff84c629 code=0x7ffc0000
[ 1027.892500][   T36] audit: type=1326 audit(1771613155.374:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14939 comm="syz.4.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f28ff84c629 code=0x7ffc0000
[ 1027.892537][   T36] audit: type=1326 audit(1771613155.374:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14939 comm="syz.4.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28ff84c629 code=0x7ffc0000
[ 1027.892573][   T36] audit: type=1326 audit(1771613155.374:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14939 comm="syz.4.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f28ff84c629 code=0x7ffc0000
[ 1027.892608][   T36] audit: type=1326 audit(1771613155.384:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14939 comm="syz.4.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28ff84c629 code=0x7ffc0000
[ 1027.892644][   T36] audit: type=1326 audit(1771613155.384:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14939 comm="syz.4.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28ff84c629 code=0x7ffc0000
[ 1028.601876][   T56] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1028.677956][ T5809] Bluetooth: hci2: command tx timeout
[ 1029.310404][   T56] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1029.353045][T14959] netlink: 11 bytes leftover after parsing attributes in process `syz.5.2699'.
[ 1029.353071][T14959] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2699'.
[ 1029.353091][T14959] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2699'.
[ 1029.415553][T14964] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2700'.
[ 1029.415591][T14964] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2700'.
[ 1029.728568][T14895] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1029.730043][T14895] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1029.730376][T14895] bridge_slave_0: entered allmulticast mode
[ 1029.735155][T14895] bridge_slave_0: entered promiscuous mode
[ 1030.655849][   T56] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1030.722096][T14895] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1030.722213][T14895] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1030.722432][T14895] bridge_slave_1: entered allmulticast mode
[ 1030.725075][T14895] bridge_slave_1: entered promiscuous mode
[ 1030.801832][T14895] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1030.805959][T14895] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1030.858978][ T5809] Bluetooth: hci2: command tx timeout
[ 1030.932446][T14987] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2703'.
[ 1031.047556][T14895] team0: Port device team_slave_0 added
[ 1031.052079][T14895] team0: Port device team_slave_1 added
[ 1033.231026][ T5809] Bluetooth: hci2: command tx timeout
[ 1036.157154][   T56] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1037.138329][T14895] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1037.138345][T14895] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1037.138367][T14895] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1037.549964][T14895] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1037.549976][T14895] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1037.549991][T14895] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1037.631224][T15001] syz_tun: entered allmulticast mode
[ 1037.738467][T14999] syz_tun: left allmulticast mode
[ 1037.871873][T14895] hsr_slave_0: entered promiscuous mode
[ 1037.872647][T14895] hsr_slave_1: entered promiscuous mode
[ 1037.873205][T14895] debugfs: 'hsr0' already exists in 'hsr'
[ 1037.873220][T14895] Cannot create hsr debugfs directory
[ 1041.490374][T15029] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.2715'.
[ 1042.818823][T15040] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2718'.
[ 1043.109332][   T56] bridge_slave_1: left allmulticast mode
[ 1043.109359][   T56] bridge_slave_1: left promiscuous mode
[ 1043.109586][   T56] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1043.217830][   T56] bridge_slave_0: left allmulticast mode
[ 1043.217850][   T56] bridge_slave_0: left promiscuous mode
[ 1043.218056][   T56] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1046.842045][   T56] team0: Port device bridge3 removed
[ 1047.919407][   T56] team0: Port device bridge4 removed
[ 1048.039087][   T56] team0: Port device bridge5 removed
[ 1048.159285][   T56] team0: Port device bridge6 removed
[ 1048.277937][   T56] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1048.338393][   T56] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1048.380568][   T56] bond0 (unregistering): Released all slaves
[ 1048.674984][   T56] tipc: Left network mode
[ 1048.948344][   T56] IPVS: stopping backup sync thread 6237 ...
[ 1050.466712][T15133] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2748'.
[ 1050.640900][T15137] netlink: 11 bytes leftover after parsing attributes in process `syz.7.2749'.
[ 1050.640919][T15137] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2749'.
[ 1050.640931][T15137] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2749'.
[ 1050.980818][ T5964] Process accounting resumed
[ 1051.155060][ T5809] Bluetooth: hci3: unexpected event for opcode 0x2027
[ 1051.615070][T15170] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2759'.
[ 1051.615122][T15170] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2759'.
[ 1053.360682][   T56] hsr_slave_0: left promiscuous mode
[ 1053.381132][   T56] hsr_slave_1: left promiscuous mode
[ 1053.381936][   T56] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1053.381954][   T56] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1053.418019][   T56] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1053.418046][   T56] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1053.469850][   T56] veth1_macvtap: left promiscuous mode
[ 1053.469947][   T56] veth0_macvtap: left promiscuous mode
[ 1053.470186][   T56] veth1_vlan: left promiscuous mode
[ 1053.470351][   T56] veth0_vlan: left promiscuous mode
[ 1053.812736][ T5964] Process accounting resumed
[ 1058.193939][   T56] team0 (unregistering): Port device team_slave_1 removed
[ 1058.262911][   T56] team0 (unregistering): Port device team_slave_0 removed
[ 1059.193770][T15220] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2774'.
[ 1060.150706][T14895] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1060.417878][T14895] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1060.479224][T14895] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1060.521499][T14895] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1060.685466][T15252] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2782'.
[ 1062.731224][   T56] IPVS: stop unused estimator thread 0...
[ 1062.961490][T14895] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1063.053031][T14895] 8021q: adding VLAN 0 to HW filter on device team0
[ 1063.079122][ T1354] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1063.080593][ T1354] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1063.111081][ T1354] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1063.113050][ T1354] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1065.368100][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[ 1065.368163][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[ 1065.510396][T15283] netlink: 'syz.7.2787': attribute type 3 has an invalid length.
[ 1065.914464][   T36] audit: type=1804 audit(1771613194.064:111): pid=15296 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.6.2792" name="file0" dev="tmpfs" ino=1830 res=1 errno=0
[ 1066.129139][T14895] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1067.818017][T14895] veth0_vlan: entered promiscuous mode
[ 1068.004892][T14895] veth1_vlan: entered promiscuous mode
[ 1068.135781][T14895] veth0_macvtap: entered promiscuous mode
[ 1068.143699][T14895] veth1_macvtap: entered promiscuous mode
[ 1068.182876][T14895] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1068.369136][T14895] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1068.381359][   T56] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1068.381583][   T56] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1068.381619][   T56] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1068.381651][   T56] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1071.184573][ T1354] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1071.184593][ T1354] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1075.811214][  T151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1075.811236][  T151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1077.218915][T15377] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.2813'.
[ 1077.976591][   T36] audit: type=1800 audit(1771613206.124:112): pid=15379 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.7.2814" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[ 1086.650867][T15443] netlink: 64 bytes leftover after parsing attributes in process `syz.6.2828'.
[ 1088.283228][T15471] netlink: 80 bytes leftover after parsing attributes in process `syz.6.2839'.
[ 1090.358004][T15483] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2842'.
[ 1091.000720][T15502] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2846'.
[ 1091.006228][T15502] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[ 1092.524529][T15511] overlayfs: failed to clone upperpath
[ 1092.526713][T15510] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2851'.
[ 1093.069974][   T36] audit: type=1326 audit(1771613221.214:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15516 comm="syz.7.2852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcbc8dc629 code=0x7ffc0000
[ 1093.070040][   T36] audit: type=1326 audit(1771613221.214:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15516 comm="syz.7.2852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7fbcbc8dc629 code=0x7ffc0000
[ 1093.070080][   T36] audit: type=1326 audit(1771613221.224:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15516 comm="syz.7.2852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcbc8dc629 code=0x7ffc0000
[ 1093.070120][   T36] audit: type=1326 audit(1771613221.224:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15516 comm="syz.7.2852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7fbcbc8dc629 code=0x7ffc0000
[ 1093.070159][   T36] audit: type=1326 audit(1771613221.224:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15516 comm="syz.7.2852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcbc8dc629 code=0x7ffc0000
[ 1093.070197][   T36] audit: type=1326 audit(1771613221.224:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15516 comm="syz.7.2852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcbc8dc629 code=0x7ffc0000
[ 1093.519000][T15528] netlink: 64 bytes leftover after parsing attributes in process `syz.5.2857'.
[ 1095.564430][T15558] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2868'.
[ 1095.707559][T15561] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2869'.
[ 1096.034937][   T36] audit: type=1326 audit(1771613224.184:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15562 comm="syz.4.2870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28ff84c629 code=0x7ffc0000
[ 1096.034990][   T36] audit: type=1326 audit(1771613224.184:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15562 comm="syz.4.2870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f28ff84c629 code=0x7ffc0000
[ 1096.035030][   T36] audit: type=1326 audit(1771613224.184:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15562 comm="syz.4.2870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28ff84c629 code=0x7ffc0000
[ 1096.035068][   T36] audit: type=1326 audit(1771613224.184:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15562 comm="syz.4.2870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f28ff84c629 code=0x7ffc0000
[ 1096.413581][ T5809] Bluetooth: hci4: unexpected event for opcode 0x2027
[ 1097.476516][T15585] netlink: 64 bytes leftover after parsing attributes in process `syz.6.2879'.
[ 1099.470009][   T36] kauditd_printk_skb: 2 callbacks suppressed
[ 1099.470028][   T36] audit: type=1326 audit(1771613227.614:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15609 comm="syz.4.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28ff84c629 code=0x7ffc0000
[ 1099.470073][   T36] audit: type=1326 audit(1771613227.614:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15609 comm="syz.4.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f28ff84c629 code=0x7ffc0000
[ 1099.470120][   T36] audit: type=1326 audit(1771613227.614:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15609 comm="syz.4.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28ff84c629 code=0x7ffc0000
[ 1099.470159][   T36] audit: type=1326 audit(1771613227.614:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15609 comm="syz.4.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f28ff84c629 code=0x7ffc0000
[ 1099.470196][   T36] audit: type=1326 audit(1771613227.614:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15609 comm="syz.4.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28ff84c629 code=0x7ffc0000
[ 1099.470236][   T36] audit: type=1326 audit(1771613227.614:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15609 comm="syz.4.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28ff84c629 code=0x7ffc0000
[ 1099.930321][T15618] netlink: 64 bytes leftover after parsing attributes in process `syz.7.2891'.
[ 1105.478921][T14182] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[ 1105.627457][T14182] usb 4-1: Using ep0 maxpacket: 16
[ 1105.629892][T14182] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1105.629922][T14182] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1105.629971][T14182] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1105.629993][T14182] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1105.635916][T14182] usb 4-1: config 0 descriptor??
[ 1105.714515][T14182] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[ 1105.745646][   T36] audit: type=1326 audit(1771613233.894:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15658 comm="syz.6.2903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf79ccc629 code=0x7ffc0000
[ 1105.746108][   T36] audit: type=1326 audit(1771613233.894:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15658 comm="syz.6.2903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7fcf79ccc629 code=0x7ffc0000
[ 1105.746395][   T36] audit: type=1326 audit(1771613233.894:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15658 comm="syz.6.2903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf79ccc629 code=0x7ffc0000
[ 1105.746433][   T36] audit: type=1326 audit(1771613233.894:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15658 comm="syz.6.2903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf79ccc629 code=0x7ffc0000
[ 1105.746992][   T36] audit: type=1326 audit(1771613233.894:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15658 comm="syz.6.2903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7fcf79ccc629 code=0x7ffc0000
[ 1105.747032][   T36] audit: type=1326 audit(1771613233.894:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15658 comm="syz.6.2903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf79ccc629 code=0x7ffc0000
[ 1105.776717][   T36] audit: type=1326 audit(1771613233.894:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15658 comm="syz.6.2903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf79ccc629 code=0x7ffc0000
[ 1105.938045][T15662] netlink: 64 bytes leftover after parsing attributes in process `syz.5.2904'.
[ 1106.289893][T15672] syz_tun: entered allmulticast mode
[ 1107.876870][ T5799] usb 4-1: USB disconnect, device number 23
[ 1108.085436][T15688] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2916'.
[ 1108.209158][   T36] audit: type=1804 audit(1771613236.354:138): pid=15691 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.6.2915" name="file0" dev="tmpfs" ino=1951 res=1 errno=0
[ 1108.343692][T15700] syz_tun: entered allmulticast mode
[ 1111.590144][T15727] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2927'.
[ 1114.949999][   T36] audit: type=1804 audit(1771613243.104:139): pid=15750 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.6.2932" name="file0" dev="tmpfs" ino=1978 res=1 errno=0
[ 1114.950679][T15750] ref_ctr going negative. vaddr: 0x200000ffd002, curr val: -11243, delta: 1
[ 1114.950692][T15750] ref_ctr increment failed for inode: 0x7ba offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff88801196d940
[ 1115.027506][T15747] netlink: 11 bytes leftover after parsing attributes in process `syz.7.2934'.
[ 1115.027534][T15747] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2934'.
[ 1115.027553][T15747] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2934'.
[ 1115.060267][T15746] uprobe: syz.6.2932:15746 failed to unregister, leaking uprobe
[ 1115.439866][T15760] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -107 0
[ 1115.499469][T15763] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2939'.
[ 1117.030920][   T36] audit: type=1800 audit(1771613245.184:140): pid=15781 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.6.2946" name="SYSV00000000" dev="tmpfs" ino=6 res=0 errno=0
[ 1117.793219][   T36] audit: type=1804 audit(1771613245.944:141): pid=15795 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.2951" name="/newroot/24/file0" dev="tmpfs" ino=141 res=1 errno=0
[ 1117.882399][T15797] netlink: 64 bytes leftover after parsing attributes in process `syz.6.2952'.
[ 1119.489866][T15816] autofs: Unknown parameter 'fd00000000000000000000'
[ 1125.972984][ T5871] usb 4-1: new full-speed USB device number 24 using dummy_hcd
[ 1126.832094][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[ 1126.842371][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[ 1126.949158][T15830] tmpfs: Bad value for 'mpol'
[ 1127.365455][T15841] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1127.520373][ T5871] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1127.520404][ T5871] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1127.520451][ T5871] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1127.520472][ T5871] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1127.747345][ T5871] usb 4-1: usb_control_msg returned -71
[ 1127.747381][ T5871] usbtmc 4-1:16.0: can't read capabilities
[ 1127.766714][ T5871] usb 4-1: USB disconnect, device number 24
[ 1129.184502][T15859] autofs: Unknown parameter 'fd00000000000000000000'
[ 1134.517888][T15874] netlink: 11 bytes leftover after parsing attributes in process `syz.4.2976'.
[ 1134.517906][T15874] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2976'.
[ 1134.517917][T15874] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2976'.
[ 1135.219820][T15893] autofs: Unknown parameter 'fd00000000000000000000'
[ 1135.375774][ T5810] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1135.411261][ T5810] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1135.412642][ T5810] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1135.414163][ T5810] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1135.415156][ T5810] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1135.767479][ T5863] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[ 1135.937271][ T5863] usb 4-1: Using ep0 maxpacket: 16
[ 1135.939555][ T5863] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1135.939584][ T5863] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1135.939604][ T5863] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1135.939642][ T5863] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1135.939662][ T5863] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1135.949351][ T5863] usb 4-1: config 0 descriptor??
[ 1136.430918][ T5863] usbhid 4-1:0.0: can't add hid device: -71
[ 1136.431025][ T5863] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1136.481618][ T5863] usb 4-1: USB disconnect, device number 25
[ 1136.502456][T15824] syz_tun (unregistering): left allmulticast mode
[ 1136.647954][T15918] trusted_key: encrypted_key: insufficient parameters specified
[ 1137.145288][T15926] autofs: Unknown parameter 'fd00000000000000000000'
[ 1138.333519][ T5810] Bluetooth: hci0: command tx timeout
[ 1139.858974][   T68] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1140.282998][T15958] autofs: Unknown parameter 'fd00000000000000000000'
[ 1140.302447][   T68] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1140.356004][T15897] chnl_net:caif_netlink_parms(): no params data found
[ 1140.358260][ T5810] Bluetooth: hci0: command tx timeout
[ 1140.765770][   T68] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1141.249394][   T68] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1141.331988][T15897] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1141.332131][T15897] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1141.332286][T15897] bridge_slave_0: entered allmulticast mode
[ 1141.333900][T15897] bridge_slave_0: entered promiscuous mode
[ 1141.336103][T15897] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1141.336225][T15897] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1141.336334][T15897] bridge_slave_1: entered allmulticast mode
[ 1141.341651][T15897] bridge_slave_1: entered promiscuous mode
[ 1141.402655][T15897] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1141.407139][T15897] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1141.486169][T15984] syz_tun: entered allmulticast mode
[ 1141.494358][T15897] team0: Port device team_slave_0 added
[ 1141.503325][T15897] team0: Port device team_slave_1 added
[ 1141.523440][T15983] syz_tun: left allmulticast mode
[ 1141.569505][T15897] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1141.569522][T15897] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1141.569547][T15897] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1141.571727][T15897] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1141.571740][T15897] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1141.571763][T15897] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1141.850952][T15989] autofs: Unknown parameter 'fd00000000000000000000'
[ 1142.039788][T15897] hsr_slave_0: entered promiscuous mode
[ 1142.041074][T15897] hsr_slave_1: entered promiscuous mode
[ 1142.041896][T15897] debugfs: 'hsr0' already exists in 'hsr'
[ 1142.041919][T15897] Cannot create hsr debugfs directory
[ 1142.274934][   T68] bridge_slave_1: left allmulticast mode
[ 1142.274962][   T68] bridge_slave_1: left promiscuous mode
[ 1142.275165][   T68] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1142.667369][ T5810] Bluetooth: hci0: command tx timeout
[ 1142.708769][   T68] bridge_slave_0: left allmulticast mode
[ 1142.708798][   T68] bridge_slave_0: left promiscuous mode
[ 1142.738347][   T68] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1144.677336][ T5810] Bluetooth: hci0: command tx timeout
[ 1144.831448][T16027] autofs: Unknown parameter 'fd00000000000000000000'
[ 1145.230203][   T68] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1145.308101][   T68] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1145.329271][   T68] bond0 (unregistering): Released all slaves
[ 1145.708725][T16034] netlink: 11 bytes leftover after parsing attributes in process `syz.7.3031'.
[ 1145.708754][T16034] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3031'.
[ 1145.708773][T16034] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3031'.
[ 1145.711059][T16019] syz_tun: entered allmulticast mode
[ 1145.759645][   T68] tipc: Left network mode
[ 1145.759851][T16019] syz_tun: left allmulticast mode
[ 1146.720938][T16061] autofs: Unknown parameter 'fd00000000000000000000'
[ 1147.601821][T16068] netlink: 11 bytes leftover after parsing attributes in process `syz.7.3043'.
[ 1147.601847][T16068] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3043'.
[ 1147.601861][T16068] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3043'.
[ 1148.830474][ T5810] Bluetooth: hci2: command 0x0406 tx timeout
[ 1149.231641][T15897] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1149.313961][T15897] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1149.366348][T16112] netlink: 11 bytes leftover after parsing attributes in process `syz.7.3056'.
[ 1149.366372][T16112] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3056'.
[ 1149.366399][T16112] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3056'.
[ 1149.467596][T15897] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1149.527876][T15897] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1150.748601][   T68] hsr_slave_0: left promiscuous mode
[ 1150.802010][   T68] hsr_slave_1: left promiscuous mode
[ 1150.815609][   T68] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1150.815638][   T68] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1150.838953][   T68] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1150.838980][   T68] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1151.143535][   T68] veth1_macvtap: left promiscuous mode
[ 1151.143639][   T68] veth0_macvtap: left promiscuous mode
[ 1151.143879][   T68] veth1_vlan: left promiscuous mode
[ 1151.144046][   T68] veth0_vlan: left promiscuous mode
[ 1151.228887][   T36] audit: type=1800 audit(1771613279.384:142): pid=16147 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.3069" name="SYSV00000000" dev="tmpfs" ino=10 res=0 errno=0
[ 1152.288717][   T68] team0 (unregistering): Port device team_slave_1 removed
[ 1152.328087][   T68] team0 (unregistering): Port device team_slave_0 removed
[ 1152.631147][T16129] syz_tun: entered allmulticast mode
[ 1152.633165][T16129] syz_tun: left allmulticast mode
[ 1152.817822][   T36] audit: type=1326 audit(1771613280.974:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16164 comm="syz.7.3074" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbcbc8dc629 code=0x0
[ 1155.116660][T15897] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1155.194508][T15897] 8021q: adding VLAN 0 to HW filter on device team0
[ 1155.234414][ T1175] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1155.234551][ T1175] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1155.314869][ T1175] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1155.315002][ T1175] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1157.289399][T15897] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1157.610704][   T36] audit: type=1326 audit(1771613285.754:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16217 comm="syz.3.3085" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3f422fc629 code=0x0
[ 1157.643607][   T68] IPVS: stop unused estimator thread 0...
[ 1158.223424][T15897] veth0_vlan: entered promiscuous mode
[ 1158.255132][T15897] veth1_vlan: entered promiscuous mode
[ 1159.406530][T15897] veth0_macvtap: entered promiscuous mode
[ 1159.459907][T15897] veth1_macvtap: entered promiscuous mode
[ 1160.959331][T15897] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1160.997571][T15897] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1162.042814][T11557] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1162.065083][T11557] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1162.065988][T11557] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1162.066267][T11557] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1162.550173][   T36] audit: type=1326 audit(1771613290.704:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16281 comm="syz.5.3100" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f58f086c629 code=0x0
[ 1164.723637][ T1175] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1164.723659][ T1175] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1164.845149][T16018] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1164.845170][T16018] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1168.343335][   T36] audit: type=1326 audit(1771613296.494:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16321 comm="syz.3.3111" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3f422fc629 code=0x0
[ 1171.917028][   T36] audit: type=1326 audit(1771613300.064:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16372 comm="syz.5.3123" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f58f086c629 code=0x0
[ 1172.064468][T16376] netlink: 1688 bytes leftover after parsing attributes in process `syz.8.3124'.
[ 1172.096544][ T5810] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1172.137741][ T5810] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1172.140971][ T5810] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1172.143965][ T5810] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1172.144713][ T5810] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1172.277306][ T5635] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[ 1172.437693][ T5635] usb 4-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[ 1172.437723][ T5635] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1172.437742][ T5635] usb 4-1: Product: syz
[ 1172.437754][ T5635] usb 4-1: Manufacturer: syz
[ 1172.437766][ T5635] usb 4-1: SerialNumber: syz
[ 1172.555390][ T5635] usb 4-1: config 0 descriptor??
[ 1172.576584][T16385] netlink: 212408 bytes leftover after parsing attributes in process `syz.8.3126'.
[ 1172.581351][ T5635] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[ 1172.630003][ T5635] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1172.630878][ T5635] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[ 1172.630959][ T5635] usb 4-1: media controller created
[ 1172.681459][ T5635] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1172.759295][T16008] syz_tun (unregistering): left allmulticast mode
[ 1172.765456][T16359] dvb-usb: bulk message failed: -22 (7/0)
[ 1173.052096][ T5635] DVB: Unable to find symbol mt352_attach()
[ 1173.200712][ T5635] DVB: Unable to find symbol nxt6000_attach()
[ 1173.200727][ T5635] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[ 1173.224461][ T5635] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input18
[ 1173.262463][ T5635] dvb-usb: schedule remote query interval to 1000 msecs.
[ 1173.262486][ T5635] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[ 1173.262501][ T5635] dvb-usb: bulk message failed: -22 (7/0)
[ 1173.262513][ T5635] dvb-usb: bulk message failed: -22 (7/0)
[ 1173.301782][ T5635] usb 4-1: USB disconnect, device number 26
[ 1173.549953][T16404] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1173.706801][ T5635] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[ 1174.291251][ T5810] Bluetooth: hci1: command tx timeout
[ 1174.950452][T16416] netlink: 1688 bytes leftover after parsing attributes in process `syz.5.3135'.
[ 1175.124483][T12102] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1175.414018][T16375] chnl_net:caif_netlink_parms(): no params data found
[ 1175.757458][  T809] usb 4-1: new full-speed USB device number 27 using dummy_hcd
[ 1176.222609][  T809] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1176.222639][  T809] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1176.222678][  T809] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1176.222698][  T809] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1176.362908][ T5810] Bluetooth: hci1: command tx timeout
[ 1176.382980][ T5810] Bluetooth: hci4: unexpected event for opcode 0x1ce4
[ 1176.482273][  T809] usb 4-1: GET_CAPABILITIES returned 0
[ 1176.482322][  T809] usbtmc 4-1:16.0: can't read capabilities
[ 1176.489141][T12102] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1176.563447][   T36] audit: type=1800 audit(1771613304.714:148): pid=16443 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.3145" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[ 1176.682557][T16426] tmpfs: Bad value for 'mpol'
[ 1177.068845][T16453] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1177.132626][T16458] netlink: 1688 bytes leftover after parsing attributes in process `syz.5.3149'.
[ 1177.254172][T12102] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1177.434432][ T5810] Bluetooth: hci5: unexpected event for opcode 0xa14c
[ 1178.629076][ T5810] Bluetooth: hci1: command tx timeout
[ 1179.003808][T12102] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1179.050679][T16375] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1179.050864][T16375] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1179.051088][T16375] bridge_slave_0: entered allmulticast mode
[ 1179.062573][T16375] bridge_slave_0: entered promiscuous mode
[ 1179.099055][T16375] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1179.099680][T16375] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1179.104487][T16375] bridge_slave_1: entered allmulticast mode
[ 1179.109236][T16375] bridge_slave_1: entered promiscuous mode
[ 1179.372081][T16375] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1179.395105][T16375] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1179.485687][   T36] audit: type=1804 audit(1771613307.634:149): pid=16492 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.7.3162" name="file0" dev="tmpfs" ino=1609 res=1 errno=0
[ 1180.329065][T16375] team0: Port device team_slave_0 added
[ 1180.334727][T16375] team0: Port device team_slave_1 added
[ 1180.582663][T16375] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1180.582680][T16375] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1180.582704][T16375] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1180.704150][ T5810] Bluetooth: hci1: command tx timeout
[ 1180.842111][T16375] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1180.842123][T16375] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1180.842148][T16375] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1181.058115][T16506] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3166'.
[ 1181.301728][T16375] hsr_slave_0: entered promiscuous mode
[ 1181.302947][T16375] hsr_slave_1: entered promiscuous mode
[ 1181.305910][T16375] debugfs: 'hsr0' already exists in 'hsr'
[ 1181.305936][T16375] Cannot create hsr debugfs directory
[ 1181.737312][T16426] usbtmc 4-1:16.0: usbtmc_ioctl_request failed -110
[ 1182.727448][ T5635] usb 4-1: USB disconnect, device number 27
[ 1186.740188][ T5635] usb 4-1: new full-speed USB device number 28 using dummy_hcd
[ 1186.982754][ T5635] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1186.982786][ T5635] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1186.982826][ T5635] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1186.982846][ T5635] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1187.214614][ T5635] usb 4-1: GET_CAPABILITIES returned 0
[ 1187.214643][ T5635] usbtmc 4-1:16.0: can't read capabilities
[ 1187.416506][T16556] tmpfs: Bad value for 'mpol'
[ 1187.652599][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[ 1187.652756][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[ 1188.718784][T12102] team0: left allmulticast mode
[ 1188.718804][T12102] team_slave_0: left allmulticast mode
[ 1188.718824][T12102] team_slave_1: left allmulticast mode
[ 1188.719101][T12102] team0: left promiscuous mode
[ 1188.719114][T12102] team_slave_0: left promiscuous mode
[ 1188.719321][T12102] team_slave_1: left promiscuous mode
[ 1188.719491][T12102] bridge1: left promiscuous mode
[ 1188.719638][T12102] bridge3: left promiscuous mode
[ 1188.719791][T12102] bridge4: left promiscuous mode
[ 1188.719929][T12102] bridge5: left promiscuous mode
[ 1188.720066][T12102] bridge6: left promiscuous mode
[ 1188.720453][T12102] bridge0: port 3(team0) entered disabled state
[ 1188.816345][T16584] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1188.979881][T12102] bridge_slave_1: left allmulticast mode
[ 1188.979903][T12102] bridge_slave_1: left promiscuous mode
[ 1188.980170][T12102] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1189.073248][T12102] bridge_slave_0: left allmulticast mode
[ 1189.073277][T12102] bridge_slave_0: left promiscuous mode
[ 1189.073529][T12102] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1190.919736][T16607] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3189'.
[ 1191.297008][T12102] team0: Port device bridge1 removed
[ 1191.539988][T12102] team0: Port device bridge3 removed
[ 1191.728411][T12102] team0: Port device bridge4 removed
[ 1191.762941][T16609] ceph: No mds server is up or the cluster is laggy
[ 1191.913793][T12102] team0: Port device bridge5 removed
[ 1192.088394][T12102] team0: Port device bridge6 removed
[ 1192.226190][T12102] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1192.279023][T12102] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1192.335238][T12102] bond0 (unregistering): Released all slaves
[ 1192.353292][T12102] bond1 (unregistering): Released all slaves
[ 1192.446092][T16556] usbtmc 4-1:16.0: usbtmc_ioctl_request failed -110
[ 1192.454149][   T10] usb 4-1: USB disconnect, device number 28
[ 1192.722197][   T36] audit: type=1804 audit(1771613320.854:150): pid=16618 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.5.3193" name="file0" dev="tmpfs" ino=3355 res=1 errno=0
[ 1193.978586][T16632] netlink: 11 bytes leftover after parsing attributes in process `syz.3.3197'.
[ 1193.978606][T16632] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3197'.
[ 1193.978617][T16632] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3197'.
[ 1194.007332][  T809] IPVS: starting estimator thread 0...
[ 1194.157310][T16637] IPVS: using max 10 ests per chain, 24000 per kthread
[ 1194.227804][T12102] IPVS: stopping backup sync thread 6536 ...
[ 1194.427971][ T5809] Bluetooth: hci4: unexpected event for opcode 0x7227
[ 1194.745863][   T36] audit: type=1804 audit(1771613322.894:151): pid=16656 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.5.3204" name="file0" dev="tmpfs" ino=3371 res=1 errno=0
[ 1195.727221][ T5810] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1195.964243][T16665] ceph: No mds server is up or the cluster is laggy
[ 1195.964957][ T5863] libceph: connect (1)[c::]:6789 error -101
[ 1195.965156][ T5863] libceph: mon0 (1)[c::]:6789 connect error
[ 1196.015443][ T5871] IPVS: starting estimator thread 0...
[ 1196.137383][T16674] IPVS: using max 10 ests per chain, 24000 per kthread
[ 1196.165819][T16671] netlink: 11 bytes leftover after parsing attributes in process `syz.8.3207'.
[ 1196.165847][T16671] netlink: 24 bytes leftover after parsing attributes in process `syz.8.3207'.
[ 1196.165865][T16671] netlink: 24 bytes leftover after parsing attributes in process `syz.8.3207'.
[ 1196.640029][T16682] trusted_key: encrypted_key: insufficient parameters specified
[ 1197.233655][ T5809] Bluetooth: hci2: unexpected event for opcode 0x8f27
[ 1199.682420][T16719] trusted_key: encrypted_key: insufficient parameters specified
[ 1199.880901][T16716] netlink: 11 bytes leftover after parsing attributes in process `syz.5.3217'.
[ 1199.881029][T16716] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3217'.
[ 1199.881049][T16716] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3217'.
[ 1200.058752][    T9] usb 4-1: new full-speed USB device number 29 using dummy_hcd
[ 1200.260024][   T36] audit: type=1800 audit(1771613328.414:152): pid=16727 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.3222" name="SYSV00000000" dev="tmpfs" ino=11 res=0 errno=0
[ 1200.409867][    T9] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1200.409897][    T9] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1200.409933][    T9] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1200.409953][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1200.474993][T12102] hsr_slave_0: left promiscuous mode
[ 1200.563741][T12102] hsr_slave_1: left promiscuous mode
[ 1200.564783][T12102] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1200.564807][T12102] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1200.668681][    T9] usb 4-1: GET_CAPABILITIES returned 0
[ 1200.668710][    T9] usbtmc 4-1:16.0: can't read capabilities
[ 1200.722770][T12102] veth1_macvtap: left promiscuous mode
[ 1200.722873][T12102] veth0_macvtap: left promiscuous mode
[ 1200.742191][T12102] veth1_vlan: left promiscuous mode
[ 1200.742376][T12102] veth0_vlan: left promiscuous mode
[ 1200.878262][T16720] tmpfs: Bad value for 'mpol'
[ 1200.891739][T16735] ceph: No mds server is up or the cluster is laggy
[ 1201.098925][T16742] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1204.108596][T12102] team0 (unregistering): Port device team_slave_1 removed
[ 1204.248677][T12102] team0 (unregistering): Port device team_slave_0 removed
[ 1204.544543][T16765] netlink: 11 bytes leftover after parsing attributes in process `syz.7.3231'.
[ 1204.544568][T16765] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3231'.
[ 1204.544582][T16765] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3231'.
[ 1205.013648][T16375] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1205.075738][T16375] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1205.161050][T16375] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1205.222423][T16375] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1205.624489][T16375] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1205.662164][T16375] 8021q: adding VLAN 0 to HW filter on device team0
[ 1205.690268][ T7229] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1205.690406][ T7229] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1205.692624][ T7229] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1205.692748][ T7229] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1205.976438][T16720] usbtmc 4-1:16.0: usbtmc_ioctl_request failed -110
[ 1206.269520][ T5863] usb 4-1: USB disconnect, device number 29
[ 1206.689885][T16788] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[ 1208.182173][T16375] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1208.685190][T12102] IPVS: stop unused estimator thread 0...
[ 1208.865166][T16811] netlink: 11 bytes leftover after parsing attributes in process `syz.5.3241'.
[ 1208.865184][T16811] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3241'.
[ 1208.865196][T16811] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3241'.
[ 1210.253962][T16827] ceph: No mds server is up or the cluster is laggy
[ 1214.599494][T16375] veth0_vlan: entered promiscuous mode
[ 1214.645238][T16851] netlink: 11 bytes leftover after parsing attributes in process `syz.5.3253'.
[ 1214.645260][T16851] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3253'.
[ 1214.645273][T16851] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3253'.
[ 1214.714819][T16853] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3254'.
[ 1215.221749][T16375] veth1_vlan: entered promiscuous mode
[ 1215.561788][T16375] veth0_macvtap: entered promiscuous mode
[ 1215.578944][T16375] veth1_macvtap: entered promiscuous mode
[ 1215.643026][T16375] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1215.672282][T16375] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1215.693858][T12102] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1215.694062][T12102] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1215.694095][T12102] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1215.694126][T12102] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1216.309953][  T174] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1216.309974][  T174] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1216.383139][  T174] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1216.383154][  T174] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1216.695859][   T31] libceph: connect (1)[c::]:6789 error -101
[ 1216.695981][   T31] libceph: mon0 (1)[c::]:6789 connect error
[ 1217.064224][ T5964] libceph: connect (1)[c::]:6789 error -101
[ 1217.064349][ T5964] libceph: mon0 (1)[c::]:6789 connect error
[ 1217.270901][T16866] ceph: No mds server is up or the cluster is laggy
[ 1217.807484][   T10] usb 5-1: new full-speed USB device number 16 using dummy_hcd
[ 1217.979661][   T10] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1217.979691][   T10] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1217.979730][   T10] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1217.979751][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1218.195036][   T10] usb 5-1: GET_CAPABILITIES returned 0
[ 1218.195070][   T10] usbtmc 5-1:16.0: can't read capabilities
[ 1218.418641][T16879] tmpfs: Bad value for 'mpol'
[ 1219.698377][T16896] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3265'.
[ 1219.725023][T16892] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1219.791801][ T5810] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1219.820245][ T5810] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1219.821594][ T5810] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1219.822632][ T5810] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1219.823235][ T5810] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1220.792369][T16913] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1221.176732][ T5964] libceph: connect (1)[c::]:6789 error -101
[ 1221.176919][ T5964] libceph: mon0 (1)[c::]:6789 connect error
[ 1221.427896][ T5964] libceph: connect (1)[c::]:6789 error -101
[ 1221.428095][ T5964] libceph: mon0 (1)[c::]:6789 connect error
[ 1221.660046][   T42] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1221.760767][T16918] ceph: No mds server is up or the cluster is laggy
[ 1221.993801][ T5810] Bluetooth: hci3: command tx timeout
[ 1222.065157][T16933] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3277'.
[ 1222.965622][   T42] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1223.813752][T16879] usbtmc 5-1:16.0: usbtmc_ioctl_request failed -110
[ 1223.827399][   T10] usb 5-1: USB disconnect, device number 16
[ 1224.023663][   T42] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1224.037365][ T5810] Bluetooth: hci3: command tx timeout
[ 1224.145209][T16898] chnl_net:caif_netlink_parms(): no params data found
[ 1224.212978][T16961] trusted_key: encrypted_key: insufficient parameters specified
[ 1224.282394][T16963] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1224.643137][   T42] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1224.839449][T16973] netlink: 32 bytes leftover after parsing attributes in process `syz.8.3287'.
[ 1224.936536][T16898] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1224.936743][T16898] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1224.936936][T16898] bridge_slave_0: entered allmulticast mode
[ 1224.940648][T16898] bridge_slave_0: entered promiscuous mode
[ 1224.943873][T16898] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1224.944071][T16898] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1224.944259][T16898] bridge_slave_1: entered allmulticast mode
[ 1224.946712][T16898] bridge_slave_1: entered promiscuous mode
[ 1224.989637][T16898] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1224.993803][T16898] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1225.245271][T16898] team0: Port device team_slave_0 added
[ 1225.262540][T16898] team0: Port device team_slave_1 added
[ 1225.400428][T16898] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1225.400445][T16898] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1225.400470][T16898] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1225.458111][T16898] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1225.458128][T16898] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1225.458154][T16898] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1225.667030][T16987] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3288'.
[ 1225.680318][T16978] ceph: No mds server is up or the cluster is laggy
[ 1226.117267][ T5810] Bluetooth: hci3: command tx timeout
[ 1227.355096][T16898] hsr_slave_0: entered promiscuous mode
[ 1227.355870][T16898] hsr_slave_1: entered promiscuous mode
[ 1227.371654][T17007] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1227.453672][   T42] bridge_slave_1: left allmulticast mode
[ 1227.453701][   T42] bridge_slave_1: left promiscuous mode
[ 1227.453940][   T42] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1227.503654][T17013] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3299'.
[ 1227.531449][   T42] bridge_slave_0: left allmulticast mode
[ 1227.531469][   T42] bridge_slave_0: left promiscuous mode
[ 1227.531645][   T42] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1228.263750][ T5810] Bluetooth: hci3: command tx timeout
[ 1228.268001][    T9] libceph: connect (1)[c::]:6789 error -101
[ 1228.268192][    T9] libceph: mon0 (1)[c::]:6789 connect error
[ 1228.601388][    T9] libceph: connect (1)[c::]:6789 error -101
[ 1228.601545][    T9] libceph: mon0 (1)[c::]:6789 connect error
[ 1228.620973][T17018] ceph: No mds server is up or the cluster is laggy
[ 1229.130357][T17029] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3302'.
[ 1232.712360][   T36] audit: type=1804 audit(1771613360.864:153): pid=17045 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.7.3309" name="file0" dev="tmpfs" ino=1792 res=1 errno=0
[ 1233.101143][   T42] team0: Port device bridge2 removed
[ 1233.209982][T17052] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1233.248659][   T42] team0: Port device bridge3 removed
[ 1233.788620][   T42] team0: Port device bridge4 removed
[ 1235.147288][   T36] audit: type=1804 audit(1771613363.294:154): pid=17072 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.3319" name="file0" dev="tmpfs" ino=525 res=1 errno=0
[ 1235.178024][   T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1235.238202][   T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1235.308041][   T42] bond0 (unregistering): (slave batadv0): Releasing backup interface
[ 1235.349531][   T42] bond0 (unregistering): Released all slaves
[ 1235.354863][   T42] bond1 (unregistering): Released all slaves
[ 1235.399955][   T42] bond2 (unregistering): Released all slaves
[ 1235.430215][   T42] bond3 (unregistering): Released all slaves
[ 1235.653241][   T42] tipc: Left network mode
[ 1238.060359][T17096] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3324'.
[ 1239.000637][T17100] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1247.709152][T17148] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1248.009451][   T42] hsr_slave_0: left promiscuous mode
[ 1248.417896][   T42] hsr_slave_1: left promiscuous mode
[ 1248.907907][   T42] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1248.907936][   T42] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1248.978458][   T42] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1248.978485][   T42] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1249.177283][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[ 1249.177352][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[ 1249.677424][   T42] veth1_macvtap: left promiscuous mode
[ 1249.677487][   T42] veth0_macvtap: left promiscuous mode
[ 1249.677647][   T42] veth1_vlan: left promiscuous mode
[ 1249.677742][   T42] veth0_vlan: left promiscuous mode
[ 1254.627931][   T42] team0 (unregistering): Port device team_slave_1 removed
[ 1254.678467][   T42] team0 (unregistering): Port device team_slave_0 removed
[ 1255.403019][T17182] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3349'.
[ 1257.192717][T17202] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1259.011438][T17219] sit0: entered promiscuous mode
[ 1259.011462][T17219] sit0: entered allmulticast mode
[ 1262.661522][T17254] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1262.671677][T16898] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1262.773152][T16898] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1263.757627][T16898] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1263.872668][T16898] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1266.911316][   T42] IPVS: stop unused estimator thread 0...
[ 1267.248633][T16379] Bluetooth: hci0: command 0x0406 tx timeout
[ 1267.587730][T17300] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3379'.
[ 1267.726445][T16898] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1267.745659][T16898] 8021q: adding VLAN 0 to HW filter on device team0
[ 1267.756484][T16178] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1267.765222][T16178] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1267.783274][T16178] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1267.783416][T16178] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1267.905496][T17309] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1269.346258][T16898] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1269.452074][T17335] netlink: 32 bytes leftover after parsing attributes in process `syz.8.3393'.
[ 1270.060146][T17357] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1270.739470][T16898] veth0_vlan: entered promiscuous mode
[ 1270.789046][T16898] veth1_vlan: entered promiscuous mode
[ 1270.913656][T16898] veth0_macvtap: entered promiscuous mode
[ 1270.929675][T16898] veth1_macvtap: entered promiscuous mode
[ 1270.976069][T16898] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1271.010897][T16898] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1271.064030][ T1175] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1271.064448][ T1175] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1271.065331][ T1175] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1271.100623][ T1175] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1271.406447][   T36] audit: type=1800 audit(1771613399.554:155): pid=17379 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.7.3408" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0
[ 1271.494782][ T1175] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1271.494802][ T1175] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1271.617282][ T1459] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1271.617301][ T1459] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1272.688178][T17390] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1276.431440][   T36] audit: type=1800 audit(1771613404.584:156): pid=17426 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.8.3423" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[ 1276.628131][T17431] trusted_key: encrypted_key: insufficient parameters specified
[ 1277.040053][T17438] netlink: 20 bytes leftover after parsing attributes in process `syz.7.3426'.
[ 1277.127305][T17439] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1278.067342][ T5863] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[ 1280.453512][ T5863] usb 5-1: device descriptor read/all, error -71
[ 1282.270091][T17493] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1291.182895][T17551] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1294.114850][T17584] bridge0: port 3(syz_tun) entered blocking state
[ 1294.125134][T17584] bridge0: port 3(syz_tun) entered disabled state
[ 1294.125344][T17584] syz_tun: entered allmulticast mode
[ 1294.127271][T17584] syz_tun: entered promiscuous mode
[ 1294.269775][   T36] audit: type=1804 audit(1771613422.424:157): pid=17589 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.3471" name="file0" dev="tmpfs" ino=233 res=1 errno=0
[ 1295.728846][T17602] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1297.417198][ T5810] Bluetooth: hci1: command 0x0406 tx timeout
[ 1300.416398][   T36] audit: type=1326 audit(1771613428.564:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17651 comm="syz.4.3491" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f528b59c629 code=0x0
[ 1302.980839][T17666] Set syz1 is full, maxelem 1021 reached
[ 1304.078471][   T36] audit: type=1326 audit(1771613432.234:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17686 comm="syz.8.3503" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f25f324c629 code=0x0
[ 1308.243787][T17740] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3518'.
[ 1308.512604][T17745] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1308.536739][T17745] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1308.577448][T17747] bridge0: port 3(syz_tun) entered blocking state
[ 1308.577576][T17747] bridge0: port 3(syz_tun) entered disabled state
[ 1308.577786][T17747] syz_tun: entered allmulticast mode
[ 1308.583484][T17747] syz_tun: entered promiscuous mode
[ 1308.834372][T17751] netlink: 'syz.7.3522': attribute type 6 has an invalid length.
[ 1309.724074][T17770] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3529'.
[ 1310.525224][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[ 1310.525292][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[ 1310.598689][   T36] audit: type=1800 audit(1771613438.744:160): pid=17784 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.3533" name="SYSV00000000" dev="tmpfs" ino=2 res=0 errno=0
[ 1312.016932][T17804] netlink: 64 bytes leftover after parsing attributes in process `syz.7.3540'.
[ 1314.034317][   T36] audit: type=1800 audit(1771613442.184:161): pid=17824 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.3547" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[ 1314.202252][T15426] IPVS: starting estimator thread 0...
[ 1314.297341][T17827] IPVS: using max 9 ests per chain, 21600 per kthread
[ 1314.639895][T17832] netlink: 11 bytes leftover after parsing attributes in process `syz.5.3551'.
[ 1314.639918][T17832] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3551'.
[ 1314.639930][T17832] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3551'.
[ 1314.699691][T17833] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3548'.
[ 1314.874295][T17841] netlink: 64 bytes leftover after parsing attributes in process `syz.5.3553'.
[ 1317.829927][T17872] netlink: 11 bytes leftover after parsing attributes in process `syz.7.3563'.
[ 1317.829944][T17872] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3563'.
[ 1317.829955][T17872] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3563'.
[ 1317.891957][T17874] 9p: Bad value for 'rfdno'
[ 1322.225982][T17910] netlink: 11 bytes leftover after parsing attributes in process `syz.7.3576'.
[ 1322.226000][T17910] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3576'.
[ 1322.226011][T17910] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3576'.
[ 1323.908624][T17941] trusted_key: encrypted_key: insufficient parameters specified
[ 1325.951131][T17970] netlink: 'syz.3.3599': attribute type 6 has an invalid length.
[ 1326.729480][   T68] bond0: (slave bond_slave_0): interface is now down
[ 1326.729510][   T68] bond0: (slave bond_slave_1): interface is now down
[ 1326.732605][T17987] netlink: 'syz.4.3605': attribute type 10 has an invalid length.
[ 1326.849109][   T68] bond0: now running without any active interface!
[ 1326.917696][T17987] syz_tun: left allmulticast mode
[ 1326.918357][T17987] bridge0: port 3(syz_tun) entered disabled state
[ 1327.088920][T17987] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[ 1327.106052][   T12] bond0: (slave syz_tun): interface is now down
[ 1327.106370][   T12] bond0: now running without any active interface!
[ 1330.226582][T18033] netlink: 20 bytes leftover after parsing attributes in process `syz.8.3618'.
[ 1330.311582][T18036] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3618'.
[ 1330.313409][ T1459] netdevsim netdevsim8 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1330.334540][T18036] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3618'.
[ 1330.334728][T18033] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3618'.
[ 1330.335368][   T79] netdevsim netdevsim8 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1330.356867][   T79] netdevsim netdevsim8 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1330.356918][   T79] netdevsim netdevsim8 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1343.240442][T18121] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1343.241181][T18121] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1346.329800][T18161] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3662'.
[ 1346.400469][ T6734] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1346.400594][T18161] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3662'.
[ 1346.401067][ T6734] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1346.401104][ T6734] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1346.401133][ T6734] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1348.461731][T18183] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1348.462086][T18183] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1353.188950][T18270] netlink: 'syz.7.3699': attribute type 10 has an invalid length.
[ 1353.331370][   T79] bond0: (slave bond_slave_0): interface is now down
[ 1353.331394][   T79] bond0: (slave bond_slave_1): interface is now down
[ 1353.762200][T16178] bond0: (slave bond_slave_0): interface is now down
[ 1353.762272][T16178] bond0: (slave bond_slave_1): interface is now down
[ 1353.784258][ T1504] bond0: (slave bond_slave_0): interface is now down
[ 1353.784325][ T1504] bond0: (slave bond_slave_1): interface is now down
[ 1353.803218][ T1504] bond0: (slave bond_slave_0): interface is now down
[ 1353.803285][ T1504] bond0: (slave bond_slave_1): interface is now down
[ 1354.060127][ T6084] bond0: (slave bond_slave_0): interface is now down
[ 1354.060197][ T6084] bond0: (slave bond_slave_1): interface is now down
[ 1354.370681][   T13] bond0: (slave bond_slave_0): interface is now down
[ 1354.370702][   T13] bond0: (slave bond_slave_1): interface is now down
[ 1354.548101][  T174] bond0: (slave bond_slave_0): interface is now down
[ 1354.548152][  T174] bond0: (slave bond_slave_1): interface is now down
[ 1354.567573][  T174] bond0: (slave bond_slave_0): interface is now down
[ 1354.567655][  T174] bond0: (slave bond_slave_1): interface is now down
[ 1354.591075][  T174] bond0: (slave bond_slave_0): interface is now down
[ 1354.591159][  T174] bond0: (slave bond_slave_1): interface is now down
[ 1354.615194][ T1175] bond0: (slave bond_slave_0): interface is now down
[ 1354.615275][ T1175] bond0: (slave bond_slave_1): interface is now down
[ 1354.639187][  T174] bond0: (slave bond_slave_0): interface is now down
[ 1354.639268][  T174] bond0: (slave bond_slave_1): interface is now down
[ 1354.704504][   T12] bond0: (slave bond_slave_0): interface is now down
[ 1354.704589][   T12] bond0: (slave bond_slave_1): interface is now down
[ 1354.753852][ T7229] bond0: (slave bond_slave_0): interface is now down
[ 1354.753921][ T7229] bond0: (slave bond_slave_1): interface is now down
[ 1355.261172][T18270] syz_tun: left allmulticast mode
[ 1355.261315][T18270] bridge0: port 3(syz_tun) entered disabled state
[ 1357.323500][T18011] bond0: (slave bond_slave_0): interface is now down
[ 1357.326087][T18011] bond0: (slave bond_slave_1): interface is now down
[ 1358.217266][   T56] bond0: (slave bond_slave_0): interface is now down
[ 1358.217288][   T56] bond0: (slave bond_slave_1): interface is now down
[ 1358.240770][T11557] bond0: (slave bond_slave_0): interface is now down
[ 1358.240793][T11557] bond0: (slave bond_slave_1): interface is now down
[ 1358.267211][   T13] bond0: (slave bond_slave_0): interface is now down
[ 1358.267232][   T13] bond0: (slave bond_slave_1): interface is now down
[ 1358.287259][   T13] bond0: (slave bond_slave_0): interface is now down
[ 1358.287279][   T13] bond0: (slave bond_slave_1): interface is now down
[ 1358.306017][T18270] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[ 1358.414984][   T56] bond0: (slave bond_slave_0): interface is now down
[ 1358.415117][   T56] bond0: (slave bond_slave_1): interface is now down
[ 1358.415131][   T56] bond0: (slave syz_tun): interface is now down
[ 1358.429584][  T174] bond0: (slave bond_slave_0): interface is now down
[ 1358.429609][  T174] bond0: (slave bond_slave_1): interface is now down
[ 1358.429621][  T174] bond0: (slave syz_tun): interface is now down
[ 1358.449780][   T56] bond0: (slave bond_slave_0): interface is now down
[ 1358.449803][   T56] bond0: (slave bond_slave_1): interface is now down
[ 1358.449815][   T56] bond0: (slave syz_tun): interface is now down
[ 1358.477472][T18011] bond0: (slave bond_slave_0): interface is now down
[ 1358.477494][T18011] bond0: (slave bond_slave_1): interface is now down
[ 1358.477506][T18011] bond0: (slave syz_tun): interface is now down
[ 1358.497499][   T56] bond0: (slave bond_slave_0): interface is now down
[ 1358.497522][   T56] bond0: (slave bond_slave_1): interface is now down
[ 1358.497534][   T56] bond0: (slave syz_tun): interface is now down
[ 1358.524142][   T12] bond0: (slave bond_slave_0): interface is now down
[ 1358.524165][   T12] bond0: (slave bond_slave_1): interface is now down
[ 1358.524176][   T12] bond0: (slave syz_tun): interface is now down
[ 1358.540461][  T174] bond0: (slave bond_slave_0): interface is now down
[ 1358.540485][  T174] bond0: (slave bond_slave_1): interface is now down
[ 1358.540497][  T174] bond0: (slave syz_tun): interface is now down
[ 1358.567399][   T56] bond0: (slave bond_slave_0): interface is now down
[ 1358.567421][   T56] bond0: (slave bond_slave_1): interface is now down
[ 1358.567433][   T56] bond0: (slave syz_tun): interface is now down
[ 1358.595658][   T56] bond0: (slave bond_slave_0): interface is now down
[ 1358.595680][   T56] bond0: (slave bond_slave_1): interface is now down
[ 1358.595693][   T56] bond0: (slave syz_tun): interface is now down
[ 1358.613840][  T174] bond0: (slave bond_slave_0): interface is now down
[ 1358.613860][  T174] bond0: (slave bond_slave_1): interface is now down
[ 1358.613870][  T174] bond0: (slave syz_tun): interface is now down
[ 1358.627391][ T1354] bond0: (slave bond_slave_0): interface is now down
[ 1358.627413][ T1354] bond0: (slave bond_slave_1): interface is now down
[ 1358.627424][ T1354] bond0: (slave syz_tun): interface is now down
[ 1358.661283][  T174] bond0: (slave bond_slave_0): interface is now down
[ 1358.661305][  T174] bond0: (slave bond_slave_1): interface is now down
[ 1358.661317][  T174] bond0: (slave syz_tun): interface is now down
[ 1358.683626][   T12] bond0: (slave bond_slave_0): interface is now down
[ 1358.683650][   T12] bond0: (slave bond_slave_1): interface is now down
[ 1358.683661][   T12] bond0: (slave syz_tun): interface is now down
[ 1358.697656][ T1354] bond0: (slave bond_slave_0): interface is now down
[ 1358.697677][ T1354] bond0: (slave bond_slave_1): interface is now down
[ 1358.697689][ T1354] bond0: (slave syz_tun): interface is now down
[ 1358.728059][   T13] bond0: (slave bond_slave_0): interface is now down
[ 1358.728080][   T13] bond0: (slave bond_slave_1): interface is now down
[ 1358.728093][   T13] bond0: (slave syz_tun): interface is now down
[ 1358.733373][   T13] bond0: now running without any active interface!
[ 1361.443146][T18333] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.3722'.
[ 1371.976945][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[ 1371.977023][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[ 1374.117750][T18510] netlink: 'syz.8.3784': attribute type 10 has an invalid length.
[ 1374.159739][T18510] syz_tun: entered promiscuous mode
[ 1374.356435][T18510] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[ 1379.336206][T18562] openvswitch: netlink: Flow actions attr not present in new flow.
[ 1380.098585][T18577] netlink: 'syz.7.3808': attribute type 10 has an invalid length.
[ 1380.441457][T18586] openvswitch: netlink: Flow actions attr not present in new flow.
[ 1382.015967][T18627] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3830'.
[ 1382.550456][T18640] netlink: 20 bytes leftover after parsing attributes in process `syz.7.3836'.
[ 1382.634812][   T42] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1382.635099][   T42] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1382.635149][   T42] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1382.635182][   T42] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1384.217656][T18677] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3850'.
[ 1384.263413][T18677] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3850'.
[ 1384.266169][   T42] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1384.266328][   T42] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1384.277244][ T6084] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1384.278788][T11557] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1385.153001][T18689] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3855'.
[ 1385.282673][T18692] trusted_key: encrypted_key: insufficient parameters specified
[ 1385.939248][T18705] netlink: 'syz.5.3862': attribute type 10 has an invalid length.
[ 1385.982153][T18705] syz_tun: entered promiscuous mode
[ 1386.023133][T18705] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[ 1386.411142][T18718] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1386.411171][T18718] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1387.858519][T18718] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1387.858548][T18718] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1388.609749][T18742] openvswitch: netlink: Flow actions attr not present in new flow.
[ 1391.354746][T18779] openvswitch: netlink: Flow actions attr not present in new flow.
[ 1392.929104][T18809] openvswitch: netlink: Flow actions attr not present in new flow.
[ 1395.286166][T18841] openvswitch: netlink: Flow actions attr not present in new flow.
[ 1397.220511][T18875] trusted_key: encrypted_key: insufficient parameters specified
[ 1408.289374][T18985] netdevsim netdevsim5 netdevsim0: entered allmulticast mode
[ 1409.232601][   T36] audit: type=1800 audit(1771613537.384:162): pid=19007 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.3973" name="SYSV00000000" dev="tmpfs" ino=3 res=0 errno=0
[ 1410.248165][ T5810] Bluetooth: hci3: command 0x0406 tx timeout
[ 1412.304245][T19028] openvswitch: netlink: Flow actions attr not present in new flow.
[ 1416.498583][T19067] openvswitch: netlink: Flow actions attr not present in new flow.
[ 1417.764885][T19082] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3996'.
[ 1418.151350][T19088] netlink: 'syz.7.4000': attribute type 10 has an invalid length.
[ 1418.151372][T19088] netlink: 55 bytes leftover after parsing attributes in process `syz.7.4000'.
[ 1420.777746][T19110] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4007'.
[ 1421.055613][T19116] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4010'.
[ 1423.357965][   T36] audit: type=1800 audit(1771613551.504:163): pid=19142 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.7.4019" name="SYSV00000000" dev="tmpfs" ino=2 res=0 errno=0
[ 1424.735243][ T1354] bond0: (slave bond_slave_0): interface is now down
[ 1424.735272][ T1354] bond0: (slave bond_slave_1): interface is now down
[ 1424.735285][ T1354] bond0: (slave syz_tun): interface is now down
[ 1424.752560][T19158] netlink: 'syz.8.4025': attribute type 10 has an invalid length.
[ 1424.753227][ T1354] bond0: (slave bond_slave_0): interface is now down
[ 1424.753252][ T1354] bond0: (slave bond_slave_1): interface is now down
[ 1424.753264][ T1354] bond0: (slave syz_tun): interface is now down
[ 1424.780833][   T12] bond0: (slave bond_slave_0): interface is now down
[ 1424.780857][   T12] bond0: (slave bond_slave_1): interface is now down
[ 1424.780869][   T12] bond0: (slave syz_tun): interface is now down
[ 1424.800468][   T12] bond0: (slave bond_slave_0): interface is now down
[ 1424.800490][   T12] bond0: (slave bond_slave_1): interface is now down
[ 1424.800502][   T12] bond0: (slave syz_tun): interface is now down
[ 1424.817289][ T1354] bond0: (slave bond_slave_0): interface is now down
[ 1424.817309][ T1354] bond0: (slave bond_slave_1): interface is now down
[ 1424.817321][ T1354] bond0: (slave syz_tun): interface is now down
[ 1424.847457][   T12] bond0: (slave bond_slave_0): interface is now down
[ 1424.847477][   T12] bond0: (slave bond_slave_1): interface is now down
[ 1424.847489][   T12] bond0: (slave syz_tun): interface is now down
[ 1424.873318][ T6084] bond0: (slave bond_slave_0): interface is now down
[ 1424.873332][ T6084] bond0: (slave bond_slave_1): interface is now down
[ 1424.873339][ T6084] bond0: (slave syz_tun): interface is now down
[ 1424.888186][T16018] bond0: (slave bond_slave_0): interface is now down
[ 1424.888206][T16018] bond0: (slave bond_slave_1): interface is now down
[ 1424.888217][T16018] bond0: (slave syz_tun): interface is now down
[ 1424.928011][ T6084] bond0: (slave bond_slave_0): interface is now down
[ 1424.928034][ T6084] bond0: (slave bond_slave_1): interface is now down
[ 1424.928044][ T6084] bond0: (slave syz_tun): interface is now down
[ 1424.937339][   T12] bond0: (slave bond_slave_0): interface is now down
[ 1424.937359][   T12] bond0: (slave bond_slave_1): interface is now down
[ 1424.937371][   T12] bond0: (slave syz_tun): interface is now down
[ 1424.957354][ T1354] bond0: (slave bond_slave_0): interface is now down
[ 1424.957374][ T1354] bond0: (slave bond_slave_1): interface is now down
[ 1424.957386][ T1354] bond0: (slave syz_tun): interface is now down
[ 1424.980534][ T1354] bond0: (slave bond_slave_0): interface is now down
[ 1424.980558][ T1354] bond0: (slave bond_slave_1): interface is now down
[ 1424.980570][ T1354] bond0: (slave syz_tun): interface is now down
[ 1424.997537][ T1354] bond0: (slave bond_slave_0): interface is now down
[ 1424.997559][ T1354] bond0: (slave bond_slave_1): interface is now down
[ 1424.997571][ T1354] bond0: (slave syz_tun): interface is now down
[ 1425.017267][ T1354] bond0: (slave bond_slave_0): interface is now down
[ 1425.017290][ T1354] bond0: (slave bond_slave_1): interface is now down
[ 1425.017302][ T1354] bond0: (slave syz_tun): interface is now down
[ 1425.037404][ T1354] bond0: (slave bond_slave_0): interface is now down
[ 1425.037424][ T1354] bond0: (slave bond_slave_1): interface is now down
[ 1425.037437][ T1354] bond0: (slave syz_tun): interface is now down
[ 1425.092119][ T6084] bond0: (slave bond_slave_0): interface is now down
[ 1425.092139][ T6084] bond0: (slave bond_slave_1): interface is now down
[ 1425.092150][ T6084] bond0: (slave syz_tun): interface is now down
[ 1425.120787][T11557] bond0: (slave bond_slave_0): interface is now down
[ 1425.120811][T11557] bond0: (slave bond_slave_1): interface is now down
[ 1425.120823][T11557] bond0: (slave syz_tun): interface is now down
[ 1425.124532][T11557] bond0: now running without any active interface!
[ 1425.729626][T19176] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[ 1428.954138][T19207] netlink: 'syz.8.4041': attribute type 10 has an invalid length.
[ 1431.023176][   T36] audit: type=1800 audit(1771613559.174:164): pid=19217 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.4045" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[ 1433.406793][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[ 1433.406871][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[ 1433.671162][T19231] syz.4.4046 (19231) used greatest stack depth: 17024 bytes left
[ 1434.468836][T19251] netlink: 'syz.4.4053': attribute type 10 has an invalid length.
[ 1434.848824][T19261] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4054'.
[ 1434.879059][T19263] netlink: 'syz.8.4055': attribute type 4 has an invalid length.
[ 1435.272909][   T36] audit: type=1800 audit(1771613563.424:165): pid=19270 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.7.4057" name="SYSV00000000" dev="tmpfs" ino=3 res=0 errno=0
[ 1438.378413][   T36] audit: type=1800 audit(1771613566.524:166): pid=19306 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.4072" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[ 1440.715731][T19318] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4077'.
[ 1441.241162][T19326] ==================================================================
[ 1441.241180][T19326] BUG: KASAN: slab-use-after-free in __list_add_valid_or_report+0x4e/0x130
[ 1441.241376][T19326] Read of size 8 at addr ffff888036e440c0 by task syz.8.4082/19326
[ 1441.241391][T19326] 
[ 1441.241420][T19326] CPU: 1 UID: 0 PID: 19326 Comm: syz.8.4082 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1441.241446][T19326] Tainted: [L]=SOFTLOCKUP
[ 1441.241453][T19326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1441.241472][T19326] Call Trace:
[ 1441.241482][T19326]  <TASK>
[ 1441.241490][T19326]  dump_stack_lvl+0xe8/0x150
[ 1441.241550][T19326]  print_report+0xba/0x230
[ 1441.241582][T19326]  ? __list_add_valid_or_report+0x4e/0x130
[ 1441.241604][T19326]  kasan_report+0x117/0x150
[ 1441.241712][T19326]  ? __list_add_valid_or_report+0x4e/0x130
[ 1441.241738][T19326]  __list_add_valid_or_report+0x4e/0x130
[ 1441.241763][T19326]  clone_mnt+0x447/0x9a0
[ 1441.241849][T19326]  copy_tree+0xde/0x930
[ 1441.241865][T19326]  ? rwbase_write_lock+0x568/0x730
[ 1441.241981][T19326]  copy_mnt_ns+0x24d/0x990
[ 1441.242001][T19326]  ? kmem_cache_alloc_noprof+0x388/0x680
[ 1441.242077][T19326]  ? create_new_namespaces+0x33/0x6a0
[ 1441.242126][T19326]  create_new_namespaces+0xcf/0x6a0
[ 1441.242151][T19326]  ? bpf_lsm_capable+0x9/0x20
[ 1441.242211][T19326]  ? security_capable+0x7e/0x2c0
[ 1441.242312][T19326]  unshare_nsproxy_namespaces+0x11a/0x160
[ 1441.242336][T19326]  ksys_unshare+0x4f4/0x900
[ 1441.242364][T19326]  ? __pfx_ksys_unshare+0x10/0x10
[ 1441.242381][T19326]  ? __pfx_kcov_ioctl+0x10/0x10
[ 1441.242415][T19326]  __x64_sys_unshare+0x38/0x50
[ 1441.242429][T19326]  do_syscall_64+0x14d/0xf80
[ 1441.242515][T19326]  ? trace_irq_disable+0x3b/0x150
[ 1441.242541][T19326]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1441.242575][T19326]  ? clear_bhb_loop+0x40/0x90
[ 1441.242592][T19326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1441.242610][T19326] RIP: 0033:0x7f25f324c629
[ 1441.242631][T19326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1441.242649][T19326] RSP: 002b:00007f25f149e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[ 1441.242676][T19326] RAX: ffffffffffffffda RBX: 00007f25f34c5fa0 RCX: 00007f25f324c629
[ 1441.242690][T19326] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000022020600
[ 1441.242702][T19326] RBP: 00007f25f32e2b39 R08: 0000000000000000 R09: 0000000000000000
[ 1441.242714][T19326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1441.242725][T19326] R13: 00007f25f34c6038 R14: 00007f25f34c5fa0 R15: 00007ffc63fb7858
[ 1441.242745][T19326]  </TASK>
[ 1441.242752][T19326] 
[ 1441.242756][T19326] Allocated by task 19305:
[ 1441.242766][T19326]  kasan_save_track+0x3e/0x80
[ 1441.242786][T19326]  __kasan_slab_alloc+0x6c/0x80
[ 1441.242806][T19326]  kmem_cache_alloc_noprof+0x33b/0x680
[ 1441.242827][T19326]  alloc_vfsmnt+0x23/0x420
[ 1441.242847][T19326]  clone_mnt+0x4b/0x9a0
[ 1441.242866][T19326]  vfs_open_tree+0x507/0x1040
[ 1441.242886][T19326]  __x64_sys_open_tree+0x96/0x110
[ 1441.242900][T19326]  do_syscall_64+0x14d/0xf80
[ 1441.242917][T19326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1441.242932][T19326] 
[ 1441.242936][T19326] Freed by task 28:
[ 1441.242944][T19326]  kasan_save_track+0x3e/0x80
[ 1441.242961][T19326]  kasan_save_free_info+0x46/0x50
[ 1441.243019][T19326]  __kasan_slab_free+0x5c/0x80
[ 1441.243037][T19326]  kmem_cache_free+0x185/0x6b0
[ 1441.243055][T19326]  rcu_cpu_kthread+0x99e/0x1470
[ 1441.243075][T19326]  smpboot_thread_fn+0x541/0xa50
[ 1441.243096][T19326]  kthread+0x388/0x470
[ 1441.243110][T19326]  ret_from_fork+0x51e/0xb90
[ 1441.243139][T19326]  ret_from_fork_asm+0x1a/0x30
[ 1441.243154][T19326] 
[ 1441.243158][T19326] Last potentially related work creation:
[ 1441.243165][T19326]  kasan_save_stack+0x3e/0x60
[ 1441.243183][T19326]  kasan_record_aux_stack+0xbd/0xd0
[ 1441.243199][T19326]  call_rcu+0xee/0x890
[ 1441.243214][T19326]  task_work_run+0x1d9/0x270
[ 1441.243230][T19326]  exit_to_user_mode_loop+0xed/0x480
[ 1441.243256][T19326]  do_syscall_64+0x32d/0xf80
[ 1441.243274][T19326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1441.243289][T19326] 
[ 1441.243294][T19326] Second to last potentially related work creation:
[ 1441.243300][T19326]  kasan_save_stack+0x3e/0x60
[ 1441.243319][T19326]  kasan_record_aux_stack+0xbd/0xd0
[ 1441.243335][T19326]  task_work_add+0xb6/0x440
[ 1441.243349][T19326]  mntput_no_expire_slowpath+0x70c/0xbd0
[ 1441.243369][T19326]  vfs_open_tree+0xe17/0x1040
[ 1441.243387][T19326]  __x64_sys_open_tree+0x96/0x110
[ 1441.243403][T19326]  do_syscall_64+0x14d/0xf80
[ 1441.243420][T19326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1441.243434][T19326] 
[ 1441.243438][T19326] The buggy address belongs to the object at ffff888036e44000
[ 1441.243438][T19326]  which belongs to the cache mnt_cache of size 352
[ 1441.243452][T19326] The buggy address is located 192 bytes inside of
[ 1441.243452][T19326]  freed 352-byte region [ffff888036e44000, ffff888036e44160)
[ 1441.243470][T19326] 
[ 1441.243475][T19326] The buggy address belongs to the physical page:
[ 1441.243491][T19326] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888036e45880 pfn:0x36e44
[ 1441.243509][T19326] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1441.243523][T19326] memcg:ffff88802ac62a01
[ 1441.243531][T19326] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[ 1441.243550][T19326] page_type: f5(slab)
[ 1441.243567][T19326] raw: 0080000000000240 ffff888140412780 ffff88801b29df88 ffffea00006cb990
[ 1441.243583][T19326] raw: ffff888036e45880 0000000800120007 00000000f5000000 ffff88802ac62a01
[ 1441.243598][T19326] head: 0080000000000240 ffff888140412780 ffff88801b29df88 ffffea00006cb990
[ 1441.243613][T19326] head: ffff888036e45880 0000000800120007 00000000f5000000 ffff88802ac62a01
[ 1441.243627][T19326] head: 0080000000000001 ffffea0000db9101 00000000ffffffff 00000000ffffffff
[ 1441.243640][T19326] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000002
[ 1441.243648][T19326] page dumped because: kasan: bad access detected
[ 1441.243658][T19326] page_owner tracks the page as allocated
[ 1441.243664][T19326] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5797, tgid 5797 (syz-executor), ts 75786605529, free_ts 63730410720
[ 1441.243708][T19326]  post_alloc_hook+0x231/0x280
[ 1441.243790][T19326]  get_page_from_freelist+0x28bb/0x2950
[ 1441.243807][T19326]  __alloc_frozen_pages_noprof+0x18d/0x380
[ 1441.243822][T19326]  allocate_slab+0x77/0x660
[ 1441.243839][T19326]  refill_objects+0x334/0x3c0
[ 1441.243854][T19326]  __pcs_replace_empty_main+0x328/0x5f0
[ 1441.243871][T19326]  kmem_cache_alloc_noprof+0x433/0x680
[ 1441.243890][T19326]  alloc_vfsmnt+0x23/0x420
[ 1441.243910][T19326]  clone_mnt+0x4b/0x9a0
[ 1441.243930][T19326]  copy_tree+0x3d4/0x930
[ 1441.243944][T19326]  copy_mnt_ns+0x24d/0x990
[ 1441.243959][T19326]  create_new_namespaces+0xcf/0x6a0
[ 1441.243978][T19326]  unshare_nsproxy_namespaces+0x11a/0x160
[ 1441.243998][T19326]  ksys_unshare+0x4f4/0x900
[ 1441.244012][T19326]  __x64_sys_unshare+0x38/0x50
[ 1441.244026][T19326]  do_syscall_64+0x14d/0xf80
[ 1441.244044][T19326] page last free pid 5659 tgid 5659 stack trace:
[ 1441.244054][T19326]  __free_frozen_pages+0xfe3/0x1170
[ 1441.244074][T19326]  __slab_free+0x24f/0x2a0
[ 1441.244093][T19326]  qlist_free_all+0x97/0x100
[ 1441.244111][T19326]  kasan_quarantine_reduce+0x148/0x160
[ 1441.244131][T19326]  __kasan_slab_alloc+0x22/0x80
[ 1441.244150][T19326]  kmem_cache_alloc_noprof+0x33b/0x680
[ 1441.244170][T19326]  do_getname+0x2e/0x250
[ 1441.244214][T19326]  vfs_fstatat+0x45/0x170
[ 1441.244253][T19326]  __x64_sys_newfstatat+0x151/0x200
[ 1441.244269][T19326]  do_syscall_64+0x14d/0xf80
[ 1441.244287][T19326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1441.244304][T19326] 
[ 1441.244308][T19326] Memory state around the buggy address:
[ 1441.244318][T19326]  ffff888036e43f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1441.244330][T19326]  ffff888036e44000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1441.244342][T19326] >ffff888036e44080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1441.244352][T19326]                                            ^
[ 1441.244363][T19326]  ffff888036e44100: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 1441.244375][T19326]  ffff888036e44180: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 1441.244383][T19326] ==================================================================
[ 1441.244409][T19326] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1441.244427][T19326] CPU: 1 UID: 0 PID: 19326 Comm: syz.8.4082 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1441.244454][T19326] Tainted: [L]=SOFTLOCKUP
[ 1441.244461][T19326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1441.244473][T19326] Call Trace:
[ 1441.244480][T19326]  <TASK>
[ 1441.244494][T19326]  vpanic+0x56c/0xa60
[ 1441.244522][T19326]  ? __pfx_vpanic+0x10/0x10
[ 1441.244550][T19326]  panic+0xc5/0xd0
[ 1441.244577][T19326]  ? __pfx_panic+0x10/0x10
[ 1441.244599][T19326]  ? __list_add_valid_or_report+0x4e/0x130
[ 1441.244622][T19326]  ? rcu_is_watching+0x15/0xb0
[ 1441.244642][T19326]  ? __list_add_valid_or_report+0x4e/0x130
[ 1441.244665][T19326]  check_panic_on_warn+0x89/0xb0
[ 1441.244696][T19326]  ? __list_add_valid_or_report+0x4e/0x130
[ 1441.244719][T19326]  end_report+0x73/0x180
[ 1441.244742][T19326]  ? __list_add_valid_or_report+0x4e/0x130
[ 1441.244764][T19326]  kasan_report+0x128/0x150
[ 1441.244787][T19326]  ? __list_add_valid_or_report+0x4e/0x130
[ 1441.244813][T19326]  __list_add_valid_or_report+0x4e/0x130
[ 1441.244837][T19326]  clone_mnt+0x447/0x9a0
[ 1441.244862][T19326]  copy_tree+0xde/0x930
[ 1441.244877][T19326]  ? rwbase_write_lock+0x568/0x730
[ 1441.244905][T19326]  copy_mnt_ns+0x24d/0x990
[ 1441.244924][T19326]  ? kmem_cache_alloc_noprof+0x388/0x680
[ 1441.244947][T19326]  ? create_new_namespaces+0x33/0x6a0
[ 1441.244971][T19326]  create_new_namespaces+0xcf/0x6a0
[ 1441.244993][T19326]  ? bpf_lsm_capable+0x9/0x20
[ 1441.245010][T19326]  ? security_capable+0x7e/0x2c0
[ 1441.245035][T19326]  unshare_nsproxy_namespaces+0x11a/0x160
[ 1441.245058][T19326]  ksys_unshare+0x4f4/0x900
[ 1441.245077][T19326]  ? __pfx_ksys_unshare+0x10/0x10
[ 1441.245094][T19326]  ? __pfx_kcov_ioctl+0x10/0x10
[ 1441.245116][T19326]  __x64_sys_unshare+0x38/0x50
[ 1441.245132][T19326]  do_syscall_64+0x14d/0xf80
[ 1441.245152][T19326]  ? trace_irq_disable+0x3b/0x150
[ 1441.245169][T19326]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1441.245186][T19326]  ? clear_bhb_loop+0x40/0x90
[ 1441.245207][T19326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1441.245224][T19326] RIP: 0033:0x7f25f324c629
[ 1441.245240][T19326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1441.245257][T19326] RSP: 002b:00007f25f149e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[ 1441.245276][T19326] RAX: ffffffffffffffda RBX: 00007f25f34c5fa0 RCX: 00007f25f324c629
[ 1441.245290][T19326] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000022020600
[ 1441.245302][T19326] RBP: 00007f25f32e2b39 R08: 0000000000000000 R09: 0000000000000000
[ 1441.245313][T19326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1441.245325][T19326] R13: 00007f25f34c6038 R14: 00007f25f34c5fa0 R15: 00007ffc63fb7858
[ 1441.245345][T19326]  </TASK>
[ 1441.245729][T19326] Kernel Offset: disabled