last executing test programs:

1m3.482923861s ago: executing program 1 (id=2614):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, &(0x7f0000000080))
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0x4e24, 0x6bb, @ipv4={'\x00', '\xff\xff', @local}, 0x5}, 0x1c)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0xc, &(0x7f0000000080)=0x1, 0x4)
socket$inet(0x2, 0x2, 0x73)
shutdown(0xffffffffffffffff, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="480000000906010200000000000000000200ffff200007800c00018008000140e000000208000a400000000205000300020000000900020073797a310000008005000100070000"], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
ioctl$XFS_IOC_FD_TO_HANDLE(0xffffffffffffffff, 0xc038586a, &(0x7f0000000340)={<r3=>0xffffffffffffffff, &(0x7f0000001240)='+}\\)>&^}\x00', 0xa0882, &(0x7f00000001c0)={@align=0x2, {0xa, 0x4, 0x7, 0xf80000000000}}, 0xf6, 0x0, 0x0})
getsockopt$TIPC_IMPORTANCE(r3, 0x10f, 0x7f, 0x0, &(0x7f00000003c0))
socket$kcm(0x10, 0x2, 0x4)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000100)={0x1f, 0xffff}, 0x6)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'veth1_virt_wifi\x00', <r6=>0x0})
setsockopt$inet6_mreq(r5, 0x29, 0x1b, &(0x7f0000000000)={@remote, r6}, 0x14)
setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000040)={@remote, r6}, 0x14)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="88000000000101040000000000000000020000002c00018014000180080001007f00000108000200e00000020c000280050001000000000006000340000300002400028014000180080001000000000008000200ac1414bb0c000280050001000000000008000740000000001c000f800800014000e7ffff07000340"], 0x88}}, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='devices.list\x00', 0x26e1, 0x0)
r8 = getpid()
sendmsg$unix(r7, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000240)='C', 0x1}], 0x1, &(0x7f0000000e00)=[@cred={{0x1c, 0x1, 0x2, {r8, 0x0, 0xee01}}}], 0x20, 0x10}, 0x80)

1m3.111040193s ago: executing program 1 (id=2618):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e00000000000000000024000280040001001c000380"], 0x50}}, 0x0)

1m0.279016108s ago: executing program 1 (id=2626):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4)
setsockopt$sock_int(r0, 0x1, 0x31, &(0x7f0000001600), 0x4)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22, 0x0, @empty, 0x80002}, 0x1c)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x4, &(0x7f00000000c0)=@framed={{}, [@jmp={0x4, 0x0, 0xc}]}, &(0x7f0000000040)='GPL\x00'}, 0x90)
r2 = openat$cgroup_subtree(r1, &(0x7f0000000200), 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000080)={[{0x2b, 'cpuset'}]}, 0x8)
r3 = socket$netlink(0x10, 0x3, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2840, 0x0)
ioctl$VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000000500)=@userptr={0x6, 0xa, 0x4, 0x1, 0x0, {0x0, 0x2710}, {0x1, 0xc, 0xd2, 0x6, 0x77, 0x6, "0080ca6f"}, 0xff, 0x2, {0x0}, 0x6})
r5 = socket$kcm(0x2, 0x3, 0x84)
sendmsg$inet(r5, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000007000000890704e068000000110000000000000000dbc790ad000000fc0000000000000014000000000000000000000034"], 0x68}, 0x0)
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r7, 0x4138ae84, &(0x7f00000001c0)={{0x2000, 0x30000, 0x8, 0x9, 0x1, 0xe5, 0x40, 0x2d, 0x0, 0x30, 0x19}, {0x1, 0x3000, 0xe, 0x0, 0x40, 0x5, 0x7d, 0x9, 0x3, 0x3, 0x3, 0x1}, {0x2000, 0xe000, 0xe, 0x5, 0x3, 0x7, 0xfe, 0x89, 0x1, 0xab, 0x7, 0x81}, {0x30000, 0xdddd0000, 0x3, 0x5d, 0x4, 0x43, 0x9, 0xfa, 0x80, 0x7, 0x81}, {0xa000, 0x9000, 0x10, 0x2, 0x3, 0x7, 0xab, 0x7f, 0x47, 0xeb, 0xf7, 0x82}, {0xffffffff, 0x80a0000, 0xf, 0x8, 0xb1, 0x8, 0x1, 0xd, 0x88, 0xc, 0x1, 0xfd}, {0x54000, 0x2, 0x4, 0x5, 0x7, 0xff, 0xb, 0x0, 0x5, 0x81, 0xff, 0x70}, {0xd000, 0xb000, 0xe, 0x85, 0xf, 0x7, 0x1, 0x5, 0x5, 0x3, 0x7, 0x9}, {0xfec00000, 0x3ff}, {0x10000, 0x7fff}, 0x8004003f, 0x0, 0x6000, 0x42024, 0xb, 0x1, 0x50000, [0x6840000000000002, 0x3, 0x94, 0xff]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000001b00)=[@textreal={0x8, 0x0}], 0x1, 0xa, 0x0, 0x0)
mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0xb, &(0x7f0000000000)=0x2, 0x4)
sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)=@gettaction={0x20, 0x32, 0x605, 0x70bd27, 0x25dfdbfe, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}]}, 0x20}, 0x1, 0x0, 0x0, 0x854}, 0x24040800)
execve(&(0x7f00000003c0)='./cgroup/../file0\x00', &(0x7f0000000400)={[&(0x7f0000000480)='\xa3\x8bf\xe2\x81\xb8,\x90\xf7\xa0t\xc7#NB\x00']}, &(0x7f00000004c0))
syz_genetlink_get_family_id$gtp(&(0x7f0000000140), r3)

57.83555302s ago: executing program 1 (id=2639):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, &(0x7f0000000080))
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0x4e24, 0x6bb, @ipv4={'\x00', '\xff\xff', @local}, 0x5}, 0x1c)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0xc, &(0x7f0000000080)=0x1, 0x4)
socket$inet(0x2, 0x2, 0x73)
shutdown(0xffffffffffffffff, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="480000000906010200000000000000000200ffff200007800c00018008000140e000000208000a400000000205000300020000000900020073797a310000008005000100070000"], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
ioctl$XFS_IOC_FD_TO_HANDLE(0xffffffffffffffff, 0xc038586a, &(0x7f0000000340)={<r3=>0xffffffffffffffff, &(0x7f0000001240)='+}\\)>&^}\x00', 0xa0882, &(0x7f00000001c0)={@align=0x2, {0xa, 0x4, 0x7, 0xf80000000000}}, 0xf6, 0x0, 0x0})
getsockopt$TIPC_IMPORTANCE(r3, 0x10f, 0x7f, 0x0, &(0x7f00000003c0))
socket$kcm(0x10, 0x2, 0x4)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000100)={0x1f, 0xffff}, 0x6)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'veth1_virt_wifi\x00', <r6=>0x0})
setsockopt$inet6_mreq(r5, 0x29, 0x1b, &(0x7f0000000000)={@remote, r6}, 0x14)
setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000040)={@remote, r6}, 0x14)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="88000000000101040000000000000000020000002c00018014000180080001007f00000108000200e00000020c000280050001000000000006000340000300002400028014000180080001000000000008000200ac1414bb0c000280050001000000000008000740000000001c000f800800014000e7ffff07000340"], 0x88}}, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='devices.list\x00', 0x26e1, 0x0)
r8 = getpid()
sendmsg$unix(r7, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000240)='C', 0x1}], 0x1, &(0x7f0000000e00)=[@cred={{0x1c, 0x1, 0x2, {r8, 0x0, 0xee01}}}], 0x20, 0x10}, 0x80)

57.476183982s ago: executing program 1 (id=2641):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000340)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x4, 0x5}, {}, {0x7, 0x5}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4, 0xb, 0x0, 0x9, 0x3}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x48001}, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x149540, 0x0)
close(r7)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x8890}, 0x40)
r8 = socket$kcm(0x11, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$kcm(r8, &(0x7f00000001c0)={&(0x7f0000000840)=@xdp={0x2c, 0x7, r9, 0x31}, 0x80, &(0x7f00000000c0)=[{&(0x7f00000002c0)='\x00', 0x5dc}], 0x1}, 0x4)

57.051070196s ago: executing program 1 (id=2645):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x80000)
ioctl$int_in(r1, 0x5452, &(0x7f0000000580)=0xff)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="ad00"/16, 0x10)
recvmmsg(r1, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)

41.769764339s ago: executing program 32 (id=2645):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x80000)
ioctl$int_in(r1, 0x5452, &(0x7f0000000580)=0xff)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="ad00"/16, 0x10)
recvmmsg(r1, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)

9.578326389s ago: executing program 5 (id=2863):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$unix(0x1, 0x5, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0xfffffffd, 0xc5, 0x7, 0x1, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x850}, 0x4048080)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x8400, 0x0)
close(r4)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
r7 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r7, &(0x7f0000000240)="800000800000210ee7decd7a0003", 0xe, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r6, 0x1, 0xd8, 0x6, @broadcast}, 0x14)

8.769811236s ago: executing program 2 (id=2867):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x1, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
close(r2)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000780)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0xfffffffe, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000800)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b922, 0x25dfdc01, {0x0, 0x0, 0x0, r4, {0x0, 0xd}, {0xffff, 0xb}, {0x7, 0xe}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x14, 0x2, [@TCA_HHF_BACKLOG_LIMIT={0x8, 0x1, 0x8}, @TCA_HHF_BACKLOG_LIMIT={0x8}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x240040a1}, 0x4890)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380), r1)
sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0)

8.113447828s ago: executing program 4 (id=2868):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6364, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = socket$kcm(0x11, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
setsockopt$sock_attach_bpf(r4, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r4, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x0, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214120600002fb96dbcf706e10500000086ddffff1144ee1611d4b8bf4a31accb", 0xfdef}], 0x1}, 0x0)

7.288219136s ago: executing program 4 (id=2871):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880)=ANY=[@ANYRES32=r2, @ANYBLOB="000000000000000010011a801000f4800400058008000900000000000800038030000180050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d80500060000000000130002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018000180140004004d2906d0880fc8acc30fe2020f9849675000018014000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af080001000000000008000100000000006000018005000600000000000500060000000000080001000000000005000600000000000c00020073797a746e6c30000800010000000000130002006272696467655f736c6176655f30000014000500e078d277f38ed3a40a448f3f6b6763e83c000c"], 0x270}}, 0x0)
sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0xfc)

7.272120686s ago: executing program 2 (id=2872):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x54, 0x10, 0x1, 0x70bd28, 0x25dfd402, {0x0, 0x0, 0x0, r2, 0x64e98, 0x12ac1}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0x1c, 0x5, 0x0, 0x1, [@IFLA_BRPORT_COST={0x8, 0x3, 0x2}, @IFLA_BRPORT_PRIORITY={0x6}, @IFLA_BRPORT_MULTICAST_ROUTER={0x5, 0x19, 0x2}]}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x400c080}, 0x200088c2)

7.228205707s ago: executing program 5 (id=2873):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x20040010)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="200000006800e97800000000000000000a0000000000000008000500", @ANYRES16=r2], 0x20}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000004380)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'wg1\x00'})
bpf$MAP_LOOKUP_ELEM(0x5, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@ipv4_newroute={0x24, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}, 0x24}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x28, 0x10, 0x1, 0x1, 0x0, {0x0, 0x0, 0x0, 0x0, 0x420}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)

7.136095401s ago: executing program 4 (id=2875):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
setpriority(0x1, 0xffffffffffffffff, 0x3)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={r2, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
creat(&(0x7f0000000080)='./bus\x00', 0x0)
mount(&(0x7f0000000240)=@filename='./bus\x00', &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000100)='trans=rdma,')
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
r4 = socket$kcm(0xa, 0xf, 0x106)
sendmsg$kcm(r4, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011)
sendmsg$kcm(r4, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x4000011)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc01100, 0x0, 0x0, 0x0, 0x2)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000015c0)=ANY=[@ANYRESHEX, @ANYRESOCT], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
r6 = socket$nl_sock_diag(0x10, 0x3, 0x4)
io_uring_register$IORING_REGISTER_RING_FDS(0xffffffffffffffff, 0x14, &(0x7f0000008580)=[{0x2, 0x0, 0x0, &(0x7f0000002c00)=[{&(0x7f0000002ac0)=""/35, 0x23}, {&(0x7f0000002b00)=""/199, 0xc7}], &(0x7f0000002c40)=[0x9, 0x8000000000000001, 0x5, 0x8]}, {0x2, 0x0, 0x0, &(0x7f0000005340)=[{&(0x7f0000002cc0)=""/4, 0x4}, {&(0x7f0000002d80)=""/4096, 0x1000}], &(0x7f0000002d40)=[0x9]}, {0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[0x1, 0x3baf, 0x5, 0x3]}, {0x4, 0x1, 0x0, &(0x7f0000005300)=[{0x0}, {&(0x7f00000041c0)=""/227, 0xe3}, {&(0x7f00000042c0)=""/56, 0x38}, {&(0x7f0000004300)=""/4096, 0x1000}], &(0x7f0000005380)=[0x1ff, 0x6, 0x2, 0x400, 0x6]}, {0x2, 0x0, 0x0, &(0x7f00000064c0)=[{&(0x7f00000053c0)=""/4096, 0x1000}, {0x0}], &(0x7f0000006500)=[0x4, 0x8000]}, {0x3, 0x0, 0x0, &(0x7f0000006740)=[{&(0x7f0000006540)=""/23, 0x17}, {0x0}, {0x0}], &(0x7f0000006780)=[0x7ff, 0x7ff]}, {0x8, 0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000067c0)=""/178, 0xb2}, {&(0x7f00000069c0)=""/23, 0x17}, {0x0}, {&(0x7f0000006b00)=""/174, 0xae}, {&(0x7f0000006bc0)=""/173, 0xad}, {&(0x7f0000006c80)=""/47, 0x2f}, {&(0x7f0000006cc0)=""/241, 0xf1}, {&(0x7f0000006dc0)=""/93, 0x5d}], &(0x7f0000006f00)}, {0x9, 0x1, 0x0, &(0x7f0000008480)=[{&(0x7f0000006f40)=""/250, 0xfa}, {&(0x7f0000007040)=""/195, 0xc3}, {&(0x7f0000000780)=""/175, 0xaf}, {&(0x7f0000007200)=""/4096, 0x1000}, {0x0}, {&(0x7f0000008300)=""/21, 0x15}, {&(0x7f0000008340)=""/61, 0x3d}, {&(0x7f0000008400)=""/54, 0x36}, {&(0x7f0000008440)=""/47, 0x2f}], &(0x7f0000008540)}], 0x8)
sendmsg$SOCK_DIAG_BY_FAMILY(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000001400050126bc70006bdbdf2511000d000100c80e4501a254722eaea6d93916f8d66cffe8ef"], 0x24}, 0x1, 0x0, 0x0, 0x2}, 0x54840)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000014c0), 0xe8}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r7, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))

6.998778115s ago: executing program 3 (id=2876):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000300), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x4008054)
write$nci(r0, &(0x7f0000000940)=ANY=[@ANYBLOB="710501010202030e0001"], 0x17)

6.291871329s ago: executing program 3 (id=2877):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000380)=<r3=>0x0)
r4 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
recvmmsg(r4, &(0x7f0000000bc0)=[{{0x0, 0x0, 0x0}, 0x200}, {{0x0, 0x0, 0x0}, 0x63cf046e}], 0x2, 0x1, 0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB, @ANYRES32=r3], 0x1c}}, 0x4008054)
write$nci(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="61030709260009fa4685"], 0x52)

6.099786605s ago: executing program 4 (id=2878):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000180)={0x2, &(0x7f0000000000)=[{0x20, 0x1, 0x3, 0xfffff038}, {0x6, 0x0, 0x0, 0xfffffff9}]})
ioctl$TUNGETVNETLE(r0, 0x40107446, &(0x7f0000000180))
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0x4004743d, 0x110e22fff6)
write$cgroup_type(r2, &(0x7f0000000280), 0x9)

5.259877053s ago: executing program 3 (id=2879):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket$kcm(0x11, 0x3, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000480)={'syzkaller0\x00', <r5=>0x0})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000022c0)=@newtfilter={0x87c, 0x2c, 0xd3f, 0x30bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0xb, 0xfff3}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_basic={{0xa}, {0x84c, 0x2, [@TCA_BASIC_POLICE={0x848, 0x4, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x10000, 0x6, 0x7fffffff, 0x1, 0x8, 0x5, 0x8, 0x3, 0x6, 0xfffffff6, 0x40, 0x81, 0xf, 0x10001, 0x9, 0x9, 0x9ef, 0x9, 0x6, 0x0, 0x7, 0x1, 0x0, 0x2, 0x101, 0x0, 0x7f, 0x1, 0x1, 0x6, 0x7ff, 0x2, 0x4, 0x2, 0x100, 0x6, 0xb, 0x7, 0x3ff, 0x2, 0x8, 0x3, 0x6, 0x8000, 0x0, 0x9d, 0x5e, 0x795, 0x8, 0x800, 0x1, 0x80000001, 0x3, 0xe, 0xbf, 0x5, 0x5, 0xff, 0x6, 0x8, 0x8, 0x1, 0x8, 0x4, 0xffffff63, 0xd7, 0x7, 0x101, 0xfff, 0x6, 0xfffff000, 0x8, 0x9, 0x7, 0x5ec4818f, 0x4, 0x10001, 0x2, 0x3, 0x7, 0x9, 0x8, 0x3, 0x4, 0x5, 0x8, 0x0, 0x7, 0x69f, 0x1, 0x200, 0x5, 0x2, 0x8103, 0xfff, 0x0, 0x7, 0x4, 0x5, 0x2, 0x6, 0x5, 0x2, 0x3, 0x1bbf, 0x7, 0x2, 0x2, 0xa, 0x5, 0x8, 0x3, 0x400, 0x2bf9, 0x2, 0x7, 0x3, 0x4, 0x79, 0xfffffff8, 0x9, 0xfffffffb, 0x5, 0xfffffffd, 0x7, 0xfff, 0x200, 0x4, 0x2, 0x4, 0x7, 0x7fff, 0xd, 0x8, 0x9, 0x10000, 0x7, 0xfffffffb, 0x3, 0x9, 0x5, 0x2, 0x4, 0x2, 0xffff, 0x8, 0xe5a, 0x5, 0x1, 0x2d0, 0x9, 0x7, 0x1, 0x5, 0x2, 0x100, 0xa74, 0x4d, 0x9, 0x3, 0x6, 0x5, 0x6e8a, 0x8, 0x1, 0x7, 0x0, 0x80, 0x5, 0x7, 0x5, 0x8, 0x0, 0xfffffe01, 0x8, 0x0, 0x101, 0xfff, 0x800, 0x2, 0x314, 0x1, 0x0, 0x9, 0x4, 0xc, 0x8000, 0x8a69, 0x8, 0x7, 0x4, 0x8, 0x7, 0xffff9eea, 0x6, 0x6, 0x5, 0x1, 0xfffeffff, 0x70, 0x2, 0x43a, 0x5b04, 0x7, 0x0, 0x80000001, 0x6, 0x9, 0x10001, 0xbb45061, 0x6, 0xaecf, 0xe2, 0x6, 0x100, 0x42, 0x8, 0x7fff, 0x6, 0x5a, 0x400, 0x5, 0x407e0a41, 0x1ff, 0xfffff6b0, 0xffff, 0x9, 0xcd, 0x3, 0x9, 0x1c4, 0x7, 0xb, 0x10, 0x7, 0x2, 0x5, 0x2, 0x5, 0x0, 0x5, 0x6, 0x0, 0x9, 0x5, 0x7, 0xfff, 0x3, 0xb5c, 0x7ea, 0x9, 0x2, 0x9, 0x200, 0x2, 0xe]}, @TCA_POLICE_RATE={0x404, 0x2, [0xfff, 0x10001, 0x2, 0xa, 0x7, 0x5, 0xe5f5, 0xf3, 0x5, 0x4, 0x3, 0x5, 0x5, 0xfffffffb, 0x100, 0x1, 0x6, 0x4, 0x7f, 0x7f, 0x7f, 0x5, 0x0, 0x7f, 0x280, 0x1, 0x1, 0x2, 0x8, 0x0, 0x2c4, 0x47c82518, 0x400, 0x6, 0xfff, 0x8, 0x1, 0x401, 0x0, 0x80, 0xc, 0x1a, 0x6, 0x0, 0xffffffb0, 0x85, 0x2c, 0x9, 0x100, 0xfff, 0x7, 0x10000, 0x7e, 0x7f, 0x7fffffff, 0x0, 0x1, 0x9, 0x5, 0x101, 0x141, 0x0, 0x3ae6, 0x3, 0x6, 0x3, 0x3, 0xff, 0x3, 0xfec6, 0x3, 0x401, 0x9, 0x3adf, 0x3, 0x7fffffff, 0x6, 0x8, 0x9, 0x1, 0x7, 0x3ff, 0x1, 0xa, 0x0, 0x1, 0x1, 0xfffffffd, 0x7, 0x1, 0x6, 0xf, 0x3, 0xffff, 0x3ff, 0x7fff, 0x3, 0x3, 0x1, 0x5, 0x9d, 0x1, 0x0, 0x9, 0x0, 0x10, 0xda, 0x80000001, 0x2, 0x2a0, 0x8001, 0xfffffff8, 0x8, 0x3, 0x7, 0x9, 0x6, 0x800, 0xb1a6, 0x1, 0x2, 0x0, 0x1000, 0x10001, 0x9, 0x6ed4, 0x0, 0x6a2, 0xffffffff, 0x9, 0x0, 0xfffffc00, 0x3, 0x8, 0x1f7, 0x3, 0x10000, 0x5, 0x2, 0x4, 0xa, 0x3, 0x3, 0xe, 0x8, 0x10001, 0x7, 0x10001, 0x43d6e55e, 0x6, 0xfff, 0x3, 0x6, 0x8, 0x7fffffff, 0x2, 0x4, 0xfffeffff, 0xffff6b27, 0x1, 0x1, 0x0, 0x800, 0x9, 0xf4, 0x3, 0xc, 0x3, 0x4, 0x9, 0x2, 0x8, 0x7fffffff, 0x5, 0x9, 0x5, 0x7, 0x2, 0x7f, 0x3, 0xd, 0x1, 0x5, 0x9, 0xe2a, 0x4, 0x2, 0x7, 0xa, 0x2573, 0x1000000, 0x5000000, 0x4, 0x7f, 0x4ee1, 0x4, 0xab, 0x81, 0x4c1a, 0x6, 0x7, 0x7fffffff, 0x75, 0x3, 0x7f, 0xfffffff8, 0x0, 0x1, 0x400, 0x4, 0x3, 0xfffffff9, 0x8, 0x12ab, 0x7, 0x5, 0x3, 0x80000000, 0xffffffcc, 0x8, 0x7, 0x0, 0x1, 0x4, 0x2, 0x4, 0x4, 0x1, 0x6, 0x7, 0x3, 0x800, 0x7, 0x7fffffff, 0x9, 0x26, 0xff, 0x8, 0x9, 0x7, 0xc, 0xffff, 0x5, 0x5, 0x7, 0x1, 0x3, 0x30, 0x8c, 0x288, 0x4, 0xc18e, 0x0, 0x10, 0xc0, 0x6]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x9, 0x3, 0x7f, 0xff, 0xfffffeff, {0x6, 0x91acbd24cee7dfe8, 0x2, 0x4b, 0xa, 0x28000000}, {0x1, 0x1, 0xd545, 0x53d, 0x5, 0x7ff}, 0x7, 0xf0c, 0x9a}}]}]}}]}, 0x87c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
setsockopt$sock_attach_bpf(r3, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r3, &(0x7f0000000000)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r5, 0x7}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200080314000e00072f01000000000000113cfdcb00000080ed00827600000000000100", 0x26}, {&(0x7f0000000780)="9942d6af00007f8f", 0xdd86}], 0x2}, 0x5)

4.939939175s ago: executing program 0 (id=2880):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0x6}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {0xffff}, {0xffff}, {0x2, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)

4.300346006s ago: executing program 2 (id=2881):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r3, {0x0, 0xd}, {0x1, 0xb}, {0xffff, 0xfff2}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x4, 0x10, 0x6, 0x8, 0xfbee}, 0x1, 0x0, 0x3, 0x5, 0xe, 0x4, 0xd, 0x18, 0x5, 0x2, {0x6, 0x8, 0xfffffffc, 0x0, 0xffffffff, 0x5}}}}]}, 0x79}, 0x1, 0x0, 0x0, 0x240048e4}, 0x4890)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = socket$kcm(0x11, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
setsockopt$sock_attach_bpf(r4, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r4, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x0, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214120600002fb96dbcf706e10500000086ddffff1144ee1611d4b8bf4a31accb", 0xfdef}], 0x1}, 0x0)

4.278760557s ago: executing program 5 (id=2882):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x1, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r2)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000780)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0xfffffffe, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000800)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b922, 0x25dfdc01, {0x0, 0x0, 0x0, 0x0, {0x0, 0xd}, {0xffff, 0xb}, {0x7, 0xe}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x14, 0x2, [@TCA_HHF_BACKLOG_LIMIT={0x8, 0x1, 0x8}, @TCA_HHF_BACKLOG_LIMIT={0x8}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x240040a1}, 0x4890)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380), r1)
sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0)

4.145878901s ago: executing program 0 (id=2883):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$unix(0x1, 0x5, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0xfffffffd, 0xc5, 0x7, 0x1, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x850}, 0x4048080)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x8400, 0x0)
close(r4)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
r7 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r7, &(0x7f0000000240)="800000800000210ee7decd7a0003", 0xe, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r6, 0x1, 0xd8, 0x6, @broadcast}, 0x14)

4.080173493s ago: executing program 4 (id=2884):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a3100000000090003007379"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWSET={0x70, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xb}, @NFTA_SET_EXPRESSIONS={0x2c, 0x12, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x4}}}, {0x14, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x4}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x130}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x98}, 0x1, 0x0, 0x0, 0x4044050}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x38, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0xc, 0x3, 0x0, 0x1, [{0x8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x60}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

3.981318176s ago: executing program 4 (id=2885):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8001}, 0x20000c40)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
close(r4)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=@newtfilter={0x30, 0x2c, 0xd3f, 0x30bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xc, 0xfff3}, {}, {0x8, 0x10}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x10004080)
r6 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f0000000140)=@xdp={0x2c, 0x8, r3, 0x3c}, 0x80, &(0x7f0000000680)=[{&(0x7f0000000540)='\'', 0x1}], 0x1}, 0x4011)

1.868947527s ago: executing program 0 (id=2887):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000340)={0x5c, r1, 0x1, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x3e, 0x33, @beacon={{{}, {0xde1}, @broadcast}, 0x0, @default, 0x4001, @void, @void, @void, @void, @void, @val={0x5, 0x3, {0x9, 0x7e, 0x7}}, @void, @val={0x2a, 0x1, {0x1, 0x1, 0x1}}, @val={0x3c, 0x4, {0x1, 0x2, 0xb0, 0x5}}, @void, @val={0x72, 0x6}, @void, @void}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x880}, 0x0)

1.868562947s ago: executing program 2 (id=2888):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
setpriority(0x1, 0xffffffffffffffff, 0x3)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={r2, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
creat(&(0x7f0000000080)='./bus\x00', 0x0)
mount(&(0x7f0000000240)=@filename='./bus\x00', &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000100)='trans=rdma,')
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
r4 = socket$kcm(0xa, 0xf, 0x106)
sendmsg$kcm(r4, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011)
sendmsg$kcm(r4, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x4000011)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc01100, 0x0, 0x0, 0x0, 0x2)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000015c0)=ANY=[@ANYRESHEX, @ANYRESOCT], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
r6 = socket$nl_sock_diag(0x10, 0x3, 0x4)
io_uring_register$IORING_REGISTER_RING_FDS(0xffffffffffffffff, 0x14, &(0x7f0000008580)=[{0x2, 0x0, 0x0, &(0x7f0000002c00)=[{&(0x7f0000002ac0)=""/35, 0x23}, {&(0x7f0000002b00)=""/199, 0xc7}], &(0x7f0000002c40)=[0x9, 0x8000000000000001, 0x5, 0x8]}, {0x2, 0x0, 0x0, &(0x7f0000005340)=[{&(0x7f0000002cc0)=""/4, 0x4}, {&(0x7f0000002d80)=""/4096, 0x1000}], &(0x7f0000002d40)=[0x9]}, {0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[0x1, 0x3baf, 0x5, 0x3]}, {0x4, 0x1, 0x0, &(0x7f0000005300)=[{0x0}, {&(0x7f00000041c0)=""/227, 0xe3}, {&(0x7f00000042c0)=""/56, 0x38}, {&(0x7f0000004300)=""/4096, 0x1000}], &(0x7f0000005380)=[0x1ff, 0x6, 0x2, 0x400, 0x6]}, {0x2, 0x0, 0x0, &(0x7f00000064c0)=[{&(0x7f00000053c0)=""/4096, 0x1000}, {0x0}], &(0x7f0000006500)=[0x4, 0x8000]}, {0x3, 0x0, 0x0, &(0x7f0000006740)=[{&(0x7f0000006540)=""/23, 0x17}, {0x0}, {0x0}], &(0x7f0000006780)=[0x7ff, 0x7ff]}, {0x8, 0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000067c0)=""/178, 0xb2}, {&(0x7f00000069c0)=""/23, 0x17}, {0x0}, {&(0x7f0000006b00)=""/174, 0xae}, {&(0x7f0000006bc0)=""/173, 0xad}, {&(0x7f0000006c80)=""/47, 0x2f}, {&(0x7f0000006cc0)=""/241, 0xf1}, {&(0x7f0000006dc0)=""/93, 0x5d}], &(0x7f0000006f00)}, {0x9, 0x1, 0x0, &(0x7f0000008480)=[{&(0x7f0000006f40)=""/250, 0xfa}, {&(0x7f0000007040)=""/195, 0xc3}, {&(0x7f0000000780)=""/175, 0xaf}, {&(0x7f0000007200)=""/4096, 0x1000}, {0x0}, {&(0x7f0000008300)=""/21, 0x15}, {&(0x7f0000008340)=""/61, 0x3d}, {&(0x7f0000008400)=""/54, 0x36}, {&(0x7f0000008440)=""/47, 0x2f}], &(0x7f0000008540)}], 0x8)
sendmsg$SOCK_DIAG_BY_FAMILY(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000001400050126bc70006bdbdf2511000d000100c80e4501a254722eaea6d93916f8d66cffe8ef"], 0x24}, 0x1, 0x0, 0x0, 0x2}, 0x54840)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000014c0), 0xe8}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r7, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))

1.868388757s ago: executing program 3 (id=2889):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000380)=<r3=>0x0)
r4 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
recvmmsg(r4, &(0x7f0000000bc0)=[{{0x0, 0x0, 0x0}, 0x200}, {{0x0, 0x0, 0x0}, 0x63cf046e}], 0x2, 0x1, 0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB, @ANYRES32=r3], 0x1c}}, 0x4008054)
write$nci(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="61030709260009fa4685"], 0x52)

1.734694232s ago: executing program 5 (id=2890):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x34, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xf, 0xf}, {}, {0x7, 0xd}}, [@filter_kind_options=@f_cgroup={{0x7}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0)

1.134292982s ago: executing program 0 (id=2891):
r0 = openat$panthor(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc010643a, &(0x7f0000000040)={0x0, 0x1, 0xc58})

687.256337ms ago: executing program 3 (id=2892):
r0 = socket$inet6(0xa, 0x400000000001, 0x100)
bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, 0x0, 0x1802, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x8, @loopback}, 0x1c)

686.289517ms ago: executing program 2 (id=2893):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0x6}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {0xffff}, {0xffff}, {0x2, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)

548.247532ms ago: executing program 0 (id=2894):
close(0xffffffffffffffff)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff6)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000180)={0x2, &(0x7f0000000000)=[{0x20, 0x1, 0x3, 0xfffff038}, {0x6, 0x0, 0x0, 0xfffffff9}]})
ioctl$TUNGETVNETLE(0xffffffffffffffff, 0x40107446, &(0x7f0000000180))
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0x4004743d, 0x110e22fff6)
write$cgroup_type(r1, &(0x7f0000000280), 0x9)

407.368986ms ago: executing program 5 (id=2895):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a3100000000090003007379"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWSET={0x70, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xb}, @NFTA_SET_EXPRESSIONS={0x2c, 0x12, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x4}}}, {0x14, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x4}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x130}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x98}, 0x1, 0x0, 0x0, 0x4044050}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x38, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0xc, 0x3, 0x0, 0x1, [{0x8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x60}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

367.785337ms ago: executing program 2 (id=2896):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$unix(0x1, 0x5, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0xfffffffd, 0xc5, 0x7, 0x1, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x850}, 0x4048080)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x8400, 0x0)
close(r4)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
r7 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r7, &(0x7f0000000240)="800000800000210ee7decd7a0003", 0xe, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r6, 0x1, 0xd8, 0x6, @broadcast}, 0x14)

84.394977ms ago: executing program 5 (id=2897):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000007, 0x31, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001700)=@base={0x16, 0x0, 0xb161, 0x2}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000200)={0xffffffffffffffff, 0x0, &(0x7f0000001780)=""/4096}, 0x20)

75.014567ms ago: executing program 0 (id=2898):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r3, {0x0, 0xd}, {0x1, 0xb}, {0xffff, 0xfff2}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x4, 0x10, 0x6, 0x8, 0xfbee}, 0x1, 0x0, 0x3, 0x5, 0xe, 0x4, 0xd, 0x18, 0x5, 0x2, {0x6, 0x8, 0xfffffffc, 0x0, 0xffffffff, 0x5}}}}]}, 0x79}, 0x1, 0x0, 0x0, 0x240048e4}, 0x4890)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = socket$kcm(0x11, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
setsockopt$sock_attach_bpf(r4, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r4, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x0, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214120600002fb96dbcf706e10500000086ddffff1144ee1611d4b8bf4a31accb", 0xfdef}], 0x1}, 0x0)

0s ago: executing program 3 (id=2899):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket$kcm(0x11, 0x3, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000480)={'syzkaller0\x00', <r5=>0x0})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000022c0)=@newtfilter={0x87c, 0x2c, 0xd3f, 0x30bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0xb, 0xfff3}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_basic={{0xa}, {0x84c, 0x2, [@TCA_BASIC_POLICE={0x848, 0x4, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x10000, 0x6, 0x7fffffff, 0x1, 0x8, 0x5, 0x8, 0x3, 0x6, 0xfffffff6, 0x40, 0x81, 0xf, 0x10001, 0x9, 0x9, 0x9ef, 0x9, 0x6, 0x0, 0x7, 0x1, 0x0, 0x2, 0x101, 0x0, 0x7f, 0x1, 0x1, 0x6, 0x7ff, 0x2, 0x4, 0x2, 0x100, 0x6, 0xb, 0x7, 0x3ff, 0x2, 0x8, 0x3, 0x6, 0x8000, 0x0, 0x9d, 0x5e, 0x795, 0x8, 0x800, 0x1, 0x80000001, 0x3, 0xe, 0xbf, 0x5, 0x5, 0xff, 0x6, 0x8, 0x8, 0x1, 0x8, 0x4, 0xffffff63, 0xd7, 0x7, 0x101, 0xfff, 0x6, 0xfffff000, 0x8, 0x9, 0x7, 0x5ec4818f, 0x4, 0x10001, 0x2, 0x3, 0x7, 0x9, 0x8, 0x3, 0x4, 0x5, 0x8, 0x0, 0x7, 0x69f, 0x1, 0x200, 0x5, 0x2, 0x8103, 0xfff, 0x0, 0x7, 0x4, 0x5, 0x2, 0x6, 0x5, 0x2, 0x3, 0x1bbf, 0x7, 0x2, 0x2, 0xa, 0x5, 0x8, 0x3, 0x400, 0x2bf9, 0x2, 0x7, 0x3, 0x4, 0x79, 0xfffffff8, 0x9, 0xfffffffb, 0x5, 0xfffffffd, 0x7, 0xfff, 0x200, 0x4, 0x2, 0x4, 0x7, 0x7fff, 0xd, 0x8, 0x9, 0x10000, 0x7, 0xfffffffb, 0x3, 0x9, 0x5, 0x2, 0x4, 0x2, 0xffff, 0x8, 0xe5a, 0x5, 0x1, 0x2d0, 0x9, 0x7, 0x1, 0x5, 0x2, 0x100, 0xa74, 0x4d, 0x9, 0x3, 0x6, 0x5, 0x6e8a, 0x8, 0x1, 0x7, 0x0, 0x80, 0x5, 0x7, 0x5, 0x8, 0x0, 0xfffffe01, 0x8, 0x0, 0x101, 0xfff, 0x800, 0x2, 0x314, 0x1, 0x0, 0x9, 0x4, 0xc, 0x8000, 0x8a69, 0x8, 0x7, 0x4, 0x8, 0x7, 0xffff9eea, 0x6, 0x6, 0x5, 0x1, 0xfffeffff, 0x70, 0x2, 0x43a, 0x5b04, 0x7, 0x0, 0x80000001, 0x6, 0x9, 0x10001, 0xbb45061, 0x6, 0xaecf, 0xe2, 0x6, 0x100, 0x42, 0x8, 0x7fff, 0x6, 0x5a, 0x400, 0x5, 0x407e0a41, 0x1ff, 0xfffff6b0, 0xffff, 0x9, 0xcd, 0x3, 0x9, 0x1c4, 0x7, 0xb, 0x10, 0x7, 0x2, 0x5, 0x2, 0x5, 0x0, 0x5, 0x6, 0x0, 0x9, 0x5, 0x7, 0xfff, 0x3, 0xb5c, 0x7ea, 0x9, 0x2, 0x9, 0x200, 0x2, 0xe]}, @TCA_POLICE_RATE={0x404, 0x2, [0xfff, 0x10001, 0x2, 0xa, 0x7, 0x5, 0xe5f5, 0xf3, 0x5, 0x4, 0x3, 0x5, 0x5, 0xfffffffb, 0x100, 0x1, 0x6, 0x4, 0x7f, 0x7f, 0x7f, 0x5, 0x0, 0x7f, 0x280, 0x1, 0x1, 0x2, 0x8, 0x0, 0x2c4, 0x47c82518, 0x400, 0x6, 0xfff, 0x8, 0x1, 0x401, 0x0, 0x80, 0xc, 0x1a, 0x6, 0x0, 0xffffffb0, 0x85, 0x2c, 0x9, 0x100, 0xfff, 0x7, 0x10000, 0x7e, 0x7f, 0x7fffffff, 0x0, 0x1, 0x9, 0x5, 0x101, 0x141, 0x0, 0x3ae6, 0x3, 0x6, 0x3, 0x3, 0xff, 0x3, 0xfec6, 0x3, 0x401, 0x9, 0x3adf, 0x3, 0x7fffffff, 0x6, 0x8, 0x9, 0x1, 0x7, 0x3ff, 0x1, 0xa, 0x0, 0x1, 0x1, 0xfffffffd, 0x7, 0x1, 0x6, 0xf, 0x3, 0xffff, 0x3ff, 0x7fff, 0x3, 0x3, 0x1, 0x5, 0x9d, 0x1, 0x0, 0x9, 0x0, 0x10, 0xda, 0x80000001, 0x2, 0x2a0, 0x8001, 0xfffffff8, 0x8, 0x3, 0x7, 0x9, 0x6, 0x800, 0xb1a6, 0x1, 0x2, 0x0, 0x1000, 0x10001, 0x9, 0x6ed4, 0x0, 0x6a2, 0xffffffff, 0x9, 0x0, 0xfffffc00, 0x3, 0x8, 0x1f7, 0x3, 0x10000, 0x5, 0x2, 0x4, 0xa, 0x3, 0x3, 0xe, 0x8, 0x10001, 0x7, 0x10001, 0x43d6e55e, 0x6, 0xfff, 0x3, 0x6, 0x8, 0x7fffffff, 0x2, 0x4, 0xfffeffff, 0xffff6b27, 0x1, 0x1, 0x0, 0x800, 0x9, 0xf4, 0x3, 0xc, 0x3, 0x4, 0x9, 0x2, 0x8, 0x7fffffff, 0x5, 0x9, 0x5, 0x7, 0x2, 0x7f, 0x3, 0xd, 0x1, 0x5, 0x9, 0xe2a, 0x4, 0x2, 0x7, 0xa, 0x2573, 0x1000000, 0x5000000, 0x4, 0x7f, 0x4ee1, 0x4, 0xab, 0x81, 0x4c1a, 0x6, 0x7, 0x7fffffff, 0x75, 0x3, 0x7f, 0xfffffff8, 0x0, 0x1, 0x400, 0x4, 0x3, 0xfffffff9, 0x8, 0x12ab, 0x7, 0x5, 0x3, 0x80000000, 0xffffffcc, 0x8, 0x7, 0x0, 0x1, 0x4, 0x2, 0x4, 0x4, 0x1, 0x6, 0x7, 0x3, 0x800, 0x7, 0x7fffffff, 0x9, 0x26, 0xff, 0x8, 0x9, 0x7, 0xc, 0xffff, 0x5, 0x5, 0x7, 0x1, 0x3, 0x30, 0x8c, 0x288, 0x4, 0xc18e, 0x0, 0x10, 0xc0, 0x6]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x9, 0x3, 0x7f, 0xff, 0xfffffeff, {0x6, 0x91acbd24cee7dfe8, 0x2, 0x4b, 0xa, 0x28000000}, {0x1, 0x1, 0xd545, 0x53d, 0x5, 0x7ff}, 0x7, 0xf0c, 0x9a}}]}]}}]}, 0x87c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
setsockopt$sock_attach_bpf(r3, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r3, &(0x7f0000000000)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r5, 0x7}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200080314000e00072f01000000000000113cfdcb00000080ed00827600000000000100", 0x26}, {&(0x7f0000000780)="9942d6af00007f8f", 0xdd86}], 0x2}, 0x5)

kernel console output (not intermixed with test programs):

0
[  387.940655][   T26] kauditd_printk_skb: 12 callbacks suppressed
[  387.940670][   T26] audit: type=1326 audit(1780739974.070:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9048 comm="syz.4.1431" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  387.970832][    C1] vkms_vblank_simulate: vblank timer overrun
[  388.510952][ T9071] device syzkaller0 entered promiscuous mode
[  388.569693][ T9071] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  388.588712][ T9070] tipc: Resetting bearer <eth:syzkaller0>
[  388.654232][ T9070] tipc: Disabling bearer <eth:syzkaller0>
[  389.876087][ T4286] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  389.882310][ T4288] Bluetooth: hci2: command 0x0401 tx timeout
[  389.904291][   T26] audit: type=1326 audit(1780739976.030:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9048 comm="syz.4.1431" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  389.940846][   T26] audit: type=1326 audit(1780739976.030:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9048 comm="syz.4.1431" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  390.147540][ T4322] tipc: Node number set to 2348269497
[  390.213711][   T26] audit: type=1326 audit(1780739976.340:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9048 comm="syz.4.1431" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  390.293458][   T26] audit: type=1326 audit(1780739976.340:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9048 comm="syz.4.1431" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  390.407778][   T26] audit: type=1326 audit(1780739976.340:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9048 comm="syz.4.1431" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  390.509825][   T26] audit: type=1326 audit(1780739976.340:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9048 comm="syz.4.1431" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  390.615107][   T26] audit: type=1326 audit(1780739976.340:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9048 comm="syz.4.1431" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  390.639546][    C1] vkms_vblank_simulate: vblank timer overrun
[  390.735110][   T26] audit: type=1326 audit(1780739976.340:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9048 comm="syz.4.1431" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  390.810271][   T26] audit: type=1326 audit(1780739976.340:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9048 comm="syz.4.1431" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  393.241862][   T26] kauditd_printk_skb: 2 callbacks suppressed
[  393.241877][   T26] audit: type=1326 audit(1780739979.370:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9129 comm="syz.4.1454" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  393.356351][   T26] audit: type=1326 audit(1780739979.370:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9129 comm="syz.4.1454" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  393.426733][   T26] audit: type=1326 audit(1780739979.370:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9129 comm="syz.4.1454" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  393.489767][   T26] audit: type=1326 audit(1780739979.370:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9129 comm="syz.4.1454" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  393.548901][   T26] audit: type=1326 audit(1780739979.370:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9129 comm="syz.4.1454" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  393.614170][   T26] audit: type=1326 audit(1780739979.380:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9129 comm="syz.4.1454" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  393.745901][ T9139] device syzkaller0 entered promiscuous mode
[  393.980896][   T26] audit: type=1326 audit(1780739980.110:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9129 comm="syz.4.1454" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  394.031673][   T26] audit: type=1326 audit(1780739980.110:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9129 comm="syz.4.1454" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  394.835253][ T4286] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  394.841204][ T4285] Bluetooth: hci2: command 0x0401 tx timeout
[  396.502893][ T9120] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  396.996758][ T9176] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1466'.
[  397.018539][   T26] audit: type=1326 audit(1780739983.150:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9171 comm="syz.2.1467" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947e39ce59 code=0x7ffc0000
[  397.040057][ T9176] xfrm0 speed is unknown, defaulting to 1000
[  397.100575][   T26] audit: type=1326 audit(1780739983.150:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9171 comm="syz.2.1467" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f947e39ce59 code=0x7ffc0000
[  397.245150][  T953] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  397.435094][  T953] usb 2-1: Using ep0 maxpacket: 32
[  397.446258][  T953] usb 2-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f
[  397.475264][  T953] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  397.500482][  T953] usb 2-1: Product: syz
[  397.519821][  T953] usb 2-1: Manufacturer: syz
[  397.524454][  T953] usb 2-1: SerialNumber: syz
[  397.548169][  T953] usb 2-1: config 0 descriptor??
[  397.586830][  T953] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state.
[  397.594468][  T953] dvb-usb: bulk message failed: -22 (4/0)
[  397.630892][  T953] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  397.650161][  T953] dvb-usb: bulk message failed: -22 (5/0)
[  397.666335][  T953] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  397.712872][  T953] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  397.742837][  T953] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0)
[  397.759780][  T953] usb 2-1: media controller created
[  397.783296][ T9177] ttusb2: i2c wr len=58 too high
[  397.837009][  T953] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  397.893086][  T953] usb 2-1: selecting invalid altsetting 3
[  397.909804][  T953] ttusb2: set interface to alts=3 failed
[  398.139016][  T953] DVB: Unable to find symbol tda10086_attach()
[  398.150839][  T953] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0'
[  398.190569][  T953] dvb-usb: bulk message failed: -22 (4/0)
[  398.214088][  T953] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  398.243719][  T953] dvb-usb: bulk message failed: -22 (5/0)
[  398.259729][  T953] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  398.285151][  T953] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected.
[  398.314637][  T953] usb 2-1: USB disconnect, device number 23
[  398.379368][  T953] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected.
[  398.515358][ T4285] Bluetooth: hci2: command 0x0401 tx timeout
[  398.524556][ T4288] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  398.565096][ T4321] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  399.979700][ T4321] usb 1-1: config 0 has no interfaces?
[  399.996377][ T4321] usb 1-1: config 0 has no interfaces?
[  400.015652][ T4321] usb 1-1: config 0 has no interfaces?
[  400.021216][ T4321] usb 1-1: New USB device found, idVendor=7de0, idProduct=676e, bcdDevice=77.db
[  400.040642][ T4321] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  400.063526][ T4321] usb 1-1: config 0 descriptor??
[  400.390573][ T4321] usb 1-1: USB disconnect, device number 33
[  400.955334][ T4321] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  401.002119][   T26] kauditd_printk_skb: 10 callbacks suppressed
[  401.002134][   T26] audit: type=1326 audit(1780739987.130:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9228 comm="syz.1.1482" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  401.044264][   T26] audit: type=1326 audit(1780739987.130:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9228 comm="syz.1.1482" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  401.105408][   T26] audit: type=1326 audit(1780739987.130:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9228 comm="syz.1.1482" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  401.180073][ T4321] usb 5-1: Using ep0 maxpacket: 32
[  401.306725][ T4321] usb 5-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f
[  401.343821][   T26] audit: type=1326 audit(1780739987.130:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9228 comm="syz.1.1482" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  401.346718][ T4321] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  401.367903][    C1] vkms_vblank_simulate: vblank timer overrun
[  401.499973][   T26] audit: type=1326 audit(1780739987.130:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9228 comm="syz.1.1482" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  401.531545][ T4321] usb 5-1: Product: syz
[  401.536054][ T4321] usb 5-1: Manufacturer: syz
[  401.540710][ T4321] usb 5-1: SerialNumber: syz
[  401.545645][   T26] audit: type=1326 audit(1780739987.130:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9228 comm="syz.1.1482" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  401.569663][    C1] vkms_vblank_simulate: vblank timer overrun
[  401.580114][ T4321] usb 5-1: config 0 descriptor??
[  401.590121][ T4321] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state.
[  401.605127][   T26] audit: type=1326 audit(1780739987.130:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9228 comm="syz.1.1482" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  401.629540][ T4321] dvb-usb: bulk message failed: -22 (4/0)
[  401.635512][ T4321] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  401.659989][ T4321] dvb-usb: bulk message failed: -22 (5/0)
[  401.666134][   T26] audit: type=1326 audit(1780739987.130:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9228 comm="syz.1.1482" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  401.694273][ T4321] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  401.710560][ T4321] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  401.731600][ T4321] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0)
[  401.744711][   T26] audit: type=1326 audit(1780739987.130:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9228 comm="syz.1.1482" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  401.768666][    C1] vkms_vblank_simulate: vblank timer overrun
[  401.781532][ T4321] usb 5-1: media controller created
[  401.791712][ T9221] ttusb2: i2c wr len=58 too high
[  401.819791][   T26] audit: type=1326 audit(1780739987.200:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9228 comm="syz.1.1482" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  401.844786][ T4321] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  401.883508][ T4321] usb 5-1: selecting invalid altsetting 3
[  401.895182][ T4321] ttusb2: set interface to alts=3 failed
[  401.955528][ T4286] Bluetooth: hci2: command 0x0401 tx timeout
[  401.961651][ T4288] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  402.027177][ T4321] DVB: Unable to find symbol tda10086_attach()
[  402.033546][ T4321] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0'
[  402.045333][ T4321] dvb-usb: bulk message failed: -22 (4/0)
[  402.051199][ T4321] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  402.061602][ T4321] dvb-usb: bulk message failed: -22 (5/0)
[  402.067500][ T4321] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  402.078645][ T4321] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected.
[  402.101970][ T4321] usb 5-1: USB disconnect, device number 44
[  402.143832][ T4321] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected.
[  402.246608][ T9242] syz.0.1485 (9242) used greatest stack depth: 17904 bytes left
[  404.316356][ T9260] xfrm0 speed is unknown, defaulting to 1000
[  406.686248][ T4285] Bluetooth: hci2: command 0x0401 tx timeout
[  406.692345][ T4288] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  409.565896][   T26] kauditd_printk_skb: 13 callbacks suppressed
[  409.565911][   T26] audit: type=1326 audit(1780739995.700:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9341 comm="syz.1.1508" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  409.684431][   T26] audit: type=1326 audit(1780739995.740:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9341 comm="syz.1.1508" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  409.778777][   T26] audit: type=1326 audit(1780739995.740:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9341 comm="syz.1.1508" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  409.802791][    C0] vkms_vblank_simulate: vblank timer overrun
[  409.915920][   T26] audit: type=1326 audit(1780739995.740:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9341 comm="syz.1.1508" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  410.061639][   T26] audit: type=1326 audit(1780739995.740:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9341 comm="syz.1.1508" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  410.085676][    C0] vkms_vblank_simulate: vblank timer overrun
[  410.170477][   T26] audit: type=1326 audit(1780739995.740:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9341 comm="syz.1.1508" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  410.315105][   T26] audit: type=1326 audit(1780739995.740:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9341 comm="syz.1.1508" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  410.435906][   T26] audit: type=1326 audit(1780739995.740:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9341 comm="syz.1.1508" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  410.541206][   T26] audit: type=1326 audit(1780739995.740:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9341 comm="syz.1.1508" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  410.605116][   T26] audit: type=1326 audit(1780739995.980:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9341 comm="syz.1.1508" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  411.555523][ T4286] Bluetooth: hci2: command 0x0401 tx timeout
[  411.561660][ T4288] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  411.906203][ T9402] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1530'.
[  414.071359][ T9470] device syzkaller0 entered promiscuous mode
[  414.084675][ T9470] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  414.133153][ T9470] netlink: 'syz.4.1547': attribute type 1 has an invalid length.
[  415.137000][   T26] kauditd_printk_skb: 33 callbacks suppressed
[  415.137014][   T26] audit: type=1326 audit(1780740001.270:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9486 comm="syz.1.1553" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  415.167418][    C0] vkms_vblank_simulate: vblank timer overrun
[  415.235355][   T26] audit: type=1326 audit(1780740001.300:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9486 comm="syz.1.1553" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  415.282245][   T26] audit: type=1326 audit(1780740001.300:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9486 comm="syz.1.1553" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  415.326981][   T26] audit: type=1326 audit(1780740001.300:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9486 comm="syz.1.1553" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  415.351009][    C0] vkms_vblank_simulate: vblank timer overrun
[  415.387982][   T26] audit: type=1326 audit(1780740001.300:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9486 comm="syz.1.1553" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  415.442759][   T26] audit: type=1326 audit(1780740001.310:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9486 comm="syz.1.1553" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  415.463908][ T9418] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  415.466741][    C0] vkms_vblank_simulate: vblank timer overrun
[  415.491837][   T26] audit: type=1326 audit(1780740001.310:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9486 comm="syz.1.1553" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  415.515986][    C0] vkms_vblank_simulate: vblank timer overrun
[  415.582928][   T26] audit: type=1326 audit(1780740001.320:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9486 comm="syz.1.1553" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  415.673016][   T26] audit: type=1326 audit(1780740001.770:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9486 comm="syz.1.1553" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  415.753705][   T26] audit: type=1326 audit(1780740001.770:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9486 comm="syz.1.1553" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1f59ce59 code=0x7ffc0000
[  415.812645][ T9498] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1555'.
[  416.909109][ T9530] device syzkaller0 entered promiscuous mode
[  416.993614][ T9530] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  417.043954][ T9529] tipc: Resetting bearer <eth:syzkaller0>
[  417.111258][ T9529] tipc: Disabling bearer <eth:syzkaller0>
[  417.392380][ T9541] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1569'.
[  417.494034][ T9544] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1570'.
[  417.785867][ T9556] device syzkaller0 entered promiscuous mode
[  418.497075][ T9564] netlink: 'syz.0.1578': attribute type 3 has an invalid length.
[  418.930728][ T9576] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1583'.
[  419.919793][ T9607] netlink: 'syz.4.1594': attribute type 11 has an invalid length.
[  419.947444][ T9607] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  420.000736][ T9607] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  420.100471][ T9612] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1598'.
[  420.204333][   T26] kauditd_printk_skb: 35 callbacks suppressed
[  420.204348][   T26] audit: type=1326 audit(1780740006.330:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9593 comm="syz.0.1592" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e8ad9ce59 code=0x7ffc0000
[  420.234836][    C0] vkms_vblank_simulate: vblank timer overrun
[  420.333194][   T26] audit: type=1326 audit(1780740006.330:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9593 comm="syz.0.1592" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e8ad9ce59 code=0x7ffc0000
[  420.425967][   T26] audit: type=1326 audit(1780740006.390:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9593 comm="syz.0.1592" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f6e8ad9ce59 code=0x7ffc0000
[  420.450092][    C0] vkms_vblank_simulate: vblank timer overrun
[  420.495140][   T26] audit: type=1326 audit(1780740006.510:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9593 comm="syz.0.1592" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e8ad9ce59 code=0x7ffc0000
[  420.519180][    C0] vkms_vblank_simulate: vblank timer overrun
[  420.593759][   T26] audit: type=1326 audit(1780740006.510:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9593 comm="syz.0.1592" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e8ad9ce59 code=0x7ffc0000
[  420.617883][    C0] vkms_vblank_simulate: vblank timer overrun
[  420.675241][   T26] audit: type=1326 audit(1780740006.590:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9593 comm="syz.0.1592" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f6e8ad9ce59 code=0x7ffc0000
[  420.699195][    C0] vkms_vblank_simulate: vblank timer overrun
[  420.753827][   T26] audit: type=1326 audit(1780740006.590:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9593 comm="syz.0.1592" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e8ad9ce59 code=0x7ffc0000
[  420.786860][   T26] audit: type=1326 audit(1780740006.600:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9593 comm="syz.0.1592" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e8ad9ce59 code=0x7ffc0000
[  420.821222][   T26] audit: type=1326 audit(1780740006.600:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9593 comm="syz.0.1592" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f6e8ad9ce59 code=0x7ffc0000
[  420.865554][ T9627] device syzkaller0 entered promiscuous mode
[  420.904443][   T26] audit: type=1326 audit(1780740006.600:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9593 comm="syz.0.1592" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e8ad9ce59 code=0x7ffc0000
[  421.346183][ T9638] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1608'.
[  421.711440][ T9646] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1612'.
[  421.792102][ T9649] fuse: Bad value for 'fd'
[  421.958790][ T9653] device syzkaller0 entered promiscuous mode
[  422.149146][ T9667] device syzkaller0 entered promiscuous mode
[  422.675929][   T27] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  422.875241][   T27] usb 2-1: Using ep0 maxpacket: 32
[  422.897066][   T27] usb 2-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f
[  422.933833][ T9683] sch_tbf: peakrate 7 is lower than or equals to rate 7 !
[  422.934349][   T27] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  422.982302][   T27] usb 2-1: Product: syz
[  422.986622][   T27] usb 2-1: Manufacturer: syz
[  422.991261][   T27] usb 2-1: SerialNumber: syz
[  423.046015][   T27] usb 2-1: config 0 descriptor??
[  423.094272][   T27] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state.
[  423.116240][   T27] dvb-usb: bulk message failed: -22 (4/0)
[  423.122071][   T27] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  423.154976][   T27] dvb-usb: bulk message failed: -22 (5/0)
[  423.163983][   T27] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  423.202613][ T9689] fuse: Unknown parameter '0x0000000000000003'
[  423.210084][   T27] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  423.234540][   T27] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0)
[  423.264564][ T9674] ttusb2: more than 2 i2c messages at a time is not handled yet. TODO.
[  423.290862][ T9674] dvb-usb: bulk message failed: -22 (7/0)
[  423.297952][   T27] usb 2-1: media controller created
[  423.305941][ T9674] ttusb2: there might have been an error during control message transfer. (rlen = 3, was 0)
[  423.352675][ T9674] ttusb2: i2c transfer failed.
[  423.360770][   T27] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  423.415795][   T27] usb 2-1: selecting invalid altsetting 3
[  423.421616][   T27] ttusb2: set interface to alts=3 failed
[  423.584553][   T27] DVB: Unable to find symbol tda10086_attach()
[  423.596945][   T27] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0'
[  423.640748][   T27] dvb-usb: bulk message failed: -22 (4/0)
[  423.648671][   T27] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  423.680664][   T27] dvb-usb: bulk message failed: -22 (5/0)
[  423.690726][   T27] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  423.710982][   T27] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected.
[  423.741677][   T27] usb 2-1: USB disconnect, device number 24
[  423.776855][ T9706] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  423.886327][   T27] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected.
[  424.984487][ T4368] tipc: Node number set to 3566819539
[  425.295153][   T27] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  425.495672][   T27] usb 3-1: Using ep0 maxpacket: 32
[  425.506050][   T27] usb 3-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f
[  425.516446][   T27] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  425.524490][   T27] usb 3-1: Product: syz
[  425.545124][   T27] usb 3-1: Manufacturer: syz
[  425.550040][   T27] usb 3-1: SerialNumber: syz
[  425.571246][   T27] usb 3-1: config 0 descriptor??
[  425.600624][   T27] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state.
[  425.618736][   T27] dvb-usb: bulk message failed: -22 (4/0)
[  425.624643][   T27] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  425.645283][   T27] dvb-usb: bulk message failed: -22 (5/0)
[  425.655300][   T27] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  425.677322][   T27] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  425.710712][   T27] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0)
[  425.729391][   T27] usb 3-1: media controller created
[  425.762684][   T27] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  425.803988][ T9753] ttusb2: more than 2 i2c messages at a time is not handled yet. TODO.
[  425.816494][   T27] usb 3-1: selecting invalid altsetting 3
[  425.822297][   T27] ttusb2: set interface to alts=3 failed
[  425.835113][ T9753] dvb-usb: bulk message failed: -22 (7/0)
[  425.840905][ T9753] ttusb2: there might have been an error during control message transfer. (rlen = 3, was 0)
[  425.852002][ T9753] ttusb2: i2c transfer failed.
[  425.934422][   T27] DVB: Unable to find symbol tda10086_attach()
[  425.955479][   T27] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0'
[  425.984545][   T27] dvb-usb: bulk message failed: -22 (4/0)
[  425.995055][   T27] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  426.020220][   T27] dvb-usb: bulk message failed: -22 (5/0)
[  426.030565][   T27] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  426.041035][   T27] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected.
[  426.074006][   T27] usb 3-1: USB disconnect, device number 37
[  426.136443][   T27] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected.
[  426.490753][ T9802] device syzkaller0 left promiscuous mode
[  426.529365][ T9802] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  427.090522][ T4368] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  427.278533][ T4368] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  427.297750][ T4368] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  427.308255][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880555afc00: rx timeout, send abort
[  427.331898][ T4368] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  427.347136][ T4368] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  427.359011][ T4368] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  427.380576][ T4368] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  427.390272][ T4368] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  427.404463][ T4368] usb 1-1: Product: syz
[  427.409231][ T4368] usb 1-1: Manufacturer: syz
[  427.428509][ T4368] cdc_wdm 1-1:1.0: skipping garbage
[  427.433955][ T4368] cdc_wdm 1-1:1.0: skipping garbage
[  427.468503][ T4368] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  427.474689][ T4368] cdc_wdm 1-1:1.0: Unknown control protocol
[  427.631485][ T9811] cdc_wdm 1-1:1.0: Error submitting int urb - -90
[  427.644899][ T4368] usb 1-1: USB disconnect, device number 34
[  427.709043][ T9832] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  427.743258][ T9831] tipc: Disabling bearer <eth:syzkaller0>
[  427.806112][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880555ad400: rx timeout, send abort
[  427.814510][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880555afc00: abort rx timeout. Force session deactivation
[  427.900933][   T27] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  428.099162][   T27] usb 2-1: Using ep0 maxpacket: 32
[  428.125632][   T27] usb 2-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f
[  428.150405][   T27] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  428.173595][   T27] usb 2-1: Product: syz
[  428.185286][   T27] usb 2-1: Manufacturer: syz
[  428.193583][   T27] usb 2-1: SerialNumber: syz
[  428.224519][   T27] usb 2-1: config 0 descriptor??
[  428.249739][   T27] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state.
[  428.259796][   T27] dvb-usb: bulk message failed: -22 (4/0)
[  428.284577][   T27] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  428.296187][   T27] dvb-usb: bulk message failed: -22 (5/0)
[  428.301982][   T27] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  428.313794][ T9838] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1678'.
[  428.322778][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880555ad400: abort rx timeout. Force session deactivation
[  428.339159][   T27] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  428.359533][   T27] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0)
[  428.373481][   T27] usb 2-1: media controller created
[  428.423252][   T27] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  428.450389][ T9830] ttusb2: more than 2 i2c messages at a time is not handled yet. TODO.
[  428.495577][ T9830] dvb-usb: bulk message failed: -22 (7/0)
[  428.501790][ T9830] ttusb2: there might have been an error during control message transfer. (rlen = 3, was 0)
[  428.540567][   T27] usb 2-1: selecting invalid altsetting 3
[  428.545609][ T9830] ttusb2: i2c transfer failed.
[  428.558372][   T27] ttusb2: set interface to alts=3 failed
[  428.661925][   T27] DVB: Unable to find symbol tda10086_attach()
[  428.675208][   T27] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0'
[  428.695340][   T27] dvb-usb: bulk message failed: -22 (4/0)
[  428.701148][   T27] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  428.727579][   T27] dvb-usb: bulk message failed: -22 (5/0)
[  428.746142][   T27] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  428.756945][   T27] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected.
[  428.802508][   T27] usb 2-1: USB disconnect, device number 25
[  428.869534][   T27] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected.
[  429.015878][ T9859] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  429.062637][ T9857] tipc: Disabling bearer <eth:syzkaller0>
[  429.302094][ T9872] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1692'.
[  429.509817][ T9887] fuse: Unknown parameter '0x0000000000000003'
[  429.525226][ T5996] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  429.727537][ T5996] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  429.737810][ T5996] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  429.754221][ T5996] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  429.768986][ T5996] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  429.788344][ T5996] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  429.815169][ T5996] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  429.834532][ T5996] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  429.842874][ T5996] usb 1-1: Product: syz
[  429.855106][ T5996] usb 1-1: Manufacturer: syz
[  429.865352][ T5996] cdc_wdm 1-1:1.0: skipping garbage
[  429.870641][ T5996] cdc_wdm 1-1:1.0: skipping garbage
[  429.887665][ T5996] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  429.893638][ T5996] cdc_wdm 1-1:1.0: Unknown control protocol
[  430.074422][ T9871] cdc_wdm 1-1:1.0: Error submitting int urb - -90
[  430.090175][ T4320] usb 1-1: USB disconnect, device number 35
[  430.887884][ T9920] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  430.960987][ T9919] tipc: Disabling bearer <eth:syzkaller0>
[  431.003308][ T9927] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1706'.
[  431.047560][ T4319] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  431.245305][ T4319] usb 2-1: Using ep0 maxpacket: 32
[  431.261357][ T4319] usb 2-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f
[  431.294638][ T4319] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  431.320896][ T4319] usb 2-1: Product: syz
[  431.335651][ T4319] usb 2-1: Manufacturer: syz
[  431.340333][ T4319] usb 2-1: SerialNumber: syz
[  431.352835][ T9936] netlink: 81 bytes leftover after parsing attributes in process `syz.3.1710'.
[  431.358692][ T4319] usb 2-1: config 0 descriptor??
[  431.388096][ T9939] device syzkaller1 entered promiscuous mode
[  431.394257][   T26] kauditd_printk_skb: 23 callbacks suppressed
[  431.394272][   T26] audit: type=1326 audit(1780740017.520:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9940 comm="syz.4.1712" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  431.432202][   T26] audit: type=1326 audit(1780740017.520:668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9940 comm="syz.4.1712" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  431.461030][ T4319] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state.
[  431.469178][ T4319] dvb-usb: bulk message failed: -22 (4/0)
[  431.475463][ T4319] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  431.486016][   T26] audit: type=1326 audit(1780740017.560:669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9940 comm="syz.4.1712" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  431.525145][ T4319] dvb-usb: bulk message failed: -22 (5/0)
[  431.530966][ T4319] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  431.560399][   T26] audit: type=1326 audit(1780740017.560:670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9940 comm="syz.4.1712" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  431.587399][ T4319] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  431.612886][ T4319] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0)
[  431.625119][ T4319] usb 2-1: media controller created
[  431.662041][   T26] audit: type=1326 audit(1780740017.560:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9940 comm="syz.4.1712" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  431.684466][ T4319] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  431.701366][   T26] audit: type=1326 audit(1780740017.560:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9940 comm="syz.4.1712" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  431.735333][   T26] audit: type=1326 audit(1780740017.560:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9940 comm="syz.4.1712" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  431.760289][ T9915] ttusb2: more than 2 i2c messages at a time is not handled yet. TODO.
[  431.769308][ T9915] dvb-usb: bulk message failed: -22 (7/0)
[  431.775489][ T9915] ttusb2: there might have been an error during control message transfer. (rlen = 3, was 0)
[  431.794090][ T9915] ttusb2: i2c transfer failed.
[  431.794697][ T4319] usb 2-1: selecting invalid altsetting 3
[  431.799896][   T26] audit: type=1326 audit(1780740017.560:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9940 comm="syz.4.1712" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  431.811055][ T4319] ttusb2: set interface to alts=3 failed
[  431.828941][    C0] vkms_vblank_simulate: vblank timer overrun
[  431.835581][   T26] audit: type=1326 audit(1780740017.560:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9940 comm="syz.4.1712" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  431.864898][    C0] vkms_vblank_simulate: vblank timer overrun
[  431.913737][   T26] audit: type=1326 audit(1780740017.760:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9940 comm="syz.4.1712" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  432.052052][ T4319] DVB: Unable to find symbol tda10086_attach()
[  432.060249][ T4319] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0'
[  432.084431][ T4319] dvb-usb: bulk message failed: -22 (4/0)
[  432.100854][ T4319] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  432.123694][ T4319] dvb-usb: bulk message failed: -22 (5/0)
[  432.137313][ T4319] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  432.158139][ T4319] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected.
[  432.173774][ T4319] usb 2-1: USB disconnect, device number 26
[  432.238640][ T4319] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected.
[  432.454087][ T9966] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1718'.
[  434.263987][ T9980] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1725'.
[  434.296203][ T9980] device syzkaller0 entered promiscuous mode
[  434.589941][ T9993] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1730'.
[  434.775266][ T4319] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  434.980363][ T4319] usb 4-1: Using ep0 maxpacket: 32
[  434.989813][ T4319] usb 4-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f
[  435.022746][ T4319] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  435.041109][ T4319] usb 4-1: Product: syz
[  435.052262][ T4319] usb 4-1: Manufacturer: syz
[  435.057052][ T4319] usb 4-1: SerialNumber: syz
[  435.084045][ T4319] usb 4-1: config 0 descriptor??
[  435.108102][ T4319] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state.
[  435.135346][ T4319] dvb-usb: bulk message failed: -22 (4/0)
[  435.141155][ T4319] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  435.163407][ T4319] dvb-usb: bulk message failed: -22 (5/0)
[  435.182286][ T4319] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  435.208939][ T4319] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  435.227799][ T4319] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0)
[  435.240686][ T4319] usb 4-1: media controller created
[  435.278157][ T4319] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  435.313887][ T9988] ttusb2: more than 2 i2c messages at a time is not handled yet. TODO.
[  435.345172][ T9988] dvb-usb: bulk message failed: -22 (7/0)
[  435.351458][ T9988] ttusb2: there might have been an error during control message transfer. (rlen = 3, was 0)
[  435.363944][ T4319] usb 4-1: selecting invalid altsetting 3
[  435.380521][ T4319] ttusb2: set interface to alts=3 failed
[  435.394667][ T9988] ttusb2: i2c transfer failed.
[  435.533775][ T4319] DVB: Unable to find symbol tda10086_attach()
[  435.540471][ T4319] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0'
[  435.563051][ T4319] dvb-usb: bulk message failed: -22 (4/0)
[  435.575440][ T4319] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  437.005895][ T4319] dvb-usb: bulk message failed: -22 (5/0)
[  437.011799][ T4319] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  437.022305][ T4319] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected.
[  437.034254][ T4319] usb 4-1: USB disconnect, device number 24
[  437.127020][ T4319] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected.
[  437.596799][T10034] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1741'.
[  439.800744][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  440.912627][T10031] device syzkaller0 entered promiscuous mode
[  441.224398][T10065] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1746'.
[  441.441217][T10079] fuse: Unknown parameter 'user_i00000000000000000000'
[  441.625259][ T5996] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  441.635937][ T4285] Bluetooth: hci2: command 0x0401 tx timeout
[  441.642595][ T4288] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  441.845085][ T5996] usb 3-1: Using ep0 maxpacket: 32
[  441.854770][ T5996] usb 3-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f
[  441.869407][ T5996] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  441.877869][ T5996] usb 3-1: Product: syz
[  441.882088][ T5996] usb 3-1: Manufacturer: syz
[  441.887089][ T5996] usb 3-1: SerialNumber: syz
[  441.901389][ T5996] usb 3-1: config 0 descriptor??
[  441.915300][ T5996] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state.
[  441.923051][ T5996] dvb-usb: bulk message failed: -22 (4/0)
[  441.929326][ T5996] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  441.939927][ T5996] dvb-usb: bulk message failed: -22 (5/0)
[  441.945939][ T5996] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  441.970824][ T5996] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  441.980689][ T5996] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0)
[  441.989285][ T5996] usb 3-1: media controller created
[  442.009787][ T5996] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  442.048302][ T5996] usb 3-1: selecting invalid altsetting 3
[  442.060723][ T5996] ttusb2: set interface to alts=3 failed
[  442.112005][T10077] ttusb2: more than 2 i2c messages at a time is not handled yet. TODO.
[  442.145284][T10077] dvb-usb: bulk message failed: -22 (7/0)
[  442.162755][T10077] ttusb2: there might have been an error during control message transfer. (rlen = 3, was 0)
[  442.203819][T10077] ttusb2: i2c transfer failed.
[  442.251002][ T5996] DVB: Unable to find symbol tda10086_attach()
[  442.260659][ T5996] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0'
[  443.705172][ T5996] dvb-usb: bulk message failed: -22 (4/0)
[  443.713390][ T5996] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  443.725456][ T5996] dvb-usb: bulk message failed: -22 (5/0)
[  443.731912][ T5996] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  443.745366][ T5996] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected.
[  443.756162][ T5996] usb 3-1: USB disconnect, device number 38
[  443.807365][ T5996] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected.
[  443.951215][T10100] device syzkaller0 entered promiscuous mode
[  443.965679][T10100] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  443.980672][T10100] netlink: 'syz.4.1758': attribute type 1 has an invalid length.
[  444.017828][T10100] netlink: 'syz.4.1758': attribute type 1 has an invalid length.
[  444.046043][T10100] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  444.064650][T10102] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1759'.
[  444.260115][T10108] fuse: Unknown parameter 'user_i00000000000000000000'
[  445.464391][T10144] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1775'.
[  445.475890][ T4320] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  445.531564][T10145] device syzkaller0 entered promiscuous mode
[  445.666599][T10148] fuse: Unknown parameter 'user_id00000000000000000000'
[  445.677530][ T4320] usb 1-1: Using ep0 maxpacket: 32
[  445.696781][ T4320] usb 1-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f
[  445.713349][ T4320] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  445.715681][ T4285] Bluetooth: hci2: command 0x0401 tx timeout
[  445.723466][ T4320] usb 1-1: Product: syz
[  445.727431][ T4288] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  445.791569][ T4320] usb 1-1: Manufacturer: syz
[  445.827911][ T4320] usb 1-1: SerialNumber: syz
[  445.861471][ T4320] usb 1-1: config 0 descriptor??
[  445.902408][ T4320] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state.
[  445.930441][ T4320] dvb-usb: bulk message failed: -22 (4/0)
[  445.950351][ T4320] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  445.974989][ T4320] dvb-usb: bulk message failed: -22 (5/0)
[  445.995203][ T4320] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  446.043193][ T4320] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  446.063828][ T4320] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0)
[  446.073918][ T4320] usb 1-1: media controller created
[  446.095842][T10136] ttusb2: more than 2 i2c messages at a time is not handled yet. TODO.
[  446.104213][T10136] dvb-usb: bulk message failed: -22 (36/0)
[  446.149503][ T4320] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  446.167370][T10136] ttusb2: there might have been an error during control message transfer. (rlen = 3, was 0)
[  446.215320][T10136] ttusb2: i2c transfer failed.
[  446.234776][ T4320] usb 1-1: selecting invalid altsetting 3
[  446.269855][ T4320] ttusb2: set interface to alts=3 failed
[  446.291816][T10165] device syzkaller0 left promiscuous mode
[  446.315338][T10165] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  446.471584][ T4320] DVB: Unable to find symbol tda10086_attach()
[  446.485240][ T4320] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0'
[  446.504275][ T4320] dvb-usb: bulk message failed: -22 (4/0)
[  446.525091][ T4320] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  446.544557][ T4320] dvb-usb: bulk message failed: -22 (5/0)
[  446.552949][ T4320] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  446.583731][ T4320] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected.
[  446.610774][ T4320] usb 1-1: USB disconnect, device number 36
[  446.642233][ T4320] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected.
[  447.093570][T10189] fuse: Unknown parameter 'user_id00000000000000000000'
[  447.327025][T10195] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1790'.
[  449.105138][ T5996] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  449.246616][T10216] fuse: Unknown parameter 'user_id00000000000000000000'
[  449.305069][ T5996] usb 1-1: Using ep0 maxpacket: 32
[  449.323448][ T5996] usb 1-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f
[  449.368976][ T5996] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  449.393372][ T5996] usb 1-1: Product: syz
[  449.404852][ T5996] usb 1-1: Manufacturer: syz
[  449.421036][ T5996] usb 1-1: SerialNumber: syz
[  449.432021][ T5996] usb 1-1: config 0 descriptor??
[  449.450639][ T5996] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state.
[  449.476873][ T5996] dvb-usb: bulk message failed: -22 (4/0)
[  449.492955][ T5996] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  449.514634][ T5996] dvb-usb: bulk message failed: -22 (5/0)
[  449.527323][ T5996] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  449.552906][ T5996] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  449.570003][ T5996] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0)
[  449.592740][ T5996] usb 1-1: media controller created
[  449.628914][ T5996] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  449.652952][T10205] ttusb2: more than 2 i2c messages at a time is not handled yet. TODO.
[  449.678155][T10205] dvb-usb: bulk message failed: -22 (36/0)
[  449.684030][T10205] ttusb2: there might have been an error during control message transfer. (rlen = 3, was 0)
[  449.705965][ T5996] usb 1-1: selecting invalid altsetting 3
[  449.711749][ T5996] ttusb2: set interface to alts=3 failed
[  449.721652][T10205] ttusb2: i2c transfer failed.
[  449.787840][ T5996] DVB: Unable to find symbol tda10086_attach()
[  449.794274][ T5996] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0'
[  449.842398][ T5996] dvb-usb: bulk message failed: -22 (4/0)
[  449.849601][ T5996] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  449.866902][ T5996] dvb-usb: bulk message failed: -22 (5/0)
[  449.872823][ T5996] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  449.892549][ T5996] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected.
[  449.904964][ T5996] usb 1-1: USB disconnect, device number 37
[  449.971647][ T5996] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected.
[  451.693588][ T4285] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  451.700000][ T4285] Bluetooth: hci2: command 0x0401 tx timeout
[  451.898925][T10251] device syzkaller0 entered promiscuous mode
[  452.944503][T10259] fuse: Bad value for 'fd'
[  452.954403][T10238] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  453.401594][T10278] tipc: New replicast peer: 255.255.255.255
[  454.721245][T10278] tipc: Enabled bearer <udp:syz2>, priority 10
[  454.838469][T10291] netlink: 'syz.0.1816': attribute type 1 has an invalid length.
[  454.858984][T10289] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1816'.
[  454.895211][ T4319] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  454.928051][T10291] device bond1 entered promiscuous mode
[  454.934042][T10291] 8021q: adding VLAN 0 to HW filter on device bond1
[  454.959131][T10278] Driver unsupported XDP return value 0 on prog  (id 99) dev N/A, expect packet loss!
[  454.988813][T10278] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1816'.
[  455.055636][T10278] bond1: (slave bridge1): making interface the new active one
[  455.072823][T10278] device bridge1 entered promiscuous mode
[  455.085498][ T4319] usb 4-1: Using ep0 maxpacket: 32
[  455.090883][T10278] bond1: (slave bridge1): Enslaving as an active interface with an up link
[  455.102292][ T6661] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  455.113697][ T4319] usb 4-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f
[  455.137797][ T4319] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  455.155111][ T4319] usb 4-1: Product: syz
[  455.165613][ T4319] usb 4-1: Manufacturer: syz
[  455.175183][ T4319] usb 4-1: SerialNumber: syz
[  455.197395][ T4319] usb 4-1: config 0 descriptor??
[  455.216723][ T4319] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state.
[  455.235601][ T4319] dvb-usb: bulk message failed: -22 (4/0)
[  455.248104][ T4319] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  455.271275][ T4319] dvb-usb: bulk message failed: -22 (5/0)
[  455.285555][ T4319] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  455.304186][T10300] device syzkaller0 entered promiscuous mode
[  455.330466][ T4319] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  455.344520][T10300] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  455.357767][ T4319] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0)
[  455.371140][ T4319] usb 4-1: media controller created
[  455.395148][ T4319] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  455.405972][T10299] tipc: Resetting bearer <eth:syzkaller0>
[  455.417033][T10279] ttusb2: more than 2 i2c messages at a time is not handled yet. TODO.
[  455.440726][T10279] dvb-usb: bulk message failed: -22 (36/0)
[  455.462508][ T4319] usb 4-1: selecting invalid altsetting 3
[  455.469328][T10279] ttusb2: there might have been an error during control message transfer. (rlen = 3, was 0)
[  455.480363][ T4319] ttusb2: set interface to alts=3 failed
[  455.513781][T10299] tipc: Disabling bearer <eth:syzkaller0>
[  455.522941][T10279] ttusb2: i2c transfer failed.
[  455.630339][ T4319] DVB: Unable to find symbol tda10086_attach()
[  455.655327][ T4319] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0'
[  455.687208][ T4319] dvb-usb: bulk message failed: -22 (4/0)
[  455.705086][ T4319] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  455.725915][ T4319] dvb-usb: bulk message failed: -22 (5/0)
[  455.731711][ T4319] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  455.775287][ T4319] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected.
[  455.805819][ T4319] usb 4-1: USB disconnect, device number 25
[  455.854114][ T4319] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected.
[  456.417909][ T4319] tipc: Node number set to 1866612061
[  456.459855][T10341] device syzkaller0 entered promiscuous mode
[  456.755135][ T4285] Bluetooth: hci2: command 0x0401 tx timeout
[  456.761261][ T4286] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  457.282028][T10354] device syzkaller0 entered promiscuous mode
[  458.762489][T10315] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  459.150982][T10379] device syzkaller0 entered promiscuous mode
[  459.954807][T10398] device syzkaller0 entered promiscuous mode
[  460.008052][T10398] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  460.049628][T10397] tipc: Resetting bearer <eth:syzkaller0>
[  460.156628][T10397] tipc: Disabling bearer <eth:syzkaller0>
[  461.108934][T10420] device syzkaller0 entered promiscuous mode
[  461.544392][T10431] device syzkaller0 entered promiscuous mode
[  461.563117][T10431] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  461.571943][T10429] tipc: Resetting bearer <eth:syzkaller0>
[  461.615554][T10429] tipc: Disabling bearer <eth:syzkaller0>
[  461.641317][T10433] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  462.366063][T10453] device syzkaller0 entered promiscuous mode
[  462.710024][T10465] device syzkaller0 entered promiscuous mode
[  464.929174][T10444] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  465.085836][T10491] device syzkaller0 entered promiscuous mode
[  465.094774][T10491] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  465.152732][T10494] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  466.399995][T10523] device syzkaller0 entered promiscuous mode
[  466.502139][T10523] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  466.574625][T10521] tipc: Resetting bearer <eth:syzkaller0>
[  466.584828][T10526] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1898'.
[  466.616845][   T26] kauditd_printk_skb: 28 callbacks suppressed
[  466.616859][   T26] audit: type=1326 audit(1780740052.750:705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10525 comm="syz.4.1898" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  466.647761][    C0] vkms_vblank_simulate: vblank timer overrun
[  466.720870][   T26] audit: type=1326 audit(1780740052.790:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10525 comm="syz.4.1898" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  466.724159][T10521] tipc: Disabling bearer <eth:syzkaller0>
[  466.745075][    C0] vkms_vblank_simulate: vblank timer overrun
[  466.790297][   T26] audit: type=1326 audit(1780740052.790:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10525 comm="syz.4.1898" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  466.814409][    C0] vkms_vblank_simulate: vblank timer overrun
[  466.881652][   T26] audit: type=1326 audit(1780740052.790:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10525 comm="syz.4.1898" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  466.995158][   T26] audit: type=1326 audit(1780740052.800:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10525 comm="syz.4.1898" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  467.085258][   T26] audit: type=1326 audit(1780740052.810:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10525 comm="syz.4.1898" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  467.160303][   T26] audit: type=1326 audit(1780740052.820:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10525 comm="syz.4.1898" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  467.184457][    C0] vkms_vblank_simulate: vblank timer overrun
[  467.288907][   T26] audit: type=1326 audit(1780740052.820:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10525 comm="syz.4.1898" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  467.312875][    C0] vkms_vblank_simulate: vblank timer overrun
[  467.385155][   T26] audit: type=1326 audit(1780740053.450:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10525 comm="syz.4.1898" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  467.475438][   T26] audit: type=1326 audit(1780740053.450:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10525 comm="syz.4.1898" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  467.499553][    C0] vkms_vblank_simulate: vblank timer overrun
[  468.093392][T10554] device syzkaller0 left promiscuous mode
[  468.101979][T10554] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  468.515565][ T4320] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  468.624926][T10570] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1916'.
[  468.675189][ T4320] usb 2-1: device descriptor read/64, error -71
[  468.945335][ T4320] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  469.105246][ T4320] usb 2-1: device descriptor read/64, error -71
[  469.240026][ T4320] usb usb2-port1: attempt power cycle
[  469.606456][T10589] netlink: 'syz.2.1921': attribute type 3 has an invalid length.
[  469.656424][ T4320] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  469.729064][ T4320] usb 2-1: device descriptor read/8, error -71
[  470.015253][ T4320] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  470.056297][ T4320] usb 2-1: device descriptor read/8, error -71
[  470.204552][ T4320] usb usb2-port1: unable to enumerate USB device
[  470.944923][T10614] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1932'.
[  472.985852][T10657] netlink: 'syz.2.1945': attribute type 3 has an invalid length.
[  473.229800][T10661] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1947'.
[  473.295158][   T26] kauditd_printk_skb: 55 callbacks suppressed
[  473.295173][   T26] audit: type=1326 audit(1780740059.420:770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10660 comm="syz.2.1947" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947e39ce59 code=0x7ffc0000
[  473.337994][   T26] audit: type=1326 audit(1780740059.420:771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10660 comm="syz.2.1947" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947e39ce59 code=0x7ffc0000
[  473.364188][   T26] audit: type=1326 audit(1780740059.420:772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10660 comm="syz.2.1947" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f947e39ce59 code=0x7ffc0000
[  473.412427][   T26] audit: type=1326 audit(1780740059.420:773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10660 comm="syz.2.1947" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947e39ce59 code=0x7ffc0000
[  473.479968][   T26] audit: type=1326 audit(1780740059.420:774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10660 comm="syz.2.1947" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947e39ce59 code=0x7ffc0000
[  473.564935][   T26] audit: type=1326 audit(1780740059.420:775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10660 comm="syz.2.1947" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f947e39ce59 code=0x7ffc0000
[  473.642042][   T26] audit: type=1326 audit(1780740059.420:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10660 comm="syz.2.1947" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947e39ce59 code=0x7ffc0000
[  473.701465][   T26] audit: type=1326 audit(1780740059.420:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10660 comm="syz.2.1947" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947e39ce59 code=0x7ffc0000
[  473.762380][T10673] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1951'.
[  473.781640][   T26] audit: type=1326 audit(1780740059.420:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10660 comm="syz.2.1947" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f947e39ce59 code=0x7ffc0000
[  473.836983][   T26] audit: type=1326 audit(1780740059.520:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10660 comm="syz.2.1947" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947e39ce59 code=0x7ffc0000
[  473.863198][T10673] device syzkaller0 entered promiscuous mode
[  474.814358][T10697] netlink: 'syz.2.1957': attribute type 3 has an invalid length.
[  474.952120][T10700] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  475.602988][T10720] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1964'.
[  475.670440][T10720] device syzkaller0 entered promiscuous mode
[  476.120473][T10730] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1967'.
[  477.026259][T10749] netlink: 'syz.0.1972': attribute type 3 has an invalid length.
[  477.451509][T10764] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1976'.
[  477.521630][T10764] device syzkaller0 entered promiscuous mode
[  477.810802][T10773] device syzkaller0 entered promiscuous mode
[  477.821423][T10773] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  477.842804][T10775] device syzkaller0 entered promiscuous mode
[  477.976774][T10780] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1982'.
[  478.241751][T10792] netlink: 'syz.4.1984': attribute type 3 has an invalid length.
[  478.890820][T10809] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1990'.
[  478.910160][T10809] device syzkaller0 entered promiscuous mode
[  479.124490][T10814] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1992'.
[  479.257267][T10819] device syzkaller0 entered promiscuous mode
[  479.280433][T10821] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1995'.
[  479.563237][T10826] netlink: 'syz.2.1997': attribute type 3 has an invalid length.
[  480.232918][T10839] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  480.917858][T10856] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2004'.
[  480.941921][T10856] device syzkaller0 entered promiscuous mode
[  481.182503][T10861] device syzkaller0 entered promiscuous mode
[  481.644268][T10876] netlink: 'syz.2.2010': attribute type 3 has an invalid length.
[  482.360498][T10901] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2019'.
[  482.694183][T10907] device syzkaller0 left promiscuous mode
[  482.721093][T10907] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  483.029411][T10917] device syzkaller0 entered promiscuous mode
[  483.046194][T10917] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  483.074114][T10917] netlink: 'syz.4.2026': attribute type 1 has an invalid length.
[  483.340857][T10924] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2028'.
[  484.585602][T10932] bridge0: port 2(bridge_slave_1) entered disabled state
[  484.592986][T10932] bridge0: port 1(bridge_slave_0) entered disabled state
[  485.238339][T10932] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  485.347002][T10932] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  485.839867][T10932] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  485.848641][T10932] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  485.857392][T10932] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  485.866257][T10932] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  485.914083][T10932] tipc: Resetting bearer <eth:syzkaller0>
[  485.928886][T10932] device syzkaller0 left promiscuous mode
[  485.952340][T10946] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2032'.
[  485.972204][T10956] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2035'.
[  489.581186][T10995] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2042'.
[  490.031206][T11014] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2050'.
[  490.059227][T11012] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2049'.
[  492.638455][T11043] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2060'.
[  492.773349][T11047] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2062'.
[  494.994301][T11066] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  495.633807][T11097] netlink: 'syz.0.2065': attribute type 3 has an invalid length.
[  495.782794][T11101] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2076'.
[  497.680937][T11135] netlink: 'syz.1.2085': attribute type 3 has an invalid length.
[  498.139375][T11073] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  498.538990][T11143] netlink: 10188 bytes leftover after parsing attributes in process `syz.3.2090'.
[  500.548138][T11163] device syzkaller0 entered promiscuous mode
[  501.202872][T11204] fuse: Bad value for 'fd'
[  501.238872][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  502.821164][T11200] netlink: 'syz.0.2101': attribute type 1 has an invalid length.
[  503.054107][T11221] netlink: 'syz.3.2106': attribute type 3 has an invalid length.
[  503.560988][T11239] fuse: Bad value for 'fd'
[  505.288762][T11256] device syzkaller0 entered promiscuous mode
[  505.305426][T11256] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  505.605584][T11270] netlink: 'syz.3.2122': attribute type 3 has an invalid length.
[  505.807803][T11278] fuse: Bad value for 'fd'
[  506.520764][T11296] device syzkaller0 entered promiscuous mode
[  506.868003][T11308] netlink: 'syz.3.2138': attribute type 10 has an invalid length.
[  506.894374][T11308] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2138'.
[  506.918172][T11308] device dummy0 entered promiscuous mode
[  506.932883][T11308] bridge0: port 3(dummy0) entered blocking state
[  506.948739][T11308] bridge0: port 3(dummy0) entered disabled state
[  506.977412][T11308] bridge0: port 3(dummy0) entered blocking state
[  506.983885][T11308] bridge0: port 3(dummy0) entered forwarding state
[  507.008465][T11311] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2139'.
[  507.239500][T11327] device syzkaller0 left promiscuous mode
[  507.245657][T11327] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  507.575320][T11335] device syzkaller0 entered promiscuous mode
[  510.007696][T11317] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  512.674131][T11380] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2154'.
[  512.900286][T11426] device syzkaller0 entered promiscuous mode
[  512.922092][T11433] tipc: Resetting bearer <eth:syzkaller0>
[  513.031514][T11435] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  515.759696][T11434] tipc: Disabling bearer <eth:syzkaller0>
[  515.774318][T11467] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  515.943136][T11488] tipc: Resetting bearer <eth:syzkaller0>
[  516.436102][   T26] kauditd_printk_skb: 33 callbacks suppressed
[  516.436116][   T26] audit: type=1326 audit(1780740102.570:813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11510 comm="syz.4.2189" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  516.495228][   T27] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  516.499832][   T26] audit: type=1326 audit(1780740102.600:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11510 comm="syz.4.2189" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  516.590975][   T26] audit: type=1326 audit(1780740102.600:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11510 comm="syz.4.2189" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  516.627327][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  516.660393][   T26] audit: type=1326 audit(1780740102.600:816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11510 comm="syz.4.2189" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  516.693016][   T27] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  516.710179][   T26] audit: type=1326 audit(1780740102.600:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11510 comm="syz.4.2189" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  516.734634][   T27] usb 3-1: config 1 has an invalid descriptor of length 56, skipping remainder of the config
[  516.760766][   T27] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  516.785149][   T27] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  516.795543][   T26] audit: type=1326 audit(1780740102.600:818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11510 comm="syz.4.2189" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  516.841156][   T27] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  516.858034][   T26] audit: type=1326 audit(1780740102.680:819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11510 comm="syz.4.2189" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  516.866098][   T27] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  516.923529][   T26] audit: type=1326 audit(1780740102.680:820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11510 comm="syz.4.2189" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  516.930741][   T27] usb 3-1: Product: syz
[  516.972858][T11519] device syzkaller0 entered promiscuous mode
[  516.994074][   T26] audit: type=1326 audit(1780740102.750:821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11510 comm="syz.4.2189" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  516.995130][   T27] usb 3-1: Manufacturer: syz
[  517.046219][   T27] cdc_wdm 3-1:1.0: skipping garbage
[  517.051516][   T27] cdc_wdm: probe of 3-1:1.0 failed with error -22
[  517.210593][T11524] xt_hashlimit: size too large, truncated to 1048576
[  517.313949][   T27] usb 3-1: USB disconnect, device number 39
[  517.715470][   T26] audit: type=1326 audit(1780740103.850:822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11510 comm="syz.4.2189" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230b39ce59 code=0x7ffc0000
[  520.720102][T11568] device syzkaller0 entered promiscuous mode
[  520.889405][T11582] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2201'.
[  521.496847][   T26] kauditd_printk_skb: 19 callbacks suppressed
[  521.496862][   T26] audit: type=1326 audit(1780740107.630:842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11591 comm="syz.0.2206" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e8ad9ce59 code=0x7ffc0000
[  521.599384][T11606] device syzkaller0 entered promiscuous mode
[  521.605469][   T26] audit: type=1326 audit(1780740107.630:843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11591 comm="syz.0.2206" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e8ad9ce59 code=0x7ffc0000
[  521.605514][   T26] audit: type=1326 audit(1780740107.660:844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11591 comm="syz.0.2206" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f6e8ad9ce59 code=0x7ffc0000
[  521.737552][T11612] device syzkaller0 entered promiscuous mode
[  521.743961][T11612] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  522.092172][   T26] audit: type=1326 audit(1780740108.220:845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11591 comm="syz.0.2206" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e8ad9ce59 code=0x7ffc0000
[  522.161426][   T26] audit: type=1326 audit(1780740108.220:846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11591 comm="syz.0.2206" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e8ad9ce59 code=0x7ffc0000
[  522.233608][   T26] audit: type=1326 audit(1780740108.270:847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11591 comm="syz.0.2206" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f6e8ad9ce59 code=0x7ffc0000
[  522.279608][   T26] audit: type=1326 audit(1780740108.410:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11591 comm="syz.0.2206" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e8ad9ce59 code=0x7ffc0000
[  522.314772][   T26] audit: type=1326 audit(1780740108.410:849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11591 comm="syz.0.2206" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e8ad9ce59 code=0x7ffc0000
[  522.372647][   T26] audit: type=1326 audit(1780740108.470:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11591 comm="syz.0.2206" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6e8ad9ce59 code=0x7ffc0000
[  522.402031][   T26] audit: type=1326 audit(1780740108.470:851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11591 comm="syz.0.2206" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e8ad9ce59 code=0x7ffc0000
[  523.237790][ T4368] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  523.445207][ T4368] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  523.453890][ T4368] usb 1-1: config 1 has an invalid descriptor of length 56, skipping remainder of the config
[  523.464570][ T4368] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  523.474465][ T4368] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  523.489791][ T4368] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  523.508722][ T4368] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  523.520348][ T4368] usb 1-1: Product: syz
[  523.524570][ T4368] usb 1-1: Manufacturer: syz
[  523.539519][ T4368] cdc_wdm 1-1:1.0: skipping garbage
[  523.544820][ T4368] cdc_wdm: probe of 1-1:1.0 failed with error -22
[  523.751136][   T27] usb 1-1: USB disconnect, device number 38
[  524.410174][T11635] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2218'.
[  524.470086][T11635] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2218'.
[  524.807250][T11653] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2225'.
[  524.827126][T11652] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2226'.
[  524.845106][T11653] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2225'.
[  524.982763][T11658] xfrm0 speed is unknown, defaulting to 1000
[  525.071805][T11667] device syzkaller0 entered promiscuous mode
[  525.184892][T11670] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2234'.
[  525.202111][T11670] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2234'.
[  525.208856][ T4368] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  525.407110][ T4368] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  525.430776][ T4368] usb 2-1: config 1 has an invalid descriptor of length 49, skipping remainder of the config
[  525.470649][ T4368] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  525.503161][ T4368] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  525.548291][ T4368] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  525.580477][ T4368] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  525.589093][ T4368] usb 2-1: Product: syz
[  525.593302][ T4368] usb 2-1: Manufacturer: syz
[  525.634562][ T4368] cdc_wdm 2-1:1.0: skipping garbage
[  525.640147][ T4368] cdc_wdm 2-1:1.0: skipping garbage
[  525.646691][ T4368] cdc_wdm: probe of 2-1:1.0 failed with error -22
[  525.833088][ T4368] usb 2-1: USB disconnect, device number 31
[  525.916729][T11695] device syzkaller0 entered promiscuous mode
[  526.532691][T11702] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2248'.
[  528.178887][T11697] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2246'.
[  528.192981][T11697] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2246'.
[  528.223198][T11716] device syzkaller0 left promiscuous mode
[  528.245625][T11716] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  528.941826][T11756] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2265'.
[  529.818220][T11784] afs: Unknown parameter 'rootcontext'
[  530.135810][T11786] device syzkaller0 entered promiscuous mode
[  531.558628][T11749] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  533.118056][T11807] device syzkaller0 entered promiscuous mode
[  533.596040][T11819] afs: Unknown parameter 'rootcontext'
[  533.640200][T11824] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2287'.
[  534.330719][T11830] device syzkaller0 entered promiscuous mode
[  536.086465][ T4285] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  536.092941][ T4285] Bluetooth: hci2: command 0x0401 tx timeout
[  536.458566][T11860] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2300'.
[  536.473265][T11860] 0ªX¹¦À: renamed from caif0
[  536.482617][T11860] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[  536.505405][ T4368] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  536.826912][ T4368] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  536.845395][ T4368] usb 2-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config
[  536.921788][ T4368] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  536.993370][ T4368] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  537.098659][ T4368] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  537.156752][T11874] afs: Unknown parameter 'rootcontext'
[  537.248770][ T4368] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  537.318410][ T4368] usb 2-1: Product: syz
[  537.344728][ T4368] usb 2-1: Manufacturer: syz
[  537.566378][ T4368] cdc_wdm 2-1:1.0: skipping garbage
[  537.571676][ T4368] cdc_wdm 2-1:1.0: skipping garbage
[  537.601324][ T4368] cdc_wdm 2-1:1.0: skipping garbage
[  537.635878][ T4368] cdc_wdm: probe of 2-1:1.0 failed with error -22
[  537.768005][ T5996] usb 2-1: USB disconnect, device number 32
[  540.323912][T11927] afs: Unknown parameter 'rootcontext'
[  541.237956][ T4286] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  541.245183][ T4286] Bluetooth: hci2: command 0x0401 tx timeout
[  542.705577][T11987] device syzkaller0 entered promiscuous mode
[  542.994598][T11995] afs: Unknown parameter 'rootcontext'
[  545.587198][T12025] device syzkaller0 entered promiscuous mode
[  545.593546][T12025] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  545.842978][T12032] device syzkaller0 entered promiscuous mode
[  546.400304][T12052] afs: Unknown parameter 'rootcontext'
[  548.494031][T12080] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2360'.
[  548.632896][T12080] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2360'.
[  549.052871][T12088] afs: Unknown parameter 'rootcontext'
[  549.794501][T12091] device syzkaller0 entered promiscuous mode
[  549.847707][T12091] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  549.886587][T12090] tipc: Resetting bearer <eth:syzkaller0>
[  549.951495][T12090] tipc: Disabling bearer <eth:syzkaller0>
[  550.251856][T12099] device syzkaller0 entered promiscuous mode
[  554.042175][T12124] device syzkaller0 entered promiscuous mode
[  554.054757][T12124] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  554.100279][T12123] tipc: Resetting bearer <eth:syzkaller0>
[  554.176172][T12123] tipc: Disabling bearer <eth:syzkaller0>
[  554.389386][T12130] afs: Unknown parameter 'rootcontext'
[  555.321809][T12151] device syzkaller0 entered promiscuous mode
[  555.895349][T12169] device syzkaller0 entered promiscuous mode
[  556.024524][T12169] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  556.060130][T12168] tipc: Resetting bearer <eth:syzkaller0>
[  556.170626][T12168] tipc: Disabling bearer <eth:syzkaller0>
[  556.303656][T12178] afs: Unknown parameter 'rootcontext'
[  557.777755][T12210] device syzkaller0 entered promiscuous mode
[  558.198409][T12218] device syzkaller0 entered promiscuous mode
[  558.524840][T12222] afs: Unknown parameter 'rootcontext'
[  559.602202][T12234] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2406'.
[  560.315400][T12193] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  560.623818][T12251] device syzkaller0 entered promiscuous mode
[  561.433025][T12273] afs: Unknown parameter 'rootcontext'
[  561.749103][T12263] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  562.271835][T12285] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2417'.
[  562.312737][T12284] device syzkaller0 entered promiscuous mode
[  562.365194][T12284] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  562.397061][T12283] tipc: Resetting bearer <eth:syzkaller0>
[  562.516230][T12283] tipc: Disabling bearer <eth:syzkaller0>
[  562.677410][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  562.980553][T12309] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  563.939961][T12336] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2428'.
[  563.977939][T12337] afs: Unknown parameter 'rootcontext'
[  565.091162][T12347] device syzkaller0 entered promiscuous mode
[  565.128642][T12347] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  565.159233][T12345] tipc: Resetting bearer <eth:syzkaller0>
[  565.264149][T12345] tipc: Disabling bearer <eth:syzkaller0>
[  565.737046][T12358] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2436'.
[  565.755587][T12358] 0ªX¹¦À: renamed from caif0
[  565.770638][T12358] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[  565.888335][T12359] device syzkaller0 entered promiscuous mode
[  566.570584][T12377] afs: Unknown parameter 'rootcontext'
[  570.352981][T12427] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  570.402576][T12432] netlink: 'syz.0.2453': attribute type 1 has an invalid length.
[  570.611768][T12439] device syzkaller0 entered promiscuous mode
[  570.711633][T12448] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2459'.
[  571.293504][T12466] device syzkaller0 entered promiscuous mode
[  571.339525][T12466] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  571.359236][T12465] tipc: Resetting bearer <eth:syzkaller0>
[  571.441531][T12465] tipc: Disabling bearer <eth:syzkaller0>
[  571.944883][T12490] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2472'.
[  572.254535][T12493] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2474'.
[  572.303518][T12499] device syzkaller0 entered promiscuous mode
[  572.403632][T12501] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  572.982781][T12524] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2487'.
[  573.412606][   T26] kauditd_printk_skb: 4 callbacks suppressed
[  573.412623][   T26] audit: type=1326 audit(1780740159.540:856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12531 comm="syz.2.2490" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947e39ce59 code=0x7ffc0000
[  573.442975][    C0] vkms_vblank_simulate: vblank timer overrun
[  573.545271][   T26] audit: type=1326 audit(1780740159.540:857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12531 comm="syz.2.2490" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f947e39ce59 code=0x7ffc0000
[  573.577474][   T26] audit: type=1326 audit(1780740159.540:858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12531 comm="syz.2.2490" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947e39ce59 code=0x7ffc0000
[  573.622342][   T26] audit: type=1326 audit(1780740159.540:859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12531 comm="syz.2.2490" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f947e39ce59 code=0x7ffc0000
[  573.646457][    C0] vkms_vblank_simulate: vblank timer overrun
[  573.672322][T12517] DRBG: could not allocate digest TFM handle: hmac(sha512)
[  573.836459][   T26] audit: type=1326 audit(1780740159.540:860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12531 comm="syz.2.2490" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947e39ce59 code=0x7ffc0000
[  573.860615][    C0] vkms_vblank_simulate: vblank timer overrun
[  573.976424][   T26] audit: type=1326 audit(1780740159.540:861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12531 comm="syz.2.2490" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f947e39ce59 code=0x7ffc0000
[  574.057102][   T26] audit: type=1326 audit(1780740159.660:862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12531 comm="syz.2.2490" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947e39ce59 code=0x7ffc0000
[  574.081225][    C0] vkms_vblank_simulate: vblank timer overrun
[  574.246548][   T26] audit: type=1326 audit(1780740159.660:863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12531 comm="syz.2.2490" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947e39ce59 code=0x7ffc0000
[  574.321702][   T26] audit: type=1326 audit(1780740159.900:864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12531 comm="syz.2.2490" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=149 compat=0 ip=0x7f947e39ce59 code=0x7ffc0000
[  574.345837][    C0] vkms_vblank_simulate: vblank timer overrun
[  575.961906][   T26] audit: type=1326 audit(1780740162.090:865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12531 comm="syz.2.2490" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947e39ce59 code=0x7ffc0000
[  576.039667][T12566] device syzkaller0 entered promiscuous mode
[  577.003298][T12580] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  577.070498][T12585] device syzkaller0 entered promiscuous mode
[  577.348254][T12594] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  577.715361][ T4285] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  577.795154][ T4285] Bluetooth: hci2: command 0x0401 tx timeout
[  578.389638][T12625] device bond1 left promiscuous mode
[  578.395372][T12625] device bridge1 left promiscuous mode
[  578.432355][T12625] tipc: Resetting bearer <eth:syzkaller0>
[  578.450812][T12625] device syzkaller0 left promiscuous mode
[  578.630815][T12631] device syzkaller0 entered promiscuous mode
[  578.687432][T12631] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  578.718182][T12633] raw_sendmsg: syz.0.2522 forgot to set AF_INET. Fix it!
[  578.728624][T12630] tipc: Resetting bearer <eth:syzkaller0>
[  578.817183][T12630] tipc: Disabling bearer <eth:syzkaller0>
[  579.184136][T12646] device syzkaller0 entered promiscuous mode
[  579.207304][T12646] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  579.246892][T12648] device syzkaller0 entered promiscuous mode
[  579.436837][T12652] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  579.528424][T12656] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  579.897683][T12663] netlink: 'syz.0.2534': attribute type 3 has an invalid length.
[  579.927222][T12665] fuse: Bad value for 'group_id'
[  580.765991][T12693] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  581.108380][T12705] netlink: 'syz.3.2547': attribute type 3 has an invalid length.
[  581.637484][T12727] device syzkaller0 entered promiscuous mode
[  581.728901][T12727] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  581.751403][T12724] tipc: Resetting bearer <eth:syzkaller0>
[  581.810195][T12724] tipc: Disabling bearer <eth:syzkaller0>
[  582.370836][T12747] netlink: 'syz.3.2561': attribute type 3 has an invalid length.
[  582.617378][T12753] fuse: Bad value for 'group_id'
[  583.489962][T12787] device syzkaller0 entered promiscuous mode
[  583.517312][T12786] netlink: 'syz.0.2577': attribute type 3 has an invalid length.
[  585.411086][T12823] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  585.437128][T12825] netlink: 'syz.1.2589': attribute type 3 has an invalid length.
[  586.353081][T12840] fuse: Bad value for 'group_id'
[  586.724838][T12795] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  587.639265][T12856] netlink: 'syz.0.2600': attribute type 3 has an invalid length.
[  587.726479][T12860] veth0_macvtap: Caught tx_queue_len zero misconfig
[  587.777729][T12862] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  587.823975][T12858] device syzkaller0 entered promiscuous mode
[  589.763110][T12896] netlink: 5968 bytes leftover after parsing attributes in process `syz.3.2616'.
[  589.795400][T12901] netlink: 'syz.1.2614': attribute type 3 has an invalid length.
[  590.133794][T12910] device syzkaller0 left promiscuous mode
[  592.678676][T12896] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  592.909979][T12933] netlink: 'syz.3.2628': attribute type 3 has an invalid length.
[  593.111881][T12939] device syzkaller0 entered promiscuous mode
[  593.988368][T12949] device bridge_slave_0 left promiscuous mode
[  594.008904][T12949] bridge0: port 1(bridge_slave_0) entered disabled state
[  594.045796][T12949] device bridge_slave_1 left promiscuous mode
[  594.065566][T12949] bridge0: port 2(bridge_slave_1) entered disabled state
[  594.100763][T12949] bond0: (slave bond_slave_0): Releasing backup interface
[  594.123793][T12949] bond0: (slave bond_slave_1): Releasing backup interface
[  594.148531][T12949] batman_adv: batadv0: Removing interface: batadv_slave_0
[  594.180748][T12949] batman_adv: batadv0: Removing interface: batadv_slave_1
[  595.473162][T12968] netlink: 'syz.1.2639': attribute type 3 has an invalid length.
[  598.809255][T13018] device syzkaller0 left promiscuous mode
[  598.855297][T13018] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  599.278664][T13021] device syzkaller0 entered promiscuous mode
[  599.306278][T13021] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  602.234595][T13060] device syzkaller0 entered promiscuous mode
[  605.546836][T13091] fuse: Unknown parameter 'group_i00000000000000000000'
[  607.402810][T13104] device syzkaller0 entered promiscuous mode
[  607.773503][T13107] netlink: 92 bytes leftover after parsing attributes in process `syz.2.2683'.
[  611.288105][T13139] device syzkaller0 entered promiscuous mode
[  612.173742][ T4286] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  612.184707][ T4288] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  612.193121][ T4288] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  612.225173][ T4286] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  612.235373][ T4286] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  612.245353][ T4286] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  612.361074][T13159] xfrm0 speed is unknown, defaulting to 1000
[  613.875854][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  614.270808][T13176] device syzkaller0 entered promiscuous mode
[  614.285142][ T4285] Bluetooth: hci5: command 0x0409 tx timeout
[  614.520449][T13159] chnl_net:caif_netlink_parms(): no params data found
[  614.864394][T13159] bridge0: port 1(bridge_slave_0) entered blocking state
[  614.894758][T13159] bridge0: port 1(bridge_slave_0) entered disabled state
[  614.916737][T13159] device bridge_slave_0 entered promiscuous mode
[  614.949234][T13159] bridge0: port 2(bridge_slave_1) entered blocking state
[  614.979723][T13159] bridge0: port 2(bridge_slave_1) entered disabled state
[  615.013455][T13159] device bridge_slave_1 entered promiscuous mode
[  615.203813][T13187] device syzkaller0 entered promiscuous mode
[  615.243043][T13159] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  615.670274][   T26] kauditd_printk_skb: 4 callbacks suppressed
[  615.670289][   T26] audit: type=1326 audit(1780740201.800:870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13195 comm="syz.3.2712" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  615.743865][   T26] audit: type=1326 audit(1780740201.830:871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13195 comm="syz.3.2712" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  615.784584][   T26] audit: type=1326 audit(1780740201.840:872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13195 comm="syz.3.2712" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  615.864431][   T26] audit: type=1326 audit(1780740201.840:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13195 comm="syz.3.2712" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  615.890463][   T26] audit: type=1326 audit(1780740201.840:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13195 comm="syz.3.2712" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  615.923988][   T26] audit: type=1326 audit(1780740201.840:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13195 comm="syz.3.2712" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  615.970326][   T26] audit: type=1326 audit(1780740201.840:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13195 comm="syz.3.2712" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  616.003097][   T26] audit: type=1326 audit(1780740201.840:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13195 comm="syz.3.2712" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  616.073946][   T26] audit: type=1326 audit(1780740201.840:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13195 comm="syz.3.2712" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  616.125711][   T26] audit: type=1326 audit(1780740201.870:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13195 comm="syz.3.2712" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  616.355023][ T4285] Bluetooth: hci5: command 0x041b tx timeout
[  617.782881][T13159] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  617.796033][T13192] device bridge_slave_0 left promiscuous mode
[  617.802299][T13192] bridge0: port 1(bridge_slave_0) entered disabled state
[  617.811259][T13192] device bridge_slave_1 left promiscuous mode
[  617.817654][T13192] bridge0: port 2(bridge_slave_1) entered disabled state
[  617.834485][T13192] bond0: (slave bond_slave_0): Releasing backup interface
[  617.843588][T13192] bond0: (slave bond_slave_1): Releasing backup interface
[  617.852421][T13192] batman_adv: batadv0: Removing interface: batadv_slave_0
[  617.866365][T13192] batman_adv: batadv0: Removing interface: batadv_slave_1
[  617.903613][T13192] bond1: (slave bridge1): Releasing backup interface
[  617.925827][T13202] device syzkaller0 left promiscuous mode
[  617.931814][T13202] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  619.423550][ T4285] Bluetooth: hci5: command 0x040f tx timeout
[  619.467822][T13159] team0: Port device team_slave_0 added
[  619.536336][T13159] team0: Port device team_slave_1 added
[  619.613875][T13159] batman_adv: batadv0: Adding interface: batadv_slave_0
[  619.638021][T13159] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  619.711447][T13159] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  619.738175][T13230] xfrm0 speed is unknown, defaulting to 1000
[  619.758232][T13159] batman_adv: batadv0: Adding interface: batadv_slave_1
[  619.776356][T13231] RDS: rds_bind could not find a transport for fec0:ffff::1, load rds_tcp or rds_rdma?
[  619.778918][T13159] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  619.850540][T13159] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  619.883472][T13234] device syzkaller0 entered promiscuous mode
[  619.892083][T13234] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  619.939261][T13159] device hsr_slave_0 entered promiscuous mode
[  619.954237][T13159] device hsr_slave_1 entered promiscuous mode
[  619.969749][T13159] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  619.987487][T13159] Cannot create hsr debugfs directory
[  620.267871][T13159] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  620.320518][T13159] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  620.365653][T13159] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  620.408174][T13159] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  621.877064][ T4288] Bluetooth: hci5: command 0x0419 tx timeout
[  621.987924][T13159] 8021q: adding VLAN 0 to HW filter on device bond0
[  622.007177][T13254] device syzkaller0 entered promiscuous mode
[  622.030239][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  622.060943][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  622.172632][T13159] 8021q: adding VLAN 0 to HW filter on device team0
[  622.240259][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  622.266884][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  622.276014][ T4700] bridge0: port 1(bridge_slave_0) entered blocking state
[  622.283139][ T4700] bridge0: port 1(bridge_slave_0) entered forwarding state
[  622.315446][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  622.329836][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  622.340107][   T26] kauditd_printk_skb: 4 callbacks suppressed
[  622.340120][   T26] audit: type=1326 audit(1780740208.470:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13262 comm="syz.3.2729" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  622.354615][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  622.400875][ T4700] bridge0: port 2(bridge_slave_1) entered blocking state
[  622.408044][ T4700] bridge0: port 2(bridge_slave_1) entered forwarding state
[  622.416032][   T26] audit: type=1326 audit(1780740208.520:885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13262 comm="syz.3.2729" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  622.451294][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  622.475541][   T26] audit: type=1326 audit(1780740208.520:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13262 comm="syz.3.2729" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  622.507933][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  622.529447][ T4699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  622.551708][ T4699] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  622.563869][   T26] audit: type=1326 audit(1780740208.520:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13262 comm="syz.3.2729" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  622.572609][ T4699] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  622.625067][   T26] audit: type=1326 audit(1780740208.520:888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13262 comm="syz.3.2729" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  622.667913][ T4699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  622.680170][   T26] audit: type=1326 audit(1780740208.520:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13262 comm="syz.3.2729" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  622.723286][ T4699] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  622.741520][   T26] audit: type=1326 audit(1780740208.520:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13262 comm="syz.3.2729" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  622.773575][ T4699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  622.809569][ T4699] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  622.849161][ T4699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  622.857372][   T26] audit: type=1326 audit(1780740208.520:891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13262 comm="syz.3.2729" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  622.894025][ T4699] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  622.932472][T13159] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  623.006363][   T26] audit: type=1326 audit(1780740209.140:892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13262 comm="syz.3.2729" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  623.055000][   T26] audit: type=1326 audit(1780740209.170:893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13262 comm="syz.3.2729" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  623.299747][T13276] device syzkaller0 entered promiscuous mode
[  624.118025][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  625.091074][T13257] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  626.678162][T13304] netlink: 'syz.3.2737': attribute type 3 has an invalid length.
[  626.694754][ T6661] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  626.715356][ T6661] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  626.752683][T13159] 8021q: adding VLAN 0 to HW filter on device batadv0
[  627.552085][   T26] kauditd_printk_skb: 8 callbacks suppressed
[  627.552099][   T26] audit: type=1326 audit(1780740213.680:902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13316 comm="syz.3.2742" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  627.614517][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  627.634429][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  627.657734][   T26] audit: type=1326 audit(1780740213.720:903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13316 comm="syz.3.2742" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  627.704685][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  627.726230][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  627.741612][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  627.750137][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  627.770848][T13159] device veth0_vlan entered promiscuous mode
[  627.790193][T13159] device veth1_vlan entered promiscuous mode
[  627.830690][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  627.844843][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  627.862757][T13159] device veth0_macvtap entered promiscuous mode
[  627.880455][T13159] device veth1_macvtap entered promiscuous mode
[  627.912804][T13159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  627.930709][T13159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  627.942459][T13159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  627.959344][T13159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  627.971818][T13159] batman_adv: batadv0: Interface activated: batadv_slave_0
[  627.981622][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  627.991115][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  627.999959][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  628.013020][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  628.025395][T13159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  628.042448][T13159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  628.053894][T13159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  628.072005][T13159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  628.083760][T13159] batman_adv: batadv0: Interface activated: batadv_slave_1
[  628.100604][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  628.112739][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  628.131625][T13159] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  628.144323][T13159] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  628.170455][T13159] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  628.179525][T13159] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  629.628291][T13353] netlink: 'syz.3.2751': attribute type 3 has an invalid length.
[  629.862370][T13359] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2754'.
[  629.985965][T13363] device syzkaller0 entered promiscuous mode
[  630.221446][T13327] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  630.240634][   T26] audit: type=1326 audit(1780740216.370:904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13369 comm="syz.3.2758" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  630.357527][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  630.360221][   T26] audit: type=1326 audit(1780740216.430:905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13369 comm="syz.3.2758" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  630.405065][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  630.463311][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  630.479161][   T26] audit: type=1326 audit(1780740216.550:906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13369 comm="syz.3.2758" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  630.580539][ T6661] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  630.593775][ T6661] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  630.676500][ T5608] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  630.902618][T13389] netlink: 92 bytes leftover after parsing attributes in process `syz.5.2694'.
[  630.984216][T13388] netlink: 'syz.4.2763': attribute type 3 has an invalid length.
[  630.995831][T13391] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2764'.
[  631.063984][   T26] audit: type=1326 audit(1780740217.190:907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13369 comm="syz.3.2758" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  631.145425][   T26] audit: type=1326 audit(1780740217.190:908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13369 comm="syz.3.2758" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  631.224394][   T26] audit: type=1326 audit(1780740217.350:909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13369 comm="syz.3.2758" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  631.279082][   T26] audit: type=1326 audit(1780740217.350:910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13369 comm="syz.3.2758" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  631.364876][   T26] audit: type=1326 audit(1780740217.350:911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13369 comm="syz.3.2758" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f5b9ce59 code=0x7ffc0000
[  631.723435][T13423] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2774'.
[  631.764258][T13425] netlink: 'syz.2.2775': attribute type 3 has an invalid length.
[  631.792643][T13423] tipc: Resetting bearer <eth:syzkaller0>
[  631.820905][T13423] device syzkaller0 left promiscuous mode
[  631.963013][T13433] netlink: 5968 bytes leftover after parsing attributes in process `syz.2.2778'.
[  632.006668][T13435] netlink: 92 bytes leftover after parsing attributes in process `syz.3.2780'.
[  632.104870][T13437] device syzkaller0 entered promiscuous mode
[  632.112499][T13437] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  632.207565][T13442] netlink: 5968 bytes leftover after parsing attributes in process `syz.2.2783'.
[  632.421353][T13447] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  632.428252][T13447] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  632.569817][T13447] vhci_hcd vhci_hcd.0: Device attached
[  632.603851][T13451] vhci_hcd: connection closed
[  632.615011][    T9] vhci_hcd: stop threads
[  632.624734][    T9] vhci_hcd: release socket
[  632.642931][    T9] vhci_hcd: disconnect device
[  632.804054][T13470] netlink: 'syz.5.2788': attribute type 3 has an invalid length.
[  633.122423][T13477] netlink: 5968 bytes leftover after parsing attributes in process `syz.3.2793'.
[  633.260748][T13484] device syzkaller0 entered promiscuous mode
[  633.287873][T13487] netlink: 92 bytes leftover after parsing attributes in process `syz.4.2795'.
[  635.285795][T13464] Set syz1 is full, maxelem 65536 reached
[  635.963679][T13477] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  636.228124][T13492] netlink: 5968 bytes leftover after parsing attributes in process `syz.0.2796'.
[  636.720393][T13526] device syzkaller0 entered promiscuous mode
[  637.012836][T13521] tipc: Resetting bearer <eth:syzkaller0>
[  637.057885][T13521] tipc: Resetting bearer <eth:syzkaller0>
[  637.934482][T13566] netlink: 5968 bytes leftover after parsing attributes in process `syz.0.2810'.
[  639.188493][T13501] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  639.516916][T13614] netlink: 92 bytes leftover after parsing attributes in process `syz.2.2811'.
[  639.639479][T13610] netlink: 5968 bytes leftover after parsing attributes in process `syz.5.2814'.
[  639.950628][T13632] device syzkaller0 entered promiscuous mode
[  640.235554][T13657] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  640.574747][T13664] netlink: 5968 bytes leftover after parsing attributes in process `syz.3.2823'.
[  640.980844][T13684] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2830'.
[  641.388083][T13700] device syzkaller0 entered promiscuous mode
[  641.602721][T13708] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  641.797980][T13718] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2843'.
[  641.982443][T13720] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  642.325663][T13734] device syzkaller0 entered promiscuous mode
[  642.689116][T13746] tipc: Started in network mode
[  642.717733][T13746] tipc: Node identity ea1017833bd8, cluster identity 4711
[  642.739326][T13746] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  642.836586][T13745] tipc: Disabling bearer <eth:syzkaller0>
[  642.960242][T13752] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2855'.
[  643.228946][T13759] device syzkaller0 entered promiscuous mode
[  643.246743][T13761] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2858'.
[  643.261920][T13761] device syzkaller0 left promiscuous mode
[  643.385044][ T4353] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  643.595167][ T4353] usb 5-1: Using ep0 maxpacket: 16
[  643.606454][ T4353] usb 5-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[  643.623481][ T4353] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  643.644476][ T4353] usb 5-1: Product: syz
[  643.654649][ T4353] usb 5-1: Manufacturer: syz
[  643.663989][ T4353] usb 5-1: SerialNumber: syz
[  643.687841][ T4353] usb 5-1: config 0 descriptor??
[  643.700536][ T4353] visor 5-1:0.0: Sony Clie 3.5 converter detected
[  644.140790][ T4353] usb 5-1: clie_3_5_startup: get interface number failed: -71
[  644.218082][ T4353] visor: probe of 5-1:0.0 failed with error -71
[  644.249193][ T4353] usb 5-1: USB disconnect, device number 45
[  645.651964][T13795] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  645.902597][T13815] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2873'.
[  646.055211][ T4368] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  646.875033][ T4368] usb 1-1: Using ep0 maxpacket: 32
[  646.886311][ T4368] usb 1-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15
[  646.910981][ T4368] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  646.920588][ T4368] usb 1-1: Product: syz
[  646.924804][ T4368] usb 1-1: Manufacturer: syz
[  646.930704][ T4368] usb 1-1: SerialNumber: syz
[  646.951184][ T4368] usb 1-1: config 0 descriptor??
[  647.158665][T13815] bridge0: port 2(bridge_slave_1) entered disabled state
[  647.166212][T13815] bridge0: port 1(bridge_slave_0) entered disabled state
[  647.193190][ T4368] RobotFuzz Open Source InterFace, OSIF 1-1:0.0: version d4.15 found at bus 001 address 039
[  647.412023][T13809] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  647.432656][T13809] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  647.508400][T13809] i2c i2c-1: failure writing data
[  647.532407][ T5996] usb 1-1: USB disconnect, device number 39
[  647.815469][T13815] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  647.870065][T13815] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  648.601326][T13815] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  648.610391][T13815] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  648.619608][T13815] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  648.628635][T13815] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  648.837930][T13846] device syzkaller0 entered promiscuous mode
[  650.999023][T13873] device syzkaller0 entered promiscuous mode
[  651.006989][T13876] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  651.015821][T13882] device syzkaller0 entered promiscuous mode
[  651.044553][T13859] tipc: Resetting bearer <eth:syzkaller0>
[  651.145224][T13859] tipc: Disabling bearer <eth:syzkaller0>
[  652.255623][T13904] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2890'.
[  652.781201][ T4285] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  652.791012][ T4285] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  652.805351][ T4285] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  652.814079][ T4285] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  652.822040][ T4285] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  652.829570][ T4285] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  652.846904][ T4288] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  652.854214][ T4288] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  652.862691][ T4288] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  652.875681][ T4288] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  652.883195][ T4288] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  652.890660][ T4288] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  652.935970][T13920] xfrm0 speed is unknown, defaulting to 1000
[  653.141765][T13932] ==================================================================
[  653.149938][T13932] BUG: KASAN: slab-out-of-bounds in ieee80211_monitor_select_queue+0x23a/0x240
[  653.159046][T13932] Read of size 2 at addr ffff88804d556dfb by task syz.0.2898/13932
[  653.167007][T13932] 
[  653.169376][T13932] CPU: 1 PID: 13932 Comm: syz.0.2898 Not tainted syzkaller #0
[  653.176885][T13932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  653.186989][T13932] Call Trace:
[  653.190299][T13932]  <TASK>
[  653.193267][T13932]  dump_stack_lvl+0x188/0x24e
[  653.198006][T13932]  ? __lock_acquire+0x7d10/0x7d10
[  653.203148][T13932]  ? show_regs_print_info+0x12/0x12
[  653.208379][T13932]  ? load_image+0x400/0x400
[  653.212946][T13932]  ? _raw_spin_lock_irqsave+0xbc/0x100
[  653.218544][T13932]  ? __virt_addr_valid+0x188/0x540
[  653.223735][T13932]  ? __virt_addr_valid+0x465/0x540
[  653.228866][T13932]  ? ieee80211_monitor_select_queue+0x23a/0x240
[  653.235133][T13932]  print_report+0xa8/0x210
[  653.239586][T13932]  kasan_report+0x10b/0x140
[  653.244158][T13932]  ? ieee80211_monitor_select_queue+0x23a/0x240
[  653.250424][T13932]  ieee80211_monitor_select_queue+0x23a/0x240
[  653.256508][T13932]  ? ieee80211_activate_links_work+0x60/0x60
[  653.262503][T13932]  netdev_core_pick_tx+0x118/0x340
[  653.267706][T13932]  __dev_queue_xmit+0xb19/0x37c0
[  653.272672][T13932]  ? __dev_queue_xmit+0x26b/0x37c0
[  653.277804][T13932]  ? netdev_core_pick_tx+0x340/0x340
[  653.283102][T13932]  ? virtio_net_hdr_to_skb+0xac2/0x1290
[  653.288716][T13932]  ? packet_extra_vlan_len_allowed+0x200/0x200
[  653.294886][T13932]  ? skb_copy_datagram_from_iter+0x5e0/0x690
[  653.300923][T13932]  packet_sendmsg+0x3bc3/0x4e60
[  653.305790][T13932]  ? __might_sleep+0xd0/0xd0
[  653.310433][T13932]  ? verify_lock_unused+0x140/0x140
[  653.315650][T13932]  ? aa_sk_perm+0x81f/0x950
[  653.320220][T13932]  ? packet_getsockopt+0x9a0/0x9a0
[  653.325347][T13932]  ? aa_sock_msg_perm+0x94/0x150
[  653.330295][T13932]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  653.335628][T13932]  ? security_socket_sendmsg+0x7c/0xa0
[  653.341124][T13932]  ? packet_getsockopt+0x9a0/0x9a0
[  653.346252][T13932]  ____sys_sendmsg+0x5be/0x970
[  653.351037][T13932]  ? __sys_sendmsg_sock+0x30/0x30
[  653.356097][T13932]  ? __import_iovec+0x315/0x500
[  653.360978][T13932]  ? import_iovec+0x6f/0xa0
[  653.365497][T13932]  ___sys_sendmsg+0x2a2/0x360
[  653.370188][T13932]  ? try_to_wake_up+0x67c/0x1080
[  653.375190][T13932]  ? __sys_sendmsg+0x290/0x290
[  653.379989][T13932]  __se_sys_sendmsg+0x1bb/0x2a0
[  653.384863][T13932]  ? __x64_sys_sendmsg+0x80/0x80
[  653.389813][T13932]  ? lockdep_hardirqs_on+0x94/0x140
[  653.395026][T13932]  do_syscall_64+0x4c/0xa0
[  653.399463][T13932]  ? clear_bhb_loop+0x60/0xb0
[  653.404181][T13932]  ? clear_bhb_loop+0x60/0xb0
[  653.408881][T13932]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  653.414816][T13932] RIP: 0033:0x7f6e8ad9ce59
[  653.419344][T13932] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  653.438998][T13932] RSP: 002b:00007f6e8bbca028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  653.447435][T13932] RAX: ffffffffffffffda RBX: 00007f6e8b015fa0 RCX: 00007f6e8ad9ce59
[  653.455424][T13932] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000005
[  653.463416][T13932] RBP: 00007f6e8ae32d6f R08: 0000000000000000 R09: 0000000000000000
[  653.471410][T13932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  653.479405][T13932] R13: 00007f6e8b016038 R14: 00007f6e8b015fa0 R15: 00007ffd134ea6d8
[  653.487416][T13932]  </TASK>
[  653.490450][T13932] 
[  653.492796][T13932] Allocated by task 13159:
[  653.497221][T13932]  kasan_set_track+0x4b/0x70
[  653.501832][T13932]  __kasan_kmalloc+0x8e/0xa0
[  653.506463][T13932]  __kmalloc+0xb0/0x240
[  653.510747][T13932]  batadv_hash_new+0x77/0x290
[  653.515465][T13932]  batadv_tt_init+0xb8/0x290
[  653.520090][T13932]  batadv_mesh_init+0x3a2/0x700
[  653.525019][T13932]  batadv_softif_init_late+0x9bc/0xe60
[  653.530490][T13932]  register_netdevice+0x666/0x1b10
[  653.535630][T13932]  rtnl_newlink+0x151e/0x20a0
[  653.540354][T13932]  rtnetlink_rcv_msg+0x87c/0xfc0
[  653.545309][T13932]  netlink_rcv_skb+0x1fb/0x450
[  653.550128][T13932]  netlink_unicast+0x74d/0x8d0
[  653.554899][T13932]  netlink_sendmsg+0x8ad/0xbd0
[  653.559682][T13932]  __sys_sendto+0x497/0x650
[  653.564200][T13932]  __x64_sys_sendto+0xda/0xf0
[  653.568895][T13932]  do_syscall_64+0x4c/0xa0
[  653.573331][T13932]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  653.579258][T13932] 
[  653.581593][T13932] The buggy address belongs to the object at ffff88804d554000
[  653.581593][T13932]  which belongs to the cache kmalloc-8k of size 8192
[  653.595655][T13932] The buggy address is located 3579 bytes to the right of
[  653.595655][T13932]  8192-byte region [ffff88804d554000, ffff88804d556000)
[  653.609640][T13932] 
[  653.611993][T13932] The buggy address belongs to the physical page:
[  653.618421][T13932] page:ffffea0001355400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d550
[  653.628588][T13932] head:ffffea0001355400 order:3 compound_mapcount:0 compound_pincount:0
[  653.636925][T13932] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  653.644928][T13932] raw: 00fff00000010200 ffffea00007ce200 dead000000000002 ffff888017442280
[  653.653551][T13932] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000
[  653.662140][T13932] page dumped because: kasan: bad access detected
[  653.668572][T13932] page_owner tracks the page as allocated
[  653.674297][T13932] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 10781, tgid 10778 (syz.3.1981), ts 478114818679, free_ts 399902623916
[  653.697256][T13932]  post_alloc_hook+0x173/0x1a0
[  653.702116][T13932]  get_page_from_freelist+0x1a1e/0x1ab0
[  653.707676][T13932]  __alloc_pages+0x1ec/0x4f0
[  653.712278][T13932]  alloc_slab_page+0x5d/0x160
[  653.716971][T13932]  new_slab+0x87/0x2c0
[  653.721046][T13932]  ___slab_alloc+0xbc6/0x1240
[  653.725730][T13932]  __kmem_cache_alloc_node+0x1a0/0x260
[  653.731221][T13932]  __kmalloc_node+0xa0/0x240
[  653.735841][T13932]  kvmalloc_node+0x6c/0x180
[  653.740398][T13932]  pfifo_fast_init+0x35f/0x6a0
[  653.745226][T13932]  qdisc_create_dflt+0x11a/0x4b0
[  653.750184][T13932]  mq_init+0x2de/0x680
[  653.754291][T13932]  qdisc_create+0x7eb/0x10b0
[  653.758930][T13932]  tc_modify_qdisc+0xb5f/0x1d10
[  653.763818][T13932]  rtnetlink_rcv_msg+0x87c/0xfc0
[  653.768768][T13932]  netlink_rcv_skb+0x1fb/0x450
[  653.773551][T13932] page last free stack trace:
[  653.778244][T13932]  free_unref_page_prepare+0x8b4/0x9a0
[  653.783727][T13932]  free_unref_page+0x2e/0x3f0
[  653.788427][T13932]  __vunmap+0x856/0xa00
[  653.792603][T13932]  __vmalloc_node_range+0x10cc/0x13b0
[  653.797996][T13932]  bpf_map_area_alloc+0xd4/0xe0
[  653.802911][T13932]  bloom_map_alloc+0x2a5/0x5d0
[  653.807722][T13932]  map_create+0x534/0x1000
[  653.812157][T13932]  __sys_bpf+0x38b/0x780
[  653.816442][T13932]  __x64_sys_bpf+0x78/0x90
[  653.820879][T13932]  do_syscall_64+0x4c/0xa0
[  653.825307][T13932]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  653.831232][T13932] 
[  653.833573][T13932] Memory state around the buggy address:
[  653.839228][T13932]  ffff88804d556c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  653.847307][T13932]  ffff88804d556d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  653.855385][T13932] >ffff88804d556d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  653.863457][T13932]                                                                 ^
[  653.871439][T13932]  ffff88804d556e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  653.879512][T13932]  ffff88804d556e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  653.887582][T13932] ==================================================================
[  653.895740][T13932] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  653.902954][T13932] CPU: 1 PID: 13932 Comm: syz.0.2898 Not tainted syzkaller #0
[  653.910475][T13932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  653.920578][T13932] Call Trace:
[  653.923882][T13932]  <TASK>
[  653.926843][T13932]  dump_stack_lvl+0x188/0x24e
[  653.931561][T13932]  ? memcpy+0x3c/0x60
[  653.935576][T13932]  ? show_regs_print_info+0x12/0x12
[  653.940809][T13932]  ? load_image+0x400/0x400
[  653.945363][T13932]  panic+0x2e5/0x730
[  653.949329][T13932]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  653.955543][T13932]  ? bpf_jit_dump+0xd0/0xd0
[  653.960086][T13932]  ? _raw_spin_unlock_irqrestore+0xbc/0x120
[  653.966020][T13932]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  653.971949][T13932]  ? _raw_spin_unlock+0x40/0x40
[  653.976863][T13932]  check_panic_on_warn+0x80/0xa0
[  653.981919][T13932]  ? ieee80211_monitor_select_queue+0x23a/0x240
[  653.988213][T13932]  end_report+0x66/0x110
[  653.992511][T13932]  kasan_report+0x118/0x140
[  653.997063][T13932]  ? ieee80211_monitor_select_queue+0x23a/0x240
[  654.003356][T13932]  ieee80211_monitor_select_queue+0x23a/0x240
[  654.009464][T13932]  ? ieee80211_activate_links_work+0x60/0x60
[  654.015492][T13932]  netdev_core_pick_tx+0x118/0x340
[  654.020648][T13932]  __dev_queue_xmit+0xb19/0x37c0
[  654.025627][T13932]  ? __dev_queue_xmit+0x26b/0x37c0
[  654.030779][T13932]  ? netdev_core_pick_tx+0x340/0x340
[  654.036112][T13932]  ? virtio_net_hdr_to_skb+0xac2/0x1290
[  654.041697][T13932]  ? packet_extra_vlan_len_allowed+0x200/0x200
[  654.047893][T13932]  ? skb_copy_datagram_from_iter+0x5e0/0x690
[  654.053919][T13932]  packet_sendmsg+0x3bc3/0x4e60
[  654.058824][T13932]  ? __might_sleep+0xd0/0xd0
[  654.063452][T13932]  ? verify_lock_unused+0x140/0x140
[  654.068701][T13932]  ? aa_sk_perm+0x81f/0x950
[  654.073252][T13932]  ? packet_getsockopt+0x9a0/0x9a0
[  654.078404][T13932]  ? aa_sock_msg_perm+0x94/0x150
[  654.083378][T13932]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  654.088694][T13932]  ? security_socket_sendmsg+0x7c/0xa0
[  654.094193][T13932]  ? packet_getsockopt+0x9a0/0x9a0
[  654.099352][T13932]  ____sys_sendmsg+0x5be/0x970
[  654.104162][T13932]  ? __sys_sendmsg_sock+0x30/0x30
[  654.109230][T13932]  ? __import_iovec+0x315/0x500
[  654.114117][T13932]  ? import_iovec+0x6f/0xa0
[  654.118649][T13932]  ___sys_sendmsg+0x2a2/0x360
[  654.123358][T13932]  ? try_to_wake_up+0x67c/0x1080
[  654.128329][T13932]  ? __sys_sendmsg+0x290/0x290
[  654.133178][T13932]  __se_sys_sendmsg+0x1bb/0x2a0
[  654.138075][T13932]  ? __x64_sys_sendmsg+0x80/0x80
[  654.143045][T13932]  ? lockdep_hardirqs_on+0x94/0x140
[  654.148277][T13932]  do_syscall_64+0x4c/0xa0
[  654.152741][T13932]  ? clear_bhb_loop+0x60/0xb0
[  654.157465][T13932]  ? clear_bhb_loop+0x60/0xb0
[  654.162179][T13932]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  654.168117][T13932] RIP: 0033:0x7f6e8ad9ce59
[  654.172575][T13932] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  654.192218][T13932] RSP: 002b:00007f6e8bbca028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  654.200655][T13932] RAX: ffffffffffffffda RBX: 00007f6e8b015fa0 RCX: 00007f6e8ad9ce59
[  654.208658][T13932] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000005
[  654.216663][T13932] RBP: 00007f6e8ae32d6f R08: 0000000000000000 R09: 0000000000000000
[  654.224668][T13932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  654.232683][T13932] R13: 00007f6e8b016038 R14: 00007f6e8b015fa0 R15: 00007ffd134ea6d8
[  654.240711][T13932]  </TASK>
[  654.244351][T13932] Kernel Offset: disabled
[  654.248685][T13932] Rebooting in 86400 seconds..