last executing test programs:

20m6.835678667s ago: executing program 32 (id=214):
r0 = socket$unix(0x1, 0x1, 0x0)
getsockopt(0xffffffffffffffff, 0x0, 0x6, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x4000)
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
sendmsg$ETHTOOL_MSG_RINGS_GET(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="0a012a20", @ANYRES16=0x0, @ANYBLOB="e60f000901008b00005d33cdc96be58bd5b3274e000f", @ANYRES32, @ANYBLOB="0c001a80480003"], 0x2c}}, 0x0)
socket(0x10, 0x3, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x3aa0}}, 0x0)
sendmmsg$inet_sctp(r3, &(0x7f0000000440)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)=' m=', 0x3}], 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000b5b9243184676ef46a4800008400000006000000d000000000000000"], 0x18, 0x20080084}], 0x1, 0x815)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r4=>0x0})
r5 = syz_init_net_socket$ax25(0x3, 0x3, 0x7)
bind$ax25(r5, &(0x7f0000000540)={{0x3, @default}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]}, 0x48)
sendto$ax25(r5, 0x0, 0x20, 0x40, &(0x7f00000001c0)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x5}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x7a)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000140)=ANY=[@ANYRESHEX=r5, @ANYRESDEC=r0], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', r4, @fallback=0x19, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x101}, 0x10, 0xffffffffffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r6}, 0x10)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x34, 0x0, 0x0)
unshare(0x62040200)
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
shutdown(r7, 0x1)
recvmmsg(r7, &(0x7f0000000180), 0x3db66e6159adff3, 0x10100, 0x0)

19m55.615888355s ago: executing program 33 (id=307):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/address_bits', 0x0, 0x0)
lseek(r1, 0x0, 0x2)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000140)={'virt_wifi0\x00', 0x112})
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400})
r2 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mremap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3000, 0xa, &(0x7f0000ffb000/0x3000)=nil)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
setsockopt$inet_tcp_int(r2, 0x6, 0x12, &(0x7f00000000c0)=0xfff, 0x4)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000100), r5)
sendmsg$WG_CMD_GET_DEVICE(r5, &(0x7f00000026c0)={0x0, 0x0, &(0x7f0000002680)={&(0x7f0000002640)={0x28, r6, 0x311, 0x70bd2b, 0x25dfdbfb, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x20}, 0x20000880)
setsockopt$MRT6_FLUSH(r2, 0x29, 0xd4, &(0x7f0000000080)=0x6, 0x4)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000001c0)={'bridge0\x00', <r8=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="3800000055002f03020000000000000007000000", @ANYRES32=r8, @ANYBLOB="200001"], 0x38}}, 0x40840)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x102})
socket$packet(0x11, 0x3, 0x300)

19m51.646022037s ago: executing program 34 (id=315):
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40041}, 0x0)

19m43.295880549s ago: executing program 35 (id=325):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f00000052c0)=[{{0x0, 0x0, 0x0}, 0x200001}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, 0x0}, 0x2046}, {{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000540)=""/130, 0x82}, {&(0x7f0000006080)=""/4074, 0xfea}, {&(0x7f0000000240)=""/103, 0x67}, {&(0x7f0000000040)=""/113, 0x71}, {&(0x7f0000000140)=""/55, 0x37}, {&(0x7f0000000340)=""/107, 0x6b}, {&(0x7f0000000440)=""/188, 0xbc}, {&(0x7f00000001c0)=""/54, 0x36}], 0x8}, 0x4db}, {{0x0, 0x0, 0x0}, 0x20008}, {{0x0, 0x0, &(0x7f0000000d00)=[{&(0x7f0000000780)=""/146, 0x92}, {&(0x7f0000000840)=""/158, 0x9e}, {&(0x7f0000000900)=""/220, 0xdc}, {&(0x7f0000000a00)=""/11, 0xb}, {&(0x7f0000000a40)=""/80, 0x50}, {&(0x7f0000000b40)=""/97, 0x61}, {&(0x7f0000000bc0)=""/123, 0x7b}, {&(0x7f0000002e00)=""/4096, 0x1000}, {&(0x7f0000000c40)=""/171, 0xab}], 0x9}, 0x9}, {{0x0, 0x0, 0x0}, 0x6}], 0x9, 0x40002000, 0x0)

18m18.519828643s ago: executing program 1 (id=397):
r0 = socket$tipc(0x1e, 0x4, 0x0)
connect$tipc(r0, 0x0, 0x0)
sendmmsg$inet(r0, &(0x7f0000006740)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000004c0)="80349c0d9e8fcc9f44658138dc4a3c4ad42f918348474a5bc38ff0e0571fc22c8eb5cb22fdf30c6d1a4c1ccb5e5b35fed7db48c1a8a7132adc5623d146ddfe2254dd2579b4284b53d1cea6206864473d31bdb00c9d1462458b678827e80c94d88099e7471a58b1463086f9cdd1ccc19fa2fc4a9dd5a56fe782d15e66648c7630f1aaa7e9820460c46e292dbb8fa6f6701048ff17f40e2ab1ee0750ed038f18b81b2ba014bf866062c9a6f88b5d07e13b7eddd968ba9c7a53609c7b61471a51fd85bceebc0a92b2cd7c45a7f4571e693abebc3c5ff16c81106db988096bba7772e6acc5956344eaa64fea7c6319a37312ad57490dd2ebcb9bdf2815aae851bbd55317b4fcdaa8b06d30ed3db8a117424fed41f68979ac996e7fcd4549daf29bff6a2643e184580eb0b0bf81046975ea8d5e06e7124790dfca059217a34f4120feb2bb", 0x14d}, {&(0x7f0000000280)="5b4ea80f20d7212327afde5e7a457cde2dff9073f71979", 0x17}, {&(0x7f00000002c0)="851d8a90d516f218f839a7c48edfe734b2490c90a2fbf5be3383f1c9f5be8e55148723ac0258ef4f8af1f5e0b0a86885f018523d60072c7d9c1568700b3abe208fbd5dad2daf18b5150a530d816bf4cc6e43da4f2793611b38009e8c0970268cf5836926fd1223f4f8bec6a4a68b2aaff7af151a661793a04cd9b936da8f53eae22356781c580df817f3168269eaeeae014fa9b1878bd89e2acb4853ffd7b9a06d7f5ff090c605f5d343e6d93c80d747365d21acea325c44fbb87f6271a2d9333e9b9dd1d36dfea61641d34fd54cd2970ac14acdadd04357bdd44bc926d0adef887b2e25c2f435ce79bac1d1f473c3a49a12aa5c5cfa4bfa4fd2470308ed259e62c218aee67006a3ca187c9aa13a806d99b2275341fd6022940537b1cb1fd2389f417ea92c6e77a09a9d09a98c4e2f0912d36b47588ff991aa98c3c650055bacb669aaf68dd4f8a7b43569c9af62e7cee6ba05278fe8642feafa5c436cb13fa45b3cdf750f8956c493acf7c561b12259331a363c74fb5f2947652ced415b0986b673680e8ad7bad823ff84c30681cbe45114510d9aa6f423f212bcdf1c244178ae31474d9f176707e9c481057f72d489372f7daeba51e3ea86895c8eed109566ad19f3957d0df21a671fce2d674c207d8643c85a018834f4e8e3992e6991d815", 0x1e0}, {&(0x7f0000001440)="f0e266805aba28ca0c0d67b3479e1c7cb90d64b8ba8093c11696a92981d4fdd1f40043ce52efdea3f8d7b9ba23840df17c5a35207d6fc677263be310a063adb7b1528b8a04ec5b50d2cfa0df73c57f16a94941e8fb22f429a1f34b5b01514fefc4bd79a2cb936cf2eae82bd7b628431ae2d7b61059b35abc6ee24fd40e3c1bd6106af177bc4670395df7238a420fecf1e6ed3fe8906c3a2843215618fcb72ae77c6d36feefb4d45157e5d35fb4bf297d15ca042520f08e85ad2d7c5045fc7c4a2a8b6e149fc755d70437b3835083ee9fc662afbf840ab97f0adcdde20099bb22e909b937696e9d950ca0a361dfa8f5453454696927ae5a2401340264bdcdcd86941c18b536bdccb964461679d1b62855dadee9b66e5d494183283808c706247cdf83b45c44178775fc957483923b717724549dbe2f9a092fa07e93a7772d16bfbff9a0dd14d48d30b1e4f8206f92cf2fe08a7702f73404b79e77dec1b694e8a7c588a7bb2d770122291b10b456c4419dda49da0433a0aa5f0be221d29b45082b4f9521c2a1fbae507aa2652123619b78f340f01523bf9e6089e8e8186af2b85476d7059226f07467a6e036bf8808f2e9070b2a94ac1c64ec066def276c362a1d4a830edf754783f0a1e52e1adc4f6ca2d7200fd73b9cda79ccfcf57a27f60e184ebe12c4daeb214c2057b69719db280e0dcc2d10b085c7ab8e2394bae44893e3f335a3121bae3a33c32b004ab7bca48726029b77a6c784d2af3789fd520e37009d103c0a63598fa5857ee1b86a38a9feaf1d1f512d1884861c13d647d26888430e2f15e78cdd6a4c875e52de709dfdc4af4775ce03d7c8c3ff2b9fbae82dbabf11460bd1bc1ffe10c5062a265fd211a2b52a41613cc03917b8d34591885396369d1d172df31244a236c49d4457a936848684b59e326872d58c5db20684d1194ccb7ecbf5017f0f702f29c75cdeea09619db8bf00b41b1a165af13b3810d7f7b6a681aef628190f4fd53244a650b0500df500946792d003f2d2f0ba3c57f8257c0cc897cb1dabd63870ef86378a14e7f5068ea6a2311414656d766fb24e43c2a57b44cb1dc584d71e91628348790dc6a9adf85bc403a934e7603f7b45473407cf1395163b3efc9e880963bbd98140adfd624ccfc1141cd899826261e152265b9307695488c0cbad9027bf74b6f0c7adbc9878983d96e6026c818ac30fac3e2392e1c8fdab8ccf902d0915a471701083949efafc7a2e05608139fd0ef22d834ff02569878579c43635ad2d56d7cdfacaba8a3adc47c7fd42e521ca6b14726e68f67e2662c972bf9824ba847e22985400fad74280c22a0636aee80eeb7ef0c691cee94573ec78b53d43316ba691fd5274d1ff8085e297d2781a31f704dfeb58db9fa216c3356341207e953712de9ef27018bdfdddba8abc0c5f205908f12a42685ecc0c20cd92a57bba45a435f7bb412ccab1a6d877392971de8b808af07ea32b102dbcd7d00c869ad5cd8f5a5895b3d6dfef226d51d819756a85ffdde3d08f59fbbb7510a9ac3568f8f039fa7abc7b34685f3579050e88773cb4bb7958ff83aba1f23c8ab4ecd019c59781d47bcc50c64a957c3fa37311a240649313f77fa81020a5da0560d3bdabe6001ab6792ad782fe0e44bbb59efd4a524984742940563dd9e9a0226925324ac94373a9dcb16f32183ef3f465a13b83974f593e664f53131241e2133ce22917fbb412354a51026847f92aa7afadb1cdf51677fc2fe5938812ef17ae79f4db75afdfce3c5b8822dd612457b5f59dd616acdc473e97afb83f3c9789f3df399a2c3c89e8b5e6db33a306168b0cd4e8acbbd6ac81dd46cfb2f7d24b609d009049784611d027daa0cfb12111c1236aa010796cc687cbb151ba30e3a786ee8bfdae51e65a0c3667f7b8856089621742bdc19ad66f60eb48bd7f20b0ac2a523e89e6a7089e3704f266c52c58994e018e5d20b77a0413c71cafd420d9e0abb77e9f1199aca31f6d94372ca5736c749c197cac572e4962fc089f866a896763cd7b804c8e7211bd3a64f1ed12d65182deb850279ecb530683551bd50214e03b9f813431688dadf4caaf77d2e8b20d3e5c424243ab50f9c20462cea0f38eb080b02074e3e77a236d4ec929b04d134dcc5f767736c096794be3aec9f1195b87862128b436fbd0305a6ad6ebb0b2167e184c1de57048144b7567a6ad6c028c4b8a78858925f0ed415313da984484f753d14234d30964aa3d15af13337b6e5338d4f787abc18e0ea4d9656aa3c1d3eee0854078470a0e724062fd61a95f17516ca92faae8397ce07ba558a689ea49d25685a28c68fbc533892827829692d65a15711f0d14f7f685095f6c5dd085b30ffc4dfd9097157c1fab80023d24912861e87d1e484fe5a4476743dcb983d3eecabfe168db03f888432d8b1639e89c8f0513dc36ca8969ec364d28814fa6e21f979020df1292d772cd20c0eb4a5888f38d8d129e30ffee29ab6baf3b2f3a509e02d26b354f1ebe3531fe97968f1f678937b36f3684a8c100030a2328941dfc09574f7cebc26337cd4b2a6fc0b92affc3f3f892542e46fd6cfc2780c0b8a916b3fbb7f33a2537571b06643d82f86e2156740e024b360f48b844797971383610dc93abedc9945ec26d6a56e2701522e3fd6b77d4647a137346985af549d8944c652ddd797e1856a30f296258eb275981bc9432f38532d6e141d603b002c75247b3e71b39dbc01e8e64bc0cd510bd1700685a95ead8fb3fe8fbd72be2e8f9f5a9f1b2c400bfdc0aeabb14a7538c9a38a4839bf41120f2c2aa00277a327d7dff15f52854146a94ea41e4f14a15443124c6bcff43489e7e242c8315ed8d542377fefb6002292c1adc571c730d67b8dab5a4da06659fe7b69bac3147ef39fc877c323edbb9912886ab468c530a8d7844692010ea93effd20f4ccc47b3ff51f378c12b1d03155d49772f14d65bf2ce38f589ca4647b6713ae081fd13e74b307aba8bc34a4406d78c26ccfdf328f5c273b294f6c6419cc157eca59939ec4c0b95cc6d5f97c83c3f14aeb5b88910ec29cf64496d9b1b855fe073d4791507c7533846cdd7810667427583b3a8b7febb2c43643c09bebbb12c08781ac9d0995723fb47febef49e0d6631f054e5b3b3a284391590cfb5d5cf4aaa71586cb37b9fffa15848176da20969e88ed87dd8a4fa2b5140fd56f0a9973217f8ce0c6ee50b67214b6d7d6b84d41d83694a14b2e96f0cb79b49f5fe4dd21727c00819e83b6ea203bada46e9ae8ce7bebaf24f05fd20672e4230b3851b8f05bb2f0977dda7c8cdd1f2689b7a10a72018ff76699e53b2a3f77bf7fa03fe3cf85d4859c9db915fa5c1ddff79e77d0b1b6316d3e50d0d60a42271332f3e81376f120836cd3ea55b7f1453833a7bce0058f79b698a4bd0e857ae35b8ac8f20ed8f238475757af11ce7b450cf89191a4f27a365f594ef68efe6ea1a5c3518712b1aa37a1f47e05f85debfa461f5346d985a71e49ef17f4eb068862977d56671d445176934be6b5318300d7debf3ad8d7da0c014b25af2d8fa52753974116a8cea6c974692f5de03b526a075cc3bc8a4375333f0ef09dd3c361738a151f326ba3253c171f8f7876107eeac122a65124e59dfe7c66bb9546d6428559df314063ac08c03d96b04b6a91508371fa18348c65238546f3d489c7efc1bd01e6e389fbeaa8f125bc7b7c8673904eb676bbdfa3680fea612ba20fab20cdd411c2bafe0417b76852de9e863f09d291bf59510ead793cfd9d6710c0de77cefb5b65481d3aabde2683457b13e3b32ebc06f60d5afa47e36f652a95bd16dcf55dd3e1b05d0df9b8a183553097c2aa95aa175eda6792f58a74170781260e6120981549b3836d13ef037178dd8ddcb5a5624f3790f9d92b0f8f3cd11bddf478cd79456db871f32dd6e24948dd762ba2c22a94300f527c1df5ff05aef5ae4893ff88adc8f7af779d03fcb4ecabfa32460315f27505681242064541657acbb29f531043ce1d04ad189045140232f24f46d0580ada560c61fa4a90aec4743a9a0d466493476923cdff87a21127bac3da7d61d674d8bc9bd63cc3df85c707a912773e090256d5a0bdc5da8ceae2ca25c596410982b63055e6d292a31776cefe58457cb6b5cb92a2c69ed5eeed35e4ea3d6b54ee22e41dea28adac6e1eeadf604f0ef3a67c86974c3ecacdb7f502c74ed31138123dcb80282dbfb0ea0fc2a6016dccecbcbe4952c27b09e7abf784db6b7cc55366d048f16f6473a268b90a1c9b9c612f88bed9008308b11e47d79329cbefc3f313863eff4a16e6a70c41a296d3042a1164d0578297642ec82da1f92dfaa6a67ff9cfcd1b3e88fc442246a303a0e539ce65ad6fcb6d8657937cd88d4c30fd369f2bef0308f5db8824919139b25f82f56e24ef4cf1feda07c3bef9dd215575ed774dc05603f4664332c7b002c48d873bf1ebec930a273efc78dafe153f7eba9161002ca9a8fa855bc357f3a67810fc081b9ae9b4f69401ef93d039c7c1398fa8c9eeb1ce001e08e9231ce2c2beacdafe2955d4056e18d4d09ed22a996666d4df5ca91c37663bb54eb42fe39712736fa0e64ad4f8ca843fe52702c9ae48e60a3f5eac160f58ff3cb80684120845b9e34bc1aecb19662b1a429926ae351d004eca1d367fcb34facbeb2184716c5140a7e420c7f4379b0c43ce872b62723a587d9ad528c2aabf158cefa2df3422203b5cc73e9443825089527700b69a2331e0558a9b1e9d3e69a59896e6cf4df46b41a8cbb0e598a874fc23b16a6eda6eafde02451f0255ff9e6d1bd007c86dee8b6ae875752415b8057b916a3fe7b35cfcf7d38a50e461f1fc1d6a4541ba4079e1f21d0ea2a5ce4aad561215a1d75a2599c757cd6025753fc0578e4b7f4195ad025c46d50c5c351af1ce1e8f8c35439c8598293cd59d2e90a1445497b0249a314379dd13e95f00f2d8240190da9e12adbdd809b1a96900054db156d2893f7998aca02c86f61478a9b21e9e11a6f4b9f7f382243739e492e9048ed9c7b0b8118d966c0f41709abd171873c498a3168639bb2451e0f65e93755fc9cbf3b996ed0873a8256a579372146c3a1e749a9a640f8e9c01af2d0fdd34f2b5fcf4e0bac0b7becd41851359f89dc17156b6ddbd6377c05a059cde362397f28ae2cbbdac107142b40913aaf059d897039ce3fda8c29ae93210676e44f131f78e78d68d858bb7fde230a2f0fd542c5e8374fdc11a488da9de28bc3992a8d74089de36a732110c841bbdc5f24f71663d9a5f5209791fb7027749be23cdb3380f581151563d3707290cd31b28c13139b8e041cd72af3ad9b0fd0b3f131608a8ec5d80c4e7cd458abebae0244c921ef69a4ea0e9a2c2073bd13b49f574a7e278c7ba08c22d89b678a3cd814e8d0dea0101d95f789ada5178f46a4c6beb8dd12352cec179c886ae98ac2bc4382acb565df99eaff3f6824536ef7de884176ea3ca14a9f225f8ada2aac871e7c35df92943600cf7961b8eefdeb70d985fbc93252c978c5c773b4f2ab4b7683e2563d36ebfa4355969f6201e4bcac04ede3c6c9a18ed23f23ec331cbe2d645fa4ffcb2c742ba4905788c27a9bc97536dcbc08d3cbdd2f7195acc0f0eb3cf52aad9a1d23a1dd3633a49a482a1c1eb8761dcc7474f0fd4596a661b7668ab22ebecbfe33886b9b4a0c250380a9a34fefd9724ff89b32e5622258287b3281bcccd0bade4e260b6fefe73219c41f2de521587404ac1d2de4e2999202b3870099718115552aac2d446e649", 0x1000}, {&(0x7f0000000080)="253c10cd0a56ebbb9e8b465670109c340c95f1d27d36cbeb7fa948545e9b18da346b70b5dc78a12ad1a30e4f7038336f1af1d61b0409988f1755e9b3ba9919b2a4952ceda920f5f0e22dd247d4a74f2d1c854bc64f09f979aa3e9f5c25ff8ec189e5d809483583f648cd8870691200e428d5dcae697fa5a1e48df472ebb098aeb32e4049eba9f92be1ef1b6609f2b91c449dca240f", 0x95}, {&(0x7f00000024c0)="2ba671ae8107530b978dd82841597ed8f4275ed9e6b9f7b73ee6324ddf688ad9d88125b82afd2e28aef7183086ce0dd4ee880fc56a2ca8b52ef8f5b5f3e475f49b0bcd201fe612703d680fdd1151dd32535b04d4697d472c7750d6c4c197162e9f872253b611b1ca20e79dcf40d1faf58a453f8db9a03fdd351b54ad4e77fa0fda7990bb281079ae7ba3994aef7380e1d6342305e2d12c57379fd12e784f48e4e832171df4576c8724e3bfd70ebc92fc11914cd4", 0xb4}, {&(0x7f00000025c0)="96cb9dfd0c61d5ed863c5a35109d427201da53416c37631f95451a170fdb734214157996b04630903a7ad20aca669b5120871c47c6ef4e5975222b9676223895144ae5c2898ba0e94642e43e374bf9515c7e840e62021f25181401bda4c4d2d77867390c0a05af019adabfe896d7824f0dcb1724c64da40478808059ea83fa60145e108809ca25edf6ab820f23a5ce2b1779aa8c037a26d99df56f39ff5beca1c1e0cbfd69e415971a02f5115f6da0ba6da9be9772efa870aa6b62774ce009e7bcca4b4a7a910aab97e7f3da899eaaf573ac8a926a7be9b5875b3bb707ae9124ead39e70948bcf654b6b4342043f756323494e4ec559866c5a480c3b156c0427f1cc1d373b77424ea38e3697e36dcefd261575e5516bfcedc7baa8cbebed0ce49dd27e6291dd6f968eaf37f13313ba0bd22b6a63496be04a42df10fef87386434103b5ef819a969e8792a7765dc52c310fbe89851eaf8b2eabcf27bd487f817d48a54b0c7e8b151f0941a6f4adcf6a4486f96f8d18a2928829db333ec08bffe029f4840fdc0433d75157e80b33c3041f193e5c3fb1b7c13d1d7d7a8fe3122ddef181a6534232731c8f91dae42d9a66b9c2e0c6de6da74c24752b53d344b3c9a48ed62705c3e93f7e346c0379a6ec672b3a73dcfc159a79a77bd7b9edd013e3e9832d4dca6f9f973d63d5d235c7e22822e012e4181e102e68b03bdec323db739968061a7ba6fcf9589bd2975520fe9f1b44e52489bf5f5b0125b14bc894f4ff1ad2ba817dad6ab1654a2cacce1cc5160ea4bf3d7011cbf16ad0389b6511448c4186da0a7a55be54031a6d2773ac33aab5d533e7bb213309193f2ca3970e8fffc2fdacbc96e6f49c116b0505385a8bf282589be6b844e2aaaa652459b5d021127f59009020d34932cd03fbe5fea45bdc1f68463c4afe2b5ea8f97dee5e2e6b58196aff00e5ca51a0087f02bcb1dbdd638a5c7590095561578c30904f7ea80072de21fcedd0e41da8e7fe3514eaabc603d770a6fbed5367edb7feb5c5edfda04c7b8a4bfce5c73b876f52fde7dc929f3ffa632eb9514596793533d20fd191b484e902ab104dfc34a8486ba64d3e31c495e043279d8d6b4e6ca3c3fd4ae43529e55be690309e1bc90af2e9188cd5673eea73c75d4decf8972039c086e4b47caee900e1422fd2fbe0303dd5147a9fa487a7b08ad529d0d3db2bae4b26a83de0b15b9b82f26b23336481aca875c48605dc8d25d872920d01e2e163cc13d1f026666f8f54d6fe7895b47939599d168dc98a2de4aac463d98cb39375ac13fadd722b9f1e221d35bde594c9e53aa0f34b235a9d68d8f4841f9455804cd8a7bf05315c5bab2fa8820e956a8161cdd685fc4e1344f9d89189057376a5d1c23273d475aaa72ccbf4b5d8f2863f3f0fe7c0f8b001c065bae68aad9d8878a5edcd8dcbeec07d317c0a81fc84b8b208c60db73c6cf86d46cac98a7df449581d74be7991f1fa6924b76a2d6077aacca10fc777f0d09c5420cfc38c4638957086c9a2065ce94a286da01527bd8b8fd5830f93bcab97a4d0ca13c55b4ee32a49e078b4d79e7b17200fb6a550cfcccd33c681e37bc83c7fcda081a67c2a828e65a75df33e587a05f75fe05aef4078b3482c9078e2edb63c74134f92461044871e4a71f40228d156cbb3beb53eb898e0b6ade2d486a7111ce074510ad957f0eeae0812dd3802db231d9a15948a6b133167eb51dde0199023dfb3471661c7f13f14e786278c551d60929ef969b15d4ea544a9cda830183052ca1072083fb304502f38bcfd46ef64091a2a64bacc55ff3e91f8a7a97f69a9524bdaa60c14d75ddb44e399158c603cded78f42b79a6e9b9c30575289a92558f4d1d9cbb35780c86462cb56d5b474901c17df6ccba95481c004c384b17f99fb29458c9c59666c5305c508561e654d5f1b8ed375231358828b73b487c5f3096211f863375333bb1d3970f7c4cbc7b0f122dbb330b24498f38d804ec0e9c8a5976578bfbc2e46e8d898ec08b3742d5f9ba03d56567f6541f075c4f45eec94a6af78065689e8851294c48f02d48b1266586db86266bd2d0cbb729b567ed7643edf6849f50ca7a28b4ef59433ff22ce0680ffb3348a458ff77b6a796e849cb456df4b443d625d423d10e21bf0bcc785a243cf70ed2ea7c52548cd366ad9af486a4a0171f21ee9d961aa808a69a066aeb0c605fe7a83291ba942df3d11ba1e12da7381d7af20ccbd0de5416ef389c65d1fd0ff209dce808c490707a371b317ce65765082d1c5f67846ddfa65f291117d6e5a795ac2961d56eb24060d8b160d5bd146cd61589c00a108a1dba9e8730157e403cc35b0cd64b3aa66eada80be3bbb974d4642aa76bdf87c2d63134af1c646b1f0bfd218d4e4ebd277ad1cfc9b6f20c4036c6a511cb1ce486c3a563ca9368b10bed088bcfcdab752e0c78a10e550544ee6250d3908e3e7b09b2119f94abc2fdf43d7c82a4ffce81a3f962124ace1108443f41202c6d055d37e99b4eb6287c485acabff03f3a115db1ec790fdc5436e97bf2443c2f707ffb513f6d6494812b2238d679c8787a854ec92126bdc4681803ed4a5b84590e4f00ce956c6c3394773303b0620d118d2290cb229ea3b9bb9de8d719a0f92a50d34909a363f5f6ff906326f917be78c914c78846ef30c9b107b26c0a55401ceabf5b3c669eaa7a1a36d97b01d5da410366e3da5d232fb711d26afd9d4a5016425e47c0ec9b6305673af4cb46526af752011793c322797fb706042da364b6e723b513fd73db6721b00bd80e0923fe075300951d4dfefdd029c3fed21b734bf102f96d58b50bf4edcad014670c2d93eeb4d7bda3d1b70d9e21262c644bb96855895e4c0b32c9ed599d940ac24814b69812c124648428e13d7f72d74feb30288eb78b4a99fadc96589d8a9c7047787aa802514ba28af4d5520ac50928cd75ca92e2934a2e126456bfe1587003e87d9428b1fdb6b7662c44a5fee9d537b7f43822e5b103aeece1aa603215c215de2873e3a6b327c5ed0a0190fb7645034e1839ad165f3f7f80fd793734ac1412bbe20d82aea543792047ba5c5b37ee11988cd7e71cd43547e13c6bbc1ce3cf6aff9727381f06feb83b23b694724d9259d3736eba6ee66ee73a224b8a978debbbc35f8e28cc8267646e5c8cd8076d2044d41eadce01738ab2c7dc763de5a8042b957680223c4d9fdbf65d17e8998444e8db36c50fbe3c9a83e506661a029c4538617d46b6a43675c6dcf283a45b99e44188fd2681a50747e819e7f37496207ec448670fe62a3cb94712abeafb5dd2690ec12b18f8d67d5b0db41a897124f8b94695501aba517447338034bf14d0f99cbf5518aa013e1f35a052b4d27d1247349ff7a83362444372f017fcbdfe972b91c46a0a57f4639204673341ae92bc2dbf2b8d1680b432552850964eb1e14f38995e7e404b1bd1bf63d8d58c7b4ec38e3b9e73959e6509ad9f67d684f62759f5cae90bf8c1781b5800922c312aa634e5748b6181fc37df267eb5c66afc0c9249f9f601136c78d817beddf308c6970ee0e8221abe6fa124f55de7e5e78398004095a175f58cc270840e8c6759627f139e4f9b3b362e2700c5d06da66e862d1016c9f89d18646a6bb823f992342433b03397ed7586f489824a1495d707c81d3885029a47845802ef97856e530789a5cb7239752c6509cdd094212cb4b1b8baa7416cf5000db59418ad7f7a0d7d8e4cb8ebbbe4c40ba0ccc25283b9c933e251fff9871fc01026fafd8eed7ddcbe454b79339be93cd4b25a55af449f5c0893a957c5468c9147a973478c834ac4ecfea339cf3", 0xa9b}], 0x7}}], 0x4000000000001f4, 0x81)
getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000000), &(0x7f0000000140)=0x4)

18m18.37307644s ago: executing program 1 (id=398):
r0 = syz_open_procfs(0x0, &(0x7f0000000340)='mountinfo\x00')
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000200)={0x0, 0x8d33, 0x3c00, 0x0, 0x300, 0x0, r0}, &(0x7f0000000100)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x2200}})
io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, 0x0, 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x205)

18m18.008515432s ago: executing program 1 (id=399):
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000002c0)="3504000030000511d25a80648c63940d1124fc60040035400c0002000a00002037153e373f04018006041000450055d64a12f76710989a119052acaa1100da3e813fa6ba1eb693d93f699e37af0d43f908fa7d995a8feb85d6a4e1b691276cd9561767306b74b4098e9e71fa51bde29f19b06fb9b3ba96da0e93d5a402dc7fe462a6cc4718c94c1747fff68092705b44bb48dd2db4f3127aab13b4af05549571a6c0e03db227b65d459fa5c1232d7b62f12b65354b7e70d32998da02ae0dc28942f682d97191d0b68697bac278c34b2972ca8ed35b61ee6831c78af85c6711cd687694ce3835a98387fcdb8616524ea04449dbedb3250fb366740d6b96307e1d2f0d85dd592ca2d8c2730ad1d16eb4d87cbb48d2f7c4eb7a490aee0493ffe3b72b508c9a8eb2ec9ed353d79ed29ffed1e48bf370bfb8af11085997d38210601155ec361cd6f3577da98c0a528a4d24ce75fbe297cb75f4b36719edd354ee6312c5527de7ea1a4233b9b0bba0ba2deac12f0257c64ceca8a0a62db179c7d9df7749da38624aab1865024e56a1b2a41e1c7e3a29c01adb31f1865bf6f44aa1e0fd6d827fbae1d57b5ff0026b580c890df83592aceb316fcd6ca200d007b786f9ae", 0x1c0}, {&(0x7f0000000a40)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc2261c238a5159ea98db9c00aeef644ae98a8cb8da3ff3b7ba14d7971910b559623af829524d83bf19f18628464076329140e0203fc75859185ccd019302afb784e41e16cf2d31db7aba83d0f500ce25fc2d7f524a04cfaa0015ea8a297477a5517f8a4ac167083a321c78070974afc897fb738fbcfeac369844fd7fc11fff502c02b7607007ead2007a18006a6ca8dc2d0119f01d7083c2ab5760ac7b24d7bf26b9030cf455a08385f9e662cbe0c3ca6e6fd4ac0c8566c0fca986c68ef7016a11d3e44253b6f2d07d53505ed58b8ad410f89425046321b4a9b27b5e767bdfa0ebf7abf3d91b319129c48853d8e5cbc4a2c5c560b007eafe03e3332f6017f3164c7f602180aad23dfe5e770fe8855f45925e342b7dfd7ddaa68b65065465cdf4d5b8d995d6e6a7042ebea3d139c6a616232eb4efd1a50d0e6db3188a8e98375fda2a7ebd4cd59b9ea626c13685b05e6cf4d484e32869fd7c7167dbfa48b1529e5dd5f5a02", 0x273}], 0x2}, 0x4)

18m17.873095732s ago: executing program 1 (id=400):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x0, 0x1, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x0)

18m17.744087262s ago: executing program 1 (id=401):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f00000005c0), 0x10)
recvmmsg(r0, &(0x7f0000001000)=[{{&(0x7f0000000040)=@l2tp={0x2, 0x0, @remote}, 0x80, &(0x7f0000000180)=[{&(0x7f0000000140)=""/53, 0x35}], 0x1}, 0x3ff}, {{&(0x7f00000001c0)=@tipc=@id, 0x80, &(0x7f0000000940)=[{&(0x7f0000000280)=""/41, 0x29}, {&(0x7f0000000400)=""/160, 0xa0}, {&(0x7f0000000340)=""/62, 0x3e}, {&(0x7f00000004c0)=""/73, 0x49}, {&(0x7f0000000600)=""/201, 0xc9}, {&(0x7f0000000540)=""/15, 0xf}, {&(0x7f0000000580)=""/1, 0x1}, {&(0x7f0000000700)=""/189, 0xbd}, {&(0x7f00000007c0)=""/168, 0xa8}, {0x0}], 0xa, &(0x7f0000000a00)=""/146, 0x92}, 0x4}, {{&(0x7f0000000ac0)=@isdn, 0x80, &(0x7f0000000ec0)=[{&(0x7f0000000b40)=""/26, 0x1a}, {&(0x7f0000000b80)=""/232, 0xe8}, {&(0x7f0000000c80)=""/88, 0x58}, {&(0x7f0000000d00)=""/46, 0x2e}, {&(0x7f0000000d40)=""/224, 0xe0}, {&(0x7f0000000e40)=""/111, 0x6f}], 0x6, &(0x7f0000000f40)=""/168, 0xa8}}], 0x3, 0x10002, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f0000000000010000000000", @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}}, 0x0)

18m17.519782704s ago: executing program 1 (id=402):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x701203, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
socket$unix(0x1, 0x1, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2f, 0x80003, {0x0, 0x0, 0x0, 0x0, {}, {0xffe0, 0xb}, {0x9, 0xb}}, [@qdisc_kind_options=@q_blackhole={0xe}]}, 0x34}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

18m2.270047333s ago: executing program 36 (id=402):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x701203, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
socket$unix(0x1, 0x1, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2f, 0x80003, {0x0, 0x0, 0x0, 0x0, {}, {0xffe0, 0xb}, {0x9, 0xb}}, [@qdisc_kind_options=@q_blackhole={0xe}]}, 0x34}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

11m5.550024311s ago: executing program 6 (id=2251):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
dup3(r0, r1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)

11m5.084211536s ago: executing program 6 (id=2254):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect$cdc_ecm(0x0, 0xce, &(0x7f0000000380)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xbc, 0x1, 0x1, 0x1, 0x20, 0x7, [{{0x9, 0x4, 0x0, 0x2, 0x3, 0x2, 0x6, 0x0, 0xf6, {{0x6, 0x24, 0x6, 0x0, 0x0, "c8"}, {0x5, 0x24, 0x0, 0x400}, {0xd, 0x24, 0xf, 0x1, 0x2, 0x7f, 0x0, 0x1}, [@mbim_extended={0x8, 0x24, 0x1c, 0x0, 0x5, 0x5}, @obex={0x5, 0x24, 0x15, 0x1}, @mdlm_detail={0x73, 0x24, 0x13, 0x9, "814b271778379df7cdec1679232f882d8453921ac22bbab59607cd69667f700a3427be75201b5628a3c18d6b15d164072132519c678ba4f648d4477c542542f1b2afa25a3e74ddacc496a79d013ba95fa3cfc2cf2532a11236805120f5056e54797027f890def15b07d169f6fe3355"}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x200, 0x3, 0xf5, 0x5}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0x2, 0x1, 0x4}}}}}]}}]}}, &(0x7f00000006c0)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x310, 0x8, 0x1, 0xb3, 0x8, 0x2a}, 0x81, &(0x7f00000001c0)={0x5, 0xf, 0x81, 0x1, [@generic={0x7c, 0x10, 0x2, "3d9df7c1cef49d1a56119b8c3a6a729c19a6ed95cae6eb466d25e7d50676b59412d346ca0e859a13aa546403a659611877c1d7b3d7655a2513f2c7e757efa61eb2cfe674788f09e429173cfe975067f2ae819b59e58eae3ee9e6fdc828dfddb99658a8062e2c617b51da0d88058c746678a9ede768cc13a08e"}]}, 0x5, [{0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x416}}, {0x0, 0x0}, {0x4, &(0x7f00000005c0)=@lang_id={0x4, 0x3, 0x2846}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x407}}, {0x74, &(0x7f0000000640)=@string={0x74, 0x3, "59460866ccee7a265e31d098942c3b2e4ac7be0274b84bdfe09237022aa8943460d17b6b765302e1b8c9ef0dd3032ef5666bd1a1dc198afd01861c4ce1cf9836e5387a342988efa79d333e53462f83fc1d80a8f238ca767f9fd51c5dd92cce38fe76983c89f7e503b8c5b3f9c1828ab4e5a3"}}]})
sched_setaffinity(0x0, 0x0, 0x0)
pipe2$9p(0x0, 0x80800)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
r2 = socket(0x1e, 0x5, 0x0)
connect$tipc(r2, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
pread64(0xffffffffffffffff, &(0x7f0000000480)=""/209, 0xd1, 0x2)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f0000000000)={{0x84, @broadcast, 0x4e21, 0x3, 'fo\x00', 0x11, 0x3240, 0x3a}, {@loopback, 0x4e23, 0x4, 0xc3, 0x12d5c, 0x12d5c}}, 0x44)
setsockopt$IP_VS_SO_SET_DELDEST(r1, 0x0, 0x488, &(0x7f0000000280)={{0x84, @empty, 0x4e20, 0x3, 'lblc\x00', 0x1d, 0x2, 0x2a}, {@loopback, 0x4e23, 0x10000, 0xc24, 0x9, 0xfffffffb}}, 0x44)

11m2.972279852s ago: executing program 6 (id=2264):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="01250020000000001c0012800b000100697036746e6c00000c00028008000100", @ANYRES32], 0x3c}, 0x9}, 0x0)
write$tun(r0, &(0x7f00000003c0)={@val={0x0, 0x86dd}, @val={0x2, 0x3, 0x5, 0x9, 0xa, 0x40}, @mpls={[], @ipv6=@generic={0x8, 0x6, "3739ed", 0x28, 0x89, 0xff, @empty, @mcast2, {[], "59c0ac5a142dbdbec6b7f2b65327cfd00f8bd3acba38414fcc35f63d64902ea8bb580250f9fdb4ec"}}}}, 0x5e)

11m1.308900573s ago: executing program 6 (id=2273):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001900)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)={0x1c, 0x17, 0x100, 0x70bd2b, 0x25dfdbfd, "", [@generic="d226d7bcdcf3d4a4620af2e8"]}, 0x1c}], 0x1, 0x0, 0x0, 0x40}, 0x20000951)
dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text16={0x10, 0x0}], 0x1, 0x8, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000640)={0x0, 0xd000})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x6, 0x3, 0x7fff0000}]})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

11m0.876826379s ago: executing program 6 (id=2277):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000002637850000007100000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

11m0.718314907s ago: executing program 6 (id=2280):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x9, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10}, 0x94)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000004c0)={'syzkaller0\x00', @link_local})
write$cgroup_subtree(r0, &(0x7f0000000380)=ANY=[], 0xe)

11m0.317466688s ago: executing program 8 (id=2282):
r0 = userfaultfd(0x1)
readv(r0, &(0x7f00000001c0)=[{&(0x7f0000001500)=""/4095, 0xfff}], 0x1)

10m59.99969395s ago: executing program 8 (id=2284):
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="d80000000001010400000000000000000a0000003c0001802c000180140003000000000000000000000000000000000014000400ff0100000000000000000000000000010c000280050001000000e6d83c0002802c0001"], 0xd8}, 0x1, 0x0, 0x0, 0x44}, 0x20000010)

10m59.773091352s ago: executing program 8 (id=2285):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000002300), 0x0, 0x0)
ioctl$TCSBRKP(r0, 0x5425, 0x1)

10m59.656549232s ago: executing program 8 (id=2286):
r0 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_setup(0x10a, &(0x7f0000000680)={0x0, 0x80334c, 0x10, 0x3, 0x3d3}, &(0x7f0000000200)=<r3=>0x0, &(0x7f0000000300))
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7})
write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r4, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x60, 0x185100, 0x23456})
io_uring_enter(r0, 0x627, 0xc1040000, 0x43, 0x0, 0x0)

10m59.423914648s ago: executing program 8 (id=2288):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r0}, 0x8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x6a, 0xa, 0xff00}, [@call={0xc}, @exit, @map_fd, @jmp]}, &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)={@ifindex, r2, 0x11, 0x0, 0x0, @void, @value=r1}, 0x20)
r3 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r1}, 0x8)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x6a, 0xa, 0xff00}, [@call={0xc}, @exit, @map_fd, @jmp]}, &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)={@ifindex, r4, 0x11, 0x0, 0x0, @void, @value=r3}, 0x20)

10m59.42120447s ago: executing program 5 (id=2289):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x20, r1, 0x1, 0x70bd29, 0x25dfdbff, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0x8, 0x2, 0x0, 0x1, [{0x4}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x2001}, 0x0)

10m59.097977407s ago: executing program 5 (id=2291):
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000100)=@qipcrtr={0x2a, 0x4, 0x1}, 0x80, &(0x7f00000011c0)=[{&(0x7f0000000280)="27031c00160014000000002f1eafacf706e105000000894f00050003ee0b80558ddbba9b37242d37a518fc9c5be50eaf07c3650596", 0x35}], 0x1}, 0x4)

10m59.039105947s ago: executing program 8 (id=2292):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000022c0)=@delchain={0x1a4, 0x65, 0x200, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xf, 0x7}, {0xf, 0xe}, {0x0, 0xb}}, [@filter_kind_options=@f_basic={{0xa}, {0x174, 0x2, [@TCA_BASIC_EMATCHES={0x168, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_LIST={0x38, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0x8, 0x3, 0xc295}, {0x2, 0x5, 0x401, 0x2}}}, @TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x2, 0x1, 0x8}, {0x7, 0x80000000, 0x2, 0x7, 0x7}}}]}, @TCA_EMATCH_TREE_LIST={0x114, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x100, 0x3, 0x0, 0x0, {{0xdb, 0x9, 0x151}, [@TCA_EM_IPT_MATCH_DATA={0xf1, 0x5, "895f788f8d9807b0ac27998b7e1d250b668b5f45d00cc0d54c7434b880beaaa4ee53ed66c9f21cb39aca2a39c7079a67a2817613f3fedba358b842797d0fa292d02bbfde8d87707bf564b640396e496be00153e391e08a73d7cfe2a18e620e4aad3d7bb6d554645dbd3b95ea3561482a9887787e8c7ea5e1cfd68e71c13aba084ec7dbfafb8ced693b8d667d32a9752213b602d9d6fc0bf97f6f04cf11b01ad475a705273cbeffb952efa04e10a8018de422f7aebff38d0c684ecc72beccb5d904539218a1d09b1dc849be6b5f27c2dcbfc63f27d7ebd748f3fd2f5c8cf8983c897f2397167fca1a3478de3f69"}]}}, @TCF_EM_NBYTE={0x10, 0x2, 0x0, 0x0, {{}, {0x5, 0x0, 0x2}}}]}, @TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0xc, 0x2, 0x0, 0x0, {{0x8}}}]}]}, @TCA_BASIC_CLASSID={0x8, 0x1, {0xffe0, 0x1}}]}}]}, 0x1a4}, 0x1, 0x0, 0x0, 0x80}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

10m58.805072394s ago: executing program 5 (id=2293):
r0 = socket$inet6_icmp(0xa, 0x2, 0x3a)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @mcast1, 0x1}, 0x1c)

10m58.631014472s ago: executing program 5 (id=2295):
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000140)={0x0, 0x300, 0x0, &(0x7f0000000180)=[0x6bd1a312, 0x2ec66, 0x8, 0x8, 0x7, 0x800000000000009, 0x0, 0x1001, 0x10000, 0x100, 0x9004, 0x40000000000000, 0x3, 0x5, 0x5, 0x49, 0x3ff, 0x2, 0x0, 0xb, 0x8000000008, 0x4391, 0x1c1, 0x1000000003, 0x2, 0x2, 0x9, 0x7, 0x96, 0xffffffff, 0xffffffff00000000, 0x0, 0x9, 0x7, 0x23b, 0x3, 0x2, 0x8890, 0x8, 0x8, 0x6, 0x6, 0x3, 0xa3de, 0x4, 0x8, 0x5c3e, 0x622, 0x1, 0x5, 0xfffffffffffffff8, 0x1, 0xe, 0x7, 0x4, 0x100000000, 0x200000000000101, 0x5, 0x9, 0x66, 0x6, 0x7, 0x40000005, 0xfffffffeffffffff, 0x0, 0xd, 0x9, 0xe8, 0x80000000, 0xfffffffffffffc00, 0x2, 0x4, 0x2, 0xcdc, 0x7, 0x2, 0x3, 0x2, 0x5, 0xfff, 0x6, 0x4, 0x6, 0xab6, 0x8000000, 0x4, 0xfff, 0xffffffffffffff81, 0x9, 0x8000000000000000, 0x5, 0xff8, 0x5, 0x400000000008061d, 0x6, 0x8, 0xf6, 0x7, 0x6, 0x200, 0x7, 0xe53a, 0x30, 0x2, 0x2293332f, 0x6, 0x34, 0x0, 0xd, 0x2, 0x4000005, 0x2, 0x2, 0x7, 0x8, 0xfffd, 0xb, 0x8, 0x8, 0x1, 0x53e0f0fe, 0xeb4, 0x3, 0xfffffffffffffffe, 0xb692, 0x3ffc00000, 0x8, 0x3]})
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x6, 0x3, 0x8000000000005, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x6, 0x100000000000bdb], 0xffff1001, 0x124182})
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000180)={0x37})

10m58.338957214s ago: executing program 5 (id=2298):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x3, 0xc, &(0x7f0000000100)=@framed={{0x18, 0x2, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x20000}, [@call={0x85, 0x0, 0x0, 0x27}, @printk={@lli}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x7, 0x0, &(0x7f0000000200)="9e36d448b388dd", 0x0, 0x0, 0xe8030000, 0x0, 0x0, 0x0, 0x0}, 0x50)

10m58.107207504s ago: executing program 5 (id=2300):
r0 = socket(0x11, 0x800000003, 0x1)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x8c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}, {0x0, 0x6}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, [0x8, 0x4, 0x0, 0x0, 0x2], [0x0, 0x8]}}]}}]}, 0x8c}}, 0x0)

10m45.657310569s ago: executing program 37 (id=2280):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x9, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10}, 0x94)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000004c0)={'syzkaller0\x00', @link_local})
write$cgroup_subtree(r0, &(0x7f0000000380)=ANY=[], 0xe)

10m43.660996471s ago: executing program 38 (id=2292):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000022c0)=@delchain={0x1a4, 0x65, 0x200, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xf, 0x7}, {0xf, 0xe}, {0x0, 0xb}}, [@filter_kind_options=@f_basic={{0xa}, {0x174, 0x2, [@TCA_BASIC_EMATCHES={0x168, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_LIST={0x38, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0x8, 0x3, 0xc295}, {0x2, 0x5, 0x401, 0x2}}}, @TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x2, 0x1, 0x8}, {0x7, 0x80000000, 0x2, 0x7, 0x7}}}]}, @TCA_EMATCH_TREE_LIST={0x114, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x100, 0x3, 0x0, 0x0, {{0xdb, 0x9, 0x151}, [@TCA_EM_IPT_MATCH_DATA={0xf1, 0x5, "895f788f8d9807b0ac27998b7e1d250b668b5f45d00cc0d54c7434b880beaaa4ee53ed66c9f21cb39aca2a39c7079a67a2817613f3fedba358b842797d0fa292d02bbfde8d87707bf564b640396e496be00153e391e08a73d7cfe2a18e620e4aad3d7bb6d554645dbd3b95ea3561482a9887787e8c7ea5e1cfd68e71c13aba084ec7dbfafb8ced693b8d667d32a9752213b602d9d6fc0bf97f6f04cf11b01ad475a705273cbeffb952efa04e10a8018de422f7aebff38d0c684ecc72beccb5d904539218a1d09b1dc849be6b5f27c2dcbfc63f27d7ebd748f3fd2f5c8cf8983c897f2397167fca1a3478de3f69"}]}}, @TCF_EM_NBYTE={0x10, 0x2, 0x0, 0x0, {{}, {0x5, 0x0, 0x2}}}]}, @TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0xc, 0x2, 0x0, 0x0, {{0x8}}}]}]}, @TCA_BASIC_CLASSID={0x8, 0x1, {0xffe0, 0x1}}]}}]}, 0x1a4}, 0x1, 0x0, 0x0, 0x80}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

10m42.604720914s ago: executing program 39 (id=2300):
r0 = socket(0x11, 0x800000003, 0x1)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x8c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}, {0x0, 0x6}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, [0x8, 0x4, 0x0, 0x0, 0x2], [0x0, 0x8]}}]}}]}, 0x8c}}, 0x0)

10m9.956846625s ago: executing program 9 (id=2421):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x202)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000780)={0xfffffffe, 0x0, 0x0, 'queue0\x00', 0x48})
pipe(&(0x7f0000000200))
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

10m9.773702265s ago: executing program 9 (id=2422):
socket$tipc(0x1e, 0x2, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2, 0x0, 0x8}, 0x18)
ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x8000000000, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x3, 0x0, 0x0, 0x7fffffff, 0xfffffffffffffffc}, 0x0, 0x0)

10m8.773130425s ago: executing program 9 (id=2423):
r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0xa, 0x9, 0x8, 0x2}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x6, &(0x7f0000000180)=@framed={{0x18, 0x2}, [@map_fd={0x18, 0x3, 0x1, 0x0, r0}, @call={0x85, 0x0, 0x0, 0x26}]}, &(0x7f0000000080)='GPL\x00'}, 0x94)

10m8.686278116s ago: executing program 9 (id=2424):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = open(&(0x7f0000000380)='./bus\x00', 0x240, 0x0)
r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES8=r2], 0x2b)
syz_genetlink_get_family_id$tipc(0x0, r2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000380)={0x2020, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}, 0x2020)
r6 = gettid()
kcmp(r6, r6, 0x1, 0xffffffffffffffff, 0xffffffffffffffff)
bind$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x4e22, @multicast1}, 0x10)
prlimit64(r5, 0x4, &(0x7f0000000000)={0x5d, 0x6}, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000751c0110e60f00989ad1010203010902240001000000000904"], 0x0)
r7 = fsmount(r4, 0x1, 0x0)
fchdir(r7)
r8 = open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0)
write$FUSE_CREATE_OPEN(r8, &(0x7f0000000180)={0xa0, 0xfffffffffffffff5, 0x0, {{0x4, 0x1, 0x5, 0x6, 0x3, 0x1, {0x1, 0x180, 0xff, 0x5, 0x100, 0x7cf4, 0x9, 0x7ffffffd, 0xfffffffe, 0x8000, 0x0, 0xee00, 0x0, 0x3ff, 0x1}}, {0x0, 0x11}}}, 0xa0)
sendfile(r8, r8, &(0x7f0000000080), 0x7f03)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r9=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x148, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xfffffffe, {0x0, 0x0, 0x0, r9, {0x0, 0xb}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "0a1fb0699d46dac48f29d158dbe8cfb1979e12979688dc039b90627d7b60f0d5ca47f33eed46409b7c8722ce020df6b24c2e6ac7b97dc04d01be2092874115214b1ebb764511f69cd1e9f6263346363d2c639c7667ce67af25166c2f0f85f36aa8867406119c2a6f1f892e31dea982c5ab0348d560eae59ea49ef95d73202a6e3b5e1eb38244e694e7410d33bc92794ad27031f2a19698b51424df36e2a876a4fc871207bf12a84f1d4d132f5bb7edcf2d08d677e6a7268e106b6ced3c7f53df24092ddb9e0fac6a1153c3fc88bfd1404fef22cf3e825a6e19c6a48a5444eabb459af0ec9a278df4011773d2f2e6529ed0ad424b47ec67522477f979360b76d1"}, @TCA_RED_PARMS={0x14, 0x1, {0x3f26, 0x7, 0x81, 0x9, 0xb, 0x14, 0x5}}]}}]}, 0x148}, 0x1, 0x0, 0x0, 0x80}, 0x4000010)

10m5.496792853s ago: executing program 9 (id=2428):
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x770, 0x0, 0xbabd}, 0x1c)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca7193"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

10m4.356661572s ago: executing program 9 (id=2433):
r0 = socket$netlink(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), r0)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000100)=0xfffffffa, 0x4)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f00000002c0)=0x1, 0x4)
syz_clone(0x40200400, 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)

9m48.549122014s ago: executing program 40 (id=2433):
r0 = socket$netlink(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), r0)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000100)=0xfffffffa, 0x4)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f00000002c0)=0x1, 0x4)
syz_clone(0x40200400, 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)

5m33.461049575s ago: executing program 4 (id=3114):
openat(0xffffffffffffff9c, 0x0, 0x103042, 0x2)
preadv(0xffffffffffffffff, &(0x7f0000001600), 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="b4050000fdff7f006110a40000000000c60000000000000095000000000000009f33ef60916e6e713f1e6b0b725ad99b817fd98cd824498949714e32f21dcc4ae5437aca55f21f3ca9e822d182054d54d53cd2b6da714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed00000000000000000000000000000000000000006c63b40e0c00000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f79829c90bd2114252581567acae715cbe1b57d5cda432c5b9443999f7d24195405f2e76ba88454cc9227069ccb7b37b41215c000000003be991e5e897284cdd6043058cec00000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)

5m32.64795511s ago: executing program 4 (id=3116):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000850000000700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000140), r2)
sendmsg$IEEE802154_LLSEC_DEL_DEV(r1, 0x0, 0x8000054)
r3 = socket(0x1e, 0x4, 0x8)
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x1}, 0x10)
close(r3)
unshare(0x22020600)
setsockopt$XDP_TX_RING(0xffffffffffffffff, 0x11b, 0x3, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000080000000c"], 0x48)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYBLOB="8a450217000000001c00128009000100626f6e64000000000c000280080006"], 0x3c}}, 0x40)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000004)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000080021850000006d00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r7}, 0x10)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x13, r8, 0x0)
pipe(0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
writev(r0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0xe, &(0x7f0000000300)=@raw=[@func, @printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x35422b35}}, @func, @func={0x85, 0x0, 0x1, 0x0, 0x8}, @func={0x85, 0x0, 0x1, 0x0, 0x7}, @cb_func={0x18, 0x5, 0x4, 0x0, 0xfffffffffffffffb}], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94)

5m31.173254154s ago: executing program 4 (id=3118):
r0 = gettid()
timer_create(0xb, &(0x7f00000000c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = syz_open_dev$cec(&(0x7f0000000240), 0x0, 0x2182)
ioctl$CEC_RECEIVE(r1, 0xc0386106, &(0x7f0000000000)={0x0, 0x7, 0x1, 0x0, 0x0, 0x9, '&\x00', 0x0, 0x0, 0x4a, 0x0, 0x0, 0x0, 0xe})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)

5m25.889161701s ago: executing program 4 (id=3124):
socket$netlink(0x10, 0x3, 0x9)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="1c00000014000100000080000000000007000080080002"], 0x1c}], 0x1}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a80)=@bpf_tracing={0x1a, 0x22, &(0x7f0000000640)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0xe2bd}, [@exit, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x1}, @exit, @alu={0x7, 0x0, 0xb, 0x5, 0x8, 0xffffffffffffffff, 0xffffffffffffffff}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x3}, @jmp={0x5, 0x1, 0x0, 0x9, 0x3, 0x30, 0xffffffffffffffff}, @tail_call, @func={0x85, 0x0, 0x1, 0x0, 0x3}, @ringbuf_query]}, &(0x7f0000000580)='syzkaller\x00', 0x48980000, 0x98, &(0x7f0000000780)=""/152, 0x40f00, 0x12, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x6, 0x5}, 0x8, 0x10, &(0x7f0000000980)={0x0, 0x10, 0x48, 0xaa00}, 0x10, 0x28c21, 0xffffffffffffffff, 0x6, &(0x7f00000009c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000a00)=[{0x3, 0x2, 0x9, 0xc}, {0x1, 0x5, 0x2, 0x9}, {0x2, 0x1, 0xc, 0xc}, {0x2, 0x5, 0xe, 0x8}, {0x3, 0x2, 0xb, 0x2}, {0x3, 0x3, 0xb, 0x1}], 0x10, 0xffffffff}, 0x94)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b19, &(0x7f0000000000)={'wlan0\x00', @random="7cf1e97c9e4f"})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x8000000, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x34, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x7}, @TCA_NETEM_RATE64={0xc, 0x8, 0x4526dd370cbcddac}]}}}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r7, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
connect$rose(0xffffffffffffffff, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(0xffffffffffffffff, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000200)={@dev={0xfe, 0x80, '\x00', 0x34}, 0x0, 0x1, 0x0, 0x4, 0xfa, 0x9b0}, 0x20)

5m24.916064053s ago: executing program 4 (id=3128):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000850000000700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000140), r2)
sendmsg$IEEE802154_LLSEC_DEL_DEV(r1, 0x0, 0x8000054)
r3 = socket(0x1e, 0x4, 0x8)
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x1}, 0x10)
close(r3)
unshare(0x22020600)
setsockopt$XDP_TX_RING(0xffffffffffffffff, 0x11b, 0x3, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000080000000c"], 0x48)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYBLOB="8a450217000000001c00128009000100626f6e64000000000c000280080006"], 0x3c}}, 0x40)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000004)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000080021850000006d00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r7}, 0x10)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x13, r8, 0x0)
pipe(0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
writev(r0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0xe, &(0x7f0000000300)=@raw=[@func, @printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x35422b35}}, @func, @func={0x85, 0x0, 0x1, 0x0, 0x8}, @func={0x85, 0x0, 0x1, 0x0, 0x7}, @cb_func={0x18, 0x5, 0x4, 0x0, 0xfffffffffffffffb}], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94)

5m24.462409987s ago: executing program 4 (id=3130):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x100}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x8ffd0000, 0x71, 0x10, 0x3b}, [@ldst={0x6, 0x3, 0x3, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8}, 0x94)
syz_usb_connect$uac1(0x5, 0x8d, &(0x7f0000000d00)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7b, 0x3, 0x1, 0x2, 0x80, 0x8, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x525, 0x4}, [@output_terminal={0x9, 0x24, 0x3, 0x5, 0x302, 0x4, 0x3, 0x9}, @processing_unit={0xa, 0x24, 0x7, 0x1, 0x5, 0x4, "ca78b2"}, @output_terminal={0x9, 0x24, 0x3, 0x2, 0x304, 0x5, 0x4, 0x6}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0xe, 0xf, 0x7, {0x7, 0x25, 0x1, 0x80, 0x10}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x10, 0xd4, 0x8, 0x1, {0x7, 0x25, 0x1, 0x82, 0x6, 0x7}}}}}}}]}}, &(0x7f0000001140)={0x0, 0x0, 0x0, 0x0})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
r3 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000400)={0xf0f071, 0x19})
r4 = syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0)
tkill(r4, 0x13)
waitid(0x0, r4, &(0x7f0000000380), 0x2, 0x0)
sendto$inet(r2, &(0x7f00000002c0)="88", 0x1, 0x31, 0x0, 0x0)
recvfrom$inet(r2, &(0x7f0000000200)=""/185, 0xb9, 0x40000002, 0x0, 0x0)
write(r2, &(0x7f0000000500), 0x0)
sendto$inet(r2, &(0x7f00000004c0)="3ce2de", 0x3, 0x805, 0x0, 0x0)

5m8.422898867s ago: executing program 41 (id=3130):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x100}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x8ffd0000, 0x71, 0x10, 0x3b}, [@ldst={0x6, 0x3, 0x3, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8}, 0x94)
syz_usb_connect$uac1(0x5, 0x8d, &(0x7f0000000d00)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7b, 0x3, 0x1, 0x2, 0x80, 0x8, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x525, 0x4}, [@output_terminal={0x9, 0x24, 0x3, 0x5, 0x302, 0x4, 0x3, 0x9}, @processing_unit={0xa, 0x24, 0x7, 0x1, 0x5, 0x4, "ca78b2"}, @output_terminal={0x9, 0x24, 0x3, 0x2, 0x304, 0x5, 0x4, 0x6}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0xe, 0xf, 0x7, {0x7, 0x25, 0x1, 0x80, 0x10}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x10, 0xd4, 0x8, 0x1, {0x7, 0x25, 0x1, 0x82, 0x6, 0x7}}}}}}}]}}, &(0x7f0000001140)={0x0, 0x0, 0x0, 0x0})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
r3 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000400)={0xf0f071, 0x19})
r4 = syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0)
tkill(r4, 0x13)
waitid(0x0, r4, &(0x7f0000000380), 0x2, 0x0)
sendto$inet(r2, &(0x7f00000002c0)="88", 0x1, 0x31, 0x0, 0x0)
recvfrom$inet(r2, &(0x7f0000000200)=""/185, 0xb9, 0x40000002, 0x0, 0x0)
write(r2, &(0x7f0000000500), 0x0)
sendto$inet(r2, &(0x7f00000004c0)="3ce2de", 0x3, 0x805, 0x0, 0x0)

2m23.669962282s ago: executing program 7 (id=3487):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r1=>0x0})
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r2, &(0x7f00000000c0)={0x1d, r1, 0x2, {0x0, 0xf0, 0x4}, 0xfd}, 0x18)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
sendmsg$can_j1939(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x1d, 0x0, 0x2, {0x1, 0xff}}, 0x18, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x2400c055}, 0x20000000)

2m23.390767543s ago: executing program 7 (id=3488):
syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff)
r0 = socket(0x2a, 0x2, 0x0)
ioctl$SIOCSIFMTU(r0, 0x541b, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000033c0)={0x53, 0x0, 0x0, 0xfa, @scatter={0x0, 0x0, &(0x7f0000000a80)}, 0x0, 0x0, 0x0, 0x0, 0x800001, 0x0})
r3 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0xe0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000004c0), <r4=>0x0, 0xa7, &(0x7f0000000500)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000540), &(0x7f0000000580), 0x8, 0xcd, 0x8, 0x8, &(0x7f00000005c0)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000000000000015000200071b1750bd030100000000009500000000000000bc26080000000000bf67000000000000070300000fff0700670200000300000016060a000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586"], &(0x7f0000000100)='GPL\x00'}, 0x48)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x1e)
sendmsg$nl_route(r6, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)

2m15.650809919s ago: executing program 7 (id=3503):
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0)
syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x8000000004)
socket$l2tp6(0xa, 0x2, 0x73)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140))
socket(0x2, 0x80805, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES64=r0], 0x54}}, 0x0)

2m15.142769368s ago: executing program 7 (id=3505):
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8b37, &(0x7f0000000000)={'wlan0\x00'})
fsopen(&(0x7f0000000300)='binfmt_misc\x00', 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x802)
syz_io_uring_submit(0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x7a98, 0x0, 0x0, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='yeah\x00', 0x5)
mmap(&(0x7f000026f000/0x1000)=nil, 0x1000, 0x2000007, 0x38011, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @private, @multicast1}, @address_request={0x11, 0x2, 0x0, 0xe0000001}}}}}, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)

2m13.967353796s ago: executing program 7 (id=3507):
statx(0xffffffffffffffff, 0x0, 0x800, 0x800, &(0x7f00000006c0))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

2m13.055373196s ago: executing program 7 (id=3509):
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000240)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x4e21, 0xfffffffe, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x8}}}, 0x108)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYRES16, @ANYBLOB="050000000000000000000200000008000300", @ANYRES32, @ANYBLOB="2d000e0080000000ffffffffffff0802110000000802110000000000000000000000000064000000250300000000000008"], 0x80}}, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x20}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0xfe, 0x0, 0x13, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2, 0xfffd}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e)

1m57.871742413s ago: executing program 42 (id=3509):
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000240)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x4e21, 0xfffffffe, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x8}}}, 0x108)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYRES16, @ANYBLOB="050000000000000000000200000008000300", @ANYRES32, @ANYBLOB="2d000e0080000000ffffffffffff0802110000000802110000000000000000000000000064000000250300000000000008"], 0x80}}, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x20}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0xfe, 0x0, 0x13, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2, 0xfffd}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e)

8.717025234s ago: executing program 3 (id=3705):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r3)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002700)=@getpolicy={0xfc, 0x15, 0x711, 0x70bd2b, 0x25dfdbfb, {{@in6=@local, @in=@private=0xa010102, 0x4e21, 0x4, 0x4e21, 0x101, 0x2, 0xd0, 0xa0, 0x32}, 0x0, 0x1}, [@lastused={0xc, 0xf, 0x7}, @replay_val={0x10, 0xa, {0x3, 0x70bd29, 0xb4d}}, @encap={0x1c, 0x4, {0xffffffffffffffff, 0x4e23, 0x4e21, @in=@remote}}, @replay_val={0x10, 0xa, {0x70bd27, 0x70bd2a, 0x9d}}, @algo_comp={0x62, 0x3, {{'lzs\x00'}, 0xd0, "6ebbb7f66822236e2855d25d9bdffbff27832c850d782ed3c351"}}]}, 0xfc}, 0x1, 0x0, 0x0, 0x40800}, 0x24004000)

7.564315775s ago: executing program 3 (id=3706):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r2, 0x0, 0x4008840)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0x0, 0x1, 0x1009, 0x7f}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0x0, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=@newqdisc={0x64, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r4, {}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x34, 0x2, [@TCA_CAKE_FLOW_MODE={0x8, 0x5, 0x4}, @TCA_CAKE_INGRESS={0x8, 0xf, 0x1}, @TCA_CAKE_AUTORATE={0x8, 0x9, 0xd}, @TCA_CAKE_NAT={0x8}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x3}, @TCA_CAKE_ACK_FILTER={0x8, 0x10, 0x1}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000051}, 0x4000)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
bind$inet6(r0, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454da, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000ff94000000000000004f67ad790000000000000000000000c116c2d874da9ed5df41f10f9de5ed790b1e0578d943bc58516db61756acd7d70b801a85ad52e98585ca8fe2be16a5dc88e7f0c6ad8f0671b0a7213bff43c204982e1cba2c618897f73d9cd5f4edf9205e117579f17d2088c7e04f208388f3fb007b70190842bf61f49563eae9b3802225680009bc51f91982f92fa5fe79c5bf237515277ee36b06bcddf67450472d9b1563ed6f32b8"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x80400, 0x0)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

6.451439009s ago: executing program 3 (id=3710):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc0000001900010000000000fcdbdf2500000000000000000000000000000000fe8000000000000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000400000000000000000000a94e000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000001000000000000004400050000000000000000000000000000000000000000022b0000000a000000fe8000000000000000000000000000aa00000000"], 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
r1 = socket$inet(0x2, 0x1, 0x0)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='batadv_slave_0\x00', 0x10)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10)

6.194001772s ago: executing program 3 (id=3712):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x2, 0x80805, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x3, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b000000000000000000", @ANYBLOB='\x00\x00\x00@'], 0x50)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000540)={r5, &(0x7f0000000480), &(0x7f0000000340)=@tcp=r1}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000380)={r6, r3, 0x25, 0x2, @val=@tcx}, 0x1c)
syz_emit_ethernet(0x3e, &(0x7f0000000bc0)=ANY=[], 0x0)

4.530904438s ago: executing program 0 (id=3718):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r2, 0x0, 0x4008840)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0x0, 0x1, 0x1009, 0x7f}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0x0, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=@newqdisc={0x64, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r4, {}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x34, 0x2, [@TCA_CAKE_FLOW_MODE={0x8, 0x5, 0x4}, @TCA_CAKE_INGRESS={0x8, 0xf, 0x1}, @TCA_CAKE_AUTORATE={0x8, 0x9, 0xd}, @TCA_CAKE_NAT={0x8}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x3}, @TCA_CAKE_ACK_FILTER={0x8, 0x10, 0x1}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000051}, 0x4000)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
bind$inet6(r0, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454da, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000ff94000000000000004f67ad790000000000000000000000c116c2d874da9ed5df41f10f9de5ed790b1e0578d943bc58516db61756acd7d70b801a85ad52e98585ca8fe2be16a5dc88e7f0c6ad8f0671b0a7213bff43c204982e1cba2c618897f73d9cd5f4edf9205e117579f17d2088c7e04f208388f3fb007b70190842bf61f49563eae9b3802225680009bc51f91982f92fa5fe79c5bf237515277ee36b06bcddf67450472d9b1563ed6f32b8"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x80400, 0x0)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

4.104450614s ago: executing program 2 (id=3721):
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001080), 0x0, 0x0)
ioctl$SNDCTL_SEQ_RESET(r0, 0x5100)
ioctl$SNDCTL_SEQ_RESET(r0, 0x5100)

3.97916193s ago: executing program 2 (id=3722):
mkdir(0x0, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x800, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f00000002c0)=@file={0x1, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth0_to_team\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="680000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e00300002800800010010000000100005800a000400aaaaaaaaaabb000008000300030000000a000400aaaaaaaab1aa000008000500", @ANYRES32=r1], 0x68}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)

2.80732242s ago: executing program 2 (id=3723):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
syz_genetlink_get_family_id$SEG6(&(0x7f00000011c0), 0xffffffffffffffff)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$IP_VS_SO_GET_TIMEOUT(0xffffffffffffffff, 0x0, 0x486, 0x0, 0x0)
sendto(0xffffffffffffffff, &(0x7f0000000740), 0x0, 0x8804, 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000580)={0x0, 0x0, r4, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r3, 0xc01864b0, &(0x7f0000000240)={r4, r5, 0x0, 0x0, 0x4})
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r3, 0xc01864b0, &(0x7f0000000000)={r4, r5, 0x1, 0x0, 0x1000000000003})

2.806383629s ago: executing program 0 (id=3724):
socket(0x1d, 0x2, 0x6)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="480000002d00010026070000fcbedf250400000008000c00", @ANYRES32], 0x48}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)

2.32907935s ago: executing program 0 (id=3725):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000000)={<r1=>0xffffffffffffffff}, 0x111, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x7fe, @empty, 0x1}, {0xa, 0x4e20, 0x1ff, @dev={0xfe, 0x80, '\x00', 0x1d}, 0x2}, r1, 0xb}}, 0x48)
write$RDMA_USER_CM_CMD_DESTROY_ID(r0, &(0x7f0000000f80)={0x1, 0x10, 0xfa00, {0x0, r1}}, 0x18)

2.24204904s ago: executing program 0 (id=3726):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x8, 0x0, 0xfffffdfc}, 0x0, &(0x7f0000000280)=<r1=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, r1, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0)

1.719747239s ago: executing program 2 (id=3727):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f00000000c0)={0x84, @local, 0x4e20, 0x3, 'rr\x00', 0x30, 0x4, 0x68}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000000)={{0x84, @broadcast, 0x4e21, 0x3, 'fo\x00', 0x11, 0x3240, 0x3a}, {@loopback, 0x4e23, 0x4, 0xc3, 0x12d5c, 0x12d5c}}, 0x44)
setsockopt$IP_VS_SO_SET_DELDEST(r1, 0x0, 0x488, &(0x7f0000000280)={{0x84, @remote, 0x4e20, 0x3, 'rr\x00', 0x1d, 0x2, 0x2a}, {@loopback, 0x4e23, 0x10000, 0xc24, 0x9, 0xfffffffb}}, 0x44)

1.613060361s ago: executing program 0 (id=3728):
socket$inet6(0xa, 0x1, 0x0)
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000ac0)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd21, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0xc, 0x8}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_FLAGS={0x8, 0x3, 0x1}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xc, 0xc}, {0x0, 0xfff1}, {0xfff2, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x4041080)

1.155557381s ago: executing program 2 (id=3729):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc0000001900010000000000fcdbdf2500000000000000000000000000000000fe8000000000000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000400000000000000000000a94e000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000001000000000000004400050000000000000000000000000000000000000000022b0000000a000000fe8000000000000000000000000000aa00000000"], 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
r1 = socket$inet(0x2, 0x1, 0x0)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='batadv_slave_0\x00', 0x10)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10)

960.988028ms ago: executing program 3 (id=3730):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x114, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
getdents64(0xffffffffffffffff, 0xffffffffffffffff, 0x18)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0xccd4453e7e835cf8, 0x0, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000040)={0x13, 0x10, 0xfa00, {0x0}}, 0x18)

804.37393ms ago: executing program 2 (id=3731):
mkdir(0x0, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x800, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f00000002c0)=@file={0x1, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth0_to_team\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="680000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e00300002800800010010000000100005800a000400aaaaaaaaaabb000008000300030000000a000400aaaaaaaab1aa000008000500", @ANYRES32=r1], 0x68}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)

724.100575ms ago: executing program 0 (id=3732):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r3, 0x107, 0x5, 0x0, 0x0)
clock_getres(0x8, 0x0)

0s ago: executing program 3 (id=3733):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}}, 0x4044004)
recvmmsg(r0, &(0x7f0000005dc0)=[{{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, 0x0}, 0x10003}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000009c0)}, 0x80000002}], 0x4, 0x0, 0x0)

kernel console output (not intermixed with test programs):

 878.195190][ T8862] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  878.261432][ T8862] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  878.261866][ T8862] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  878.261890][ T8862] usb 4-1: Manufacturer: syz
[  878.319663][ T8862] usb 4-1: config 0 descriptor??
[  879.023306][ T8862] rc_core: IR keymap rc-hauppauge not found
[  879.023323][ T8862] Registered IR keymap rc-empty
[  879.024328][ T8862] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  879.053309][ T8862] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  879.084852][ T8862] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  879.106925][ T8862] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input8
[  879.212724][ T8862] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  879.243588][ T8862] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  879.263187][ T8862] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  879.293565][ T8862] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  879.323332][ T8862] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  879.343943][ T8862] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  879.363171][ T8862] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  879.393231][ T8862] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  879.415198][ T8862] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  879.443137][ T8862] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  879.475688][ T8862] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  879.475717][ T8862] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  879.538029][ T8862] usb 4-1: USB disconnect, device number 14
[  879.756420][T14531] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2583'.
[  880.846321][T14227] usb 3-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  880.983575][T14227] usb 3-1: USB disconnect, device number 11
[  881.590421][T14195] udevd[14195]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  881.756559][T14531] team0: Port device team_slave_0 removed
[  882.853255][T14227] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  883.200261][T14227] usb 8-1: unable to get BOS descriptor or descriptor too short
[  883.327978][T14594] netlink: 'syz.3.2604': attribute type 4 has an invalid length.
[  883.329586][T14227] usb 8-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 212, changing to 7
[  883.329610][T14227] usb 8-1: config 1 interface 1 has no altsetting 0
[  883.416904][T14227] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  883.416934][T14227] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  883.416948][T14227] usb 8-1: Product: syz
[  883.416958][T14227] usb 8-1: Manufacturer: syz
[  883.416969][T14227] usb 8-1: SerialNumber: syz
[  886.689089][T14634] loop8: detected capacity change from 0 to 8
[  886.745075][T14634] Dev loop8: unable to read RDB block 8
[  886.745136][T14634]  loop8: unable to read partition table
[  886.745388][T14634] loop8: partition table beyond EOD, truncated
[  886.745411][T14634] loop_reread_partitions: partition scan of loop8 (₫被xü^>Ñà– ) failed (rc=-5)
[  886.963066][T14309] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  887.113086][T14309] usb 1-1: Using ep0 maxpacket: 16
[  887.130035][T14309] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  887.150988][T14309] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  887.151308][T14309] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  887.151332][T14309] usb 1-1: Product: syz
[  887.151347][T14309] usb 1-1: Manufacturer: syz
[  887.151363][T14309] usb 1-1: SerialNumber: syz
[  887.342996][T14309] usb 1-1: config 0 descriptor??
[  887.437759][T14309] CoreChips 1-1:0.0: probe with driver CoreChips failed with error -22
[  887.840484][ T8862] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[  887.900092][ T8862] hid-generic 0000:0000:0000.0011: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  887.928840][ T8862] usb 1-1: USB disconnect, device number 24
[  888.592720][T14643] fido_id[14643]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  888.654453][T14227] usb 8-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  889.573118][T14660] loop2: detected capacity change from 0 to 127
[  889.989615][T14667] fuse: Invalid rootmode
[  890.018006][ T6018] usb 8-1: USB disconnect, device number 13
[  891.916391][T14703] fuse: Invalid rootmode
[  892.652942][ T6018] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  892.811324][ T6018] usb 5-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  892.811403][ T6018] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  892.813613][ T6018] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  892.813648][ T6018] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  892.835477][ T6018] usb 5-1: config 0 descriptor??
[  892.863248][ T6018] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  892.936363][ T8862] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  893.386282][ T8862] usb 4-1: unable to get BOS descriptor or descriptor too short
[  893.391507][ T8862] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 212, changing to 7
[  893.391533][ T8862] usb 4-1: config 1 interface 1 has no altsetting 0
[  893.467444][ T8862] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  893.467477][ T8862] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  893.467498][ T8862] usb 4-1: Product: syz
[  893.467513][ T8862] usb 4-1: Manufacturer: syz
[  893.467528][ T8862] usb 4-1: SerialNumber: syz
[  893.742431][T14725] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2644'.
[  893.743102][T14725] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2644'.
[  893.752188][   T38] audit: type=1326 audit(1756407190.121:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14724 comm="syz.0.2644" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff8b6ccebe9 code=0x0
[  893.817693][T14727] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  894.998187][  T990] usb 5-1: USB disconnect, device number 6
[  895.743297][  T990] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  895.892925][  T990] usb 1-1: Using ep0 maxpacket: 16
[  895.901276][  T990] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  895.941755][  T990] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  895.942135][  T990] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  895.942164][  T990] usb 1-1: Product: syz
[  895.942180][  T990] usb 1-1: Manufacturer: syz
[  895.942195][  T990] usb 1-1: SerialNumber: syz
[  896.071576][  T990] usb 1-1: config 0 descriptor??
[  896.149505][  T990] CoreChips 1-1:0.0: probe with driver CoreChips failed with error -22
[  897.200317][T14751] block nbd2: shutting down sockets
[  897.354925][T14309] usb 1-1: USB disconnect, device number 25
[  898.603166][ T8862] usb 4-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  899.356725][ T8862] usb 4-1: USB disconnect, device number 15
[  899.645191][   T31] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  899.696981][T14775] netlink: 'syz.3.2660': attribute type 39 has an invalid length.
[  899.796263][   T31] usb 1-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  899.796592][   T31] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  899.796639][   T31] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  899.796663][   T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  899.870032][   T31] usb 1-1: config 0 descriptor??
[  899.913449][   T31] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  901.668796][T14796] fuse: Unknown parameter '0x0000000000000006'
[  901.832981][T14796] input: syz0 as /devices/virtual/input/input9
[  902.381039][T14794] block nbd7: shutting down sockets
[  902.778745][ T6018] usb 1-1: USB disconnect, device number 26
[  902.862197][T14798] loop2: detected capacity change from 0 to 127
[  902.913495][ T5205]  loop2: AHDI p1 p2 p3
[  902.913820][ T5205] loop2: p1 start 1601398130 is beyond EOD, truncated
[  902.913842][ T5205] loop2: p2 start 1702059890 is beyond EOD, truncated
[  902.957911][T14798]  loop2: AHDI p1 p2 p3
[  902.960144][T14798] loop2: p1 start 1601398130 is beyond EOD, truncated
[  902.960172][T14798] loop2: p2 start 1702059890 is beyond EOD, truncated
[  903.350795][ T5205]  loop2: AHDI p1 p2 p3
[  903.351112][ T5205] loop2: p1 start 1601398130 is beyond EOD, truncated
[  903.351135][ T5205] loop2: p2 start 1702059890 is beyond EOD, truncated
[  903.502984][T14814] ubi31: attaching mtd0
[  903.585062][T14814] ubi31: scanning is finished
[  903.585110][T14814] ubi31: empty MTD device detected
[  907.721471][T14814] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  908.033590][ T8862] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  908.120852][T14844] block nbd0: shutting down sockets
[  908.185437][ T8862] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  908.185513][ T8862] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  908.185566][ T8862] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  908.185589][ T8862] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  908.237346][ T8862] usb 4-1: config 0 descriptor??
[  908.307603][ T8862] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  910.150083][    C0] vkms_vblank_simulate: vblank timer overrun
[  910.230566][T14868] 9pnet_fd: Insufficient options for proto=fd
[  911.136983][T14881] loop8: detected capacity change from 0 to 8
[  911.145252][T14881] Dev loop8: unable to read RDB block 8
[  911.145321][T14881]  loop8: unable to read partition table
[  911.145597][T14881] loop8: partition table beyond EOD, truncated
[  911.145620][T14881] loop_reread_partitions: partition scan of loop8 (₫被xü^>Ñà– ) failed (rc=-5)
[  911.629757][ T3119] usb 4-1: USB disconnect, device number 16
[  912.189390][T14892] block nbd3: shutting down sockets
[  912.948471][    C0] vkms_vblank_simulate: vblank timer overrun
[  913.104130][    C0] vkms_vblank_simulate: vblank timer overrun
[  913.134433][    C0] vkms_vblank_simulate: vblank timer overrun
[  913.278517][    C0] vkms_vblank_simulate: vblank timer overrun
[  913.519370][    C0] vkms_vblank_simulate: vblank timer overrun
[  914.466670][T14917] loop8: detected capacity change from 0 to 8
[  914.493043][T14917] Dev loop8: unable to read RDB block 8
[  914.493096][T14917]  loop8: unable to read partition table
[  914.493340][T14917] loop8: partition table beyond EOD, truncated
[  914.493360][T14917] loop_reread_partitions: partition scan of loop8 (₫被xü^>Ñà– ) failed (rc=-5)
[  914.703849][  T990] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  915.161674][  T990] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  915.161742][  T990] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  915.161789][  T990] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  915.161814][  T990] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  915.236873][  T990] usb 8-1: config 0 descriptor??
[  915.260304][  T990] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[  915.393217][ T8862] Process accounting resumed
[  915.552087][T14926] nbd0: detected capacity change from 0 to 1024
[  915.666698][T14337] block nbd0: Send control failed (result -89)
[  915.666846][T14337] block nbd0: Request send failed, requeueing
[  915.692051][   T32] block nbd0: Dead connection, failed to find a fallback
[  915.692081][   T32] block nbd0: shutting down sockets
[  915.692227][   T32] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  915.692336][   T32] Buffer I/O error on dev nbd0, logical block 0, async page read
[  915.703092][T14337] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  915.703129][T14337] Buffer I/O error on dev nbd0, logical block 0, async page read
[  915.708028][T14337] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  915.708064][T14337] Buffer I/O error on dev nbd0, logical block 0, async page read
[  915.708257][T14337] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  915.708282][T14337] Buffer I/O error on dev nbd0, logical block 0, async page read
[  915.708455][T14337] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  915.708480][T14337] Buffer I/O error on dev nbd0, logical block 0, async page read
[  915.708674][T14337] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  915.708698][T14337] Buffer I/O error on dev nbd0, logical block 0, async page read
[  915.708992][T14337] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  915.709017][T14337] Buffer I/O error on dev nbd0, logical block 0, async page read
[  915.709184][T14337] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  915.709215][T14337] Buffer I/O error on dev nbd0, logical block 0, async page read
[  915.709315][T14337] ldm_validate_partition_table(): Disk read failed.
[  915.709465][T14337] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  915.709489][T14337] Buffer I/O error on dev nbd0, logical block 0, async page read
[  915.709662][T14337] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  915.709686][T14337] Buffer I/O error on dev nbd0, logical block 0, async page read
[  915.711240][T14337] Dev nbd0: unable to read RDB block 0
[  915.712047][T14337]  nbd0: unable to read partition table
[  915.745780][    C0] vkms_vblank_simulate: vblank timer overrun
[  915.776473][T14337] ldm_validate_partition_table(): Disk read failed.
[  915.777229][T14337] Dev nbd0: unable to read RDB block 0
[  915.778106][T14337]  nbd0: unable to read partition table
[  916.541848][T14944] netlink: 'syz.2.2716': attribute type 72 has an invalid length.
[  916.541873][T14944] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2716'.
[  917.045088][T14951] block nbd2: shutting down sockets
[  917.458777][ T8862] usb 8-1: USB disconnect, device number 14
[  917.704993][T14309] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[  917.929811][T14309] hid-generic 0000:0000:0000.0012: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  918.709944][ T5845] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  918.711113][ T5845] Bluetooth: hci3: Injecting HCI hardware error event
[  918.720384][T13469] Bluetooth: hci3: hardware error 0x00
[  918.781015][T14965] fido_id[14965]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  921.383110][T13469] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  921.633027][T14993] block nbd4: shutting down sockets
[  921.832901][ T3119] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  922.005827][ T3119] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  922.005887][ T3119] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  922.005932][ T3119] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  922.005956][ T3119] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  922.011805][ T3119] usb 1-1: config 0 descriptor??
[  922.068065][ T3119] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  924.688408][ T6018] usb 1-1: USB disconnect, device number 27
[  926.164638][ T5845] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  926.191820][ T5845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  926.202578][ T5845] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  926.224069][ T5845] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  926.225328][ T5845] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  926.456430][ T5945] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0
[  926.653939][ T5945] hid-generic 0000:0000:0000.0013: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  928.170730][T15049] bridge1: the hash_elasticity option has been deprecated and is always 16
[  928.170769][T15049] bridge1: entered allmulticast mode
[  928.265377][T13469] Bluetooth: hci1: command tx timeout
[  928.743023][T13469] Bluetooth: hci0: command 0x0406 tx timeout
[  929.633651][T15029] chnl_net:caif_netlink_parms(): no params data found
[  930.416067][ T5845] Bluetooth: hci1: command tx timeout
[  930.822985][ T8862] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  930.948207][   T38] audit: type=1326 audit(1756407227.321:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15070 comm="syz.2.2756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4e3b6ebe9 code=0x7ffc0000
[  930.948502][   T38] audit: type=1326 audit(1756407227.321:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15070 comm="syz.2.2756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4e3b6ebe9 code=0x7ffc0000
[  930.949599][   T38] audit: type=1326 audit(1756407227.321:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15070 comm="syz.2.2756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7ff4e3b6ebe9 code=0x7ffc0000
[  930.950583][   T38] audit: type=1326 audit(1756407227.321:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15070 comm="syz.2.2756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4e3b6ebe9 code=0x7ffc0000
[  930.951211][   T38] audit: type=1326 audit(1756407227.321:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15070 comm="syz.2.2756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4e3b6ebe9 code=0x7ffc0000
[  930.951513][   T38] audit: type=1326 audit(1756407227.321:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15070 comm="syz.2.2756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=197 compat=0 ip=0x7ff4e3b6ebe9 code=0x7ffc0000
[  930.951915][   T38] audit: type=1326 audit(1756407227.321:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15070 comm="syz.2.2756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4e3b6ebe9 code=0x7ffc0000
[  930.952516][   T38] audit: type=1326 audit(1756407227.321:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15070 comm="syz.2.2756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4e3b6ebe9 code=0x7ffc0000
[  930.996338][ T8862] usb 5-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  930.996411][ T8862] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  930.996464][ T8862] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  930.996491][ T8862] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  931.195687][ T8862] usb 5-1: config 0 descriptor??
[  931.306639][ T8862] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  931.390384][T15029] bridge0: port 1(bridge_slave_0) entered blocking state
[  931.390546][T15029] bridge0: port 1(bridge_slave_0) entered disabled state
[  931.390827][T15029] bridge_slave_0: entered allmulticast mode
[  931.422544][T15029] bridge_slave_0: entered promiscuous mode
[  931.444346][T15029] bridge0: port 2(bridge_slave_1) entered blocking state
[  931.453174][T15029] bridge0: port 2(bridge_slave_1) entered disabled state
[  931.453462][T15029] bridge_slave_1: entered allmulticast mode
[  931.456588][T15029] bridge_slave_1: entered promiscuous mode
[  931.705356][    C0] vkms_vblank_simulate: vblank timer overrun
[  932.565446][    C0] vkms_vblank_simulate: vblank timer overrun
[  932.602869][T13469] Bluetooth: hci1: command tx timeout
[  933.319209][   T31] usb 5-1: USB disconnect, device number 7
[  933.375694][    C0] vkms_vblank_simulate: vblank timer overrun
[  933.676731][T15029] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  933.723326][T15029] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  934.182956][T13469] Bluetooth: hci7: command 0x0406 tx timeout
[  934.673296][ T5845] Bluetooth: hci1: command tx timeout
[  935.053196][    C0] vkms_vblank_simulate: vblank timer overrun
[  935.628869][T15029] team0: Port device team_slave_0 added
[  935.648914][T15029] team0: Port device team_slave_1 added
[  936.163426][T15125] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2770'.
[  936.163456][T15125] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2770'.
[  936.165155][   T38] audit: type=1326 audit(1756407232.541:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15120 comm="syz.3.2770" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3ec6aeebe9 code=0x0
[  936.237069][T15126] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  936.250454][T15029] batman_adv: batadv0: Adding interface: batadv_slave_0
[  936.250474][T15029] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  936.250508][T15029] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  936.288095][T15029] batman_adv: batadv0: Adding interface: batadv_slave_1
[  936.288118][T15029] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  936.288153][T15029] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  936.414759][ T8862] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  936.567531][ T8862] usb 1-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  936.567596][ T8862] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  936.567739][ T8862] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  936.567765][ T8862] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  936.676718][ T8862] usb 1-1: config 0 descriptor??
[  936.738415][ T8862] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  937.736856][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  937.736965][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  938.062485][T15029] hsr_slave_0: entered promiscuous mode
[  938.076745][T15029] hsr_slave_1: entered promiscuous mode
[  938.077755][T15029] debugfs: 'hsr0' already exists in 'hsr'
[  938.077782][T15029] Cannot create hsr debugfs directory
[  939.107699][T15156] netlink: 1004 bytes leftover after parsing attributes in process `syz.2.2781'.
[  939.495540][ T8862] hid-generic 0000:0000:0000.0014: unknown main item tag 0x0
[  939.504580][ T8862] hid-generic 0000:0000:0000.0014: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  939.741436][ T8862] usb 1-1: USB disconnect, device number 28
[  940.342100][T15170] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 4096
[  941.101896][T15176] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2787'.
[  941.101921][T15176] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2787'.
[  941.117277][   T38] audit: type=1326 audit(1756407237.491:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15175 comm="syz.3.2787" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3ec6aeebe9 code=0x0
[  941.141211][T15029] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  941.258058][T15177] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  941.724787][T15029] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  942.110458][T15029] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  944.371756][ T5929] IPVS: starting estimator thread 0...
[  944.475796][T15194] IPVS: using max 6 ests per chain, 14400 per kthread
[  945.376098][T15029] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  945.545799][T15206] block nbd2: not configured, cannot reconfigure
[  945.663181][ T8862] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  945.817933][ T8862] usb 5-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  945.817999][ T8862] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  945.818045][ T8862] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  945.818069][ T8862] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  945.919360][ T8862] usb 5-1: config 0 descriptor??
[  945.999959][ T8862] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  946.211024][ T5929] hid-generic 0000:0000:0000.0015: unknown main item tag 0x0
[  946.311704][ T5929] hid-generic 0000:0000:0000.0015: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  948.711120][ T5929] usb 5-1: USB disconnect, device number 8
[  948.810145][T15220] fido_id[15220]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  949.374696][T15029] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  949.753617][T15029] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  950.713594][T15029] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  950.803114][T15029] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  950.937945][T15243] block nbd0: not configured, cannot reconfigure
[  951.403068][ T5945] usb 4-1: new low-speed USB device number 17 using dummy_hcd
[  951.404559][  T990] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  951.474044][T15029] 8021q: adding VLAN 0 to HW filter on device bond0
[  951.526127][T15029] 8021q: adding VLAN 0 to HW filter on device team0
[  951.555497][  T990] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  951.555549][  T990] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  951.555573][  T990] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  951.564462][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[  951.564687][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[  951.576939][ T5945] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  951.576984][ T5945] usb 4-1: config 0 has no interface number 0
[  951.577039][ T5945] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  951.577072][ T5945] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  951.577123][ T5945] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  951.577148][ T5945] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  951.668049][ T6383] bridge0: port 2(bridge_slave_1) entered blocking state
[  951.668234][ T6383] bridge0: port 2(bridge_slave_1) entered forwarding state
[  951.717211][  T990] usb 5-1: config 0 descriptor??
[  951.717211][ T5945] usb 4-1: config 0 descriptor??
[  951.719862][T15255] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  951.747389][  T990] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  951.951158][ T5945] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  951.993263][T15266] block nbd0: shutting down sockets
[  952.026899][ T5945] usb 4-1: USB disconnect, device number 17
[  953.184793][T15029] 8021q: adding VLAN 0 to HW filter on device batadv0
[  953.663466][T15293] block nbd2: not configured, cannot reconfigure
[  954.821656][  T990] usb 5-1: USB disconnect, device number 9
[  955.138712][T15317] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2827'.
[  955.183937][T15029] veth0_vlan: entered promiscuous mode
[  955.191604][T15029] veth1_vlan: entered promiscuous mode
[  955.228986][T15029] veth0_macvtap: entered promiscuous mode
[  955.240006][T15029] veth1_macvtap: entered promiscuous mode
[  955.263282][T15029] batman_adv: batadv0: Interface activated: batadv_slave_0
[  955.268174][T15029] batman_adv: batadv0: Interface activated: batadv_slave_1
[  955.336742][ T3579] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  955.411579][ T3579] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  955.447872][ T3579] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  955.566947][ T3579] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  955.995606][T15321] bridge0: port 2(bridge_slave_1) entered disabled state
[  956.117267][ T3579] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  956.117291][ T3579] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  956.326310][   T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  956.326333][   T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  956.547476][T15331] block nbd4: not configured, cannot reconfigure
[  958.283160][T14309] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  958.439561][T14309] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  958.439615][T14309] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  958.439638][T14309] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  958.477848][T15348] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2839'.
[  958.520533][T14309] usb 5-1: config 0 descriptor??
[  958.557864][T14309] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  959.343965][    C1] vkms_vblank_simulate: vblank timer overrun
[  960.268980][T15363] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2844'.
[  960.269006][T15363] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2844'.
[  960.299983][   T38] audit: type=1326 audit(1756407256.671:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15362 comm="syz.3.2844" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3ec6aeebe9 code=0x0
[  960.358880][T15365] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  960.846421][    C1] vkms_vblank_simulate: vblank timer overrun
[  961.172452][    C1] vkms_vblank_simulate: vblank timer overrun
[  961.286237][    C1] vkms_vblank_simulate: vblank timer overrun
[  961.401241][T14309] usb 5-1: USB disconnect, device number 10
[  961.413813][    C1] vkms_vblank_simulate: vblank timer overrun
[  962.030966][    C1] vkms_vblank_simulate: vblank timer overrun
[  962.218359][    C1] vkms_vblank_simulate: vblank timer overrun
[  962.260290][    C1] vkms_vblank_simulate: vblank timer overrun
[  962.369721][    C1] vkms_vblank_simulate: vblank timer overrun
[  962.703033][    C1] vkms_vblank_simulate: vblank timer overrun
[  962.729089][ T5845] Bluetooth: hci5: link tx timeout
[  962.729476][ T5845] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  962.936355][    C1] vkms_vblank_simulate: vblank timer overrun
[  963.119312][    C1] vkms_vblank_simulate: vblank timer overrun
[  963.323634][    C1] vkms_vblank_simulate: vblank timer overrun
[  964.258430][T15399] mmap: syz.0.2854 (15399) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  964.569647][    C1] vkms_vblank_simulate: vblank timer overrun
[  964.681784][T15403] bridge0: port 2(bridge_slave_1) entered disabled state
[  964.754123][ T5845] Bluetooth: hci5: command 0x0406 tx timeout
[  965.265139][    C1] vkms_vblank_simulate: vblank timer overrun
[  966.665229][T15432] loop2: detected capacity change from 0 to 127
[  966.886283][    C1] vkms_vblank_simulate: vblank timer overrun
[  967.222430][    C1] vkms_vblank_simulate: vblank timer overrun
[  967.250891][    C1] vkms_vblank_simulate: vblank timer overrun
[  967.277580][    C1] vkms_vblank_simulate: vblank timer overrun
[  967.378344][    C1] vkms_vblank_simulate: vblank timer overrun
[  967.892355][    C1] vkms_vblank_simulate: vblank timer overrun
[  968.293084][T15440] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2870'.
[  970.222958][T15458] 9pnet: p9_errstr2errno: server reported unknown error �
[  970.361115][T15462] loop4: detected capacity change from 0 to 7
[  970.413060][T15462] Dev loop4: unable to read RDB block 7
[  970.413098][T15462]  loop4: AHDI p1 p2
[  970.413131][T15462] loop4: partition table partially beyond EOD, truncated
[  970.549710][T15462] loop4: p1 size 4227858431 extends beyond EOD, truncated
[  970.900181][T14229] udevd[14229]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[  972.154387][T15485] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2886'.
[  975.444315][T15502] 8021q: adding VLAN 0 to HW filter on device bond1
[  980.573882][T15555] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2906'.
[  981.030817][T15544] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2904'.
[  986.093057][ T5914] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[  986.243028][ T5914] usb 8-1: Using ep0 maxpacket: 16
[  986.279823][ T5914] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  986.298040][ T5914] usb 8-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  986.298064][ T5914] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  986.298078][ T5914] usb 8-1: Product: syz
[  986.298088][ T5914] usb 8-1: Manufacturer: syz
[  986.298098][ T5914] usb 8-1: SerialNumber: syz
[  986.341843][ T5914] usb 8-1: config 0 descriptor??
[  986.356284][ T5914] CoreChips 8-1:0.0: probe with driver CoreChips failed with error -22
[  986.646244][T14305] usb 8-1: USB disconnect, device number 15
[  987.055924][T15623] block nbd4: shutting down sockets
[  991.650541][T15665] block nbd4: shutting down sockets
[  992.748594][T15678] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  992.784410][T15678] batadv_slave_0: entered promiscuous mode
[  995.968814][    C0] vkms_vblank_simulate: vblank timer overrun
[  997.219552][    C0] vkms_vblank_simulate: vblank timer overrun
[  997.392221][    C0] vkms_vblank_simulate: vblank timer overrun
[  998.351912][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  998.351990][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1000.621136][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1000.876725][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1004.518366][T15772] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2976'.
[ 1004.767825][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805d1ae000: rx timeout, send abort
[ 1004.829867][T15774] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2978'.
[ 1004.829895][T15774] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2978'.
[ 1005.664446][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805d1ae000: abort rx timeout. Force session deactivation
[ 1005.673340][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805a80d800: rx timeout, send abort
[ 1006.173456][    C0] vcan0 (unregistering): j1939_tp_rxtimer: 0xffff88805a80d800: abort rx timeout. Force session deactivation
[ 1007.547776][T15793] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1007.555116][T15793] batadv_slave_0: entered promiscuous mode
[ 1007.834027][T15797] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 1009.383160][T13469] Bluetooth: hci5: command 0x0406 tx timeout
[ 1011.604100][T15839] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2998'.
[ 1012.977055][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805aebec00: rx timeout, send abort
[ 1012.981374][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805aebec00: 0x10000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1012.983470][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805a899400: 0x10000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1013.461641][T15827] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1013.466768][T15827] batadv_slave_0: entered promiscuous mode
[ 1014.251771][    C1] vcan0: j1939_tp_rxtimer: 0xffff888032524000: rx timeout, send abort
[ 1014.252016][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888032524000: 0x10000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1014.252328][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805c158000: 0x10000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1014.363092][ T6018] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[ 1014.577802][ T6018] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1014.596896][ T6018] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 212, changing to 7
[ 1014.596934][ T6018] usb 3-1: config 1 interface 1 has no altsetting 0
[ 1014.941870][ T6018] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1014.941894][ T6018] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1014.941908][ T6018] usb 3-1: Product: syz
[ 1014.941918][ T6018] usb 3-1: Manufacturer: syz
[ 1014.941928][ T6018] usb 3-1: SerialNumber: syz
[ 1017.688096][T15883] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3013'.
[ 1018.985607][ T6018] usb 3-1: 2:1 : UAC_AS_GENERAL descriptor not found
[ 1019.119519][ T6018] usb 3-1: USB disconnect, device number 12
[ 1019.318077][T14229] udevd[14229]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1019.446297][T15902] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3021'.
[ 1023.323209][T15926] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3029'.
[ 1023.572279][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805d48b800: rx timeout, send abort
[ 1024.035249][T15902] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 1025.253272][T14309] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[ 1025.657482][T14309] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1025.660088][T14309] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 212, changing to 7
[ 1025.660133][T14309] usb 1-1: config 1 interface 1 has no altsetting 0
[ 1025.799953][T14309] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1025.799976][T14309] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1025.799991][T14309] usb 1-1: Product: syz
[ 1025.800001][T14309] usb 1-1: Manufacturer: syz
[ 1025.800012][T14309] usb 1-1: SerialNumber: syz
[ 1028.086253][  T990] IPVS: starting estimator thread 0...
[ 1028.183082][T15946] IPVS: using max 10 ests per chain, 24000 per kthread
[ 1028.561488][T14309] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found
[ 1028.775554][T14309] usb 1-1: USB disconnect, device number 29
[ 1028.898035][T15954] loop4: detected capacity change from 0 to 7
[ 1028.918322][T15954] Dev loop4: unable to read RDB block 7
[ 1028.918364][T15954]  loop4: AHDI p1 p2
[ 1028.918397][T15954] loop4: partition table partially beyond EOD, truncated
[ 1028.918683][T15954] loop4: p1 size 4227858431 extends beyond EOD, truncated
[ 1029.165199][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1029.227008][T14229] udevd[14229]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1029.240299][T15964] netlink: 36 bytes leftover after parsing attributes in process `syz.7.3042'.
[ 1029.670312][T14229] udevd[14229]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[ 1029.878388][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1029.904843][T15972] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1030.504477][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1030.880377][ T5914] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[ 1031.068037][ T5914] usb 8-1: unable to get BOS descriptor or descriptor too short
[ 1031.069982][ T5914] usb 8-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 212, changing to 7
[ 1031.070016][ T5914] usb 8-1: config 1 interface 1 has no altsetting 0
[ 1031.179281][ T5914] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1031.179314][ T5914] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1031.179336][ T5914] usb 8-1: Product: syz
[ 1031.179356][ T5914] usb 8-1: Manufacturer: syz
[ 1031.179372][ T5914] usb 8-1: SerialNumber: syz
[ 1034.502991][T16001] block nbd3: shutting down sockets
[ 1035.924627][T16011] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3054'.
[ 1036.913590][ T5914] usb 8-1: 2:1 : UAC_AS_GENERAL descriptor not found
[ 1039.356291][T16038] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3063'.
[ 1039.356318][T16038] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3063'.
[ 1039.362513][T16038] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1039.469581][ T5914] usb 8-1: USB disconnect, device number 16
[ 1040.191794][T16047] block nbd7: shutting down sockets
[ 1041.343677][T16055] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3068'.
[ 1044.492937][ T5945] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[ 1044.729149][ T5945] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1044.732912][ T5945] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 212, changing to 7
[ 1044.732949][ T5945] usb 1-1: config 1 interface 1 has no altsetting 0
[ 1044.824856][ T5945] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1044.824888][ T5945] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1044.824909][ T5945] usb 1-1: Product: syz
[ 1044.824924][ T5945] usb 1-1: Manufacturer: syz
[ 1044.824939][ T5945] usb 1-1: SerialNumber: syz
[ 1048.858471][T16106] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3082'.
[ 1048.858490][T16106] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3082'.
[ 1048.899845][T16106] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1049.041500][T16110] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3081'.
[ 1049.041517][T16110] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3081'.
[ 1050.033722][ T5945] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found
[ 1050.151234][T16117] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3085'.
[ 1050.678604][T16117] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1051.258951][ T5945] usb 1-1: USB disconnect, device number 30
[ 1051.631454][T13469] Bluetooth: hci1: command 0x0406 tx timeout
[ 1052.693774][T16146] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3096'.
[ 1052.693797][T16146] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3096'.
[ 1052.733121][T16149] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1052.817468][T16152] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3097'.
[ 1054.212946][ T5945] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[ 1054.427634][ T5945] usb 8-1: unable to get BOS descriptor or descriptor too short
[ 1054.441258][ T5945] usb 8-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 212, changing to 7
[ 1054.441297][ T5945] usb 8-1: config 1 interface 1 has no altsetting 0
[ 1054.472319][ T5945] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1054.472351][ T5945] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1054.472371][ T5945] usb 8-1: Product: syz
[ 1054.472385][ T5945] usb 8-1: Manufacturer: syz
[ 1054.472401][ T5945] usb 8-1: SerialNumber: syz
[ 1056.089852][T16186] fuse: Unknown parameter 'fd0x0000000000000004'
[ 1056.311768][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1059.710046][ T5945] usb 8-1: 2:1 : UAC_AS_GENERAL descriptor not found
[ 1059.821276][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1059.821332][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1061.249564][ T6018] usb 8-1: USB disconnect, device number 17
[ 1067.702863][ T6018] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[ 1068.362622][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1068.392165][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1068.566965][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1069.142733][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1069.167302][ T6018] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1069.169156][ T6018] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 212, changing to 7
[ 1069.169190][ T6018] usb 5-1: config 1 interface 1 has no altsetting 0
[ 1069.274851][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1069.394146][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1069.921764][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1070.237518][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1070.912026][T16274] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3137'.
[ 1070.912053][T16274] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3137'.
[ 1071.137064][T16277] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3138'.
[ 1074.029281][T16277] team0: Port device team_slave_0 removed
[ 1074.201179][T16287] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1074.202041][T16287] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1082.505321][ T5845] Bluetooth: hci0: command 0x0406 tx timeout
[ 1082.508623][ T6018] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1082.508656][ T6018] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1082.508679][ T6018] usb 5-1: Product: syz
[ 1082.594380][ T6018] usb 5-1: can't set config #1, error -32
[ 1082.707064][T16287] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1082.707303][T16287] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[ 1082.707960][T16287] Bluetooth: hci7: Opcode 0x0406 failed: -4
[ 1083.023183][T16287] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1083.023294][T16287] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1083.452426][T16313] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3151'.
[ 1084.582928][T13469] Bluetooth: hci0: command 0x0406 tx timeout
[ 1084.743173][T13469] Bluetooth: hci7: command 0x0406 tx timeout
[ 1084.743428][T13469] Bluetooth: hci5: command 0x0406 tx timeout
[ 1084.794691][T13469] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1084.802122][T13469] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1084.808551][T13469] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1084.810135][T13469] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1084.819783][T13469] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1085.019458][T16331] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3155'.
[ 1085.063099][T13469] Bluetooth: hci1: command 0x0406 tx timeout
[ 1085.407020][T16325] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1086.832913][T13469] Bluetooth: hci7: command 0x0406 tx timeout
[ 1086.835340][T16354] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3160'.
[ 1086.914517][T13469] Bluetooth: hci2: command tx timeout
[ 1087.146011][T13469] Bluetooth: hci1: command 0x0406 tx timeout
[ 1087.493617][ T6018] usb 5-1: USB disconnect, device number 11
[ 1087.753159][T16359] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3162'.
[ 1088.329313][T16323] chnl_net:caif_netlink_parms(): no params data found
[ 1088.867208][T16362] netlink: 136 bytes leftover after parsing attributes in process `syz.2.3161'.
[ 1088.867237][T16362] A link change request failed with some changes committed already. Interface ip6tnl0 may have been left with an inconsistent configuration, please check.
[ 1088.983195][T13469] Bluetooth: hci2: command tx timeout
[ 1089.886322][ T5914] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[ 1091.063190][T13469] Bluetooth: hci2: command tx timeout
[ 1091.155800][ T5914] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1091.155836][ T5914] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1091.155866][ T5914] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1091.155888][ T5914] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1091.155933][ T5914] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1091.155958][ T5914] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1091.265619][ T5914] usb 8-1: config 0 descriptor??
[ 1091.551526][T16323] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1091.551769][T16323] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1091.554836][T16323] bridge_slave_0: entered allmulticast mode
[ 1091.567940][T16323] bridge_slave_0: entered promiscuous mode
[ 1091.588278][T16323] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1091.592231][T16323] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1091.605831][T16323] bridge_slave_1: entered allmulticast mode
[ 1091.641054][T16323] bridge_slave_1: entered promiscuous mode
[ 1091.747018][ T5914] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0
[ 1091.899491][ T5914] usb 8-1: USB disconnect, device number 18
[ 1092.069186][T16392] fido_id[16392]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.7/usb8/report_descriptor': No such file or directory
[ 1092.237353][T16323] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1092.267979][T16323] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1093.143206][T13469] Bluetooth: hci2: command tx timeout
[ 1093.161542][T16323] team0: Port device team_slave_0 added
[ 1093.180742][T16323] team0: Port device team_slave_1 added
[ 1094.243159][T16323] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1094.243180][T16323] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1094.243212][T16323] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1094.245865][T16323] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1094.245877][T16323] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1094.245898][T16323] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1095.313545][T16323] hsr_slave_0: entered promiscuous mode
[ 1095.315811][T16323] hsr_slave_1: entered promiscuous mode
[ 1095.316813][T16323] debugfs: 'hsr0' already exists in 'hsr'
[ 1095.316840][T16323] Cannot create hsr debugfs directory
[ 1095.751242][T16419] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3178'.
[ 1095.751266][T16419] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3178'.
[ 1095.938640][T16419] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1097.792885][ T3119] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[ 1097.945790][ T3119] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1097.945837][ T3119] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1097.945866][ T3119] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1097.945891][ T3119] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1097.945936][ T3119] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1097.945962][ T3119] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1097.951888][ T3119] usb 3-1: config 0 descriptor??
[ 1098.567316][ T3119] plantronics 0003:047F:FFFF.0017: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[ 1098.722468][ T3119] usb 3-1: USB disconnect, device number 13
[ 1099.326565][T16440] fido_id[16440]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[ 1101.692925][ T8862] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[ 1101.804155][T16449] netlink: 136 bytes leftover after parsing attributes in process `syz.3.3186'.
[ 1101.804175][T16449] A link change request failed with some changes committed already. Interface ip6tnl0 may have been left with an inconsistent configuration, please check.
[ 1101.995087][ T8862] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[ 1101.995124][ T8862] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[ 1102.003118][ T8862] usb 8-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[ 1102.003154][ T8862] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1102.003187][ T8862] usb 8-1: Product: syz
[ 1102.003204][ T8862] usb 8-1: Manufacturer: syz
[ 1102.003222][ T8862] usb 8-1: SerialNumber: syz
[ 1102.113561][ T8862] usb 8-1: config 0 descriptor??
[ 1102.114412][T16466] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[ 1102.114569][T16466] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[ 1102.337585][T16470] binder: 16469:16470 ioctl 4018620d 0 returned -22
[ 1102.401579][T16466] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[ 1102.444668][T16466] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[ 1106.128806][ T8862] dm9601 8-1:0.0 (unnamed net_device) (uninitialized): MDIO read error: -71
[ 1106.494981][ T8862] dm9601 8-1:0.0 eth5: register 'dm9601' at usb-dummy_hcd.7-1, Davicom DM96xx USB 10/100 Ethernet, 06:00:00:00:00:00
[ 1106.518139][ T8862] usb 8-1: USB disconnect, device number 19
[ 1106.547770][ T8862] dm9601 8-1:0.0 eth5: unregister 'dm9601' usb-dummy_hcd.7-1, Davicom DM96xx USB 10/100 Ethernet
[ 1107.288747][T16505] netlink: 136 bytes leftover after parsing attributes in process `syz.7.3201'.
[ 1107.288773][T16505] A link change request failed with some changes committed already. Interface ip6tnl0 may have been left with an inconsistent configuration, please check.
[ 1107.775075][T16509] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3203'.
[ 1109.258688][T16323] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1109.382292][T16323] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1109.503019][T16323] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1109.569404][T16323] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1111.556566][T16543] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3212'.
[ 1112.795697][T16558] netlink: 64 bytes leftover after parsing attributes in process `syz.7.3218'.
[ 1112.981253][T16560] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input12
[ 1114.933326][T16573] block device autoloading is deprecated and will be removed.
[ 1115.726370][T16588] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3224'.
[ 1118.049820][T16604] netlink: 32 bytes leftover after parsing attributes in process `syz.7.3228'.
[ 1119.088433][ T1266] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1119.193653][ T1266] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1119.221091][ T1266] bond0 (unregistering): Released all slaves
[ 1119.257515][ T1266] bond1 (unregistering): Released all slaves
[ 1119.284992][ T1266] bond2 (unregistering): Released all slaves
[ 1119.908511][ T1266] tipc: Left network mode
[ 1120.072245][T16323] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1120.088615][T16323] 8021q: adding VLAN 0 to HW filter on device team0
[ 1121.082835][   T57] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1121.084555][   T57] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1121.235353][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1121.235437][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1121.852220][T15113] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1121.855413][T15113] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1125.861329][T16630] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3237'.
[ 1125.938301][T16631] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3237'.
[ 1126.064582][T14228] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[ 1126.107834][T16634] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3239'.
[ 1126.107859][T16634] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3239'.
[ 1126.214800][T14228] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1126.214826][T14228] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1126.214845][T14228] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1126.214861][T14228] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1126.214892][T14228] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1126.214909][T14228] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1126.227341][T14228] usb 4-1: config 0 descriptor??
[ 1126.578387][T16631] team0: Port device team_slave_0 removed
[ 1126.643818][T16634] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1126.768412][T14228] plantronics 0003:047F:FFFF.0018: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[ 1126.951207][T14228] usb 4-1: USB disconnect, device number 18
[ 1126.996148][T16640] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3240'.
[ 1128.047204][ T5914] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[ 1128.178515][ T5914] usb 4-1: device descriptor read/64, error -71
[ 1128.412877][ T5914] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[ 1128.552824][ T5914] usb 4-1: device descriptor read/64, error -71
[ 1128.664513][ T5914] usb usb4-port1: attempt power cycle
[ 1128.855897][ T1266] hsr_slave_0: left promiscuous mode
[ 1128.909265][ T1266] hsr_slave_1: left promiscuous mode
[ 1129.004669][ T5914] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[ 1129.023962][ T5914] usb 4-1: device descriptor read/8, error -71
[ 1129.085815][T16675] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3252'.
[ 1129.094669][ T1266] veth1_macvtap: left promiscuous mode
[ 1129.094825][ T1266] veth0_macvtap: left promiscuous mode
[ 1129.095163][ T1266] veth1_vlan: left promiscuous mode
[ 1129.095402][ T1266] veth0_vlan: left promiscuous mode
[ 1129.262862][ T5914] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[ 1129.284099][ T5914] usb 4-1: device descriptor read/8, error -71
[ 1129.394127][ T5914] usb usb4-port1: unable to enumerate USB device
[ 1130.837306][T16680] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3254'.
[ 1132.637978][ T1266] team_slave_1 (unregistering): left promiscuous mode
[ 1132.688526][ T1266] team0 (unregistering): Port device team_slave_1 removed
[ 1132.914693][ T1266] team_slave_0 (unregistering): left promiscuous mode
[ 1132.933858][ T1266] team0 (unregistering): Port device team_slave_0 removed
[ 1135.960413][T16672] syz_tun: entered allmulticast mode
[ 1136.598357][T16672] syz_tun: left allmulticast mode
[ 1138.199791][T16700] tipc: Enabled bearer <udp:s>, priority 10
[ 1139.107916][T16323] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1139.942235][T16719] block nbd2: not configured, cannot reconfigure
[ 1140.672598][T16323] veth0_vlan: entered promiscuous mode
[ 1140.737682][T16724] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3264'.
[ 1140.776624][T16323] veth1_vlan: entered promiscuous mode
[ 1140.973731][T16323] veth0_macvtap: entered promiscuous mode
[ 1140.979858][T16323] veth1_macvtap: entered promiscuous mode
[ 1141.778651][T16323] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1141.809976][T16323] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1141.841649][  T762] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1141.841958][  T762] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1141.842000][  T762] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1141.842039][  T762] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1147.754226][T16767] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3276'.
[ 1147.961507][ T5845] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1148.193120][ T5845] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1148.199839][ T5845] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1148.223602][ T5845] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1148.230117][ T5845] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1151.472984][T13469] Bluetooth: hci4: command tx timeout
[ 1151.531791][T16805] binder: 16804:16805 ioctl 4018620d 0 returned -22
[ 1152.057877][ T6386] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1152.332045][T16809] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3287'.
[ 1153.543711][T13469] Bluetooth: hci4: command tx timeout
[ 1154.009286][ T6386] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1155.661166][T13469] Bluetooth: hci4: command tx timeout
[ 1155.703855][ T6386] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1157.148179][T16841] kthread_run failed with err -4
[ 1157.704311][T13469] Bluetooth: hci4: command tx timeout
[ 1158.208201][T16854] netlink: 16 bytes leftover after parsing attributes in process `syz.7.3299'.
[ 1158.408480][ T6386] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1159.107013][T16768] chnl_net:caif_netlink_parms(): no params data found
[ 1160.127909][T16888] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3310'.
[ 1161.262936][  T990] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[ 1161.618756][  T990] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1161.618788][  T990] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1161.618809][  T990] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1161.618889][  T990] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[ 1161.618919][  T990] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[ 1161.621414][  T990] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1161.621443][  T990] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1161.621465][  T990] usb 4-1: Product: syz
[ 1161.621481][  T990] usb 4-1: Manufacturer: syz
[ 1161.723652][  T990] cdc_wdm 4-1:1.0: skipping garbage
[ 1161.723668][  T990] cdc_wdm 4-1:1.0: skipping garbage
[ 1161.764155][  T990] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[ 1161.764252][  T990] cdc_wdm 4-1:1.0: Unknown control protocol
[ 1161.973476][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[ 1161.973644][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[ 1161.974117][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[ 1161.974141][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[ 1161.974409][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[ 1161.974432][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[ 1161.974746][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[ 1161.974767][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[ 1161.975055][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[ 1161.975076][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[ 1161.980209][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[ 1161.980237][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[ 1161.980487][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[ 1161.980508][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[ 1161.980815][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[ 1161.980844][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[ 1161.981000][  T990] usb 4-1: USB disconnect, device number 23
[ 1161.981087][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[ 1161.981108][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[ 1161.981124][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[ 1162.473507][T16768] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1162.473614][T16768] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1162.473812][T16768] bridge_slave_0: entered allmulticast mode
[ 1162.479916][T16768] bridge_slave_0: entered promiscuous mode
[ 1162.513055][T16768] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1162.513310][T16768] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1162.513587][T16768] bridge_slave_1: entered allmulticast mode
[ 1162.516619][T16768] bridge_slave_1: entered promiscuous mode
[ 1162.520976][ T6386] bridge_slave_1: left allmulticast mode
[ 1162.521067][ T6386] bridge_slave_1: left promiscuous mode
[ 1162.521338][ T6386] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1162.736326][ T6386] bridge_slave_0: left allmulticast mode
[ 1162.736361][ T6386] bridge_slave_0: left promiscuous mode
[ 1162.736626][ T6386] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1164.704163][T16935] overlayfs: upper fs does not support RENAME_WHITEOUT.
[ 1164.704198][T16935] overlayfs: failed to set xattr on upper
[ 1164.704207][T16935] overlayfs: ...falling back to redirect_dir=nofollow.
[ 1164.704216][T16935] overlayfs: ...falling back to index=off.
[ 1164.704223][T16935] overlayfs: ...falling back to uuid=null.
[ 1164.704244][T16935] overlayfs: maximum fs stacking depth exceeded
[ 1167.531408][ T6386] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1167.593976][ T6386] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1167.662856][ T6386] bond0 (unregistering): Released all slaves
[ 1169.948098][T16768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1169.996179][T16768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1172.276541][T16993] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3334'.
[ 1172.276565][T16993] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3334'.
[ 1172.640541][T16768] team0: Port device team_slave_0 added
[ 1172.883572][ T6386] hsr_slave_0: left promiscuous mode
[ 1173.330115][ T6386] hsr_slave_1: left promiscuous mode
[ 1173.331285][ T6386] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1173.331316][ T6386] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1173.409028][ T6386] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1173.409076][ T6386] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1173.754766][ T6386] veth1_macvtap: left promiscuous mode
[ 1173.754902][ T6386] veth0_macvtap: left promiscuous mode
[ 1173.755225][ T6386] veth1_vlan: left promiscuous mode
[ 1173.755446][ T6386] veth0_vlan: left promiscuous mode
[ 1179.213495][ T6386] team0 (unregistering): Port device team_slave_1 removed
[ 1179.473861][ T6386] team0 (unregistering): Port device team_slave_0 removed
[ 1182.506414][T17032] tipc: Started in network mode
[ 1182.506449][T17032] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711
[ 1182.508153][T17032] tipc: Enabled bearer <udp:s>, priority 10
[ 1182.510955][T16768] team0: Port device team_slave_1 added
[ 1182.669944][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1182.670026][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1183.459577][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1183.627559][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1183.918753][ T6018] tipc: Node number set to 4269801488
[ 1185.028764][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1185.197504][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1185.637820][T16768] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1185.637838][T16768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1185.637870][T16768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1185.738912][T16768] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1185.738928][T16768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1185.738949][T16768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1186.050329][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1186.264538][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1186.380235][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1187.094006][T16768] hsr_slave_0: entered promiscuous mode
[ 1187.095033][T16768] hsr_slave_1: entered promiscuous mode
[ 1187.103739][T16768] debugfs: 'hsr0' already exists in 'hsr'
[ 1187.103775][T16768] Cannot create hsr debugfs directory
[ 1187.719030][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1188.344970][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1188.462941][T17067] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3351'.
[ 1189.814123][T17075] tipc: Started in network mode
[ 1189.814334][T17075] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711
[ 1189.912471][T17075] tipc: Enabled bearer <udp:s>, priority 10
[ 1190.922812][ T5914] tipc: Node number set to 4269801488
[ 1192.377502][T17094] netlink: 36 bytes leftover after parsing attributes in process `syz.7.3361'.
[ 1194.288070][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1194.952513][T16768] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1195.047740][T16768] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1195.100534][T16768] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1195.143739][T16768] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1195.708526][T16768] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1195.744550][T17133] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3372'.
[ 1195.782386][T16768] 8021q: adding VLAN 0 to HW filter on device team0
[ 1195.894717][ T1266] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1195.894878][ T1266] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1196.000510][ T3063] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1196.000903][ T3063] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1197.503005][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1197.640950][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1197.814685][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1198.502877][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1198.805633][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1201.034299][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1201.617916][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1202.510621][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1202.629841][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1202.691517][T17173] binder: 17172:17173 ioctl c0306201 200000000080 returned -14
[ 1203.688241][T16768] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1205.512830][ T5914] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[ 1205.519481][T17196] random: crng reseeded on system resumption
[ 1205.863117][ T5845] Bluetooth: hci4: command 0x0405 tx timeout
[ 1205.967080][ T5914] usb 4-1: Using ep0 maxpacket: 16
[ 1206.132231][ T5914] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[ 1206.132253][ T5914] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[ 1206.132267][ T5914] usb 4-1: Product: syz
[ 1206.132278][ T5914] usb 4-1: Manufacturer: syz
[ 1206.132288][ T5914] usb 4-1: SerialNumber: syz
[ 1206.226472][ T5914] usb 4-1: config 0 descriptor??
[ 1206.419435][T13469] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1206.449697][T13469] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1206.463437][T13469] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1206.464943][T13469] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1206.465898][T13469] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1206.904190][ T5914] usb 4-1: USB disconnect, device number 24
[ 1207.153897][T17211] netlink: 76 bytes leftover after parsing attributes in process `syz.2.3394'.
[ 1207.808057][T17106] udevd[17106]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1208.604175][T13469] Bluetooth: hci2: command tx timeout
[ 1210.664960][T13469] Bluetooth: hci2: command tx timeout
[ 1213.355102][T13469] Bluetooth: hci2: command tx timeout
[ 1213.435564][   T38] audit: type=1326 audit(1756408533.807:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17246 comm="syz.0.3406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8b6ccebe9 code=0x7fc00000
[ 1213.872954][   T38] audit: type=1326 audit(1756408534.247:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17246 comm="syz.0.3406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff8b6c6ade9 code=0x7fc00000
[ 1215.383111][T13469] Bluetooth: hci2: command tx timeout
[ 1218.580778][T17314] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3421'.
[ 1219.368108][T17314] team0: Port device team_slave_0 removed
[ 1219.533634][T17198] chnl_net:caif_netlink_parms(): no params data found
[ 1220.566145][T17333] netlink: 76 bytes leftover after parsing attributes in process `syz.3.3426'.
[ 1224.830741][T17198] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1224.830895][T17198] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1224.831187][T17198] bridge_slave_0: entered allmulticast mode
[ 1224.846378][T17198] bridge_slave_0: entered promiscuous mode
[ 1224.904614][   T38] audit: type=1326 audit(1756408545.287:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17361 comm="syz.2.3432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4e3b6ebe9 code=0x7fc00000
[ 1224.949556][T17198] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1224.960129][T17198] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1224.960428][T17198] bridge_slave_1: entered allmulticast mode
[ 1224.976890][T17198] bridge_slave_1: entered promiscuous mode
[ 1225.601526][   T38] audit: type=1326 audit(1756408545.977:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17361 comm="syz.2.3432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff4e3b0ade9 code=0x7fc00000
[ 1226.150310][T17382] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3439'.
[ 1226.304534][ T6382] bridge_slave_1: left allmulticast mode
[ 1226.304569][ T6382] bridge_slave_1: left promiscuous mode
[ 1226.304829][ T6382] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1226.991635][T17389] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3440'.
[ 1227.294296][ T6382] bridge_slave_0: left allmulticast mode
[ 1227.294332][ T6382] bridge_slave_0: left promiscuous mode
[ 1227.294627][ T6382] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1228.032436][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1228.257202][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1228.373434][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1228.558440][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1228.580038][T17406] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3443'.
[ 1228.624576][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1228.692670][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1228.758575][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1229.058305][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1229.222420][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1229.272397][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1229.341222][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1229.632857][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1230.044453][ T6382] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1230.097882][ T6382] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1230.143187][ T6382] bond0 (unregistering): Released all slaves
[ 1230.205007][T17198] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1230.348135][T17198] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1230.556056][T17410] sg_write: data in/out 97/10 bytes for SCSI command 0xfd-- guessing data in;
[ 1230.556056][T17410]    program syz.0.3445 not setting count and/or reply_len properly
[ 1231.316870][T17427] fuse: Unknown parameter 'group_id00000000000000000000'
[ 1232.541402][ T6382] hsr_slave_0: left promiscuous mode
[ 1232.599500][ T6382] hsr_slave_1: left promiscuous mode
[ 1232.600286][ T6382] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1233.213712][ T6382] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1233.700028][T17446] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3454'.
[ 1234.248205][T17449] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3455'.
[ 1235.493868][ T6382] team0 (unregistering): Port device team_slave_1 removed
[ 1235.805217][ T6382] team0 (unregistering): Port device team_slave_0 removed
[ 1238.970758][T17198] team0: Port device team_slave_0 added
[ 1238.981170][T17198] team0: Port device team_slave_1 added
[ 1239.268840][T17468] netlink: 16 bytes leftover after parsing attributes in process `syz.7.3460'.
[ 1239.639474][T17198] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1239.639494][T17198] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1239.639524][T17198] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1239.653951][T17198] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1239.653964][T17198] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1239.653985][T17198] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1241.716680][T17490] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3466'.
[ 1242.861615][T17198] hsr_slave_0: entered promiscuous mode
[ 1242.884170][T17198] hsr_slave_1: entered promiscuous mode
[ 1242.893073][T17198] debugfs: 'hsr0' already exists in 'hsr'
[ 1242.893105][T17198] Cannot create hsr debugfs directory
[ 1243.125163][T17497] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3468'.
[ 1244.117427][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1244.117509][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1245.027330][T17521] vcan0: tx drop: invalid sa for name 0x0000000000000002
[ 1245.310008][T17528] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3476'.
[ 1245.666526][T17532] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3478'.
[ 1246.385561][T17542] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3480'.
[ 1247.249746][   T37] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1247.702309][T17561] vcan0: tx drop: invalid sa for name 0x0000000000000002
[ 1247.932814][ T5914] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[ 1248.122790][ T5914] usb 4-1: Using ep0 maxpacket: 16
[ 1248.127596][ T5914] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1248.127624][ T5914] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1248.131795][ T5914] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[ 1248.131817][ T5914] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1248.131832][ T5914] usb 4-1: Product: syz
[ 1248.131842][ T5914] usb 4-1: Manufacturer: syz
[ 1248.131853][ T5914] usb 4-1: SerialNumber: syz
[ 1248.147184][ T5914] usb 4-1: config 0 descriptor??
[ 1248.314785][   T37] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1248.854183][ T5914] usb 4-1: USB disconnect, device number 25
[ 1249.688725][   T37] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1249.789889][T17580] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3492'.
[ 1250.204515][   T37] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1252.222820][ T5914] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[ 1252.372902][ T5914] usb 4-1: Using ep0 maxpacket: 8
[ 1252.374885][ T5914] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[ 1252.374930][ T5914] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1252.374947][ T5914] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1252.374964][ T5914] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1252.374981][ T5914] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1252.375066][ T5914] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1252.375084][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1252.743427][ T5914] usb 4-1: GET_CAPABILITIES returned 0
[ 1252.743482][ T5914] usbtmc 4-1:16.0: can't read capabilities
[ 1253.151636][T17198] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1253.419753][T17198] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1253.454353][T17198] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1253.508396][T17198] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1253.640441][T17593] usbtmc 4-1:16.0: INITIATE_ABORT_BULK_OUT returned 0
[ 1253.848654][T17593] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1253.849062][T17593] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1253.853801][ T5914] usb 4-1: USB disconnect, device number 26
[ 1260.741402][  T990] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[ 1261.473059][  T990] usb 4-1: Using ep0 maxpacket: 16
[ 1261.475106][  T990] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1261.475125][  T990] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1261.477859][  T990] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[ 1261.477880][  T990] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1261.477895][  T990] usb 4-1: Product: syz
[ 1261.477905][  T990] usb 4-1: Manufacturer: syz
[ 1261.477917][  T990] usb 4-1: SerialNumber: syz
[ 1261.557949][  T990] usb 4-1: config 0 descriptor??
[ 1261.826722][  T990] usb 4-1: USB disconnect, device number 27
[ 1261.975873][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1262.095435][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1262.222860][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1262.296099][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1271.569079][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1271.728692][T17675] overlayfs: overlapping lowerdir path
[ 1271.760822][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1271.788059][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1272.244031][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1272.362641][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1272.423700][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1272.638475][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1272.738938][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1272.841814][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1272.945266][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1273.459470][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1273.559012][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1273.659945][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1274.240668][T17682] ALSA: mixer_oss: invalid OSS volume 'DIG¨TAL1'
[ 1274.539578][ T5845] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1274.570510][ T5845] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1274.587958][ T5845] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1274.604590][ T5845] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1274.619455][ T5845] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1274.760157][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1275.031802][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1275.095068][   T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1275.217535][   T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1275.288902][   T37] bond0 (unregistering): Released all slaves
[ 1275.437621][T13469] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1275.468277][T13469] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1275.469886][T13469] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1275.482754][T13469] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1275.482991][T14228] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[ 1275.488826][T13469] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1275.692901][T14228] usb 1-1: Using ep0 maxpacket: 16
[ 1275.744425][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1275.866677][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1276.169884][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1276.199602][T14228] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1276.199622][T14228] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1276.413059][T17703] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3528'.
[ 1277.204525][ T5845] Bluetooth: hci4: command tx timeout
[ 1277.409821][T14228] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[ 1277.409855][T14228] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1277.409876][T14228] usb 1-1: Product: syz
[ 1277.409891][T14228] usb 1-1: Manufacturer: syz
[ 1277.409906][T14228] usb 1-1: SerialNumber: syz
[ 1277.488804][T14228] usb 1-1: config 0 descriptor??
[ 1277.568762][T13469] Bluetooth: hci5: command tx timeout
[ 1278.199019][T17707] overlayfs: overlapping lowerdir path
[ 1278.915619][ T5929] usb 1-1: USB disconnect, device number 31
[ 1279.296720][T13469] Bluetooth: hci4: command tx timeout
[ 1279.660543][T13469] Bluetooth: hci5: command tx timeout
[ 1281.320766][T14309] IPVS: starting estimator thread 0...
[ 1281.402929][T13469] Bluetooth: hci4: command tx timeout
[ 1281.450077][T17725] IPVS: using max 7 ests per chain, 16800 per kthread
[ 1282.493498][T13469] Bluetooth: hci5: command tx timeout
[ 1282.923136][T17737] overlayfs: overlapping lowerdir path
[ 1283.513376][T13469] Bluetooth: hci4: command tx timeout
[ 1284.903705][T13469] Bluetooth: hci5: command tx timeout
[ 1285.362902][T14309] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[ 1285.522819][T14309] usb 3-1: Using ep0 maxpacket: 16
[ 1285.525571][T14309] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1285.525597][T14309] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1285.529247][T14309] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[ 1285.529276][T14309] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1285.529295][T14309] usb 3-1: Product: syz
[ 1285.529310][T14309] usb 3-1: Manufacturer: syz
[ 1285.529326][T14309] usb 3-1: SerialNumber: syz
[ 1285.608526][T14309] usb 3-1: config 0 descriptor??
[ 1285.847085][ T3119] usb 3-1: USB disconnect, device number 14
[ 1287.853078][   T37] hsr_slave_0: left promiscuous mode
[ 1287.897299][   T37] hsr_slave_1: left promiscuous mode
[ 1287.898497][   T37] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1287.975856][   T37] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1287.975881][   T37] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1288.229179][   T37] veth1_macvtap: left promiscuous mode
[ 1288.229499][   T37] veth1_vlan: left promiscuous mode
[ 1288.229679][   T37] veth0_vlan: left promiscuous mode
[ 1288.475179][T17780] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3555'.
[ 1290.393137][ T3119] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[ 1290.648017][ T3119] usb 4-1: Using ep0 maxpacket: 16
[ 1290.650974][ T3119] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1290.650994][ T3119] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1290.731381][ T3119] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[ 1290.731415][ T3119] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1290.731436][ T3119] usb 4-1: Product: syz
[ 1290.731450][ T3119] usb 4-1: Manufacturer: syz
[ 1290.731465][ T3119] usb 4-1: SerialNumber: syz
[ 1290.755382][ T3119] usb 4-1: config 0 descriptor??
[ 1291.135146][ T3119] usb 4-1: USB disconnect, device number 28
[ 1292.392402][T17800] delete_channel: no stack
[ 1292.763644][   T37] team0 (unregistering): Port device team_slave_1 removed
[ 1292.899294][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1293.074484][   T37] team0 (unregistering): Port device team_slave_0 removed
[ 1293.112731][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1293.221677][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1293.265474][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1293.322652][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1293.401813][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1293.517890][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1293.565124][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1293.617449][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1293.688532][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1293.737696][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1293.785987][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1293.840605][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1293.879883][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1293.937021][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1293.979965][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1294.040265][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1294.101178][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1294.151088][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1294.199027][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1294.247301][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1294.318397][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1294.408340][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1294.453577][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1294.516556][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1294.584778][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1294.634776][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1295.134620][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1295.679867][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1295.770590][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1295.847492][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1295.922700][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1296.918600][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1297.869608][T17696] chnl_net:caif_netlink_parms(): no params data found
[ 1298.059962][T17688] chnl_net:caif_netlink_parms(): no params data found
[ 1298.832860][ T5929] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[ 1298.983303][ T5929] usb 3-1: Using ep0 maxpacket: 16
[ 1298.985432][ T5929] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1298.985458][ T5929] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1298.992352][ T5929] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[ 1298.992374][ T5929] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1298.992389][ T5929] usb 3-1: Product: syz
[ 1298.992399][ T5929] usb 3-1: Manufacturer: syz
[ 1298.992409][ T5929] usb 3-1: SerialNumber: syz
[ 1299.014226][ T5929] usb 3-1: config 0 descriptor??
[ 1299.517581][T17839] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3569'.
[ 1300.392189][T17841] tipc: Enabling of bearer <udp:s> rejected, already enabled
[ 1300.542282][T14309] usb 3-1: USB disconnect, device number 15
[ 1300.816409][T17696] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1300.816573][T17696] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1300.816931][T17696] bridge_slave_0: entered allmulticast mode
[ 1300.820786][T17696] bridge_slave_0: entered promiscuous mode
[ 1300.966186][T17696] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1300.966426][T17696] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1300.966688][T17696] bridge_slave_1: entered allmulticast mode
[ 1300.974312][T17696] bridge_slave_1: entered promiscuous mode
[ 1301.251073][T17688] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1301.251172][T17688] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1301.251471][T17688] bridge_slave_0: entered allmulticast mode
[ 1301.279549][T17688] bridge_slave_0: entered promiscuous mode
[ 1301.627530][T17688] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1301.627689][T17688] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1301.627953][T17688] bridge_slave_1: entered allmulticast mode
[ 1301.631198][T17688] bridge_slave_1: entered promiscuous mode
[ 1301.685797][T17696] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1301.970978][T17696] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1302.678800][T17688] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1303.263297][T17871] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3580'.
[ 1304.263828][T17875] tipc: Enabling of bearer <udp:s> rejected, already enabled
[ 1304.332178][T17688] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1304.515342][T17696] team0: Port device team_slave_0 added
[ 1304.944208][T14309] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[ 1305.019741][   T37] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1305.092834][T14309] usb 1-1: Using ep0 maxpacket: 16
[ 1305.343796][T14309] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1305.343826][T14309] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1305.346452][T14309] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[ 1305.346474][T14309] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1305.346488][T14309] usb 1-1: Product: syz
[ 1305.346498][T14309] usb 1-1: Manufacturer: syz
[ 1305.346509][T14309] usb 1-1: SerialNumber: syz
[ 1305.409919][T14309] usb 1-1: config 0 descriptor??
[ 1305.555545][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1305.555604][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1305.607253][T17696] team0: Port device team_slave_1 added
[ 1305.675290][ T5929] usb 1-1: USB disconnect, device number 32
[ 1306.338550][   T37] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1306.445280][T17688] team0: Port device team_slave_0 added
[ 1306.699419][T17688] team0: Port device team_slave_1 added
[ 1306.746042][T17696] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1306.746057][T17696] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1306.746078][T17696] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1306.792787][  T990] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[ 1306.947613][  T990] usb 1-1: Using ep0 maxpacket: 8
[ 1307.154343][  T990] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[ 1307.154733][  T990] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1307.154761][  T990] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1307.154787][  T990] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1307.154859][  T990] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1307.154931][  T990] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1307.154993][  T990] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1307.703197][  T990] usb 1-1: GET_CAPABILITIES returned 0
[ 1307.703247][  T990] usbtmc 1-1:16.0: can't read capabilities
[ 1308.130959][T17904] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3589'.
[ 1308.150648][   T37] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1308.213666][T17696] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1308.213686][T17696] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1308.213717][T17696] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1308.324701][T17894] usbtmc 1-1:16.0: INITIATE_ABORT_BULK_OUT returned 0
[ 1308.410399][T17688] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1308.410440][T17688] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1308.410488][T17688] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1308.527148][T17894] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1308.527763][T17894] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1308.531119][ T3119] usb 1-1: USB disconnect, device number 33
[ 1309.801269][   T37] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1309.833244][T17910] tipc: Enabling of bearer <udp:s> rejected, already enabled
[ 1309.837171][T17688] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1309.837189][T17688] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1309.837221][T17688] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1311.055979][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1311.258430][T17918] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1311.407867][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1311.468500][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1311.680492][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1312.454154][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1312.463023][  T990] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[ 1312.599911][T17696] hsr_slave_0: entered promiscuous mode
[ 1312.601378][T17696] hsr_slave_1: entered promiscuous mode
[ 1312.602351][T17696] debugfs: 'hsr0' already exists in 'hsr'
[ 1312.602377][T17696] Cannot create hsr debugfs directory
[ 1312.626086][  T990] usb 4-1: Using ep0 maxpacket: 16
[ 1312.639265][  T990] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1312.639292][  T990] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1312.673618][  T990] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[ 1312.673659][  T990] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1312.673680][  T990] usb 4-1: Product: syz
[ 1312.673696][  T990] usb 4-1: Manufacturer: syz
[ 1312.673710][  T990] usb 4-1: SerialNumber: syz
[ 1312.773251][  T990] usb 4-1: config 0 descriptor??
[ 1313.942920][  T990] usb 4-1: USB disconnect, device number 29
[ 1314.270381][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1314.434018][T17945] tipc: Enabling of bearer <udp:s> rejected, already enabled
[ 1314.529073][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1315.030448][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1315.332419][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1315.677643][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1316.453969][T17688] hsr_slave_0: entered promiscuous mode
[ 1316.473663][T17688] hsr_slave_1: entered promiscuous mode
[ 1316.474641][T17688] debugfs: 'hsr0' already exists in 'hsr'
[ 1316.474667][T17688] Cannot create hsr debugfs directory
[ 1316.607737][T17953] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3602'.
[ 1316.644766][T17954] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3602'.
[ 1317.713213][   T38] audit: type=1326 audit(1756408638.037:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17955 comm="syz.2.3603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4e3b6ebe9 code=0x7fc00000
[ 1320.036075][T17988] tipc: Enabling of bearer <udp:s> rejected, already enabled
[ 1324.461439][   T38] audit: type=1326 audit(1756408644.837:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18005 comm="syz.2.3615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4e3b6ebe9 code=0x7fc00000
[ 1327.091255][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1327.160380][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1327.185940][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1327.553085][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1327.648276][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1328.207350][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1329.365899][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1329.486982][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1329.778186][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1330.780717][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1330.844209][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1330.991688][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1331.209152][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1331.856147][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1331.880449][   T38] audit: type=1326 audit(1756408652.257:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18052 comm="syz.2.3626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4e3b6ebe9 code=0x7fc00000
[ 1332.109141][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1332.327644][ T5845] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1332.341856][ T5845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1332.354319][ T5845] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1332.364650][ T5845] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1332.373727][ T5845] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1334.267855][T18083] pimreg: entered allmulticast mode
[ 1334.308758][   T37] bridge_slave_1: left allmulticast mode
[ 1334.308797][   T37] bridge_slave_1: left promiscuous mode
[ 1334.309051][   T37] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1334.450248][T13469] Bluetooth: hci1: command tx timeout
[ 1334.474292][   T37] bridge_slave_0: left allmulticast mode
[ 1334.474328][   T37] bridge_slave_0: left promiscuous mode
[ 1334.474656][   T37] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1334.574609][   T37] bridge_slave_1: left allmulticast mode
[ 1334.587779][   T37] bridge_slave_1: left promiscuous mode
[ 1334.588100][   T37] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1334.744685][   T37] bridge_slave_0: left allmulticast mode
[ 1334.744722][   T37] bridge_slave_0: left promiscuous mode
[ 1334.745001][   T37] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1335.762758][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1335.814707][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1335.823674][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1335.833033][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1335.851363][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1335.854607][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1336.008183][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1336.204980][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1336.435774][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1336.502897][ T5845] Bluetooth: hci1: command tx timeout
[ 1336.804860][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1337.150323][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1337.531413][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1337.860935][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1337.955941][ T5845] Bluetooth: hci2: command tx timeout
[ 1338.393683][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1338.662871][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1338.664528][ T5845] Bluetooth: hci1: command tx timeout
[ 1338.878808][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1339.999661][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1340.035265][ T5845] Bluetooth: hci2: command tx timeout
[ 1340.623022][   T38] audit: type=1326 audit(1756408660.997:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18106 comm="syz.2.3638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4e3b6ebe9 code=0x7fc00000
[ 1340.623090][   T38] audit: type=1326 audit(1756408660.997:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18106 comm="syz.2.3638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4e3b6ebe9 code=0x7fc00000
[ 1340.742749][ T5845] Bluetooth: hci1: command tx timeout
[ 1341.300127][   T38] audit: type=1326 audit(1756408661.677:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18106 comm="syz.2.3638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff4e3b0ade9 code=0x7fc00000
[ 1341.300484][   T38] audit: type=1326 audit(1756408661.677:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18106 comm="syz.2.3638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7ff4e3b0aeaf code=0x7fc00000
[ 1341.300882][   T38] audit: type=1326 audit(1756408661.677:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18106 comm="syz.2.3638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7ff4e3b6ebe9 code=0x7fc00000
[ 1341.395580][   T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1341.523657][   T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1341.757666][   T37] bond0 (unregistering): Released all slaves
[ 1342.051507][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1342.169805][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1342.199679][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1342.228659][ T5845] Bluetooth: hci2: command tx timeout
[ 1342.454445][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1342.769909][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1342.836134][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1344.124262][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1344.297999][   T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1344.342867][ T5845] Bluetooth: hci2: command tx timeout
[ 1344.473436][   T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1344.525860][   T37] bond0 (unregistering): Released all slaves
[ 1344.606517][T18083] pimreg: left allmulticast mode
[ 1345.105250][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1346.209227][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1346.499648][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1346.584091][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1346.651579][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1346.860252][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1347.115618][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1347.357913][   T38] audit: type=1326 audit(1756408667.737:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18148 comm="syz.0.3648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8b6ccebe9 code=0x7fc00000
[ 1347.992748][   T38] audit: type=1326 audit(1756408668.367:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18148 comm="syz.0.3648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff8b6c6ade9 code=0x7fc00000
[ 1347.992796][   T38] audit: type=1326 audit(1756408668.367:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18148 comm="syz.0.3648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7ff8b6c6aeaf code=0x7fc00000
[ 1347.992830][   T38] audit: type=1326 audit(1756408668.367:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18148 comm="syz.0.3648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7ff8b6ccebe9 code=0x7fc00000
[ 1348.635209][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1348.653144][ T3119] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[ 1348.722558][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1348.747855][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1348.787754][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1348.924494][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1349.297186][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1349.461664][ T3119] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1349.461696][ T3119] usb 3-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config
[ 1349.461718][ T3119] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1349.461773][ T3119] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 7
[ 1349.461802][ T3119] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9272, setting to 1024
[ 1349.646500][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1349.650648][ T3119] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1349.650680][ T3119] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1349.650701][ T3119] usb 3-1: Product: syz
[ 1349.650716][ T3119] usb 3-1: Manufacturer: syz
[ 1349.736765][ T3119] cdc_wdm 3-1:1.0: skipping garbage
[ 1349.736786][ T3119] cdc_wdm 3-1:1.0: skipping garbage
[ 1349.736897][ T3119] cdc_wdm 3-1:1.0: probe with driver cdc_wdm failed with error -22
[ 1350.005208][ T8862] usb 3-1: USB disconnect, device number 16
[ 1351.797477][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1352.014837][   T38] audit: type=1326 audit(1756408672.347:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18175 comm="syz.0.3657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8b6ccebe9 code=0x7fc00000
[ 1352.557525][   T38] audit: type=1326 audit(1756408672.937:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18175 comm="syz.0.3657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff8b6c6ade9 code=0x7fc00000
[ 1352.557588][   T38] audit: type=1326 audit(1756408672.937:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18175 comm="syz.0.3657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7ff8b6c6aeaf code=0x7fc00000
[ 1352.557637][   T38] audit: type=1326 audit(1756408672.937:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18175 comm="syz.0.3657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7ff8b6ccebe9 code=0x7fc00000
[ 1352.562845][ T3119] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[ 1352.722717][ T3119] usb 3-1: Using ep0 maxpacket: 8
[ 1352.725686][ T3119] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[ 1352.725779][ T3119] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1352.725805][ T3119] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1352.725831][ T3119] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1352.725855][ T3119] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1352.725901][ T3119] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1352.725925][ T3119] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1353.113029][ T3119] usb 3-1: GET_CAPABILITIES returned 0
[ 1353.113083][ T3119] usbtmc 3-1:16.0: can't read capabilities
[ 1353.452882][   T37] hsr_slave_0: left promiscuous mode
[ 1353.495004][   T37] hsr_slave_1: left promiscuous mode
[ 1353.496130][   T37] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1353.496161][   T37] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1353.545719][   T37] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1353.545755][   T37] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1353.718539][   T37] hsr_slave_0: left promiscuous mode
[ 1353.762874][   T37] hsr_slave_1: left promiscuous mode
[ 1353.765123][   T37] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1353.794678][   T37] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1353.866233][T18193] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1353.866634][T18193] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1354.077613][   T37] veth1_macvtap: left promiscuous mode
[ 1354.077712][   T37] veth0_macvtap: left promiscuous mode
[ 1354.078872][   T37] veth1_vlan: left promiscuous mode
[ 1354.079044][   T37] veth0_vlan: left promiscuous mode
[ 1355.365968][ T8862] usb 3-1: USB disconnect, device number 17
[ 1356.792769][ T3119] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[ 1357.008493][ T3119] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1357.008524][ T3119] usb 4-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config
[ 1357.008540][ T3119] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1357.008581][ T3119] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 7
[ 1357.008600][ T3119] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9272, setting to 1024
[ 1357.010816][ T3119] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1357.010846][ T3119] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1357.010868][ T3119] usb 4-1: Product: syz
[ 1357.010880][ T3119] usb 4-1: Manufacturer: syz
[ 1357.119875][ T3119] cdc_wdm 4-1:1.0: skipping garbage
[ 1357.119897][ T3119] cdc_wdm 4-1:1.0: skipping garbage
[ 1357.120148][ T3119] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22
[ 1357.329444][T14228] usb 4-1: USB disconnect, device number 30
[ 1358.314913][   T37] team0 (unregistering): Port device team_slave_1 removed
[ 1358.634402][   T37] team0 (unregistering): Port device team_slave_0 removed
[ 1362.272811][   T38] audit: type=1326 audit(1756408682.607:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18225 comm="syz.3.3668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ec6aeebe9 code=0x7fc00000
[ 1362.889933][   T38] audit: type=1326 audit(1756408683.267:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18225 comm="syz.3.3668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3ec6a8ade9 code=0x7fc00000
[ 1365.535506][   T37] team0 (unregistering): Port device team_slave_1 removed
[ 1365.714126][   T37] team0 (unregistering): Port device team_slave_0 removed
[ 1366.656171][T18202] bpq0: entered promiscuous mode
[ 1366.996565][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1366.996647][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1371.625048][T18071] chnl_net:caif_netlink_parms(): no params data found
[ 1372.766370][T18088] chnl_net:caif_netlink_parms(): no params data found
[ 1374.467494][T18298] input: syz0 as /devices/virtual/input/input16
[ 1379.373068][T18071] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1379.373236][T18071] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1379.373527][T18071] bridge_slave_0: entered allmulticast mode
[ 1379.378202][T18071] bridge_slave_0: entered promiscuous mode
[ 1379.925780][ T5914] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[ 1380.445354][ T5914] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1380.445410][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1380.445438][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1380.445462][ T5914] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1380.447021][ T5914] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1380.447048][ T5914] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1380.447069][ T5914] usb 4-1: Manufacturer: syz
[ 1380.523330][ T5914] usb 4-1: config 0 descriptor??
[ 1380.546018][T18071] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1380.546166][T18071] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1380.546448][T18071] bridge_slave_1: entered allmulticast mode
[ 1380.562687][T18071] bridge_slave_1: entered promiscuous mode
[ 1381.151657][ T5914] appleir 0003:05AC:8243.0019: unknown main item tag 0x0
[ 1381.209920][ T5914] appleir 0003:05AC:8243.0019: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[ 1381.378326][T18088] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1381.378478][T18088] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1381.378765][T18088] bridge_slave_0: entered allmulticast mode
[ 1381.381979][T18088] bridge_slave_0: entered promiscuous mode
[ 1381.416670][  T990] usb 4-1: USB disconnect, device number 31
[ 1381.422539][T18088] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1381.422851][T18088] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1381.423184][T18088] bridge_slave_1: entered allmulticast mode
[ 1381.452780][T18088] bridge_slave_1: entered promiscuous mode
[ 1381.816990][T18356] binder: 18355:18356 ioctl 4018620d 0 returned -22
[ 1382.364984][T18354] fido_id[18354]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[ 1382.620580][T18071] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1383.855057][T18071] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1383.890697][T18088] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1384.155133][T18088] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1384.184359][T18369] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1384.827119][T18071] team0: Port device team_slave_0 added
[ 1385.183306][T18396] binder: 18394:18396 ioctl 4018620d 0 returned -22
[ 1385.904015][T18071] team0: Port device team_slave_1 added
[ 1385.905974][T18088] team0: Port device team_slave_0 added
[ 1385.907540][   T37] bridge_slave_1: left allmulticast mode
[ 1385.907563][   T37] bridge_slave_1: left promiscuous mode
[ 1385.907747][   T37] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1386.103716][   T37] bridge_slave_0: left allmulticast mode
[ 1386.103768][   T37] bridge_slave_0: left promiscuous mode
[ 1386.104128][   T37] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1386.325860][T18412] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3714'.
[ 1386.342544][   T37] bridge_slave_1: left allmulticast mode
[ 1386.372195][   T37] bridge_slave_1: left promiscuous mode
[ 1386.372477][   T37] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1386.546003][   T37] bridge_slave_0: left allmulticast mode
[ 1386.546038][   T37] bridge_slave_0: left promiscuous mode
[ 1386.546312][   T37] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1386.886396][T18427] misc userio: Invalid payload size
[ 1386.886600][T18427] misc userio: No port type given on /dev/userio
[ 1387.278866][   T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1387.393968][   T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1387.488863][   T37] bond0 (unregistering): Released all slaves
[ 1387.804196][   T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1387.914648][   T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1387.994487][   T37] bond0 (unregistering): Released all slaves
[ 1388.057981][T18088] team0: Port device team_slave_1 added
[ 1388.253434][T18425] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1389.478667][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1389.940799][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1390.075407][T18071] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1390.075425][T18071] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1390.075453][T18071] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1390.140185][T18088] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1390.140203][T18088] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1390.140232][T18088] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1390.154058][T18071] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1390.154081][T18071] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1390.154116][T18071] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1390.433041][   T37] hsr_slave_0: left promiscuous mode
[ 1390.496736][   T37] hsr_slave_1: left promiscuous mode
[ 1390.593418][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1390.711446][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1390.792073][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1390.941903][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1390.973000][   T37] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1391.018113][   T37] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1391.308667][   T37] hsr_slave_0: left promiscuous mode
[ 1391.342809][   T37] hsr_slave_1: left promiscuous mode
[ 1391.343833][   T37] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1391.394094][   T37] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1392.219077][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1392.326877][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1392.458896][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1392.547819][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1392.582646][    C0] ==================================================================
[ 1392.582672][    C0] BUG: KASAN: slab-use-after-free in rose_timer_expiry+0x471/0x4b0
[ 1392.582781][    C0] Read of size 2 at addr ffff8880324e202a by task ktimers/0/16
[ 1392.582801][    C0] 
[ 1392.582815][    C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1392.582842][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1392.582857][    C0] Call Trace:
[ 1392.582865][    C0]  <TASK>
[ 1392.582874][    C0]  dump_stack_lvl+0x189/0x250
[ 1392.582909][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1392.582943][    C0]  ? __kasan_check_byte+0x12/0x40
[ 1392.582972][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1392.583003][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1392.583034][    C0]  ? lock_release+0x4b/0x3e0
[ 1392.583066][    C0]  ? __virt_addr_valid+0x1c8/0x5c0
[ 1392.583100][    C0]  ? __virt_addr_valid+0x4a5/0x5c0
[ 1392.583135][    C0]  print_report+0xca/0x240
[ 1392.583164][    C0]  ? rose_timer_expiry+0x471/0x4b0
[ 1392.583195][    C0]  kasan_report+0x118/0x150
[ 1392.583226][    C0]  ? rose_timer_expiry+0x471/0x4b0
[ 1392.583255][    C0]  rose_timer_expiry+0x471/0x4b0
[ 1392.583285][    C0]  call_timer_fn+0x17b/0x5f0
[ 1392.583316][    C0]  ? __pfx_rose_timer_expiry+0x10/0x10
[ 1392.583340][    C0]  ? call_timer_fn+0xbe/0x5f0
[ 1392.583370][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[ 1392.583405][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1392.583473][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1392.583521][    C0]  ? __pfx_rose_timer_expiry+0x10/0x10
[ 1392.583547][    C0]  __run_timer_base+0x648/0x970
[ 1392.583583][    C0]  ? __pfx___run_timer_base+0x10/0x10
[ 1392.583620][    C0]  run_timer_softirq+0xb7/0x180
[ 1392.583649][    C0]  handle_softirqs+0x22c/0x710
[ 1392.583683][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[ 1392.583718][    C0]  run_ktimerd+0xcf/0x190
[ 1392.583750][    C0]  ? __pfx_run_ktimerd+0x10/0x10
[ 1392.583780][    C0]  ? schedule+0x91/0x360
[ 1392.583832][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[ 1392.583861][    C0]  smpboot_thread_fn+0x542/0xa60
[ 1392.583890][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[ 1392.583923][    C0]  kthread+0x711/0x8a0
[ 1392.583959][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[ 1392.583986][    C0]  ? __pfx_kthread+0x10/0x10
[ 1392.584023][    C0]  ? __pfx_kthread+0x10/0x10
[ 1392.584058][    C0]  ret_from_fork+0x3fc/0x770
[ 1392.584089][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 1392.584121][    C0]  ? __switch_to_asm+0x39/0x70
[ 1392.584141][    C0]  ? __switch_to_asm+0x33/0x70
[ 1392.584162][    C0]  ? __pfx_kthread+0x10/0x10
[ 1392.584202][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1392.584233][    C0]  </TASK>
[ 1392.584241][    C0] 
[ 1392.584247][    C0] Allocated by task 16035:
[ 1392.584258][    C0]  kasan_save_track+0x3e/0x80
[ 1392.584281][    C0]  __kasan_kmalloc+0x93/0xb0
[ 1392.584306][    C0]  __kmalloc_cache_noprof+0x1a8/0x320
[ 1392.584334][    C0]  rose_add_node+0x26e/0xe60
[ 1392.584352][    C0]  rose_rt_ioctl+0xaa8/0x1040
[ 1392.584369][    C0]  rose_ioctl+0x3ce/0x8b0
[ 1392.584422][    C0]  sock_do_ioctl+0xdc/0x300
[ 1392.584474][    C0]  sock_ioctl+0x579/0x790
[ 1392.584491][    C0]  __se_sys_ioctl+0xfc/0x170
[ 1392.584513][    C0]  do_syscall_64+0xfa/0x3b0
[ 1392.584562][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1392.584584][    C0] 
[ 1392.584588][    C0] Freed by task 18202:
[ 1392.584598][    C0]  kasan_save_track+0x3e/0x80
[ 1392.584620][    C0]  kasan_save_free_info+0x46/0x50
[ 1392.584637][    C0]  __kasan_slab_free+0x5b/0x80
[ 1392.584659][    C0]  kfree+0x195/0x550
[ 1392.584682][    C0]  rose_rt_device_down+0x490/0x500
[ 1392.584712][    C0]  rose_device_event+0x688/0x700
[ 1392.584741][    C0]  notifier_call_chain+0x1b6/0x3e0
[ 1392.584767][    C0]  __dev_notify_flags+0x18d/0x2e0
[ 1392.584813][    C0]  netif_change_flags+0xe8/0x1a0
[ 1392.584839][    C0]  dev_change_flags+0x130/0x260
[ 1392.584884][    C0]  dev_ioctl+0x7b4/0x1150
[ 1392.584927][    C0]  sock_do_ioctl+0x22c/0x300
[ 1392.584947][    C0]  sock_ioctl+0x579/0x790
[ 1392.584965][    C0]  __se_sys_ioctl+0xfc/0x170
[ 1392.584986][    C0]  do_syscall_64+0xfa/0x3b0
[ 1392.585012][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1392.585032][    C0] 
[ 1392.585037][    C0] The buggy address belongs to the object at ffff8880324e2000
[ 1392.585037][    C0]  which belongs to the cache kmalloc-512 of size 512
[ 1392.585057][    C0] The buggy address is located 42 bytes inside of
[ 1392.585057][    C0]  freed 512-byte region [ffff8880324e2000, ffff8880324e2200)
[ 1392.585079][    C0] 
[ 1392.585084][    C0] The buggy address belongs to the physical page:
[ 1392.585106][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880324e2000 pfn:0x324e0
[ 1392.585132][    C0] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1392.585152][    C0] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[ 1392.585176][    C0] page_type: f5(slab)
[ 1392.585214][    C0] raw: 0080000000000240 ffff888019841c80 ffffea0000c49a10 ffffea00018d0f10
[ 1392.585234][    C0] raw: ffff8880324e2000 000000000010000e 00000000f5000000 0000000000000000
[ 1392.585254][    C0] head: 0080000000000240 ffff888019841c80 ffffea0000c49a10 ffffea00018d0f10
[ 1392.585275][    C0] head: ffff8880324e2000 000000000010000e 00000000f5000000 0000000000000000
[ 1392.585296][    C0] head: 0080000000000002 ffffea0000c93801 00000000ffffffff 00000000ffffffff
[ 1392.585315][    C0] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000004
[ 1392.585327][    C0] page dumped because: kasan: bad access detected
[ 1392.585339][    C0] page_owner tracks the page as allocated
[ 1392.585348][    C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5206, tgid 5206 (udevadm), ts 34256325679, free_ts 34229970254
[ 1392.585396][    C0]  post_alloc_hook+0x240/0x2a0
[ 1392.585427][    C0]  get_page_from_freelist+0x2119/0x21b0
[ 1392.585448][    C0]  __alloc_frozen_pages_noprof+0x181/0x370
[ 1392.585469][    C0]  alloc_pages_mpol+0xd1/0x380
[ 1392.585497][    C0]  allocate_slab+0x8a/0x370
[ 1392.585518][    C0]  ___slab_alloc+0x8d1/0xdd0
[ 1392.585550][    C0]  __kmalloc_cache_noprof+0xe6/0x320
[ 1392.585578][    C0]  kernfs_fop_open+0x3f0/0xdd0
[ 1392.585604][    C0]  do_dentry_open+0x9ae/0x1350
[ 1392.585637][    C0]  vfs_open+0x3b/0x350
[ 1392.585654][    C0]  path_openat+0x2ef1/0x3840
[ 1392.585674][    C0]  do_filp_open+0x1fa/0x410
[ 1392.585695][    C0]  do_sys_openat2+0x121/0x1c0
[ 1392.585713][    C0]  __x64_sys_openat+0x138/0x170
[ 1392.585732][    C0]  do_syscall_64+0xfa/0x3b0
[ 1392.585761][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1392.585781][    C0] page last free pid 5206 tgid 5206 stack trace:
[ 1392.585795][    C0]  __free_frozen_pages+0xb59/0xce0
[ 1392.585826][    C0]  __put_partials+0x159/0x1a0
[ 1392.585843][    C0]  __slab_free+0x2b3/0x390
[ 1392.585863][    C0]  qlist_free_all+0x97/0x140
[ 1392.585884][    C0]  kasan_quarantine_reduce+0x148/0x160
[ 1392.585906][    C0]  __kasan_slab_alloc+0x22/0x80
[ 1392.585931][    C0]  __kmalloc_noprof+0x1a5/0x430
[ 1392.585956][    C0]  kernfs_fop_write_iter+0x159/0x4f0
[ 1392.585982][    C0]  vfs_write+0x5d2/0xb40
[ 1392.586003][    C0]  ksys_write+0x14b/0x260
[ 1392.586026][    C0]  do_syscall_64+0xfa/0x3b0
[ 1392.586053][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1392.586074][    C0] 
[ 1392.586079][    C0] Memory state around the buggy address:
[ 1392.586092][    C0]  ffff8880324e1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1392.586108][    C0]  ffff8880324e1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1392.586124][    C0] >ffff8880324e2000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1392.586135][    C0]                                   ^
[ 1392.586148][    C0]  ffff8880324e2080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1392.586163][    C0]  ffff8880324e2100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1392.586175][    C0] ==================================================================
[ 1392.586216][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1392.586235][    C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1392.586263][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1392.586278][    C0] Call Trace:
[ 1392.586287][    C0]  <TASK>
[ 1392.586297][    C0]  dump_stack_lvl+0x99/0x250
[ 1392.586332][    C0]  ? __asan_memcpy+0x40/0x70
[ 1392.586355][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1392.586388][    C0]  ? __pfx__printk+0x10/0x10
[ 1392.586420][    C0]  vpanic+0x281/0x750
[ 1392.586454][    C0]  ? __pfx_vpanic+0x10/0x10
[ 1392.586485][    C0]  ? irqentry_exit+0x74/0x90
[ 1392.586519][    C0]  panic+0xb9/0xc0
[ 1392.586550][    C0]  ? __pfx_panic+0x10/0x10
[ 1392.586582][    C0]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[ 1392.586613][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1392.586647][    C0]  ? rose_timer_expiry+0x471/0x4b0
[ 1392.586671][    C0]  check_panic_on_warn+0x89/0xb0
[ 1392.586695][    C0]  ? rose_timer_expiry+0x471/0x4b0
[ 1392.586718][    C0]  end_report+0x78/0x160
[ 1392.586747][    C0]  kasan_report+0x129/0x150
[ 1392.586777][    C0]  ? rose_timer_expiry+0x471/0x4b0
[ 1392.586806][    C0]  rose_timer_expiry+0x471/0x4b0
[ 1392.586833][    C0]  call_timer_fn+0x17b/0x5f0
[ 1392.586863][    C0]  ? __pfx_rose_timer_expiry+0x10/0x10
[ 1392.586886][    C0]  ? call_timer_fn+0xbe/0x5f0
[ 1392.586915][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[ 1392.586950][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1392.586977][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1392.587004][    C0]  ? __pfx_rose_timer_expiry+0x10/0x10
[ 1392.587029][    C0]  __run_timer_base+0x648/0x970
[ 1392.587063][    C0]  ? __pfx___run_timer_base+0x10/0x10
[ 1392.587100][    C0]  run_timer_softirq+0xb7/0x180
[ 1392.587128][    C0]  handle_softirqs+0x22c/0x710
[ 1392.587162][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[ 1392.587206][    C0]  run_ktimerd+0xcf/0x190
[ 1392.587238][    C0]  ? __pfx_run_ktimerd+0x10/0x10
[ 1392.587268][    C0]  ? schedule+0x91/0x360
[ 1392.587298][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[ 1392.587326][    C0]  smpboot_thread_fn+0x542/0xa60
[ 1392.587355][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[ 1392.587388][    C0]  kthread+0x711/0x8a0
[ 1392.587423][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[ 1392.587451][    C0]  ? __pfx_kthread+0x10/0x10
[ 1392.587488][    C0]  ? __pfx_kthread+0x10/0x10
[ 1392.587522][    C0]  ret_from_fork+0x3fc/0x770
[ 1392.587553][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 1392.587586][    C0]  ? __switch_to_asm+0x39/0x70
[ 1392.587607][    C0]  ? __switch_to_asm+0x33/0x70
[ 1392.587628][    C0]  ? __pfx_kthread+0x10/0x10
[ 1392.587662][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1392.587692][    C0]  </TASK>
[ 1392.587984][    C0] Kernel Offset: disabled