last executing test programs:

6m13.659193859s ago: executing program 4 (id=551):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), 0xffffffffffffffff)
mount$tmpfs(0x0, 0x0, 0x0, 0x10a40a2, &(0x7f0000000040)=ANY=[@ANYBLOB="f4697a65"])
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB="88020000", @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="6102330050300100080211000001080211000000505050505050"], 0x288}, 0x1, 0x0, 0x0, 0x800}, 0x0)

6m12.413130155s ago: executing program 4 (id=553):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
sendto$inet6(r0, &(0x7f0000000a00)="d29aeca7e286489a1c307cd2658856583c38961c77f7b56ab3fdcd39b0ffd7dc051355bc21a69f90cda244a2d3c24dd8f03b4ceecf34855f45da720986512eb90759f115f6ca026bf0511f52c9b48e9c1d1dd6420ae085948ea8299ea48f01aca22e9cc5886c8825387466af6f4dca7b298e22927ca55e83e5c97bdf565c01c33874c8f1d3894c120feb71f3cbc7319e455c2546bbd3e4d38a37de0e84cf79ac47bcfd7a1ebc69be42e098ca862a790cfb23876003f8cd3d03cfcc596f23474f457575f666e8b9df90d5abb8fe17d6d5d2b3b9715c4d3cd9303d10c8d991825075ef8c45a5d351b154e0ea40c5b7a80ec4b17b5061ce7f437ce4d8cc4f99ca4418854ac05afd03056bb6e060bf38ff8b5c18a0013b122c0434725b0b36f33b54dac41c58da9264a14ef3128c4dc9fbd0d8109f1dc490dfdce60f5ff31752c7d7f1f3ace3b4fef50b459990e1b9fe7ca44d14b628d13c799c410ce00e043fe90e06c4d4e984974052d99055e18b6bf92e8478ce40d5969a724bd4a79a11b3e94b7d84215d3b339e90bc1588bd3ce7deaa3cc46124a74806e21945ee4bb49c627b49fade731fe48f125d8c1780b5a057f333688e7c04a1ed496fa5377f39bddcdc7d778bac59175d69f547e5847ce06ee069bf10d5ab87cf991ff1ce43528b4d17364c17e106b97e385f06c62188606417ceb9a077621f6314f3036d9987a649902bb678c3fc8256eab303d70ed4ae2f936afc77cb687b0c27ad2dde812099f3412a7aa47138f2d990c2e98aa3fbbadb6a2c350eeee239c4bc4a05a8c43d7ba224d19269b38ab8b85805c5e438be3dd572b78a8f2ed10025d466c5f7cf33766c4e3f39bb99af1ad796cdbdde45975a9726469ce04be13901f44fa7ca06e06247ff42da34f0e6752767148f767a5d5e8cda86c972f192c193e36b2f1f0f0f6aa1e5042eda57eea9b3f7343997b8ff42398098203ce953a5791dba862abc0fb64cfa21cf2d16e98cc726bdd655a6cc0439056b9f090852b89b433371273be17da4a75532b0e45ef799df8590e4990b832992745b92d2b5eb8c096f3d154af0020dacd4cb34be33cbdea5f58ccdf3c301b344b3b2177bbccabf59b97f5c47311bfe7509dff2deb3225b9dfd59e5dc99f66ec5f5e3ec01bf74cc09cdd2b163357e0a5059b97ab3c233ea199c35466e7be68a66d54de3ca820afb353ddd9233d28981edf8024bea2cd506918b4726b7073201c966df3bf6abdb1e0b0828c91438d2af71ea63f5bbdd45da50e7623317d0db321f0fe1f7f980c6510d7773838ecd24367ece32ad26ef87cdd87dfc10d80e8b0eeefabb56ab936846f40314479bf7e9513f446c0ac18094f852ae1068b52708e5d172f00f03ad83ff12fa6471665ab64fb68a8dfd453bf0495759bc2f6323c028e06cb656582c65dab32474dc99366dfe738d53cfb2b744fdea9587bdcaea48f540146348386021144e4b2c0b07b19fde30bb3f5f70931a34b4a19e04d928a0fc683419b59e6683bc7a8ecb9d3768e70ea4110cc5f3ba3ead2b1093f33ac49996d80af930ddd32547dd1d09cece15c476b51d4e11e04cd9f4af3815eb66e2021cecea70cdb46638fdb4be69c94650fa742c430b5173e9846be1f592ccc5cf143cdba7f851d7f4a201255590267093720004b2799582b1391f56d25cac41cba297ed095e617e26155b349e75cb434e7ad94e28b55405c66bfe13b2e25adef68f0f97dc25b8ebfa828848f9781648186e0727aba7e0f678d4eb14a270dfcec5e691d680fc7e8f07ced4b48778cc3ecdc4a52c0e460d4501df5c0fecbb2ddcdc6fed9794ca3c23583062b870bf43cc8137421710427a31c52747d224a0d3d80beaa549d0c547b2292f5d6725c8dae657cc47529ae4fd1496ff62420a7264a8bb92798200a4df7bde47471c6825dee43cd2456aa43fb864a9b2cb3c6aebfd91cfc8092a6834c9cdaa0c33ad2f955d1d81e17725ccdc4f80d6c1d5fa0da446623dbec06a10300c11e8b68e39b3a6f60143da65969522ac140adebc9d5a9cffa1571ed9d6519544188dac6e5c3464907fca4d9090ef54488e542da6e77bc42cd37650443f2e64abffe0e476073c7cf793b1a501fafbd1e09530d4d270aa2c90e6244b8e1709a3a061bdc9e2638825feacf2fb655f092d226e16d4a752b09751dac9dcb3a0e764f1a1ae47d35f23345724c62daf31049e8bbcb7508210c9d9756ad56609b407204528b5c539413796062e8f5aa12fd7cd0b83a27286b624542cfda67facb309f13c2a7970b387b6e70c9a15b90507d5d05796bfdc31dca426efc82c31135aceec781885be00166976f2af31aef8c56ac8a55de7dec0d54c336e85bd7e4aab3f817bb504933b64c5abdcae494b63d176d523c74f95e19ecca7e0bb9bd9b36f8fc5ff803952bcd9a7286a1465cdd4f624627591f2815ca7721fca7282e7397a00bc08aec651e16550440b7cceeb7c874b7fd895844cc66b9a0841c6a7ed81a8f34da9d53831f92801d09d2459244f40919e26529adc1fb4bf3467ca4f8ae96ebd6bac4983720946c77cdaa055a22adc553c6ab80dac5b86427d124eb4d6c58b56bc89853f3f987c89df218dd9dd8eb45ce716bdfca1d9dbb21664cb152131212c555c125277270e2ff092f9c24cacbbf917363e09d580a043e3c4e80a025199d112f3afc72295a29ce7f370006e48239c481e3e40cc9025b63c4efd9ad6f8c98ab17acf8c4546e59e261ac55204d0e5903d9511b467d546d62a539740c3cd64765650020e96b24ac3aa8b1c8ee04457af4829a832048f26c4a5ba3add6ef83c2bee30209d252f8b3ccf3d4c54f90c0657503ddf6f9c4bef0996a7483b8e558cb85890c04b13857a12910a85a10c8416ca9f61b4b4f4cf54c40072f54232faa1d6d5b6b3ff083954194fb43117df1ad9c206f900762a5a840bf44f51f199e25840013b4b9d83b497023911c3f3b5d0c05d3752b95a11b043a91ac646d967f59757fc49d486df046101b1c357c77a803a4f4fc373e7facad8a581ca5cd675ec9420ebb8e486dd35a3d49b088a15b93455385dceaa0049335e7b1152c8d709235043e170d4037a0ec8bbbc6ade583b06cf9695351d4113fb6a3aca24c045ffb8dad6cd670e8268ee8b2de3c4685046caa334ceec10de3f735770b373b84ea13a13442761ae67331af89db654ebe9d6336204d14b17fe5efb7bbfab54facb9fa54b87d2054172ab00119ae645f0949f60cc62db1fe0562db15222f34ca55f547c13dcca209a0670ce777c2f15d8c316291f034c67a8345bafab73e4c23719515a1a96cbb5bf525890aac916711d3c6e212dd81896c09763ef4ea044ffb8b1755ec30d060c8beb543ab114473f206b28a886357d4fe3b1a694c396687b12e1b0e83ea5fb9947e6f0409154802120fe005241d08aa3c691e1637721e6e9bd60da448a12c1e30eea99c6bd3d9d9f2ca665be7f385a9f6d75dc56c0df20887fff895d3225f3a7879469212b5acdc4e70df1bab2f10d0b70e40208326ff2cbce6aa1e09cb5287eb33273e1103f6324742697c4d75b6265a17bf759d034ecb4eec2e19fbe147fa0d75c444499a2d971a6ff9c8435881de4baa947f1d73bed7d86b46104d622b3dd2e77097775fdae0fda86a3ac2b5b0673529e9597921c376af246bb53550d346c05ce63e6ec7ab03116302558b26ad3aa255b9e479a41705fadab91fad98569d9e2d41ddd02dfaac9a1c5358c29636ebbc07fbaa8feb2863c815265c97f5cec314eeceafaad134b9a93f2fb89ab449efc0f7240744b86a4d113b9e15992430cd64049467966b032aadd72319ba2c1657b3e209bdc6fd704e378949bfc157c812f254c793d5771a2774ff980c4ac81e9678e825e41c6ac25299a5dfa86da9eaaf2924e1aa6dccd787de0879ff718fa84d27efd66d15d22912cfb7e4ae708b8cc36681c89c0148d9fca0c2ac8b13553499ce2ea58ae7e63c79ab6a5b7765b03f02c662298d31fba0055cdcc7f0538a50ec3bc6dea61e72870665e7bc1b7f052bcb5da86b98e3549712253c87a1d5826584b6b63c9dfa597cfabfcb5d571e08570151dd05cafe1808761f34d0c5e5db5a549300f856ffff52c5028f5414968f38308c2314e32252ec85eff977c85cdccc49565a99b966e92d582b3e54d162076f95e4e6802eb3e62f7c20d81db0f32abd9cd6da4399419aab0eb5b52d0f5a8a9cef067925a4df0b617244ea13c213293cb65e0cce03dd3c0edb55900e2bf6aa81a314e7fc2f09646ce46289baf3b566541708473b191c7c3b735ddbbcc2909d9dd92bd17c3230ffac1bdd2603cca20635739ac44724a9f35151fca9687fad629fbd1314b0c83094c27aea7a8606a67690f6011682aca421185cfc06fac1cbb6123c2f62f4ffaa04b4ce58df540981253b85e30d2df8ac221fd60e434683932d7c730a8afa762817f0876aa983a0bfafd692abf64c133ebcefd0d155551e2801092d3c03a86fb6cad0507d6cca16da56e67d6a757c9e04f5c98bba5baebd1920138c963c99088111fc4ecb2d93dff81f4211ebaecaf9c2daec1a56e9f7cb4959b85bca18b813c74c47451b090defa5817648e70213a59ff76f29877b46bbc7e1ec41951cbc78e511e5a81a854898d0308a42aa38ff30e773b18e1ff0af4417e623b82bacaed1842fa6d94a70f566eeb6f551bb258f333fb14dd3a516e5c5246a2927d862682cabc41ac65194b5a347cc0908a53908dd2302f76c10ba12e3b08115ba1af2b0f0797bb8e66575f67c4163f33a1bf5c01ad1c31774863d7dd4951df8a207bba92f41762eb0a8aace69d8d7b73a91b015e26c64819bf1c620f950eeb29cf4d5738e0eeeb23cbd9945a8a878fd44f41ab9b6e23dd136383978392c06223415d61e5fe2ac07eeb8420d843f7eb4da32c2da8351fe1cac0a2884b1d84f10a3eef169c901db40fb4f27afdd96a3ae4b5cb27fb8131a1149c47f2da47eddc2026c0be545f87c8d5f230f339398842b42ac3ed61352126a10e66f56baa04fd67f292a67a31706efd2563db1926ed582fa926f45f06c3f3e6c8e77804ff17ba5fbcad0da5e4ea12392cdc8e908ee51207734a6764568ba9f70565fb0ac4dc97f1de0916802319ff759e5cbadd84a04981e01461bdd6ca4ef06c222389719ef4d2f1b8838011a7deef4aa89fa1fdaca9183665ed0531292d81b6a111a7bdc6894da4f527856772eef7c1677ccc76ff1d4b3a3878217bf274bae43b86b015ebab51cb7e91a63bb970c2a058c33096e578c154133ceba81f28206320ec590a1abf1bf653d49029b528577559dc94461bee1cc9a3b04a875e1ac12509435d7eeafd0ea4f05222672e36a8eb69e95f7fb655b3c87e899fa3bc20837aac1bc5cc3bc10c18f353757355e51253e8a4f5ec9e251c21df4143a7e031136bc5df90aec17214d134a830d4cb37459659c6735d167c48cfdee866a55adcaab0e0474b0eadaa2c593e11f5b574e52b9f5aef890ecd81c1956dfd24f75e31e175a951fc5ce7dccc3cab0279ffd138e3987b789275e0f40f8549acb77b25851941b805f1e79f3f279f5ce7b8c173d6929b01fc46247d5713a03582fab696e8b0036396b7d4885bbffb66487fb93681da1244a24bc7551f4c1128803ec36d31b82578350d81756f993c0ea630030b0b32aa100789e6868e6836f8b2fa5672cee774d76872a33145be6920db91397282e59bba64cde50dbf4c50508bc0454542992b82ed7b1fe2d99610296488c9643a0c079a855ebcb7", 0x1000, 0xc000, &(0x7f0000000100)={0xa, 0x4e20, 0xd71, @local, 0x3}, 0x1c)
write$UHID_CREATE2(r0, &(0x7f0000001a80)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r0, 0x0)
ioctl$BLKBSZGET(r0, 0x80081270, &(0x7f0000001a40))
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0xce56fe61a68fc369, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@mcast1, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x754, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc, 0x7}, 0x70bd2a, 0x3504, 0xa, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0)

6m7.551983984s ago: executing program 4 (id=571):
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)={0x3c, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x17}]}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)

6m6.062724148s ago: executing program 4 (id=576):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1100)
mount$bind(&(0x7f0000000440)='./file0\x00', &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x10a5840, 0x0)
move_mount(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', r0, 0x0, 0x272)

6m5.342410892s ago: executing program 4 (id=580):
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x20846, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000700)="420f01d10f094b0fc75e003ea70f0059d848b8c74ce21d2e61007a0f23d00f21f835000000070f23f8410f01c20f20e035010000000f22e0c744240001351347c744240200000100c7442406000000000f011c24c4c1f95a46e3", 0x5a}], 0x1, 0x4e, 0x0, 0x0)
write$P9_RLERRORu(r0, &(0x7f0000000240)=ANY=[], 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x6, 0x14, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xffffff99}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@jmp={0x5, 0x1, 0x1, 0x1, 0x9, 0x10, 0x4}, @exit, @generic={0xd9, 0x9, 0x5, 0x3}, @cb_func={0x18, 0x0, 0x4, 0x0, 0x6}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000180)='syzkaller\x00', 0x5, 0xc0, &(0x7f0000000480)=""/192, 0x41100, 0x24, '\x00', 0x0, 0x25, r0, 0x8, &(0x7f0000000280)={0xa, 0x1}, 0x8, 0x10, &(0x7f00000002c0)={0x0, 0xb, 0x10001, 0x9}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000540)=[{0x2, 0x1, 0x6, 0x6}], 0x10, 0x2}, 0x94)
getsockname$packet(r0, &(0x7f0000000640)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000680)=0x14)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x1, 0x2, &(0x7f0000000140)=@raw=[@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x8}, @exit], &(0x7f00000000c0)='GPL\x00', 0x9}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000006c0)={r2, r3, 0x25, 0x6, @void}, 0x10)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, r3, 0x30, 0x19, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)=[0x4], 0x0, 0x0, 0x1, 0x1}}, 0x3c)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0])
mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040))
r4 = userfaultfd(0x801)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4})
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0xfffffffffffffffe)

6m4.788114985s ago: executing program 3 (id=582):
socket$nl_xfrm(0x10, 0x3, 0x6)
mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000040)={0x0, 0x5cd0, 0x100, 0xfffffffc, 0x1bc}, &(0x7f0000002180)=<r2=>0x0, &(0x7f00000001c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0)
chdir(&(0x7f0000000280)='./file1\x00')
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r3, 0xffffffff80000800, 0xee01, &(0x7f00000000c0)={0x0, 0x1, 0x2000200000a95c, 0x9, 0x4000000201, 0x80000001, 0x48cd, 0xfffffffffffffffc, 0x800000df})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
openat$incfs(0xffffffffffffff9c, &(0x7f0000000080)='.log\x00', 0x1812c1, 0x0)

6m3.244001272s ago: executing program 3 (id=585):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000005000000080000000f"], 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x14, &(0x7f0000000880)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000840)={r1}, 0xc)

6m1.608150956s ago: executing program 3 (id=588):
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001"], 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a0000000000000000181200", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r1}, 0x18)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r2, &(0x7f0000000180), 0x40010)

6m1.215139108s ago: executing program 3 (id=592):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1100)
mount$bind(&(0x7f0000000440)='./file0\x00', &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x10a5840, 0x0)
move_mount(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', r0, 0x0, 0x272)

5m59.23208707s ago: executing program 3 (id=596):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = accept$inet(0xffffffffffffffff, 0x0, &(0x7f0000000340))
dup3(0xffffffffffffffff, r1, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000400)={{{@in6, @in=@local}}, {{@in=@empty}, 0x0, @in6=@mcast2}}, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
utimensat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r4, 0x560a, 0x0)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x9, &(0x7f0000000500)=ANY=[], 0xc)

5m59.07614848s ago: executing program 4 (id=597):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
r1 = io_uring_setup(0x3eae, &(0x7f0000000080))
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

5m58.774520524s ago: executing program 32 (id=597):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
r1 = io_uring_setup(0x3eae, &(0x7f0000000080))
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

5m56.93401789s ago: executing program 3 (id=603):
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2982, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f00000007c0)={0x40000000000ff80, 0x0, &(0x7f0000000700)={&(0x7f0000001900)=ANY=[@ANYBLOB="020f000015000000000000000000000005000500000000000a00001000000000000000000000000000432e0000000000000000000000000008001200000002000000f1edc4ea00000600000000000000000000000000000000000000000000000000000000000000fc01000000000000000000000000810005000600000000000a00000000000000ff0200000000000000000000000000010000000000000000010018"], 0xa8}}, 0x40080)

5m56.09350841s ago: executing program 33 (id=603):
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2982, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f00000007c0)={0x40000000000ff80, 0x0, &(0x7f0000000700)={&(0x7f0000001900)=ANY=[@ANYBLOB="020f000015000000000000000000000005000500000000000a00001000000000000000000000000000432e0000000000000000000000000008001200000002000000f1edc4ea00000600000000000000000000000000000000000000000000000000000000000000fc01000000000000000000000000810005000600000000000a00000000000000ff0200000000000000000000000000010000000000000000010018"], 0xa8}}, 0x40080)

59.764228163s ago: executing program 5 (id=1440):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r0, &(0x7f0000000600)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r1, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x503, 0x70bd2d, 0x700, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @gre={{0x8}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x2000000)

59.095177874s ago: executing program 5 (id=1443):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000001940), r0)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$rds(0x15, 0x5, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
listen(0xffffffffffffffff, 0x5)
socket$vsock_stream(0x28, 0x1, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
ppoll(&(0x7f0000000500)=[{r4}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
pselect6(0xe, 0x0, 0x0, &(0x7f0000000100)={0x3ff, 0xee, 0xffffffffffffffff, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

57.249772115s ago: executing program 5 (id=1449):
clock_nanosleep(0x8, 0x1, &(0x7f0000000080), 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434e, 0x7, 0x20363059, 0x3, 0x6ea, 0x9, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$kcm(0x10, 0x2, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0200"/15, @ANYRES32, @ANYBLOB="00010080000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\x00\x00'], 0x50)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$xdp(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8004}, 0x0)
io_pgetevents(0x0, 0x91, 0xb, &(0x7f0000000680)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}], &(0x7f0000000100)={0x77359400}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)

55.962547541s ago: executing program 5 (id=1455):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000001740)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route_sched_retired(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000002a00)=@newtaction={0x18, 0x30, 0x1, 0x70bd25, 0x25dfdbfc, {}, [{0x4}]}, 0x18}}, 0x800)
read$alg(r1, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000026c0), 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b702000000200000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000bd000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b}, 0x42)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r7, 0x2000000, 0xfe7f, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r6, 0xc0bc5351, &(0x7f0000002700)={0x10, 0x1, 'client1\x00', 0x2, "feebcfb4d1975c75", "b4cd259950cde1279c49e630ad8e9faee35e6b8354d2dd41e644e6fe8cb478b5", 0x4, 0x400})
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYRESHEX=r1], 0x1bbc}, 0x1, 0x0, 0x0, 0x24048010}, 0xc080)
creat(&(0x7f0000000080)='./file0\x00', 0x20)

53.923336655s ago: executing program 5 (id=1461):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000600000001"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000400), &(0x7f00000001c0)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x19, &(0x7f0000000a40)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xac5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
r4 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x4003, 0x2, 0x81, 0x1ff, 0x1, 0x1}, 0x1c)
recvmsg$unix(r4, &(0x7f0000000100)={0x0, 0x1d, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20)
sendmmsg(r4, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)

53.267082134s ago: executing program 5 (id=1467):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000))
accept4$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000080), 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="000000005e44f954c6b311a854a7ce673b46342911d1f0619eb513229688763fe15f0d4aa096c02e25cced2fcbf03a1058b204cd4e661b715479c92805e4805e1a6a5d8a1eef6226", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32, @ANYBLOB='\x00'/24], 0x50)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r1, &(0x7f00000002c0), 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, 0x0, 0x0)
readv(r1, &(0x7f0000000200)=[{&(0x7f0000001b80)=""/4096, 0x1000}], 0x1)
sendmsg$can_bcm(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
socket(0x10, 0x2, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000640), 0x0, 0x8000}, 0x38)
bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000080)={0x8, 0x40, 0x205}, 0x10)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="500000000206030000000000000000000d0000000c000300686173683a69700005000400000000000900020073797a31000000000c000780080008400000005d05000500020000000500010006"], 0x50}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)={0x40, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0xfffffffe}}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x8}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
recvmsg(r4, 0x0, 0x0)
sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
socket$unix(0x1, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x4d2f02, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="120000000400000004000000"], 0x48)

37.788220385s ago: executing program 34 (id=1467):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000))
accept4$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000080), 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="000000005e44f954c6b311a854a7ce673b46342911d1f0619eb513229688763fe15f0d4aa096c02e25cced2fcbf03a1058b204cd4e661b715479c92805e4805e1a6a5d8a1eef6226", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32, @ANYBLOB='\x00'/24], 0x50)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r1, &(0x7f00000002c0), 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, 0x0, 0x0)
readv(r1, &(0x7f0000000200)=[{&(0x7f0000001b80)=""/4096, 0x1000}], 0x1)
sendmsg$can_bcm(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
socket(0x10, 0x2, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000640), 0x0, 0x8000}, 0x38)
bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000080)={0x8, 0x40, 0x205}, 0x10)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="500000000206030000000000000000000d0000000c000300686173683a69700005000400000000000900020073797a31000000000c000780080008400000005d05000500020000000500010006"], 0x50}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)={0x40, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0xfffffffe}}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x8}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
recvmsg(r4, 0x0, 0x0)
sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
socket$unix(0x1, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x4d2f02, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="120000000400000004000000"], 0x48)

14.752022398s ago: executing program 7 (id=1615):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0xfffffffffffffdbc, 0x2, {{0x1, 0xd, 0x0, 0x9, 0x8}, 0x6, 0x1, 0x1, 0x4, 0x8, 0xe, 0x7, 0x1d, 0x3, 0x9, {0xa2d6, 0x200, 0xb, 0x40, 0x2, 0x1ff}}}}]}, 0x78}}, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket(0x400000000010, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x18)
sendmsg$nl_route_sched(r6, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@gettfilter={0x24, 0x2e, 0x1, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xc, 0xc}, {0x1, 0xfff1}, {0xffff, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20041080)

13.888406073s ago: executing program 6 (id=1618):
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10)
unshare(0x62040200)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, &(0x7f0000000340)={r1, r1, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz1\x00'})
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff})
sendmsg$NL80211_CMD_EXTERNAL_AUTH(r2, &(0x7f0000000680)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000480)={&(0x7f00000005c0)={0x8c, 0x0, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_PMKID={0x14, 0x55, "b0bd9770b624c164691712a44a114a5b"}, @NL80211_ATTR_PMKID={0x14, 0x55, "920308c1b41afbb8c65c1fa8d58e4d7f"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_BSSID={0xa}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_BSSID={0xa}, @NL80211_ATTR_SSID={0x9, 0x34, @random="da475c0298"}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x46}]}, 0x8c}, 0x1, 0x0, 0x0, 0x8080}, 0x4800)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000440))

13.548161038s ago: executing program 7 (id=1620):
r0 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0})
r1 = dup(0xffffffffffffffff)
symlinkat(&(0x7f0000000040)='./file0\x00', r1, 0x0)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x256c, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io(r2, &(0x7f0000000340)={0x18, &(0x7f0000000100)={0x40, 0xe, 0x5, {0x5, 0x38, "cf4022"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r2, &(0x7f0000000480)={0x2c, 0x0, &(0x7f0000000280)={0x0, 0x3, 0x67, @string={0x67, 0x3, "064b765bc5404c731a96cbd8e0ae7ef1716fb019a8243f97526290b788e24695b4b343e7526ac555a1694789a0dcff10bdce1c07375fcd903b0c9efea3ff90339007bdceaa0277470c5c677b089f901a67b0ddf347cd1fdd902243f4ef3bea42e031000000"}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac1(r2, 0x0, 0x0)

10.808689687s ago: executing program 6 (id=1629):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x2, 0x0, 'queue1\x00'})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000002640), &(0x7f0000002680)=0xc)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'})
socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000180))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_open_dev$vim2m(0x0, 0x2, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r2, 0xc044560f, &(0x7f00000001c0)=@mmap={0x0, 0x2, 0x4, 0x0, 0x0, {0x77359400}, {}, 0x0, 0x1, {}, 0x2000000})
syz_usbip_server_init(0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0x200, 0x80, 0x20000, 0x0, 0x0, 0x8}, 0x45)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000568000/0x2000)=nil, 0x1000000, 0x0, 0x11, r3, 0x0)
socket(0x1, 0x803, 0x0)
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0x1f4, {}, {}, @raw32={[0x2600]}}], 0xffc8)

7.390578445s ago: executing program 7 (id=1631):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"})
r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0xfffc, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc10c5541, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_S_AUDOUT(r1, 0x40345632, &(0x7f00000002c0)={0x0, "fbd78df8363b88d9c3a4cae9b29b529de5e20000000000001400", 0x3})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
r3 = socket$inet6(0xa, 0x80003, 0x6)
setsockopt$sock_int(r3, 0x1, 0x26, &(0x7f0000000080)=0x7, 0x4)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x1)
socket(0x18, 0x0, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r4 = socket(0x2b, 0xa, 0x1)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0xffff, 0x2, @empty}, 0x1c)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x90, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_NAT_SRC={0x4}]}, 0x90}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0xc8, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x44, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x400}, @CTA_NAT_SRC={0x2c, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @rand_addr=' \x01\x00'}]}]}, 0xc8}}, 0x0)
setsockopt$inet6_MCAST_LEAVE_GROUP(r4, 0x29, 0x2d, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x80242, 0x1df2a23c5997fa7b)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000c40)={0x5c, r7, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_PEERS={0x34, 0x8, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}, @WGPEER_A_FLAGS={0x8, 0x3, 0x5}]}]}]}, 0x5c}}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)

6.261037938s ago: executing program 6 (id=1633):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x3, &(0x7f0000000040)=[{0x5, 0x9, 0x4, 0x1}, {0x0, 0x1, 0x3, 0x6f}, {0x6, 0x53, 0x5, 0x5}]}, 0x10)
r2 = socket$packet(0x11, 0x2, 0x300)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x2000011, r2, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_coalesce={0x2d, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x200000}})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(0x0, r4)
sendmsg$NFC_CMD_SE_IO(r4, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000005c0)={0x14, r5, 0x1, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000500))
sendmsg$NFC_CMD_GET_DEVICE(r3, &(0x7f0000000600)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000580)={0x0}}, 0x1)
r6 = socket$caif_stream(0x25, 0x1, 0x5)
ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r6, 0x8008f513, &(0x7f0000000440))
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000005c0), 0xffffffffffffffff)
sendto$l2tp6(0xffffffffffffffff, &(0x7f0000000140)="6239c7fb7be59202970cae94a0aa9566e68ee66dcc5e925c56b3c7b3e7ec53ea0c971cf6529c56a15ab4cbf065ebd548329ac27232b674917449ccb2798c8a2e7c1002a6e3d8efb996bd394e17f5855c9d1275897b8b95a495f0ee80eb893b89619ffad3f71f9a9c4458a4ed4bd7abee99a53cea7fc6d1866656c2e3f2998d6603f852b585facadf4506ccfb706cf14e465cac10f4dc3c8eff6ad192020a8f3ac413e52cbd47d5c268920fb936ed3b2c91709c5e2f313863ac6cf82934266c54b49346437d02fb1121c3c99a0e6a5513f2761b8838850086927a7bed964b34c4cf2a67b922c64d85ac41688cdf66090806e92db97c77b46e90adf5b3b39c44ada65f7d11f393b8a790e56b77ba263e5cc95abd3b9f074ec7b8853a07f0b459028b0b402aa6aeb6b7574d08bfa9498b0cc0ae18de7d8acadff005738d27cfc243fe047c2651603b56fababcf3872ef65326779dbb0146e98ddcea026863feb4587138dd49b2c2914e36011215d86e63b202aa977d542f179e7140adf505e1e1121675e92852e0f8ed70306c5d42563debabb2d994545465d5c7977043a6d984d297deff771081225b76eb3d68bfb71858d4b9559889350e41a497fc389f8d060666c7566df27f376f19cdb45426e1fbaff10cb2c3866edc5f54c37959f965dabccebfa4528b38d4e975ef098751d654f0c89b5eae4cb89dafce4ddbdccbf89e5f16819199e82d512b081dec368e1c3cdaff40fa932503aeb90f3399f0fe245b5af279ccc997ba911dd036073323e64045b17aff89babe4f0eabdcd147322b27367d52d809655578fab93fc16345e9a87ea6d4bd299640adc62886c3dde00f6c598dee7219a0934880", 0x268, 0x5000, 0x0, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x2c}}, 0x0)
syz_emit_ethernet(0xf7e, &(0x7f0000000000)={@local, @link_local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0xf48, 0x0, 0x0, @private2, @mcast2, {[], "223427d5c9a46b9fa14172170a013589317d2af31ba55431762f462a5abc3f46494ee91bfca594d52f8c3785143e92da5d2d81edc09f68f122fbf741257bf1319408347a17c89212dfe27a0fc65362487e5afe673f0954f60d9d08b61276ce0b3aa520b5f30a9f52c4aa53fc003f8570383ca63530d93b78a7875338b3d7645ef2c24ab05db63cfdcde7b3cac2248c9d1c73d0d4382b3f520ad6e9be698eaa9bf5b939ce09919c9485c4725690ee2483315829a196f85a5ae552ebe19a2d6768ce2a6bf60fbb53104c7919b7cf28fa555fc9460df11e72eddebb2fc4eb6f83b16e0d65307e4210dfc209f0c68df65b57f420fd215546b798af6b6ab7bfb2fe6bd6142f877852717370b1ca39d199c149c3ead97c4e16229ce4c08a111a0fc64651c21e9174dd72442a9ae2a42d9433c7b54c8dd4b59203f9a2e227e9b043eb430e606cf98f3428ac8511948dd553bc0728c0626fbda71bd2a1d734d605e27bdb0be93b7b91284689e31fccb70c15f2c39da9011c84d36fe4b4b36ff26e45a34685fc638dbdaa068a3d3d4f5d44b74afc0fc7956e5fcc3fe405ac6d292d1d90f257f18fe14a3192d28ed369956aa2f91f9fee773cf7fb5d90705347eeadc1af86de78a498fa1a20e5b3f481a0595769654d969299506d8ffbc172a7fb9453a8a3787e80b167936863f2cc16c1d03481bd40e1abcf87a292559771572136932bf30e48174012a1d4d5f138f93140af2ceb9c821c7966ea7592d762975b5b33ef141b6b91eb388c91b924945c3231d0f299adb5a36e0c95a17872e7ebf0bc0e33baf5c46f9e2087b77bad0794d519ce7bc8674a70f3545d020454ded22f164185df3b4f952b132947b75333993fd73a6bac5836dd5720e559bcb82a4926734c5c3b1287c5fec219a99f71eb398430001f007306e9232c269c2886357f75d935e8de054341ac36f1df1fc77fbc347d90660f4d5658cfeb9e289f70968a7c0b38ae34c4bfa46b47964e223ac34f472e3231e8c285add5713592c76c062c3477beb55b279846f04f8d6a5ce2743c6a2020f0c5164953b8dca7e57239dc8a7f507bcf77767ab0b4602437171a09c8e80f5a165c4c37eaae386cfcb927dd1a935fa717fa1608792b34bafbc20cf11a678455894ede62788309ab7a7075535847a2b48260a613e521b01d75648263ad78e6176528dbf3e6c4e4d72066e617be5387183a51dd97d2e846c5d173b51e17a4c8d78a49c914cbe44236c52c78de45b44f9d80bc6f77c75135922a84579bce77baa71311889f5b7b90c5124b8298d5e9c81c442d60df00795854d3213a1ac254c8963c109f68b3ff5451c381f6fb56c116f86b71f988d1e9f732280cbf3d4e9791fefc4bdec5dc293fb77b02d5aab6bd8cd179b7e425126b7f78c0d004bc6470ecc2bbc422bd06a6bd8f717009509e6a88b01347b7a62b9dea6f7a7446a371f422499a6e66eeb6a7b0beb4a86a61f875a9bfe0f5d5f0d0e4c85852afaea97d74ebc80d6491a8a1c998c4b5bc34b3edaeba2df902cd5e14e016720e6c3c8b15287b2471c34251e26dc442720cd5d984e30b110b7370f233f865b9ac129fdf49ff02b303d7d4f91039d3bb58a9d64d7a72d8b8eba6b45a000370d4f0e9c0d411768441372e7112e5d4e7d70a9d6b428b8b85ee6209d6f73e7b024740c052166deeb843e4ab78d1d354d75a5827ff0d49d8964e75785f3594c7299c0917b48f3b2efb81a4c3a7d6e0f1cf50efe0360963c2e3ee390ed2a4c39f42e856eced0f2ee7beacd2ecbece493e911ca0460584323ea6d4a0c00864693c979cae38f0c5841bfaeebf609d1075163c120fea0bd0207d2dd07e5e2e0a5afe3efee0ee6bb9a926a8dba7a27a82c5421a5b20bfb5dbdef532a12435fcd899f15603209831711e0dcfaaf2104b2016f087fce44848c70b65a34b9be83df2064391fc5a8d169dc1943d226e57ab5ba06c656273d4efba73a8a61aae19df4d2445f3ce7e649af1b4ffc86106c9092ddd0aafeb45653d181cb32b06a1dd41573495f15c3b8c0019ba72a2eb163dfcbdbb235322ae27d7116af506f295c2424ab9191aa8ce0e4617b212af21983f8d2b19d7fdeec881f6fa448acc7c3e133b6f281583fad4467c05801e69f6ffc1ae2e1f54655534d884c2f8f60303da33ccbe47a293643edb61c7d9fad4e3e54028bc64be8e5b1da53446869b136660b8e96ff96c48641ece275967b27b291c5c240b3399b5b901b699227735f821938bc88ded45bada2b257b1a4bcab7ed6647f2027e5680c87329e9cfdba6bde2f2a9b676be016001702bebbabb2eae3eba01d6f49ab70245a4c5ef0e136b531e1843487b3f69c5b811217d6d2f5e71b47f40c28117bd09a88bb21887a06e2cc164d4281d0df47cbd5781f1524098d89ccae32f24c5f9d86469106685fdc683ad5e873030b621dc00354e0621106da90aca69bb53848dd57251a45bc1898aca9bc84c9a8d2f8aabeed888560771c8cb03aab02620430fec8e9740880790060ccbffd5b8edaa219ca61587eff1b1b03ae8af53059f121efdec8b3ee8aba06f494a5b4575bc848d5a9773d2346f75811cb82a078fc960c9bd374555d78b1b4ba0b438ef00e8aa75810ca5efc5c70936e2cb0e515912cb7f625a2130a9ad58f29e58ae6eac5c3f15f22f0163ee6dead6947c4390b92c8dfb146fec7bfc0b37e8ff2c9de90c30f2d8b5e334107f9835bc47fbc193c60ebd5ac4e677c7fd5b6261ff96e97c185c726ec02941bc2336946f181fd2aff43f0e95f06105a049fcb8e4e3738407d6356856f533f17fae281a3be9f2050ae3d19d1b8350d424087ac9b7875824a9b7e098775b53d6ec960fc052ecd165d17a7897de75f15316a072bb9ccf6ce1ec085bb5356c271b985a437a32f12308fc927410fd444bcded9859e7b8a3cfaaf29ebfb92cc7cbfad2559bbe4f90e189e8708e93827b221869cc78fa41fd5bcb6577b7dfe4c3927dc25a58aa84419f76e71d1f3c10cbb5e52ab2bebe0d39bdffda0fa1b55fe3a03683f882a82dd58498d62b101acd710fd436aa7409fe3cf5352dffb399d560323e14d564bdb3121b89c1f43fc9a892b799cd32f7ce2ededb868920b4547735ef0bf3e148251a4f65dddb7f96b2f33734522a8cffdc51520ac98926b3406e96618cf15a042a67239e755afc70ec6a9c99f8e08ec2946e5901364d85223a63d49572519137d93b6b0798e72acf9da120e706ee73367dec1450a68def886c149bcd734469e10b933899501011cd548e99d638821d5709fde050ab382d4896ecfd7999d40ea9c690c26d396545224c8f9e19705593df2688eb592e2476a0193f7054ab6f703d41c545a80bf285bbc7cc735bd306c9ea5eb64f40752fd4c741d9b6e03cd41b636ef8f5e810047a21c0b24c6fde1f2e98f2f27730c90d93af9e7564e4e209a61ff626b666fcc4f75f7d560da688169ff0af5e674a0b89a99fb54bb438a65f953c2db0faec2ce09cec33b6d25620b5a0393ac473fed48a38beaca5223997419876d571ce969b83b5b3ae54de83dd89fd92ed2a93c087828bef49a24ed1a97778c47fdc691a94fd5b437dfe494b5c6fadf499d9d15583b0439d3d5ecb61a32a2508a6960be6009accfd1d5d75a16dbc4121c6ef07bda12646792449c18a56e7aa3893f3f0e55a8e09ca64193dd29ea24ed8614ee8e717f046dd99a8e3750506655331125a502aa89c0d7e8e30c36a4be22cd911322695144d3bf034f38ef32d49431d50da583d08a3e4c5862483cdd52d031b12c89fdaafc3334e877e464134baece883d301193a9c27311a987d4dae82a061f48182cc747cd64441e88b68e26e4975f0fdde3129a9e6af80009962581d5349676df9c73b81514b175709d9193749660f480bd4009b528c1db4f76f42b6a175126603c39a374e890f871c97b2eebb4500451d827cc15497dc5ae89edc6f47f25db7efa4b4b2afbbb2ee543e3db8d20fe93faf300247f59075921e8b2f2a025af8a1d46f274e0c6cb4be0293c7c16c88e98d7d189e9733e4c0e3b96be4aa3fa6ecf42732e0b1432d38aeaf2330d92713cd5580ce42bfe47fb98fea64783de23f456300dd193008211a5ba408d32dedbf12aa8237a6e1a2c9890a2c1011855241fea186906a5139d1c300be57dc7ff493de80010520d10fc3eda0ee9cd413e075d3dc02258fdab567a16e43edbeecc366a69d8d75512f43a2b79cbb9132cdcd00c531730d05f1eabf66613d6e7ebb8c4c3f4f7efd415d41049786352808b22a3bde40121968af39c8f00296001662adc72b7963c8bafab4a496b50f3237a29d19ad4a51a62b1c77a04c14004734189cf7ec49e3d041a1e5658d080f09df77f39782e7133968c1f39ab3ae2a5f24a60073288f3c5825dafd614a379b8b905aaf961caa14ffa38de0d632918d31e4a9291b0f0789248e232e4276840a1ed0257300e522d83111dffd424b1b33148981e3794b2b649ba9174e6697bcc96049f4f3dcc7cf4ca97e2006ec8a146014bb49184632e4fb159a34b6530e959e60a6b4e0427cc697f14cfe6bb7a662a6f5012744f3cf2307abc19c58449864d98fcfebc5d598cd32a1c38c207896468fe8da75eb1edb1d6e7cb1eab671e4e92f139c81d79f15df2a2dc075acc982dec769e2f49aad0fdf594cb590e054616e4f4582b6c4a149ae45d844903ef68d211df2a180178e178b7c7a5012ccf8a1e677586588620365e6111f5192ecfdbd97e2284128de02e08ebc13d4bb4d114faa1e6c16c51c12da2c52d68f73640ce866ce4e794b9fafdc392c91c1f824bc301b3069a02b9c86d2ffac3ed63ddee130cbc248d6a3345d3f9553db78077072d569a6633f8bdbdb1a209a8be9b6830225994f9021b57ddd6a44e8ea40b205c6cf437f45bffaef053a5916dcc6de62ee02bdb8ce3acec8ad97fc95dab1307d254790c71f32e4678957cf0121dccabe73a03c6cacbcbdaad8801b04d9836555a982c357a06e2db7e9bf62aed8cdebbb7a71a2410b929015b61f16e54bffd038996a717b9c7cc3696d8a1205e8266bf782c3a45b0e31461d6a3ed62396088833f69248b24fbf6f81dcc08b98826c3bd2325ade54f614f2d4a153e3e3527d93978483f2bfeada6b64bc43f2a725c30e843d13e6ab34cfc38d488b3ef50cd04318fac1f89905f017644cfa2de058ad399871d1316264813c2289d0b6cfeddfbca36ce93fd4a1bfc93bb74453cfbb9c6ca22320ffc9cb0a3fff046a5678c066e617cd3ac024dfead04b99877f448b78208938585c7563efe815ff0cc47da5fff521d9730ddc89f4aeceadd06f2ea6b9ae72c9407aa550a0155db3b4bc6aaa382a30552f699cb6a1af9972a8ccc483f98952dfbde3d712ea8673eacdbb77490d833fc90f0f02e7c073d2917db70831496a88defc10667dc4c1b7399191bdc7857eb090e79c332bf9f71bb5377178e6232800c93d22318dc5ab8d5dfa2f074a6c23acb61c89f2f078ec91e9817e11a4c8295c19634b5ca2df"}}}}}, 0x0)
r8 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r8, 0x0, 0xd4, &(0x7f0000000700)=0x4, 0x4)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r3, 0x0, 0x0)

6.255988174s ago: executing program 7 (id=1636):
socket$inet6(0xa, 0x2, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
r4 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x5, 0x0, 0xf, 0x10, 0x2, 0x4, 0x2, 0xf, 0x6, 0x6, 0x5, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x101, 0xad1e, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x202000, 0x0)

4.668441302s ago: executing program 6 (id=1640):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x5}, {0xffff, 0xffff}, {0x0, 0xa}}}, 0x24}}, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46", 0xb5}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000640)=ANY=[@ANYBLOB="12010000090000402505a8a440000102030109021b0001010000000904000002070101000905"], 0x0)

4.437096616s ago: executing program 7 (id=1643):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0))
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000b40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2e, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20004081}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {0xffff}, {0xffff, 0xffff}, {0x2, 0xa}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newqdisc={0x48, 0x28, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffdfc, {0x0, 0x0, 0x0, r8, {0xfff3}, {0xffff, 0xffff}, {0x2, 0xb}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x97, '\x00', 0x4, 0x3ff, 0x3, 0x10000}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4040000}, 0x4000080)
r9 = socket(0x400000000010, 0x3, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r11, {0x0, 0xffde}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)

3.501604001s ago: executing program 7 (id=1649):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000003c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000004980)=@newsa={0x138, 0x10, 0x1, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@remote, 0x0, 0x6c}, @in=@empty, {0x200000000, 0x0, 0x1000000000000007, 0x0, 0x3000000000, 0x0, 0x1000000000000000}, {0x0, 0x4}, {}, 0x70bd2a, 0x0, 0xa, 0x1, 0x6}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}}, 0x20000000)
r3 = accept4(r1, 0x0, 0x0, 0x80000)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB='ya\x00\x00\x00\x00\x00\x00\x00\x00~\x00', @ANYBLOB="a739df"], 0x1c}}, 0x4000054)
setsockopt(0xffffffffffffffff, 0x4, 0x4, &(0x7f0000000840)="680614969fcdd69ddb9ed12ead965fe29d151ccb3b45fd965523bf31fdf0912a0ef051af6e39d790de34ff3b8d6f318aa45ec6e604ff9941390bf9fd809134be39445f74474206717c7acc70099e3e4d5183605dd718dd", 0x57)
syz_genetlink_get_family_id$fou(&(0x7f0000000040), r3)
sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x400c1)
r5 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r5, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10)
r6 = socket$l2tp(0x2, 0x2, 0x73)
bind$l2tp(r6, &(0x7f00000000c0), 0x10)
sendmsg$NL80211_CMD_SET_STATION(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)={0x14, 0x0, 0x400, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0xd0}, 0x4000000)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x2)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x5c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90)
sendmsg$alg(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000000)="78d8f92dbf64605cdd118f48e23e98c60b7983beb3470e13d6338b8e1a1e", 0x1e}, {&(0x7f0000000080)}, {0x0}, {&(0x7f0000000540)}], 0x4, &(0x7f0000000700)=[@assoc={0x18, 0x117, 0x4, 0x46208000}, @assoc={0x18, 0x117, 0x4, 0x7}, @op={0x18, 0x117, 0x3, 0x1}, @op={0x18, 0x117, 0x3, 0x1}], 0x60, 0x80}, 0x4004080)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r9, &(0x7f0000002340)={0x0, 0x0, &(0x7f0000002300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4000000001040108000000000000000200000001080005400000000105000100010000000800034000002fdb08000440000000030a00020000000fff"], 0x40}, 0x1, 0x0, 0x0, 0x20000800}, 0x4000)
sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)={0x14, 0x0, 0x2, 0x70bd23, 0x25dfdbff, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x90)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000700)=@newtaction={0x14, 0x30, 0x871a15abc695fb3d, 0x0, 0x25dfdbfe}, 0x14}}, 0x0)

3.208163993s ago: executing program 0 (id=1652):
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002000)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
recvmsg(r3, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xd68210}], 0x1, 0x0, 0x1f00000000000000, 0x200000}, 0x1f00)
sendmsg$tipc(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)}, 0x0)
recvmsg(r1, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
socket$igmp6(0xa, 0x3, 0x2)

3.167696073s ago: executing program 6 (id=1654):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)

3.036213952s ago: executing program 2 (id=1655):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=@deltclass={0x80, 0x29, 0x100, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x9, 0xffe0}, {0x4, 0x9}, {0xb, 0xc}}, [@c_atm={{0x8}, {0x54, 0x2, [@TCA_ATM_HDR={0x21, 0x3, "6203455e663ca843f9df6aa72f0862e1fe2e59c2e0e9666a0a8bc6d139"}, @TCA_ATM_HDR={0x29, 0x3, "b27ce56d7bd66b577e2a00fa2a6f8cad70c37fd0b6897c949b3eae33effdff0994e913a6b5"}]}}]}, 0x80}, 0x1, 0x0, 0x0, 0x8000}, 0x200048c5)
recvmsg(0xffffffffffffffff, &(0x7f000000b680)={0x0, 0x10400004, &(0x7f000000b600)=[{&(0x7f000000b4c0)=""/5, 0x4}, {&(0x7f000000b500)=""/153, 0xfb59}], 0x2}, 0x0)
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000980)=ANY=[], 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x40040)

2.931684162s ago: executing program 6 (id=1657):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000003c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000004980)=@newsa={0x138, 0x10, 0x1, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@remote, 0x0, 0x6c}, @in=@empty, {0x200000000, 0x0, 0x1000000000000007, 0x0, 0x3000000000, 0x0, 0x1000000000000000}, {0x0, 0x4}, {}, 0x70bd2a, 0x0, 0xa, 0x1, 0x6}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}}, 0x20000000)
r3 = accept4(r1, 0x0, 0x0, 0x80000)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB='ya\x00\x00\x00\x00\x00\x00\x00\x00~\x00', @ANYBLOB="a739df"], 0x1c}}, 0x4000054)
setsockopt(0xffffffffffffffff, 0x4, 0x4, &(0x7f0000000840)="680614969fcdd69ddb9ed12ead965fe29d151ccb3b45fd965523bf31fdf0912a0ef051af6e39d790de34ff3b8d6f318aa45ec6e604ff9941390bf9fd809134be39445f74474206717c7acc70099e3e4d5183605dd718dd", 0x57)
syz_genetlink_get_family_id$fou(&(0x7f0000000040), r3)
sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x400c1)
r5 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r5, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10)
r6 = socket$l2tp(0x2, 0x2, 0x73)
bind$l2tp(r6, &(0x7f00000000c0), 0x10)
sendmsg$NL80211_CMD_SET_STATION(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)={0x14, 0x0, 0x400, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0xd0}, 0x4000000)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x2)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x5c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90)
sendmsg$alg(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000000)="78d8f92dbf64605cdd118f48e23e98c60b7983beb3470e13d6338b8e1a1e", 0x1e}, {&(0x7f0000000080)}, {0x0}, {&(0x7f0000000540)}], 0x4, &(0x7f0000000700)=[@assoc={0x18, 0x117, 0x4, 0x46208000}, @assoc={0x18, 0x117, 0x4, 0x7}, @op={0x18, 0x117, 0x3, 0x1}, @op={0x18, 0x117, 0x3, 0x1}], 0x60, 0x80}, 0x4004080)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r9, &(0x7f0000002340)={0x0, 0x0, &(0x7f0000002300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4000000001040108000000000000000200000001080005400000000105000100010000000800034000002fdb08000440000000030a00020000000fff"], 0x40}, 0x1, 0x0, 0x0, 0x20000800}, 0x4000)
sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)={0x14, 0x0, 0x2, 0x70bd23, 0x25dfdbff, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x90)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000700)=@newtaction={0x14, 0x30, 0x871a15abc695fb3d, 0x0, 0x25dfdbfe}, 0x14}}, 0x0)

2.812149094s ago: executing program 2 (id=1658):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000680)={{r1}, &(0x7f00000007c0), &(0x7f0000000640)=r0}, 0x20)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r1}, &(0x7f0000000240), &(0x7f0000000280)='%pS    \x00'}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000001380)={r1, &(0x7f00000004c0)}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000000)={r1, &(0x7f0000000580), 0x0}, 0x20)

2.652226848s ago: executing program 2 (id=1660):
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
write$bt_hci(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYRES32], 0xa)

2.597198667s ago: executing program 1 (id=1661):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000600000001"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000400), &(0x7f00000001c0)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x19, &(0x7f0000000a40)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xac5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
r4 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x4003, 0x2, 0x81, 0x1ff, 0x1, 0x1}, 0x1c)
recvmsg$unix(r4, &(0x7f0000000100)={0x0, 0x1d, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20)
sendmmsg(r4, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)

2.336223134s ago: executing program 2 (id=1662):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, 0x0, 0x0)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
sendmmsg$sock(r1, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000340)="8224aca5f41b9e0ec5e7a706c919e7c0e343f0cd0a779c17e7f992396b09252009d2d12e9475a57ec39f71417044cf4151af34ac1dfd5d87cdd80bc4c24478821f64d4d971bbc1fc7bdd181a839344917165bb9cd0fa568aac55d8e38ee30fd3a9bc63e2656b6941c812e6ea0692ec276deb2b7b817906cf8c5429a42164e8bb521e216e554d509a0fd0d86729b5f4b9a01fb336bef1be8a68a628452b83a7404087d4bcb64f6ecad05459d12595d5b8b2657f2f29656a15e5a18e3168946dcb5faa59f7b404bad393ba06734d170b0513aeb0d051", 0xd5}], 0x1}}], 0x1, 0x0)

2.20964173s ago: executing program 2 (id=1663):
r0 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01000000000000000040010000000800010000000000040004800800020001000000180008"], 0x40}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)

2.048371144s ago: executing program 2 (id=1664):
r0 = socket$kcm(0x10, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x44, 0x30, 0x1, 0x0, 0x0, {}, [{0x30, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x10, 0x0, 0x0, &(0x7f0000000280)='GPL\x00', 0x7}, 0x94)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f848100000005e140602000000000e000a001000000002800000121f", 0x2e}], 0x1}, 0x0)
r5 = openat$rdma_cm(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000140)={<r6=>0xffffffffffffffff}, 0x13f, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x7, {0xa, 0x4e22, 0x8, @private1, 0xa51}, r6}}, 0x38)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_procs(r7, &(0x7f0000000280)='tasks\x00', 0x2, 0x0)

1.924878317s ago: executing program 1 (id=1665):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r0 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)

1.54436458s ago: executing program 1 (id=1666):
r0 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000c40)={0x6c, r0, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @c}, @WGDEVICE_A_PEERS={0x34, 0x8, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}, @WGPEER_A_FLAGS={0x8, 0x3, 0x5}]}]}]}, 0x6c}}, 0x0)

1.353490118s ago: executing program 1 (id=1667):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)

1.300827307s ago: executing program 0 (id=1668):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=@deltclass={0x80, 0x29, 0x100, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x9, 0xffe0}, {0x4, 0x9}, {0xb, 0xc}}, [@c_atm={{0x8}, {0x54, 0x2, [@TCA_ATM_HDR={0x21, 0x3, "6203455e663ca843f9df6aa72f0862e1fe2e59c2e0e9666a0a8bc6d139"}, @TCA_ATM_HDR={0x29, 0x3, "b27ce56d7bd66b577e2a00fa2a6f8cad70c37fd0b6897c949b3eae33effdff0994e913a6b5"}]}}]}, 0x80}, 0x1, 0x0, 0x0, 0x8000}, 0x200048c5)
recvmsg(0xffffffffffffffff, &(0x7f000000b680)={0x0, 0x10400004, &(0x7f000000b600)=[{&(0x7f000000b4c0)=""/5, 0x4}, {&(0x7f000000b500)=""/153, 0xfb59}], 0x2}, 0x0)
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000980)=ANY=[], 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x40040)

1.192923385s ago: executing program 1 (id=1669):
socket$inet6_mptcp(0xa, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0x8000000f}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x2, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x2}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0xc0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket(0x10, 0x3, 0x0)
rseq(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
read$FUSE(0xffffffffffffffff, &(0x7f000000c3c0)={0x2020, 0x0, <r4=>0x0, <r5=>0x0, <r6=>0x0}, 0x2020)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000500)={0x50, 0x0, r4, {0x7, 0x1f, 0x0, 0xfc1b2d1c5df07dbb, 0x0, 0x441, 0x100, 0x400008, 0x0, 0x0, 0x2}}, 0x50)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000fc0)={0x78, 0x0, 0xfffffffffffffffd, {0xfffffffffffffffd, 0x200, 0x0, {0x6, 0x0, 0x0, 0x5, 0x0, 0x2000000006, 0x200, 0xbaa4, 0x5, 0x8000, 0x0, r5, r6}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = syz_clone(0x0, &(0x7f0000000d80)="c32bdcc6bef3e44fb79730255949e6ece6e52bce95ed66648cb6ca6cc0c59c97189f99a21788c37c9f2b10c0ca19b52483452d733c3a36e052cbbc18b7a808dcb2440ff2fb45ca3cba9f574fa92a9da220a1c95c90b7e840c7e064488f51c4ec8d68bfced0455eca486acc8678197c7f3d84c800a6c84c631d29782e4105d78148d56d681f9b9dfa4de1ffb35563222a4a14f50e6f02215f749cfd92a85cfa9f96a66818ad", 0xa5, &(0x7f0000000e40), &(0x7f0000000e80), &(0x7f0000000ec0)="196496b81af18de8148e3712e74ab180f169d74b639a1f98")
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000011c0)={{{@in=@initdev, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in=@multicast1}, 0x0, @in6=@remote}}, 0x0)
fstat(r2, &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0})
sendmsg$netlink(r2, &(0x7f0000001180)={&(0x7f0000000200)=@proc={0x10, 0x0, 0x25dfdbfe, 0x4000}, 0xc, &(0x7f0000000c40)=[{&(0x7f0000000580)={0x6bc, 0x26, 0x1, 0x70bd25, 0x25dfdbfc, "", [@nested={0x2fb, 0x75, 0x0, 0x1, [@generic="8161dcdd2f2e59b11e02a38efbde", @typed={0x5, 0x8, 0x0, 0x0, @str='\x00'}, @generic="41f728ad2ad4c759cd1814786dcbd638fe36994231d272994d698192f18f8265f3e827a39a8d5930d74f3abbe5def621c32085feeb0cf79d94b3dc41b5174a6e72f511", @generic="4643c2ff7e117f7c1d64e5456e1847f314c0edce727a03a0225ac50e2c30248d11ecec25ceedf0a306b4f05ce1d29d96e07c03cca14608a0d4236ebc87a07cfd82e0d2623c4475812cfb8dff688ae7d0b2fe9784842771cb25d9d6c9b6d29a78a66ca2ee811fdb08757760187532f58bd0c5a226894e7b3ea1e9ecf3a20132dbe35ab861516ce5ef474ea9d2eb2e2f02f8edaae62c6c147ed51e9d5de3c1a3fa6e21e2fc99ca512fa640f6ea5a6d3758319e426931ddd8f104cfa237b057eebcd0e8d22e74a49aac400dcd7f0412c6844d63a3f2916193bde344f0ae555be91b793d976ecb074cd2e5ba0bcfd33f95e6cf87d6f0cb3be030539aa396394562", @generic="5449595de23088ff4fb52de4379a2ac5e8065f0f93ce4c3df1b81ffd02bc4e2c526a46bf9fc9795adcf94299fee7a13677c1498c320b75ae3657fc8146d626eb94dcb1c25ca68a9c32a66d5ac13ef5e3ccf0aea58545dfac781159bf5b9456270ce6323a2b938f194e524b9998372474e4ff988ed3061c3db82d033f1becf58cdbd99ab046a2abfc13e3cb8a4055146e3d0670e43a54f579f5767d20f7eb65d54d7708beb150c8519c1888189b5bff8e96f90ef2e770aac492c76d34dedc2a895d81843eacb73d23", @nested={0x4, 0xb6}, @typed={0x8, 0x27, 0x0, 0x0, @uid=0xee01}, @generic="3387", @generic="50b1eef1fe3c0e9fe8532c7359b6f43c6dabb16ec33f81a6d8945937be76648ada6c8c0ffe91ce33e6bfe238a873c9f7776258b8fff3f7defc7eccdb69064a748afb50cf74559c96d4fd374e212e6c43039cdd2657177886b17c2e6a292c38cebc56e88e3e73ba9f701e67daa714fd9143f1355a0781b8e24b022d22a3a9c5f1e629a0b2705444f57e6036db4dee54287a836f26aa23119ab3ec8832daba0c9a99ffa0d6fb69f9587c1fa2501ac519b99a834787c236e7d07a4be566674f83785e0165f1a9e9fc59d1"]}, @generic="1a53eb229142c7a17d1718e9fb5de80adc08fa63bfaea2cdb0e7d0ff7c4ea12a16505fe11d4319f527a597b896645b9c2f8060b8155e6d6727c3e7458009a6172cac1155e85f1f1f0a38b2a55b1999adde97dbe209a06282ead8b66d4b3c8d199b3b315a48e0e764fca88a5a8f78b54148fb8929dc066397ea6f5d128abfadf7f8cae5e56c49b1ed0a61dc490934dc3a3b174231c3f6dfee6951ed5c5fbe", @generic="0801b9a6bd07c704f8ce009762a663b2bf2728d084cc69be425b95fb6ee19a7e11e42c5d019ca7ae3c3effff54a8ca4d6a148157c8e09ad2e33f1f94a788f164961b4677fce7fed50a3f7c48dbb6f7c027f545867da602d77f1fd02a4613c795d21d5cf948d0f5e38b0cca0d18f078f166ed835ab5b6aca116a6ecf0189ba038e0471550b53b7da74a9716a2284bb40de2da9f3731b256fb9789d10c8cde5112ada157a37b33bade30819996495a4330b5c5adb0e8eeb518192a9a1506dd2c754ccbb9bf3429bf046f1662258860", @nested={0x221, 0x111, 0x0, 0x1, [@generic="4ea76882d54b73d10eefa99946fa121b72919a048e7747aab8d6e3a85850d65e8d4fa3c02818a8e7c8b1f5037886c6fdaa251bd5224eaa3a9411b8388b3aadc4db06a80b2c9ddb1517e027c47cab663d0e37ff02b955247a62b3a0b39d337bab748d212ec1ecceea483bd96e40664c4f12aa48c1e057adbb7fa984eab7866ff3721a235dd8483bb15d504c0835884ed9ad4173d30b05aebe73d0cc4d8cc67443c2e717fc6d18f374d5142e7dc6505f8d9ed8c6ab24353938811d11baae94fac7ede7316741044f912a62626d1982d047", @typed={0x8, 0x143, 0x0, 0x0, @fd}, @typed={0x8, 0x8d, 0x0, 0x0, @pid}, @generic="8a1792ebd0d169f53b03b243c13cc0c6ba8307f62cdc0e1899349fac33804f9c89cc557ef819f8b8839f394336c3e85f012b44d6b0df0870f102ef17a7364c23a528cd700cdbd1815a199947b8236038d8db839f320ca6242b82731df23d939d489a7b85ff40a3dfa9243eea11bb", @generic="59667563cc878976656af79571ea1531b36e2a2d9f82d1df9f3f92f73cf5834c71e806b08923b9e07cb32319ef4669e3537b3d8a067b1789d275df907ec1e46508076daf6297da2c5831e086ed54aabf47a754e88e2d856d838d55e99d8524405cd8e1437755a3760721a8983fe91611e4cbc2120ea94023a8625ec7468b5b3be9f4c02c5ef2c6607f5a449c15a9689da11f4301f151c4d831d9e16eab69aa930479468b846f9c71e7773f64f0fdac94a5cb42d09b1d7564e84649f5f460a6", @nested={0x4, 0xa6}, @typed={0xc, 0xab, 0x0, 0x0, @u64=0xffffffffffffffff}]}, @nested={0x18, 0x73, 0x0, 0x1, [@nested={0x4, 0x87}, @nested={0x4, 0x84}, @typed={0x7, 0x119, 0x0, 0x0, @str='/}\x00'}, @nested={0x4, 0x49}]}, @typed={0x8, 0x94, 0x0, 0x0, @pid}]}, 0x6bc}], 0x1, &(0x7f00000010c0)=[@rights={{0x24, 0x1, 0x1, [r0, r3, 0xffffffffffffffff, r1, r0, r0]}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x18, 0x1, 0x2, {0x0, 0x0, r6}}}, @cred={{0x18, 0x1, 0x2, {r7, r8, r9}}}, @rights={{0x10, 0x1, 0x1, [r3]}}], 0xa4, 0x44801}, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1, 0xf, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000010000000000008000", @ANYRES32=r10, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x94)
r11 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000002000)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0)
r12 = socket$nl_route(0x10, 0x3, 0x0)
r13 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r13, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000300)={'macsec0\x00', <r14=>0x0})
setsockopt$inet6_mreq(r13, 0x29, 0x1b, &(0x7f0000000000)={@remote, r14}, 0x14)
write$cgroup_int(r11, &(0x7f0000002040)=0x1, 0x12)

1.100088279s ago: executing program 0 (id=1670):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0xffffffffffffffdb, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000017c0)=@newtfilter={0x34, 0x28, 0xd27, 0x70bd2d, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xfff1}, {0xe, 0xb}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x810}, 0x40040c4)

1.02384225s ago: executing program 0 (id=1671):
r0 = add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
ioperm(0x1, 0x3, 0x1000)
bind$unix(0xffffffffffffffff, &(0x7f0000003000)=@file={0x1}, 0x6e)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_COMPAT_GET(r1, &(0x7f0000002840)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040045}, 0x4004010)
bpf$BPF_PROG_DETACH(0x1c, 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mkdir(&(0x7f0000000100)='./control\x00', 0xa0)
mount$afs(0x0, &(0x7f00000000c0)='./control\x00', &(0x7f0000000000), 0x200000, 0x0)
add_key(0x0, &(0x7f0000000180), 0x0, 0x0, r0)
lstat(&(0x7f00000001c0)='./file0\x00', 0x0)
quotactl_fd$Q_GETQUOTA(0xffffffffffffffff, 0xffffffff80000700, 0x0, &(0x7f0000000340))
socket$nl_route(0x10, 0x3, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket$unix(0x1, 0x1, 0x0)

571.28217ms ago: executing program 0 (id=1672):
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
write$bt_hci(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYRES32], 0xa)

367.681101ms ago: executing program 0 (id=1673):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000001940), r0)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$rds(0x15, 0x5, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, 0x0, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
ppoll(&(0x7f0000000500)=[{r3}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
pselect6(0xe, 0x0, 0x0, &(0x7f0000000100)={0x3ff, 0xee, 0xffffffffffffffff, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

0s ago: executing program 1 (id=1674):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfec8d000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x48)

kernel console output (not intermixed with test programs):

2] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  285.513979][ T5882] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  285.514058][ T5882] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  285.514138][ T5882] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  285.514197][ T5882] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  285.610837][ T5882] usb 1-1: config 0 descriptor??
[  285.689664][ T5882] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  286.593749][    C1] vkms_vblank_simulate: vblank timer overrun
[  286.840399][    C1] vkms_vblank_simulate: vblank timer overrun
[  287.240983][    C1] vkms_vblank_simulate: vblank timer overrun
[  288.025008][ T5882] usb 1-1: USB disconnect, device number 9
[  288.184533][ T7664] netlink: 16 bytes leftover after parsing attributes in process `syz.0.590'.
[  291.121284][ T5892] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  291.274200][ T5892] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  291.274238][ T5892] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  291.274263][ T5892] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  291.274309][ T5892] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  291.274361][ T5892] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  291.341456][ T5892] usb 2-1: config 0 descriptor??
[  293.090852][ T5892] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  293.132809][ T5806] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  293.143203][ T5806] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  293.144408][ T5806] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  293.150569][ T5806] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  293.154415][ T5806] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  293.233059][ T3599] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  293.579838][ T7705] netlink: 16 bytes leftover after parsing attributes in process `syz.0.605'.
[  293.608828][ T3599] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  294.920876][ T5815] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  294.936474][ T5815] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  294.939685][ T5815] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  294.940942][ T5815] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  294.966323][ T5815] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  295.116956][ T3599] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  295.236919][ T5806] Bluetooth: hci2: command tx timeout
[  295.462593][ T3599] bond0: (slave netdevsim0): Releasing backup interface
[  295.538022][ T3599] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  295.897738][ T5892] usb 2-1: USB disconnect, device number 4
[  296.889334][ T3599] bridge_slave_1: left allmulticast mode
[  296.889565][ T3599] bridge_slave_1: left promiscuous mode
[  296.908476][ T3599] bridge0: port 2(bridge_slave_1) entered disabled state
[  297.013185][ T3599] bridge_slave_0: left allmulticast mode
[  297.013218][ T3599] bridge_slave_0: left promiscuous mode
[  297.013479][ T3599] bridge0: port 1(bridge_slave_0) entered disabled state
[  297.028763][ T7742] nbd2: detected capacity change from 0 to 8
[  297.042879][ T7745] block nbd2: shutting down sockets
[  297.071794][ T5806] Bluetooth: hci3: command tx timeout
[  297.081913][    C0] blk_print_req_error: 60 callbacks suppressed
[  297.081934][    C0] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  297.081964][    C0] buffer_io_error: 60 callbacks suppressed
[  297.081976][    C0] Buffer I/O error on dev nbd2, logical block 0, async page read
[  297.089887][ T6371] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  297.089925][ T6371] Buffer I/O error on dev nbd2, logical block 0, async page read
[  297.090123][ T6371] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  297.090151][ T6371] Buffer I/O error on dev nbd2, logical block 0, async page read
[  297.090331][ T6371] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  297.090359][ T6371] Buffer I/O error on dev nbd2, logical block 0, async page read
[  297.090536][ T6371] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  297.090565][ T6371] Buffer I/O error on dev nbd2, logical block 0, async page read
[  297.095445][ T6371] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  297.095482][ T6371] Buffer I/O error on dev nbd2, logical block 0, async page read
[  297.095698][ T6371] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  297.095731][ T6371] Buffer I/O error on dev nbd2, logical block 0, async page read
[  297.095942][ T6371] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  297.095972][ T6371] Buffer I/O error on dev nbd2, logical block 0, async page read
[  297.096082][ T6371] ldm_validate_partition_table(): Disk read failed.
[  297.096248][ T6371] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  297.096276][ T6371] Buffer I/O error on dev nbd2, logical block 0, async page read
[  297.096492][ T6371] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  297.096520][ T6371] Buffer I/O error on dev nbd2, logical block 0, async page read
[  297.097053][ T6371] Dev nbd2: unable to read RDB block 0
[  297.104097][ T6371]  nbd2: unable to read partition table
[  297.104396][ T6371] nbd2: partition table beyond EOD, truncated
[  297.115737][ T5171] ldm_validate_partition_table(): Disk read failed.
[  297.116440][ T5171] Dev nbd2: unable to read RDB block 0
[  297.117059][ T5171]  nbd2: unable to read partition table
[  297.117367][ T5171] nbd2: partition table beyond EOD, truncated
[  297.126533][ T6371] ldm_validate_partition_table(): Disk read failed.
[  297.127229][ T6371] Dev nbd2: unable to read RDB block 0
[  297.127845][ T6371]  nbd2: unable to read partition table
[  297.128141][ T6371] nbd2: partition table beyond EOD, truncated
[  297.491303][ T5806] Bluetooth: hci2: command tx timeout
[  297.508847][    C1] vkms_vblank_simulate: vblank timer overrun
[  297.722834][    C1] vkms_vblank_simulate: vblank timer overrun
[  298.509557][    C1] vkms_vblank_simulate: vblank timer overrun
[  299.155470][ T5806] Bluetooth: hci3: command tx timeout
[  299.555375][ T5806] Bluetooth: hci2: command tx timeout
[  300.322070][ T3599] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  300.422040][ T3599] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  300.445528][ T3599] bond0 (unregistering): Released all slaves
[  300.651095][    C0] vkms_vblank_simulate: vblank timer overrun
[  300.688255][ T7700] chnl_net:caif_netlink_parms(): no params data found
[  300.865157][   T38] kauditd_printk_skb: 13 callbacks suppressed
[  300.865175][   T38] audit: type=1326 audit(1762372932.880:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7757 comm="syz.0.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  300.865474][   T38] audit: type=1326 audit(1762372932.880:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7757 comm="syz.0.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  300.865948][   T38] audit: type=1326 audit(1762372932.880:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7757 comm="syz.0.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  300.866531][   T38] audit: type=1326 audit(1762372932.880:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7757 comm="syz.0.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  300.866941][   T38] audit: type=1326 audit(1762372932.880:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7757 comm="syz.0.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  300.867670][   T38] audit: type=1326 audit(1762372932.880:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7757 comm="syz.0.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=217 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  300.867954][   T38] audit: type=1326 audit(1762372932.880:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7757 comm="syz.0.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  300.869006][   T38] audit: type=1326 audit(1762372932.880:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7757 comm="syz.0.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  301.231688][ T5806] Bluetooth: hci3: command tx timeout
[  301.673340][ T5806] Bluetooth: hci2: command tx timeout
[  303.311604][ T5806] Bluetooth: hci3: command tx timeout
[  304.383326][    C0] vkms_vblank_simulate: vblank timer overrun
[  304.972653][ T7714] chnl_net:caif_netlink_parms(): no params data found
[  305.156143][ T3599] hsr_slave_0: left promiscuous mode
[  305.191371][ T3599] hsr_slave_1: left promiscuous mode
[  305.192766][ T3599] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  305.192892][ T3599] batman_adv: batadv0: Removing interface: batadv_slave_0
[  305.247080][ T3599] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  305.247122][ T3599] batman_adv: batadv0: Removing interface: batadv_slave_1
[  305.404942][ T3599] veth1_macvtap: left promiscuous mode
[  305.406096][ T3599] veth0_macvtap: left promiscuous mode
[  305.406390][ T3599] veth1_vlan: left promiscuous mode
[  305.406670][ T3599] veth0_vlan: left promiscuous mode
[  307.725786][ T3599] team0 (unregistering): Port device team_slave_1 removed
[  308.045960][ T3599] team0 (unregistering): Port device team_slave_0 removed
[  310.631974][ T7796] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  310.651477][ T7700] bridge0: port 1(bridge_slave_0) entered blocking state
[  310.651652][ T7700] bridge0: port 1(bridge_slave_0) entered disabled state
[  310.651935][ T7700] bridge_slave_0: entered allmulticast mode
[  310.661321][ T7700] bridge_slave_0: entered promiscuous mode
[  310.737973][ T7700] bridge0: port 2(bridge_slave_1) entered blocking state
[  310.748234][ T7700] bridge0: port 2(bridge_slave_1) entered disabled state
[  310.748522][ T7700] bridge_slave_1: entered allmulticast mode
[  310.768460][ T7700] bridge_slave_1: entered promiscuous mode
[  311.111494][    C0] vkms_vblank_simulate: vblank timer overrun
[  314.908288][ T7700] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  315.014836][ T7700] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  315.457272][ T7855] overlayfs: failed to clone upperpath
[  315.921051][   T38] audit: type=1326 audit(1762372947.930:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7859 comm="syz.2.655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb82a73f6c9 code=0x7ffc0000
[  315.922849][   T38] audit: type=1326 audit(1762372947.940:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7859 comm="syz.2.655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fb82a73f6c9 code=0x7ffc0000
[  315.923633][   T38] audit: type=1326 audit(1762372947.940:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7859 comm="syz.2.655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb82a73f6c9 code=0x7ffc0000
[  315.924551][   T38] audit: type=1326 audit(1762372947.940:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7859 comm="syz.2.655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb82a73f6c9 code=0x7ffc0000
[  315.925587][   T38] audit: type=1326 audit(1762372947.940:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7859 comm="syz.2.655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb82a73f6c9 code=0x7ffc0000
[  315.925927][   T38] audit: type=1326 audit(1762372947.940:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7859 comm="syz.2.655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb82a73f6c9 code=0x7ffc0000
[  315.926322][   T38] audit: type=1326 audit(1762372947.940:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7859 comm="syz.2.655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb82a73f6c9 code=0x7ffc0000
[  315.926930][   T38] audit: type=1326 audit(1762372947.940:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7859 comm="syz.2.655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb82a73f6c9 code=0x7ffc0000
[  315.927526][   T38] audit: type=1326 audit(1762372947.940:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7859 comm="syz.2.655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb82a7415e7 code=0x7ffc0000
[  315.928279][   T38] audit: type=1326 audit(1762372947.940:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7859 comm="syz.2.655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fb82a74155c code=0x7ffc0000
[  317.197551][ T7714] bridge0: port 1(bridge_slave_0) entered blocking state
[  317.197645][ T7714] bridge0: port 1(bridge_slave_0) entered disabled state
[  317.197828][ T7714] bridge_slave_0: entered allmulticast mode
[  317.203943][ T7714] bridge_slave_0: entered promiscuous mode
[  317.273637][ T7700] team0: Port device team_slave_0 added
[  317.275288][ T7714] bridge0: port 2(bridge_slave_1) entered blocking state
[  317.275382][ T7714] bridge0: port 2(bridge_slave_1) entered disabled state
[  317.275536][ T7714] bridge_slave_1: entered allmulticast mode
[  317.283057][ T7714] bridge_slave_1: entered promiscuous mode
[  317.333574][ T7700] team0: Port device team_slave_1 added
[  320.346029][ T7714] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  320.576281][ T7700] batman_adv: batadv0: Adding interface: batadv_slave_0
[  320.576299][ T7700] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  320.576328][ T7700] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  320.637151][ T7714] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  320.638422][ T7700] batman_adv: batadv0: Adding interface: batadv_slave_1
[  320.638439][ T7700] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  320.638469][ T7700] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  320.976008][ T7714] team0: Port device team_slave_0 added
[  321.191475][ T7714] team0: Port device team_slave_1 added
[  321.221626][    T9] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  321.440726][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  321.440762][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  321.440786][    T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  321.440831][    T9] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  321.440856][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  321.566588][    T9] usb 1-1: config 0 descriptor??
[  321.764244][ T7700] hsr_slave_0: entered promiscuous mode
[  321.765821][ T7700] hsr_slave_1: entered promiscuous mode
[  322.179519][    T9] usbhid 1-1:0.0: can't add hid device: -71
[  322.179618][    T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  322.192442][    T9] usb 1-1: USB disconnect, device number 10
[  322.250339][ T7714] batman_adv: batadv0: Adding interface: batadv_slave_0
[  322.250359][ T7714] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  322.250389][ T7714] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  322.440185][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  322.440263][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  322.684271][ T7714] batman_adv: batadv0: Adding interface: batadv_slave_1
[  322.684291][ T7714] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  322.684321][ T7714] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  323.953792][ T7938] random: crng reseeded on system resumption
[  324.875184][ T3599] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  325.985891][ T7953] fuse: Bad value for 'fd'
[  327.493466][ T3599] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  327.495420][ T7978] netlink: 8 bytes leftover after parsing attributes in process `syz.2.681'.
[  327.564621][ T7714] hsr_slave_0: entered promiscuous mode
[  327.565782][ T7714] hsr_slave_1: entered promiscuous mode
[  327.566840][ T7714] debugfs: 'hsr0' already exists in 'hsr'
[  327.566941][ T7714] Cannot create hsr debugfs directory
[  328.480914][ T3599] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  329.084459][ T3599] bond0: (slave netdevsim0): Releasing backup interface
[  329.132343][ T7990] fuse: Unknown parameter 'group_id00000000000000000000'
[  329.411471][ T3599] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  331.407900][ T8010] trusted_key: syz.2.692 sent an empty control message without MSG_MORE.
[  331.688139][ T7700] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  331.781643][ T7700] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  332.013104][ T7700] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  332.220301][ T7700] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  332.551570][ T3599] bridge_slave_1: left allmulticast mode
[  332.551603][ T3599] bridge_slave_1: left promiscuous mode
[  332.551916][ T3599] bridge0: port 2(bridge_slave_1) entered disabled state
[  333.381244][ T3599] bridge_slave_0: left allmulticast mode
[  333.381275][ T3599] bridge_slave_0: left promiscuous mode
[  333.381547][ T3599] bridge0: port 1(bridge_slave_0) entered disabled state
[  336.121874][ T3599] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  336.182147][ T3599] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  336.203833][ T3599] bond0 (unregistering): Released all slaves
[  336.659734][ T8066] 9pnet_fd: Insufficient options for proto=fd
[  338.254261][ T8084] fuse: Bad value for 'fd'
[  338.305008][ T7714] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  338.449264][ T7714] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  340.501598][ T7714] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  340.797104][ T8104] netlink: 20 bytes leftover after parsing attributes in process `syz.1.721'.
[  342.165343][ T7714] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  343.552895][ T3599] hsr_slave_0: left promiscuous mode
[  343.595947][ T3599] hsr_slave_1: left promiscuous mode
[  343.598297][ T3599] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  343.598327][ T3599] batman_adv: batadv0: Removing interface: batadv_slave_0
[  343.658066][ T3599] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  343.658095][ T3599] batman_adv: batadv0: Removing interface: batadv_slave_1
[  345.039582][ T3599] veth1_macvtap: left promiscuous mode
[  345.039695][ T3599] veth0_macvtap: left promiscuous mode
[  345.039990][ T3599] veth1_vlan: left promiscuous mode
[  345.040182][ T3599] veth0_vlan: left promiscuous mode
[  346.481319][ T5989] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  346.651302][ T5989] usb 1-1: Using ep0 maxpacket: 8
[  346.655044][ T5989] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  346.655111][ T5989] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  346.655137][ T5989] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  346.655165][ T5989] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  346.655192][ T5989] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  346.655239][ T5989] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  346.655264][ T5989] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  346.889376][ T5989] usb 1-1: usb_control_msg returned -32
[  346.889429][ T5989] usbtmc 1-1:16.0: can't read capabilities
[  348.255464][ T8210] usbtmc 1-1:16.0: usb_control_msg returned -32
[  349.296784][ T5989] usb 1-1: USB disconnect, device number 11
[  349.475242][   T38] kauditd_printk_skb: 36 callbacks suppressed
[  349.475262][   T38] audit: type=1326 audit(1762372981.490:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8224 comm="syz.0.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  349.475445][   T38] audit: type=1326 audit(1762372981.490:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8224 comm="syz.0.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  349.478038][   T38] audit: type=1326 audit(1762372981.490:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8224 comm="syz.0.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  349.478451][   T38] audit: type=1326 audit(1762372981.490:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8224 comm="syz.0.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  349.478650][   T38] audit: type=1326 audit(1762372981.490:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8224 comm="syz.0.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  349.772885][ T3599] team0 (unregistering): Port device team_slave_1 removed
[  349.982207][ T3599] team0 (unregistering): Port device team_slave_0 removed
[  352.502087][ T5815] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  352.507635][ T5815] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  352.508860][ T5815] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  352.510078][ T5815] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  352.510871][ T5815] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  354.240036][   T38] audit: type=1326 audit(1762372986.250:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8265 comm="syz.0.766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  354.240094][   T38] audit: type=1326 audit(1762372986.250:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8265 comm="syz.0.766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  354.285961][   T38] audit: type=1326 audit(1762372986.300:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8265 comm="syz.0.766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  354.286287][   T38] audit: type=1326 audit(1762372986.300:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8265 comm="syz.0.766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  354.286566][   T38] audit: type=1326 audit(1762372986.300:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8265 comm="syz.0.766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  355.689484][ T5806] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  355.698941][ T5806] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  355.700225][ T5806] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  355.701641][ T5806] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  355.702481][ T5806] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  355.712475][ T5806] Bluetooth: hci5: command tx timeout
[  356.015699][ T8284] netlink: 4 bytes leftover after parsing attributes in process `syz.0.770'.
[  357.101265][ T8284] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  357.101300][ T8284] batman_adv: batadv0: Removing interface: batadv_slave_0
[  357.163465][ T8284] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  357.163497][ T8284] batman_adv: batadv0: Removing interface: batadv_slave_1
[  357.723925][ T5806] Bluetooth: hci6: command tx timeout
[  357.802928][ T5806] Bluetooth: hci5: command tx timeout
[  358.406829][ T8282] pim6reg1: entered promiscuous mode
[  358.406859][ T8282] pim6reg1: entered allmulticast mode
[  359.791620][ T5806] Bluetooth: hci6: command tx timeout
[  359.872158][ T5806] Bluetooth: hci5: command tx timeout
[  361.760722][ T8332] syz.1.787 (8332) used greatest stack depth: 18456 bytes left
[  362.010973][ T5815] Bluetooth: hci5: command tx timeout
[  362.019241][ T5806] Bluetooth: hci6: command tx timeout
[  364.121463][ T5806] Bluetooth: hci6: command tx timeout
[  365.003469][ T5875] IPVS: starting estimator thread 0...
[  366.040627][ T8243] chnl_net:caif_netlink_parms(): no params data found
[  367.433095][ T8383] IPVS: using max 6 ests per chain, 14400 per kthread
[  368.070566][ T8399] netlink: 40 bytes leftover after parsing attributes in process `syz.1.801'.
[  368.248824][ T8271] chnl_net:caif_netlink_parms(): no params data found
[  370.377608][ T8243] bridge0: port 1(bridge_slave_0) entered blocking state
[  370.377732][ T8243] bridge0: port 1(bridge_slave_0) entered disabled state
[  370.377981][ T8243] bridge_slave_0: entered allmulticast mode
[  370.381044][ T8243] bridge_slave_0: entered promiscuous mode
[  370.611640][ T5890] IPVS: starting estimator thread 0...
[  370.721313][ T8430] IPVS: using max 7 ests per chain, 16800 per kthread
[  371.647078][ T8243] bridge0: port 2(bridge_slave_1) entered blocking state
[  371.647311][ T8243] bridge0: port 2(bridge_slave_1) entered disabled state
[  371.647579][ T8243] bridge_slave_1: entered allmulticast mode
[  371.650660][ T8243] bridge_slave_1: entered promiscuous mode
[  373.997317][ T8243] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  374.040531][   T38] kauditd_printk_skb: 21 callbacks suppressed
[  374.040551][   T38] audit: type=1326 audit(1762373006.050:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8463 comm="syz.1.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5886edf6c9 code=0x7ffc0000
[  374.040601][   T38] audit: type=1326 audit(1762373006.050:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8463 comm="syz.1.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5886edf6c9 code=0x7ffc0000
[  374.059281][   T38] audit: type=1326 audit(1762373006.070:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8463 comm="syz.1.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f5886edf6c9 code=0x7ffc0000
[  374.059348][   T38] audit: type=1326 audit(1762373006.070:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8463 comm="syz.1.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f5886edf703 code=0x7ffc0000
[  374.059400][   T38] audit: type=1326 audit(1762373006.070:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8463 comm="syz.1.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f5886edf703 code=0x7ffc0000
[  374.085024][   T38] audit: type=1326 audit(1762373006.100:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8463 comm="syz.1.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5886edf6c9 code=0x7ffc0000
[  375.313157][ T8243] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  375.313878][ T8481] capability: warning: `syz.1.828' uses deprecated v2 capabilities in a way that may be insecure
[  375.314142][ T8271] bridge0: port 1(bridge_slave_0) entered blocking state
[  375.314272][ T8271] bridge0: port 1(bridge_slave_0) entered disabled state
[  375.314481][ T8271] bridge_slave_0: entered allmulticast mode
[  375.349362][ T8271] bridge_slave_0: entered promiscuous mode
[  376.905842][ T8271] bridge0: port 2(bridge_slave_1) entered blocking state
[  376.906077][ T8271] bridge0: port 2(bridge_slave_1) entered disabled state
[  376.906332][ T8271] bridge_slave_1: entered allmulticast mode
[  376.909269][ T8271] bridge_slave_1: entered promiscuous mode
[  377.453806][ T8243] team0: Port device team_slave_0 added
[  378.797627][ T8508] kvm: pic: non byte read
[  378.798045][ T8508] kvm: pic: single mode not supported
[  378.798137][ T8508] kvm: pic: level sensitive irq not supported
[  378.798212][ T8508] kvm: pic: non byte read
[  378.798560][ T8508] kvm: pic: non byte read
[  378.798901][ T8508] kvm: pic: non byte read
[  379.177486][ T5875] IPVS: starting estimator thread 0...
[  379.207117][ T8243] team0: Port device team_slave_1 added
[  379.215287][ T8271] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  379.261448][ T8514] IPVS: using max 7 ests per chain, 16800 per kthread
[  379.335859][ T8271] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  380.785686][ T8243] batman_adv: batadv0: Adding interface: batadv_slave_0
[  380.785705][ T8243] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  380.785734][ T8243] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  380.812196][ T8243] batman_adv: batadv0: Adding interface: batadv_slave_1
[  380.812232][ T8243] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  380.812263][ T8243] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  381.623317][ T8271] team0: Port device team_slave_0 added
[  381.650331][ T8271] team0: Port device team_slave_1 added
[  383.343155][ T8271] batman_adv: batadv0: Adding interface: batadv_slave_0
[  383.343169][ T8271] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  383.343188][ T8271] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  383.425821][ T8271] batman_adv: batadv0: Adding interface: batadv_slave_1
[  383.425839][ T8271] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  383.425869][ T8271] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  383.456552][ T8243] hsr_slave_0: entered promiscuous mode
[  383.481450][ T5875] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  383.483628][ T8243] hsr_slave_1: entered promiscuous mode
[  383.484742][ T8243] debugfs: 'hsr0' already exists in 'hsr'
[  383.484767][ T8243] Cannot create hsr debugfs directory
[  383.634937][ T5875] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  383.634975][ T5875] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  383.635019][ T5875] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  383.635045][ T5875] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  383.694062][ T5875] usb 3-1: config 0 descriptor??
[  383.879765][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  383.879844][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  385.127464][ T5875] usb 3-1: string descriptor 0 read error: -22
[  385.157535][ T5875] uclogic 0003:256C:006D.0002: interface is invalid, ignoring
[  385.462473][ T5875] usb 3-1: USB disconnect, device number 9
[  386.432818][ T8271] hsr_slave_0: entered promiscuous mode
[  386.442579][ T8271] hsr_slave_1: entered promiscuous mode
[  386.443772][ T8271] debugfs: 'hsr0' already exists in 'hsr'
[  386.443800][ T8271] Cannot create hsr debugfs directory
[  387.544171][    T9] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  387.693889][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  387.693927][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  387.693970][    T9] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  387.693996][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  387.741970][    T9] usb 1-1: config 0 descriptor??
[  388.351280][    T9] usb 1-1: string descriptor 0 read error: -22
[  388.569527][    T9] input: HID 256c:006d as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0003/input/input9
[  388.974743][    T9] uclogic 0003:256C:006D.0003: input,hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.0-1/input0
[  389.010388][    T9] usb 1-1: USB disconnect, device number 12
[  389.275308][ T8625] fido_id[8625]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory
[  389.889328][   T38] audit: type=1326 audit(1762373021.900:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8638 comm="syz.0.879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  389.889688][   T38] audit: type=1326 audit(1762373021.900:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8638 comm="syz.0.879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  389.889979][   T38] audit: type=1326 audit(1762373021.900:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8638 comm="syz.0.879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  389.890624][   T38] audit: type=1326 audit(1762373021.900:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8638 comm="syz.0.879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  389.890920][   T38] audit: type=1326 audit(1762373021.900:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8638 comm="syz.0.879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  389.943245][   T38] audit: type=1326 audit(1762373021.960:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8638 comm="syz.0.879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  389.943314][   T38] audit: type=1326 audit(1762373021.960:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8638 comm="syz.0.879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  389.952187][   T38] audit: type=1326 audit(1762373021.970:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8638 comm="syz.0.879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  389.952257][   T38] audit: type=1326 audit(1762373021.970:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8638 comm="syz.0.879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  389.952312][   T38] audit: type=1326 audit(1762373021.970:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8638 comm="syz.0.879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  390.277249][ T3599] bridge_slave_1: left allmulticast mode
[  390.277279][ T3599] bridge_slave_1: left promiscuous mode
[  390.277560][ T3599] bridge0: port 2(bridge_slave_1) entered disabled state
[  390.422969][ T3599] bridge_slave_0: left allmulticast mode
[  390.423002][ T3599] bridge_slave_0: left promiscuous mode
[  390.423300][ T3599] bridge0: port 1(bridge_slave_0) entered disabled state
[  390.514062][ T3599] bridge_slave_1: left allmulticast mode
[  390.514096][ T3599] bridge_slave_1: left promiscuous mode
[  390.514373][ T3599] bridge0: port 2(bridge_slave_1) entered disabled state
[  390.637455][ T3599] bridge_slave_0: left allmulticast mode
[  390.637489][ T3599] bridge_slave_0: left promiscuous mode
[  390.637761][ T3599] bridge0: port 1(bridge_slave_0) entered disabled state
[  390.960130][ T8658] netlink: 8 bytes leftover after parsing attributes in process `syz.2.885'.
[  391.373190][ T8662] netlink: 'syz.2.887': attribute type 10 has an invalid length.
[  391.957842][ T8671] fuse: Unknown parameter 'grou00000000000000000000'
[  391.992473][ T3599] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  392.052000][ T3599] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  392.093674][ T3599] bond0 (unregistering): Released all slaves
[  392.269302][ T8677] netlink: 4 bytes leftover after parsing attributes in process `syz.1.893'.
[  392.484445][ T3599] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  392.572039][ T3599] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  392.634654][ T3599] bond0 (unregistering): Released all slaves
[  392.842347][ T8662] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  395.841285][ T5882] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  396.025064][ T5882] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  396.025101][ T5882] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  396.025128][ T5882] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  396.025174][ T5882] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  396.025200][ T5882] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  396.212843][ T5882] usb 3-1: config 0 descriptor??
[  396.567178][ T8708] netlink: 12 bytes leftover after parsing attributes in process `syz.0.900'.
[  396.882802][ T5882] usbhid 3-1:0.0: can't add hid device: -71
[  396.882943][ T5882] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  396.902359][ T5882] usb 3-1: USB disconnect, device number 10
[  397.044147][ T3599] hsr_slave_0: left promiscuous mode
[  397.081694][ T3599] hsr_slave_1: left promiscuous mode
[  397.082684][ T3599] batman_adv: batadv0: Removing interface: batadv_slave_0
[  397.112738][ T3599] batman_adv: batadv0: Removing interface: batadv_slave_1
[  397.187412][ T8723] netlink: 'syz.1.905': attribute type 10 has an invalid length.
[  397.251336][ T3599] hsr_slave_0: left promiscuous mode
[  397.291415][ T3599] hsr_slave_1: left promiscuous mode
[  397.292305][ T3599] batman_adv: batadv0: Removing interface: batadv_slave_0
[  397.334123][ T3599] batman_adv: batadv0: Removing interface: batadv_slave_1
[  399.172369][ T3599] team0 (unregistering): Port device team_slave_1 removed
[  399.230806][ T8737] fuse: Unknown parameter '0x0000000000000003'
[  399.362060][ T3599] team0 (unregistering): Port device team_slave_0 removed
[  401.617962][   T38] kauditd_printk_skb: 38 callbacks suppressed
[  401.618010][   T38] audit: type=1326 audit(1762373033.390:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8747 comm="syz.2.913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb82a73f6c9 code=0x7ffc0000
[  401.618391][   T38] audit: type=1326 audit(1762373033.390:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8747 comm="syz.2.913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb82a73f6c9 code=0x7ffc0000
[  401.618698][   T38] audit: type=1326 audit(1762373033.400:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8747 comm="syz.2.913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fb82a73f6c9 code=0x7ffc0000
[  401.858348][   T38] audit: type=1326 audit(1762373033.870:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8747 comm="syz.2.913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb82a73f6c9 code=0x7ffc0000
[  401.858408][   T38] audit: type=1326 audit(1762373033.870:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8747 comm="syz.2.913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb82a73f6c9 code=0x7ffc0000
[  401.953044][ T3599] team0 (unregistering): Port device team_slave_1 removed
[  401.995367][ T8753] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  402.093418][ T3599] team0 (unregistering): Port device team_slave_0 removed
[  403.177501][ T8768] netlink: 48 bytes leftover after parsing attributes in process `syz.0.915'.
[  403.481449][ T8775] fuse: Unknown parameter '0x0000000000000003'
[  404.230838][   T38] audit: type=1326 audit(1762373036.240:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8783 comm="syz.0.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  404.247997][   T38] audit: type=1326 audit(1762373036.260:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8783 comm="syz.0.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  404.248069][   T38] audit: type=1326 audit(1762373036.260:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8783 comm="syz.0.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  404.248127][   T38] audit: type=1326 audit(1762373036.260:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8783 comm="syz.0.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  404.249478][   T38] audit: type=1326 audit(1762373036.260:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8783 comm="syz.0.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=78 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  405.586290][ T8813] fuse: Unknown parameter '0x0000000000000003'
[  406.747086][ T8817] netlink: 'syz.2.924': attribute type 10 has an invalid length.
[  406.880309][ T8817] team0: Cannot enslave team device to itself
[  407.231943][ T8834] netlink: 4 bytes leftover after parsing attributes in process `syz.1.933'.
[  407.232089][ T8834] netlink: 4 bytes leftover after parsing attributes in process `syz.1.933'.
[  408.886730][ T8845] fuse: Unknown parameter 'fd0x0000000000000003'
[  408.981936][ T8848] fuse: Bad value for 'user_id'
[  408.981956][ T8848] fuse: Bad value for 'user_id'
[  409.097115][ T8243] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  409.163736][ T8243] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  409.281703][ T8243] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  409.370158][ T8243] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  409.475003][ T8862] netlink: 64 bytes leftover after parsing attributes in process `syz.2.942'.
[  409.773699][ T8271] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  409.827339][ T8271] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  409.868964][ T8271] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  409.919066][ T8271] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  410.310049][ T8243] 8021q: adding VLAN 0 to HW filter on device bond0
[  410.412000][ T8243] 8021q: adding VLAN 0 to HW filter on device team0
[  410.454883][ T3599] bridge0: port 1(bridge_slave_0) entered blocking state
[  410.455165][ T3599] bridge0: port 1(bridge_slave_0) entered forwarding state
[  410.513827][ T3599] bridge0: port 2(bridge_slave_1) entered blocking state
[  410.513983][ T3599] bridge0: port 2(bridge_slave_1) entered forwarding state
[  410.556152][ T8271] 8021q: adding VLAN 0 to HW filter on device bond0
[  410.736587][ T8271] 8021q: adding VLAN 0 to HW filter on device team0
[  410.800452][  T812] bridge0: port 1(bridge_slave_0) entered blocking state
[  410.800756][  T812] bridge0: port 1(bridge_slave_0) entered forwarding state
[  410.858164][  T812] bridge0: port 2(bridge_slave_1) entered blocking state
[  410.858312][  T812] bridge0: port 2(bridge_slave_1) entered forwarding state
[  412.260857][ T8940] netlink: 8 bytes leftover after parsing attributes in process `syz.2.960'.
[  412.295511][ T8271] 8021q: adding VLAN 0 to HW filter on device batadv0
[  412.674461][ T5815] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  412.686013][ T5815] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  412.687369][ T5815] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  412.689858][ T5815] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  412.705319][ T5815] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  413.203162][    C0] vkms_vblank_simulate: vblank timer overrun
[  413.515726][    C0] vkms_vblank_simulate: vblank timer overrun
[  413.564223][    C0] vkms_vblank_simulate: vblank timer overrun
[  413.758059][    C0] vkms_vblank_simulate: vblank timer overrun
[  413.869260][    C0] vkms_vblank_simulate: vblank timer overrun
[  415.323063][    C0] vkms_vblank_simulate: vblank timer overrun
[  415.331561][ T5815] Bluetooth: hci2: command tx timeout
[  415.497010][    C0] vkms_vblank_simulate: vblank timer overrun
[  416.291295][ T8984] netlink: 4 bytes leftover after parsing attributes in process `syz.0.969'.
[  417.392179][ T5815] Bluetooth: hci2: command tx timeout
[  418.609460][ T8990] netlink: 8 bytes leftover after parsing attributes in process `syz.2.971'.
[  418.854526][ T5806] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  418.860690][ T5806] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  418.877690][ T5806] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  418.895323][ T5806] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  418.897048][ T5806] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  419.471482][ T5815] Bluetooth: hci2: command tx timeout
[  419.472749][    C1] vkms_vblank_simulate: vblank timer overrun
[  419.862510][    C1] vkms_vblank_simulate: vblank timer overrun
[  420.165158][    C1] vkms_vblank_simulate: vblank timer overrun
[  420.577209][    C1] vkms_vblank_simulate: vblank timer overrun
[  421.077518][ T5815] Bluetooth: hci3: command tx timeout
[  421.571228][ T5815] Bluetooth: hci2: command tx timeout
[  421.593672][    C1] vkms_vblank_simulate: vblank timer overrun
[  422.539727][    C1] vkms_vblank_simulate: vblank timer overrun
[  422.575664][    C1] vkms_vblank_simulate: vblank timer overrun
[  423.362036][    C1] vkms_vblank_simulate: vblank timer overrun
[  423.383992][ T5815] Bluetooth: hci3: command tx timeout
[  423.561354][    C1] vkms_vblank_simulate: vblank timer overrun
[  425.251722][ T8952] chnl_net:caif_netlink_parms(): no params data found
[  425.472006][ T5815] Bluetooth: hci3: command tx timeout
[  425.935470][    C0] vkms_vblank_simulate: vblank timer overrun
[  426.691719][    C0] vkms_vblank_simulate: vblank timer overrun
[  426.810197][    C0] vkms_vblank_simulate: vblank timer overrun
[  427.464998][    C0] vkms_vblank_simulate: vblank timer overrun
[  427.571305][ T5815] Bluetooth: hci3: command tx timeout
[  427.963835][    C0] vkms_vblank_simulate: vblank timer overrun
[  428.397438][    C0] vkms_vblank_simulate: vblank timer overrun
[  429.370074][    C0] vkms_vblank_simulate: vblank timer overrun
[  429.691600][    C0] vkms_vblank_simulate: vblank timer overrun
[  429.891919][    C0] vkms_vblank_simulate: vblank timer overrun
[  430.508472][ T8952] bridge0: port 1(bridge_slave_0) entered blocking state
[  430.508705][ T8952] bridge0: port 1(bridge_slave_0) entered disabled state
[  430.509642][ T8952] bridge_slave_0: entered allmulticast mode
[  430.517446][ T8952] bridge_slave_0: entered promiscuous mode
[  430.582431][ T8952] bridge0: port 2(bridge_slave_1) entered blocking state
[  430.582678][ T8952] bridge0: port 2(bridge_slave_1) entered disabled state
[  430.582930][ T8952] bridge_slave_1: entered allmulticast mode
[  430.586229][ T8952] bridge_slave_1: entered promiscuous mode
[  432.087898][ T8952] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  432.096520][ T8952] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  432.097828][ T8995] chnl_net:caif_netlink_parms(): no params data found
[  434.413371][ T8952] team0: Port device team_slave_0 added
[  435.053017][    C1] vkms_vblank_simulate: vblank timer overrun
[  435.683178][ T8952] team0: Port device team_slave_1 added
[  436.406661][ T8952] batman_adv: batadv0: Adding interface: batadv_slave_0
[  436.406681][ T8952] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  436.406713][ T8952] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  437.175379][    C1] vkms_vblank_simulate: vblank timer overrun
[  437.720765][ T8952] batman_adv: batadv0: Adding interface: batadv_slave_1
[  437.720784][ T8952] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  437.720816][ T8952] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  438.573599][    C1] vkms_vblank_simulate: vblank timer overrun
[  439.151376][ T8995] bridge0: port 1(bridge_slave_0) entered blocking state
[  439.151523][ T8995] bridge0: port 1(bridge_slave_0) entered disabled state
[  439.151790][ T8995] bridge_slave_0: entered allmulticast mode
[  439.154753][ T8995] bridge_slave_0: entered promiscuous mode
[  439.444218][ T8995] bridge0: port 2(bridge_slave_1) entered blocking state
[  439.444361][ T8995] bridge0: port 2(bridge_slave_1) entered disabled state
[  439.444576][ T8995] bridge_slave_1: entered allmulticast mode
[  439.476457][ T8995] bridge_slave_1: entered promiscuous mode
[  439.480157][ T6135] bridge_slave_1: left allmulticast mode
[  439.480187][ T6135] bridge_slave_1: left promiscuous mode
[  439.480453][ T6135] bridge0: port 2(bridge_slave_1) entered disabled state
[  439.563618][ T6135] bridge_slave_0: left allmulticast mode
[  439.563651][ T6135] bridge_slave_0: left promiscuous mode
[  439.563913][ T6135] bridge0: port 1(bridge_slave_0) entered disabled state
[  445.793866][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  445.793921][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  446.982118][ T6135] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  447.006253][ T9316] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1041'.
[  447.094232][ T6135] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  447.117605][ T6135] bond0 (unregistering): Released all slaves
[  448.007316][ T8952] hsr_slave_0: entered promiscuous mode
[  448.009025][ T8952] hsr_slave_1: entered promiscuous mode
[  450.592166][ T6135] hsr_slave_0: left promiscuous mode
[  451.247789][ T9343] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input10
[  451.302009][ T6135] hsr_slave_1: left promiscuous mode
[  451.305162][ T6135] batman_adv: batadv0: Removing interface: batadv_slave_0
[  451.370867][ T6135] batman_adv: batadv0: Removing interface: batadv_slave_1
[  454.082128][ T6135] team0 (unregistering): Port device team_slave_1 removed
[  454.322190][ T6135] team0 (unregistering): Port device team_slave_0 removed
[  458.587433][ T8995] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  458.757251][ T8995] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  459.952113][ T9413] random: crng reseeded on system resumption
[  460.048491][ T8995] team0: Port device team_slave_0 added
[  460.100409][ T8995] team0: Port device team_slave_1 added
[  460.399665][ T9426] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1069'.
[  460.458771][ T8995] batman_adv: batadv0: Adding interface: batadv_slave_0
[  460.458785][ T8995] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  460.458806][ T8995] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  460.480203][ T8995] batman_adv: batadv0: Adding interface: batadv_slave_1
[  460.480226][ T8995] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  460.480262][ T8995] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  461.117301][ T8995] hsr_slave_0: entered promiscuous mode
[  461.123245][ T8995] hsr_slave_1: entered promiscuous mode
[  461.124643][ T8995] debugfs: 'hsr0' already exists in 'hsr'
[  461.124673][ T8995] Cannot create hsr debugfs directory
[  462.292420][ T9451] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1075'.
[  462.509950][ T5892] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  463.443190][ T5892] usb 1-1: Using ep0 maxpacket: 32
[  463.457110][ T5892] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  463.469742][ T5892] usb 1-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  463.469777][ T5892] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  463.469798][ T5892] usb 1-1: Product: syz
[  463.469814][ T5892] usb 1-1: Manufacturer: syz
[  463.469830][ T5892] usb 1-1: SerialNumber: syz
[  463.485649][ T5892] usb 1-1: config 0 descriptor??
[  463.891609][ T5875] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  464.053006][ T5875] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  464.053044][ T5875] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  464.053085][ T5875] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  464.053109][ T5875] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  464.073459][ T5875] usb 3-1: config 0 descriptor??
[  464.711827][ T5875] usb 3-1: string descriptor 0 read error: -22
[  464.792296][ T9497] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1082'.
[  464.908426][ T5875] uclogic 0003:256C:006D.0004: failed retrieving string descriptor #100: -71
[  464.908492][ T5875] uclogic 0003:256C:006D.0004: failed retrieving pen parameters: -71
[  464.908512][ T5875] uclogic 0003:256C:006D.0004: failed probing pen v1 parameters: -71
[  464.908567][ T5875] uclogic 0003:256C:006D.0004: failed probing parameters: -71
[  464.908696][ T5875] uclogic 0003:256C:006D.0004: probe with driver uclogic failed with error -71
[  464.956399][ T5875] usb 3-1: USB disconnect, device number 11
[  465.223989][ T5875] usb 1-1: USB disconnect, device number 13
[  466.592486][ T5875] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  466.755768][ T5875] usb 1-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  466.755802][ T5875] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  466.760786][ T5875] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  466.760819][ T5875] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  466.760842][ T5875] usb 1-1: Product: syz
[  466.760858][ T5875] usb 1-1: Manufacturer: syz
[  466.760874][ T5875] usb 1-1: SerialNumber: syz
[  466.853115][ T5875] hub 1-1:1.0: bad descriptor, ignoring hub
[  466.853158][ T5875] hub 1-1:1.0: probe with driver hub failed with error -5
[  466.896809][ T8952] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  466.951273][ T8952] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  466.985003][ T8952] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  467.058715][ T8952] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  467.161677][ T5875] usb 1-1: USB disconnect, device number 14
[  467.709284][ T6135] bridge_slave_1: left allmulticast mode
[  467.709319][ T6135] bridge_slave_1: left promiscuous mode
[  467.709604][ T6135] bridge0: port 2(bridge_slave_1) entered disabled state
[  467.777872][ T6135] bridge_slave_0: left allmulticast mode
[  467.777904][ T6135] bridge_slave_0: left promiscuous mode
[  467.778532][ T6135] bridge0: port 1(bridge_slave_0) entered disabled state
[  470.591893][ T6135] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  470.672422][ T6135] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  470.719504][ T6135] bond0 (unregistering): Released all slaves
[  470.787138][ T9538] macsec1: entered promiscuous mode
[  470.787157][ T9538] bridge0: entered promiscuous mode
[  470.787864][ T9538] bridge0: port 3(macsec1) entered blocking state
[  470.788006][ T9538] bridge0: port 3(macsec1) entered disabled state
[  470.788154][ T9538] macsec1: entered allmulticast mode
[  470.788166][ T9538] bridge0: entered allmulticast mode
[  470.838495][ T9538] macsec1: left allmulticast mode
[  470.838522][ T9538] bridge0: left allmulticast mode
[  470.965773][ T9538] bridge0: left promiscuous mode
[  471.581421][ T5989] usb 1-1: new full-speed USB device number 15 using dummy_hcd
[  471.754052][ T5989] usb 1-1: config 0 has an invalid interface number: 41 but max is 0
[  471.754084][ T5989] usb 1-1: config 0 has no interface number 0
[  471.754136][ T5989] usb 1-1: config 0 interface 41 has no altsetting 0
[  471.762619][ T5989] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  471.762653][ T5989] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  471.762676][ T5989] usb 1-1: Product: syz
[  471.762691][ T5989] usb 1-1: Manufacturer: syz
[  471.762707][ T5989] usb 1-1: SerialNumber: syz
[  471.844273][ T5989] usb 1-1: config 0 descriptor??
[  472.014010][ T6135] hsr_slave_0: left promiscuous mode
[  472.856830][ T6135] hsr_slave_1: left promiscuous mode
[  472.858870][ T6135] batman_adv: batadv0: Removing interface: batadv_slave_0
[  472.915303][ T6135] batman_adv: batadv0: Removing interface: batadv_slave_1
[  473.077066][ T5989] CoreChips 1-1:0.41: probe with driver CoreChips failed with error -32
[  473.242251][ T5806] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  473.245448][ T5806] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  473.246668][ T5806] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  473.248043][ T5806] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  473.248759][ T5806] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  474.418501][ T1231] usb 1-1: USB disconnect, device number 15
[  476.391208][ T5815] Bluetooth: hci5: command tx timeout
[  476.436904][ T5806] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  476.457047][ T5806] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  476.458756][ T5806] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  476.460731][ T5806] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  476.484592][ T5806] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  476.655064][    C1] vkms_vblank_simulate: vblank timer overrun
[  476.850714][    C1] vkms_vblank_simulate: vblank timer overrun
[  477.245600][ T6135] team0 (unregistering): Port device team_slave_1 removed
[  477.285448][    C1] vkms_vblank_simulate: vblank timer overrun
[  477.832165][    C1] vkms_vblank_simulate: vblank timer overrun
[  478.474815][ T5806] Bluetooth: hci5: command tx timeout
[  478.501316][    C1] vkms_vblank_simulate: vblank timer overrun
[  478.634183][ T5806] Bluetooth: hci6: command tx timeout
[  478.682431][ T6135] team0 (unregistering): Port device team_slave_0 removed
[  478.772674][    C1] vkms_vblank_simulate: vblank timer overrun
[  478.903203][    C1] vkms_vblank_simulate: vblank timer overrun
[  479.687173][    C1] vkms_vblank_simulate: vblank timer overrun
[  479.734752][    C1] vkms_vblank_simulate: vblank timer overrun
[  479.854312][ T9635] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  479.854759][ T9635] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  479.854856][ T9635] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  479.855451][ T9635] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  479.855548][ T9635] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  479.855646][ T9635] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  479.855737][ T9635] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  479.855826][ T9635] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  479.855915][ T9635] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  479.856007][ T9635] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  480.092203][ T9640] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1120'.
[  480.511922][ T5806] Bluetooth: hci5: command tx timeout
[  480.777805][    C1] vkms_vblank_simulate: vblank timer overrun
[  480.779667][ T5806] Bluetooth: hci6: command tx timeout
[  482.591679][ T5806] Bluetooth: hci5: command tx timeout
[  482.795183][    C1] vkms_vblank_simulate: vblank timer overrun
[  482.831341][ T5806] Bluetooth: hci6: command tx timeout
[  483.117563][    C1] vkms_vblank_simulate: vblank timer overrun
[  483.145283][    C1] vkms_vblank_simulate: vblank timer overrun
[  483.679366][    C1] vkms_vblank_simulate: vblank timer overrun
[  483.743264][    C1] vkms_vblank_simulate: vblank timer overrun
[  483.963373][    C1] vkms_vblank_simulate: vblank timer overrun
[  484.014843][    C1] vkms_vblank_simulate: vblank timer overrun
[  484.313261][    C1] vkms_vblank_simulate: vblank timer overrun
[  484.577101][    C1] vkms_vblank_simulate: vblank timer overrun
[  484.609308][    C1] vkms_vblank_simulate: vblank timer overrun
[  484.780777][    C1] vkms_vblank_simulate: vblank timer overrun
[  484.916690][    C1] vkms_vblank_simulate: vblank timer overrun
[  485.014954][    C1] vkms_vblank_simulate: vblank timer overrun
[  485.043681][ T5806] Bluetooth: hci6: command tx timeout
[  485.425628][    C1] vkms_vblank_simulate: vblank timer overrun
[  485.604091][    C1] vkms_vblank_simulate: vblank timer overrun
[  485.760691][    C1] vkms_vblank_simulate: vblank timer overrun
[  485.891428][  T975] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  486.063574][  T975] usb 3-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  486.063614][  T975] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  486.076145][  T975] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  486.076183][  T975] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  486.076209][  T975] usb 3-1: Product: syz
[  486.076228][  T975] usb 3-1: Manufacturer: syz
[  486.076247][  T975] usb 3-1: SerialNumber: syz
[  486.102143][  T975] hub 3-1:1.0: bad descriptor, ignoring hub
[  486.102192][  T975] hub 3-1:1.0: probe with driver hub failed with error -5
[  486.414243][  T975] usb 3-1: USB disconnect, device number 12
[  488.107978][ T9699] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1134'.
[  488.287018][ T9700] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1134'.
[  489.971496][ T9726] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1140'.
[  489.971527][ T9726] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1140'.
[  491.710328][ T9592] chnl_net:caif_netlink_parms(): no params data found
[  491.723115][ T9613] chnl_net:caif_netlink_parms(): no params data found
[  491.751203][ T1231] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  491.911213][ T1231] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  491.911267][ T1231] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  491.911296][ T1231] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  491.911321][ T1231] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  491.912593][ T1231] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  491.912623][ T1231] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  491.912645][ T1231] usb 3-1: Manufacturer: syz
[  491.924287][ T1231] usb 3-1: config 0 descriptor??
[  492.527924][    C1] raw-gadget.0 gadget.2: ignoring, device is not running
[  492.528331][    C1] raw-gadget.0 gadget.2: ignoring, device is not running
[  492.528730][    C1] raw-gadget.0 gadget.2: ignoring, device is not running
[  492.528908][ T1231] usbhid 3-1:0.0: can't add hid device: -32
[  492.529032][ T1231] usbhid 3-1:0.0: probe with driver usbhid failed with error -32
[  492.562964][ T1231] usb 3-1: USB disconnect, device number 13
[  494.484506][ T9782] netlink: 'syz.1.1151': attribute type 4 has an invalid length.
[  494.748879][ T9791] netlink: 'syz.2.1153': attribute type 4 has an invalid length.
[  495.834974][ T9592] bridge0: port 1(bridge_slave_0) entered blocking state
[  495.835204][ T9592] bridge0: port 1(bridge_slave_0) entered disabled state
[  495.835466][ T9592] bridge_slave_0: entered allmulticast mode
[  495.875405][ T9592] bridge_slave_0: entered promiscuous mode
[  495.891217][ T9613] bridge0: port 1(bridge_slave_0) entered blocking state
[  495.891369][ T9613] bridge0: port 1(bridge_slave_0) entered disabled state
[  495.891617][ T9613] bridge_slave_0: entered allmulticast mode
[  495.898189][ T9613] bridge_slave_0: entered promiscuous mode
[  496.007033][ T9592] bridge0: port 2(bridge_slave_1) entered blocking state
[  496.008058][ T9592] bridge0: port 2(bridge_slave_1) entered disabled state
[  496.008318][ T9592] bridge_slave_1: entered allmulticast mode
[  496.032489][ T9592] bridge_slave_1: entered promiscuous mode
[  496.098046][ T9613] bridge0: port 2(bridge_slave_1) entered blocking state
[  496.098189][ T9613] bridge0: port 2(bridge_slave_1) entered disabled state
[  496.098547][ T9613] bridge_slave_1: entered allmulticast mode
[  496.126660][ T9613] bridge_slave_1: entered promiscuous mode
[  498.712612][ T9826] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1164'.
[  498.912670][ T9592] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  499.528107][ T9613] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  499.536277][ T9592] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  499.548363][ T9613] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  501.467047][ T9592] team0: Port device team_slave_0 added
[  501.607409][ T9613] team0: Port device team_slave_0 added
[  501.609971][ T9592] team0: Port device team_slave_1 added
[  501.621263][ T5875] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  501.648245][ T9613] team0: Port device team_slave_1 added
[  501.784057][ T5875] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  501.784126][ T5875] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  501.784156][ T5875] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  501.784181][ T5875] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  501.788783][ T5875] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  501.788814][ T5875] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  501.788837][ T5875] usb 3-1: Manufacturer: syz
[  501.807866][ T5875] usb 3-1: config 0 descriptor??
[  502.244222][ T5875] usbhid 3-1:0.0: can't add hid device: -71
[  502.244358][ T5875] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  502.286333][ T5875] usb 3-1: USB disconnect, device number 14
[  502.374085][ T9592] batman_adv: batadv0: Adding interface: batadv_slave_0
[  502.374104][ T9592] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  502.374136][ T9592] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  502.379966][ T9613] batman_adv: batadv0: Adding interface: batadv_slave_0
[  502.379984][ T9613] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  502.380015][ T9613] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  502.402414][ T9592] batman_adv: batadv0: Adding interface: batadv_slave_1
[  502.402442][ T9592] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  502.402474][ T9592] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  502.449110][ T9613] batman_adv: batadv0: Adding interface: batadv_slave_1
[  502.449132][ T9613] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  502.449170][ T9613] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  503.309258][ T9592] hsr_slave_0: entered promiscuous mode
[  503.310430][ T9592] hsr_slave_1: entered promiscuous mode
[  503.314273][ T9592] debugfs: 'hsr0' already exists in 'hsr'
[  503.314306][ T9592] Cannot create hsr debugfs directory
[  504.250583][ T6013] bridge_slave_1: left allmulticast mode
[  504.250615][ T6013] bridge_slave_1: left promiscuous mode
[  504.250895][ T6013] bridge0: port 2(bridge_slave_1) entered disabled state
[  504.654269][ T6013] bridge_slave_0: left allmulticast mode
[  504.654302][ T6013] bridge_slave_0: left promiscuous mode
[  504.654559][ T6013] bridge0: port 1(bridge_slave_0) entered disabled state
[  505.703867][ T6013] bridge_slave_1: left allmulticast mode
[  505.703902][ T6013] bridge_slave_1: left promiscuous mode
[  505.704143][ T6013] bridge0: port 2(bridge_slave_1) entered disabled state
[  505.993084][ T6013] bridge_slave_0: left allmulticast mode
[  505.993108][ T6013] bridge_slave_0: left promiscuous mode
[  505.993328][ T6013] bridge0: port 1(bridge_slave_0) entered disabled state
[  506.575011][ T5892] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  506.803775][ T6013] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  506.810865][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  506.810944][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  506.872108][ T6013] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  506.914822][ T6013] bond0 (unregistering): Released all slaves
[  507.131858][ T5892] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  507.131906][ T5892] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  507.131926][ T5892] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  507.131942][ T5892] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  507.133109][ T5892] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  507.133129][ T5892] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  507.133144][ T5892] usb 3-1: Manufacturer: syz
[  507.137717][ T5892] usb 3-1: config 0 descriptor??
[  507.444791][ T6013] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  507.531964][ T6013] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  507.556697][ T5892] usbhid 3-1:0.0: can't add hid device: -71
[  507.556834][ T5892] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  507.643630][ T6013] bond0 (unregistering): Released all slaves
[  507.645693][ T5892] usb 3-1: USB disconnect, device number 15
[  507.905512][ T9613] hsr_slave_0: entered promiscuous mode
[  507.906807][ T9613] hsr_slave_1: entered promiscuous mode
[  507.907747][ T9613] debugfs: 'hsr0' already exists in 'hsr'
[  507.907770][ T9613] Cannot create hsr debugfs directory
[  510.067522][ T9914] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1192'.
[  510.067575][ T9914] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1192'.
[  510.091316][ T6013] hsr_slave_0: left promiscuous mode
[  510.117186][ T6013] hsr_slave_1: left promiscuous mode
[  510.119963][ T6013] batman_adv: batadv0: Removing interface: batadv_slave_0
[  510.153463][ T6013] batman_adv: batadv0: Removing interface: batadv_slave_1
[  510.291212][ T6013] hsr_slave_0: left promiscuous mode
[  510.315830][ T6013] hsr_slave_1: left promiscuous mode
[  510.323843][ T6013] batman_adv: batadv0: Removing interface: batadv_slave_0
[  510.365682][ T6013] batman_adv: batadv0: Removing interface: batadv_slave_1
[  512.202457][ T6013] team0 (unregistering): Port device team_slave_1 removed
[  512.321918][ T6013] team0 (unregistering): Port device team_slave_0 removed
[  513.206587][ T9925] fuse: Bad value for 'group_id'
[  513.206602][ T9925] fuse: Bad value for 'group_id'
[  513.403496][ T9929] net_ratelimit: 2870 callbacks suppressed
[  513.403515][ T9929] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  513.403619][ T9929] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  513.403710][ T9929] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  513.403799][ T9929] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  513.403889][ T9929] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  513.403978][ T9929] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  513.404066][ T9929] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  513.404155][ T9929] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  513.404246][ T9929] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  513.404334][ T9929] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  513.428603][ T9930] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1198'.
[  513.512335][ T6013] team0 (unregistering): Port device team_slave_1 removed
[  513.826429][ T6013] team0 (unregistering): Port device team_slave_0 removed
[  515.201432][  T975] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  515.547384][  T975] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  515.547434][  T975] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  515.547600][  T975] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  515.547627][  T975] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  515.629988][  T975] usb 3-1: config 0 descriptor??
[  516.721755][  T975] usb 3-1: string descriptor 0 read error: -22
[  517.386072][  T975] input: HID 256c:006d as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0005/input/input11
[  517.423373][ T9960] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1207'.
[  517.608606][  T975] uclogic 0003:256C:006D.0005: input,hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.2-1/input0
[  517.624515][  T975] usb 3-1: USB disconnect, device number 16
[  518.274642][ T9963] fido_id[9963]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory
[  518.599866][ T9968] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1208'.
[  518.599899][ T9968] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1208'.
[  518.604471][ T9968] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1208'.
[  518.604508][ T9968] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1208'.
[  518.678935][ T9969] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1209'.
[  521.269660][ T9993] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1215'.
[  523.065189][T10019] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  523.228120][ T9613] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  523.392009][ T9613] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  523.456030][ T9613] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  523.584789][ T9613] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  524.313243][ T9592] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  524.384562][ T9592] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  524.516098][ T9592] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  524.662486][ T9592] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  525.268278][ T9613] 8021q: adding VLAN 0 to HW filter on device bond0
[  525.360339][ T9613] 8021q: adding VLAN 0 to HW filter on device team0
[  525.404969][ T1141] bridge0: port 1(bridge_slave_0) entered blocking state
[  525.406006][ T1141] bridge0: port 1(bridge_slave_0) entered forwarding state
[  525.478699][  T812] bridge0: port 2(bridge_slave_1) entered blocking state
[  525.478847][  T812] bridge0: port 2(bridge_slave_1) entered forwarding state
[  525.630204][ T9592] 8021q: adding VLAN 0 to HW filter on device bond0
[  525.699613][T10088] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input12
[  526.830725][ T9592] 8021q: adding VLAN 0 to HW filter on device team0
[  527.085925][ T1141] bridge0: port 1(bridge_slave_0) entered blocking state
[  527.101340][ T1141] bridge0: port 1(bridge_slave_0) entered forwarding state
[  527.195023][ T1014] bridge0: port 2(bridge_slave_1) entered blocking state
[  527.195287][ T1014] bridge0: port 2(bridge_slave_1) entered forwarding state
[  527.284973][ T5875] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  527.446462][ T5875] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  527.446520][ T5875] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  527.446549][ T5875] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  527.446575][ T5875] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  527.450091][ T5875] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  527.450126][ T5875] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  527.450149][ T5875] usb 3-1: Manufacturer: syz
[  527.530625][ T5875] usb 3-1: config 0 descriptor??
[  528.023058][ T9613] 8021q: adding VLAN 0 to HW filter on device batadv0
[  528.170369][ T5875] usbhid 3-1:0.0: can't add hid device: -71
[  528.170509][ T5875] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  528.200143][ T5875] usb 3-1: USB disconnect, device number 17
[  528.380000][T10125] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode
[  528.380036][T10125] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode
[  528.879797][ T9592] 8021q: adding VLAN 0 to HW filter on device batadv0
[  529.418399][T10157] net_ratelimit: 5752 callbacks suppressed
[  529.418425][T10157] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  529.499337][T10157] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  529.499518][T10157] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  529.499662][T10157] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  529.499827][T10157] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  529.499973][T10157] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  529.500113][T10157] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  529.547157][T10157] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  529.547314][T10157] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  529.547448][T10157] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  529.563883][ T9613] veth0_vlan: entered promiscuous mode
[  529.612640][ T9613] veth1_vlan: entered promiscuous mode
[  529.775838][ T9613] veth0_macvtap: entered promiscuous mode
[  529.869121][ T9613] veth1_macvtap: entered promiscuous mode
[  530.110746][T10166] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1245'.
[  530.433221][ T9613] batman_adv: batadv0: Interface activated: batadv_slave_0
[  530.459028][ T9613] batman_adv: batadv0: Interface activated: batadv_slave_1
[  530.525914][ T3102] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  530.527629][ T3102] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  530.529266][ T3102] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  530.572494][  T812] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  530.837848][T10177] 9pnet_virtio: no channels available for device syz
[  532.588566][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  532.588591][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  532.814424][  T812] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  532.814447][  T812] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  535.183182][T10217] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  535.238300][T10217] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  535.266530][T10217] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  535.370600][T10217] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  535.458439][T10217] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  536.198695][T10230] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1262'.
[  536.296514][T10232] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1263'.
[  536.911847][T10220] bridge0: entered promiscuous mode
[  536.911983][T10220] macsec1: entered promiscuous mode
[  536.914213][T10220] bridge0: port 3(macsec1) entered blocking state
[  536.914441][T10220] bridge0: port 3(macsec1) entered disabled state
[  536.914644][T10220] macsec1: entered allmulticast mode
[  536.914660][T10220] bridge0: entered allmulticast mode
[  537.169625][T10220] macsec1: left allmulticast mode
[  537.169653][T10220] bridge0: left allmulticast mode
[  537.216247][T10220] bridge0: left promiscuous mode
[  537.273913][ T9472] IPVS: starting estimator thread 0...
[  537.362899][T10244] IPVS: using max 7 ests per chain, 16800 per kthread
[  537.551307][ T5806] Bluetooth: hci2: command tx timeout
[  539.651089][ T5806] Bluetooth: hci2: command tx timeout
[  539.799517][T10282] bridge0: entered promiscuous mode
[  539.799631][T10282] macsec1: entered promiscuous mode
[  539.804568][T10282] bridge0: port 3(macsec1) entered blocking state
[  539.804868][T10282] bridge0: port 3(macsec1) entered disabled state
[  539.805126][T10282] macsec1: entered allmulticast mode
[  539.805145][T10282] bridge0: entered allmulticast mode
[  539.850990][T10282] macsec1: left allmulticast mode
[  539.858945][T10282] bridge0: left allmulticast mode
[  539.899067][T10282] bridge0: left promiscuous mode
[  541.711343][ T5806] Bluetooth: hci2: command tx timeout
[  542.034467][T10314] netlink: 'syz.6.1287': attribute type 16 has an invalid length.
[  542.034491][T10314] netlink: 'syz.6.1287': attribute type 17 has an invalid length.
[  542.092145][T10318] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1287'.
[  543.718204][T10314] bridge0: port 2(bridge_slave_1) entered disabled state
[  543.743276][T10314] bridge0: port 1(bridge_slave_0) entered disabled state
[  543.801540][ T5806] Bluetooth: hci2: command tx timeout
[  544.470351][T10314] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  544.478674][    T9] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  544.493546][T10314] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  544.636729][    T9] usb 1-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  544.636758][    T9] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  544.639436][    T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  544.639466][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  544.639480][    T9] usb 1-1: Product: syz
[  544.639490][    T9] usb 1-1: Manufacturer: syz
[  544.639501][    T9] usb 1-1: SerialNumber: syz
[  544.686180][    T9] hub 1-1:1.0: bad descriptor, ignoring hub
[  544.686249][    T9] hub 1-1:1.0: probe with driver hub failed with error -5
[  545.001418][ T5989] usb 1-1: USB disconnect, device number 16
[  545.258409][T10358] fuse: Unknown parameter 'group_i00000000000000000000'
[  546.819288][ T1424] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  546.900834][ T1424] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  547.097446][T10213] chnl_net:caif_netlink_parms(): no params data found
[  547.246263][ T1424] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  547.361552][ T1424] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  548.271234][ T5875] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  548.373901][T10414] fuse: Unknown parameter 'group_id00000000000000000000'
[  548.423553][ T5875] usb 1-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  548.423585][ T5875] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  548.426875][ T5875] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  548.426905][ T5875] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  548.426927][ T5875] usb 1-1: Product: syz
[  548.426944][ T5875] usb 1-1: Manufacturer: syz
[  548.426959][ T5875] usb 1-1: SerialNumber: syz
[  548.483436][ T5875] hub 1-1:1.0: bad descriptor, ignoring hub
[  548.483486][ T5875] hub 1-1:1.0: probe with driver hub failed with error -5
[  550.212777][ T5875] usb 1-1: USB disconnect, device number 17
[  550.998604][   T12] bridge_slave_1: left allmulticast mode
[  550.998635][   T12] bridge_slave_1: left promiscuous mode
[  550.998913][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  551.993766][   T12] bridge_slave_0: left allmulticast mode
[  551.993801][   T12] bridge_slave_0: left promiscuous mode
[  551.994086][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  553.822591][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  553.921970][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  553.944146][   T12] bond0 (unregistering): Released all slaves
[  554.171372][T10213] bridge0: port 1(bridge_slave_0) entered blocking state
[  554.171537][T10213] bridge0: port 1(bridge_slave_0) entered disabled state
[  554.171789][T10213] bridge_slave_0: entered allmulticast mode
[  554.182391][T10213] bridge_slave_0: entered promiscuous mode
[  554.201272][    C0] vkms_vblank_simulate: vblank timer overrun
[  554.203014][T10213] bridge0: port 2(bridge_slave_1) entered blocking state
[  554.203162][T10213] bridge0: port 2(bridge_slave_1) entered disabled state
[  554.203407][T10213] bridge_slave_1: entered allmulticast mode
[  554.265580][T10213] bridge_slave_1: entered promiscuous mode
[  554.548948][T10478] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1331'.
[  554.654459][    C0] vkms_vblank_simulate: vblank timer overrun
[  554.701344][   T12] hsr_slave_0: left promiscuous mode
[  554.840539][    C0] vkms_vblank_simulate: vblank timer overrun
[  554.987260][    C0] vkms_vblank_simulate: vblank timer overrun
[  555.334608][    C0] vkms_vblank_simulate: vblank timer overrun
[  555.488746][    C0] vkms_vblank_simulate: vblank timer overrun
[  555.502007][   T12] hsr_slave_1: left promiscuous mode
[  555.503075][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  555.529534][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  555.683773][    C0] vkms_vblank_simulate: vblank timer overrun
[  556.299912][    C0] vkms_vblank_simulate: vblank timer overrun
[  556.494730][    C0] vkms_vblank_simulate: vblank timer overrun
[  557.271929][   T12] team0 (unregistering): Port device team_slave_1 removed
[  557.297556][    C0] vkms_vblank_simulate: vblank timer overrun
[  557.564992][   T12] team0 (unregistering): Port device team_slave_0 removed
[  557.599021][    C0] vkms_vblank_simulate: vblank timer overrun
[  557.666373][    C0] vkms_vblank_simulate: vblank timer overrun
[  558.747367][    C0] vkms_vblank_simulate: vblank timer overrun
[  559.112725][    C0] vkms_vblank_simulate: vblank timer overrun
[  559.212022][    C0] vkms_vblank_simulate: vblank timer overrun
[  560.207192][T10517] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1341'.
[  560.283896][T10213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  560.318011][T10213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  560.386647][    C0] vkms_vblank_simulate: vblank timer overrun
[  560.535365][T10525] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  560.787261][    C0] vkms_vblank_simulate: vblank timer overrun
[  560.947041][    C0] vkms_vblank_simulate: vblank timer overrun
[  560.952038][T10213] team0: Port device team_slave_0 added
[  560.984596][T10213] team0: Port device team_slave_1 added
[  562.608064][    C0] vkms_vblank_simulate: vblank timer overrun
[  562.785997][T10213] batman_adv: batadv0: Adding interface: batadv_slave_0
[  562.786017][T10213] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  562.786048][T10213] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  563.322877][T10578] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1356'.
[  565.894507][T10213] batman_adv: batadv0: Adding interface: batadv_slave_1
[  565.894526][T10213] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  565.894630][T10213] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  566.475980][T10213] hsr_slave_0: entered promiscuous mode
[  566.477873][T10213] hsr_slave_1: entered promiscuous mode
[  566.746390][T10594] net_ratelimit: 2232 callbacks suppressed
[  566.746410][T10594] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  566.746537][T10594] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  566.746636][T10594] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  566.746742][T10594] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  566.746843][T10594] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  566.746949][T10594] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  566.747055][T10594] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  566.747199][T10594] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  566.747319][T10594] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  566.747436][T10594] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  567.215334][T10598] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input13
[  568.477270][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  568.477346][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  569.440053][T10615] tipc: Started in network mode
[  569.440089][T10615] tipc: Node identity c6dafaf731ef, cluster identity 4711
[  569.455246][T10615] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  569.456727][T10615] syzkaller0: entered promiscuous mode
[  569.456745][T10615] syzkaller0: entered allmulticast mode
[  569.660541][T10615] tipc: Resetting bearer <eth:syzkaller0>
[  570.201524][ T9472] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  570.407557][ T9472] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  570.407614][ T9472] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  570.407655][ T9472] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  570.407679][ T9472] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  570.435918][ T9472] usb 1-1: config 0 descriptor??
[  570.504125][ T5875] tipc: Node number set to 4147510007
[  571.074426][ T9472] usb 1-1: string descriptor 0 read error: -22
[  571.294638][ T9472] input: HID 256c:006d as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0006/input/input14
[  571.376129][ T9472] uclogic 0003:256C:006D.0006: input,hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.0-1/input0
[  571.485968][ T9472] usb 1-1: USB disconnect, device number 18
[  572.730449][T10656] fido_id[10656]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  573.510808][T10213] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  573.622286][T10213] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  573.641454][ T5892] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  573.675027][T10213] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  573.736477][T10213] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  573.793614][ T5892] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  573.793652][ T5892] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  573.793695][ T5892] usb 7-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  573.793721][ T5892] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  573.852520][ T5892] usb 7-1: config 0 descriptor??
[  574.204720][T10213] 8021q: adding VLAN 0 to HW filter on device bond0
[  574.265041][T10213] 8021q: adding VLAN 0 to HW filter on device team0
[  574.290437][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  574.290648][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  574.311731][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  574.311982][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  574.464845][ T5892] usb 7-1: string descriptor 0 read error: -71
[  574.465377][ T5892] uclogic 0003:256C:006D.0007: failed retrieving string descriptor #200: -71
[  574.465438][ T5892] uclogic 0003:256C:006D.0007: failed retrieving pen parameters: -71
[  574.465458][ T5892] uclogic 0003:256C:006D.0007: failed probing pen v2 parameters: -71
[  574.465523][ T5892] uclogic 0003:256C:006D.0007: failed probing parameters: -71
[  574.465641][ T5892] uclogic 0003:256C:006D.0007: probe with driver uclogic failed with error -71
[  574.547427][ T5892] usb 7-1: USB disconnect, device number 2
[  576.408490][T10213] 8021q: adding VLAN 0 to HW filter on device batadv0
[  576.436314][T10738] netlink: 'syz.6.1394': attribute type 16 has an invalid length.
[  576.436338][T10738] netlink: 'syz.6.1394': attribute type 17 has an invalid length.
[  576.480953][T10740] bridge0: entered promiscuous mode
[  576.501315][T10741] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1394'.
[  576.506025][T10740] macsec1: entered promiscuous mode
[  576.516077][T10740] bridge0: port 3(macsec1) entered blocking state
[  576.516353][T10740] bridge0: port 3(macsec1) entered disabled state
[  576.516619][T10740] macsec1: entered allmulticast mode
[  576.516640][T10740] bridge0: entered allmulticast mode
[  576.575398][T10740] macsec1: left allmulticast mode
[  576.575424][T10740] bridge0: left allmulticast mode
[  576.623525][T10740] bridge0: left promiscuous mode
[  580.849300][T10213] veth0_vlan: entered promiscuous mode
[  580.921887][T10213] veth1_vlan: entered promiscuous mode
[  581.004273][   T38] kauditd_printk_skb: 2 callbacks suppressed
[  581.004293][   T38] audit: type=1326 audit(1762373213.020:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10788 comm="syz.0.1405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  581.005434][   T38] audit: type=1326 audit(1762373213.020:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10788 comm="syz.0.1405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  581.008396][   T38] audit: type=1326 audit(1762373213.020:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10788 comm="syz.0.1405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  581.008455][   T38] audit: type=1326 audit(1762373213.020:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10788 comm="syz.0.1405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  581.009093][   T38] audit: type=1326 audit(1762373213.020:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10788 comm="syz.0.1405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  581.009381][   T38] audit: type=1326 audit(1762373213.020:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10788 comm="syz.0.1405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  581.009672][   T38] audit: type=1326 audit(1762373213.020:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10788 comm="syz.0.1405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  581.010095][   T38] audit: type=1326 audit(1762373213.020:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10788 comm="syz.0.1405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  581.010413][   T38] audit: type=1326 audit(1762373213.020:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10788 comm="syz.0.1405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  581.075341][T10213] veth0_macvtap: entered promiscuous mode
[  581.221149][   T38] audit: type=1326 audit(1762373213.020:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10788 comm="syz.0.1405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  581.247960][T10213] veth1_macvtap: entered promiscuous mode
[  581.330684][T10213] batman_adv: batadv0: Interface activated: batadv_slave_0
[  581.344196][T10213] batman_adv: batadv0: Interface activated: batadv_slave_1
[  581.367810][ T1141] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  581.368638][ T3102] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  581.368708][ T3102] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  581.368749][ T3102] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  582.299661][ T1141] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  582.299684][ T1141] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  582.458315][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  582.458339][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  584.420618][T10841] netlink: 'syz.5.1421': attribute type 16 has an invalid length.
[  584.420643][T10841] netlink: 'syz.5.1421': attribute type 17 has an invalid length.
[  584.474529][T10843] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1421'.
[  585.955982][T10856] netlink: 'syz.6.1424': attribute type 23 has an invalid length.
[  586.178184][T10841] bridge0: port 2(bridge_slave_1) entered disabled state
[  586.192532][T10841] bridge0: port 1(bridge_slave_0) entered disabled state
[  586.259745][T10865] netlink: 'syz.6.1428': attribute type 23 has an invalid length.
[  586.391143][   T38] kauditd_printk_skb: 28 callbacks suppressed
[  586.391163][   T38] audit: type=1326 audit(1762373218.400:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10866 comm="syz.6.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9966f6c9 code=0x7ffc0000
[  586.395488][   T38] audit: type=1326 audit(1762373218.410:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10866 comm="syz.6.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9966f6c9 code=0x7ffc0000
[  586.395557][   T38] audit: type=1326 audit(1762373218.410:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10866 comm="syz.6.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7b9966f6c9 code=0x7ffc0000
[  586.395608][   T38] audit: type=1326 audit(1762373218.410:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10866 comm="syz.6.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9966f6c9 code=0x7ffc0000
[  586.395658][   T38] audit: type=1326 audit(1762373218.410:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10866 comm="syz.6.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9966f6c9 code=0x7ffc0000
[  586.396543][   T38] audit: type=1326 audit(1762373218.410:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10866 comm="syz.6.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7b9966f6c9 code=0x7ffc0000
[  586.396597][   T38] audit: type=1326 audit(1762373218.410:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10866 comm="syz.6.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9966f6c9 code=0x7ffc0000
[  586.396647][   T38] audit: type=1326 audit(1762373218.410:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10866 comm="syz.6.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9966f6c9 code=0x7ffc0000
[  586.397009][   T38] audit: type=1326 audit(1762373218.410:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10866 comm="syz.6.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f7b9966f6c9 code=0x7ffc0000
[  586.397305][   T38] audit: type=1326 audit(1762373218.410:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10866 comm="syz.6.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9966f6c9 code=0x7ffc0000
[  587.685733][T10841] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  587.758925][T10841] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  587.988021][T10893] 9pnet_virtio: no channels available for device syz
[  589.456041][T10898] netlink: 'syz.1.1437': attribute type 10 has an invalid length.
[  589.760756][T10907] netlink: 'syz.5.1440': attribute type 1 has an invalid length.
[  589.818803][ T3102] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  590.097200][T10898] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  590.113948][T10897] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  590.152928][ T3102] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  590.259621][ T3102] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  590.259727][ T3102] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  593.048940][   T38] kauditd_printk_skb: 37 callbacks suppressed
[  593.048963][   T38] audit: type=1326 audit(1762373225.060:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10945 comm="syz.0.1452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  593.098644][   T38] audit: type=1326 audit(1762373225.100:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10945 comm="syz.0.1452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  593.101257][   T38] audit: type=1326 audit(1762373225.110:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10945 comm="syz.0.1452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  593.101325][   T38] audit: type=1326 audit(1762373225.110:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10945 comm="syz.0.1452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  593.101378][   T38] audit: type=1326 audit(1762373225.110:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10945 comm="syz.0.1452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  593.208128][   T38] audit: type=1326 audit(1762373225.120:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10945 comm="syz.0.1452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  593.208200][   T38] audit: type=1326 audit(1762373225.210:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10945 comm="syz.0.1452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  593.208252][   T38] audit: type=1326 audit(1762373225.210:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10945 comm="syz.0.1452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  593.208302][   T38] audit: type=1326 audit(1762373225.210:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10945 comm="syz.0.1452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  593.208353][   T38] audit: type=1326 audit(1762373225.210:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10945 comm="syz.0.1452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f446e12f6c9 code=0x7ffc0000
[  596.039929][T10987] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1464'.
[  596.224861][T10987] bridge_slave_1 (unregistering): left allmulticast mode
[  596.224894][T10987] bridge_slave_1 (unregistering): left promiscuous mode
[  596.225012][T10987] bridge0: port 2(bridge_slave_1) entered disabled state
[  596.315547][T10990] netlink: 'syz.0.1466': attribute type 1 has an invalid length.
[  596.703912][T10990] bond1: entered promiscuous mode
[  596.704987][T10990] 8021q: adding VLAN 0 to HW filter on device bond1
[  596.899047][T10992] 8021q: adding VLAN 0 to HW filter on device bond1
[  596.900048][T10992] bond1: (slave gre1): The slave device specified does not support setting the MAC address
[  596.900072][T10992] bond1: (slave gre1): Setting fail_over_mac to active for active-backup mode
[  596.925131][T10992] bond1: (slave gre1): making interface the new active one
[  596.925161][T10992] gre1: entered promiscuous mode
[  596.947581][T10992] bond1: (slave gre1): Enslaving as an active interface with an up link
[  599.209981][T11053] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1472'.
[  600.003199][T11065] netlink: 240 bytes leftover after parsing attributes in process `syz.2.1476'.
[  600.004770][T11065] netlink: 'syz.2.1476': attribute type 13 has an invalid length.
[  601.674767][T11087] 9pnet_virtio: no channels available for device syz
[  602.347414][T11097] bridge0: entered promiscuous mode
[  602.347546][T11097] macsec1: entered promiscuous mode
[  602.349826][T11097] bridge0: port 3(macsec1) entered blocking state
[  602.350067][T11097] bridge0: port 3(macsec1) entered disabled state
[  602.350289][T11097] macsec1: entered allmulticast mode
[  602.350305][T11097] bridge0: entered allmulticast mode
[  602.440735][T11097] macsec1: left allmulticast mode
[  602.440763][T11097] bridge0: left allmulticast mode
[  602.475830][T11097] bridge0: left promiscuous mode
[  603.676562][T11064] net_ratelimit: 2358 callbacks suppressed
[  603.676585][T11064] Set syz1 is full, maxelem 6117 reached
[  607.891234][T11136] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1501'.
[  608.975368][T11149] netlink: 'syz.2.1505': attribute type 11 has an invalid length.
[  608.975394][T11149] netlink: 'syz.2.1505': attribute type 11 has an invalid length.
[  608.975410][T11149] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1505'.
[  610.034084][T11149] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  610.453889][T11196] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1512'.
[  610.697039][T11200] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1513'.
[  611.518526][T11209] 9pnet_virtio: no channels available for device syz
[  612.894589][T10217] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  612.923334][T10217] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  612.928039][T10217] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  612.930121][T10217] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  612.930932][T10217] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  613.330406][T11214] tipc: Started in network mode
[  613.330439][T11214] tipc: Node identity e66476ae8325, cluster identity 4711
[  613.358424][T11214] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  613.375445][T11214] syzkaller0: entered promiscuous mode
[  613.375468][T11214] syzkaller0: entered allmulticast mode
[  613.425698][T11214] tipc: Resetting bearer <eth:syzkaller0>
[  613.448680][T11216] netlink: 'syz.1.1518': attribute type 23 has an invalid length.
[  613.494550][T11213] tipc: Resetting bearer <eth:syzkaller0>
[  613.684486][T11213] tipc: Disabling bearer <eth:syzkaller0>
[  614.206764][T10998] Set syz1 is full, maxelem 65536 reached
[  614.604533][T11245] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1526'.
[  614.604705][T11243] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1525'.
[  614.988571][T11211] chnl_net:caif_netlink_parms(): no params data found
[  615.083050][ T5806] Bluetooth: hci3: command tx timeout
[  615.581866][    T9] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  615.630876][T11271] 9pnet_virtio: no channels available for device syz
[  615.739508][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  615.739543][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  615.739586][    T9] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  615.739612][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  615.802743][    T9] usb 3-1: config 0 descriptor??
[  616.111136][T11211] bridge0: port 1(bridge_slave_0) entered blocking state
[  616.112490][T11211] bridge0: port 1(bridge_slave_0) entered disabled state
[  616.114419][T11211] bridge_slave_0: entered allmulticast mode
[  616.145215][T11211] bridge_slave_0: entered promiscuous mode
[  616.163322][T11211] bridge0: port 2(bridge_slave_1) entered blocking state
[  616.163652][T11211] bridge0: port 2(bridge_slave_1) entered disabled state
[  616.164042][T11211] bridge_slave_1: entered allmulticast mode
[  616.168857][T11211] bridge_slave_1: entered promiscuous mode
[  616.618221][    T9] uclogic 0003:256C:006D.0008: failed retrieving Huion firmware version: -71
[  616.618287][    T9] uclogic 0003:256C:006D.0008: failed probing parameters: -71
[  616.618400][    T9] uclogic 0003:256C:006D.0008: probe with driver uclogic failed with error -71
[  616.682252][    T9] usb 3-1: USB disconnect, device number 18
[  616.707372][T11308] netlink: 'syz.0.1536': attribute type 16 has an invalid length.
[  616.707398][T11308] netlink: 'syz.0.1536': attribute type 17 has an invalid length.
[  616.763175][T11311] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1536'.
[  617.151175][ T5806] Bluetooth: hci3: command tx timeout
[  617.576809][T11308] bridge0: port 2(bridge_slave_1) entered disabled state
[  617.577323][T11308] bridge0: port 1(bridge_slave_0) entered disabled state
[  617.965083][T11341] netlink: 44 bytes leftover after parsing attributes in process `syz.6.1543'.
[  619.115983][T11308] tipc: Resetting bearer <eth:syzkaller0>
[  619.136545][T11211] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  619.183172][ T1014] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  619.205018][T11211] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  619.211165][ T1014] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  619.211316][ T1014] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  619.211364][ T1014] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  619.242535][ T5806] Bluetooth: hci3: command tx timeout
[  619.468002][T11354] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1546'.
[  620.742160][T11211] team0: Port device team_slave_0 added
[  620.766046][T11211] team0: Port device team_slave_1 added
[  621.215684][T11211] batman_adv: batadv0: Adding interface: batadv_slave_0
[  621.215704][T11211] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  621.215735][T11211] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  621.218729][T11211] batman_adv: batadv0: Adding interface: batadv_slave_1
[  621.218880][T11211] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  621.218911][T11211] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  621.322433][ T5806] Bluetooth: hci3: command tx timeout
[  621.392317][T11388] netlink: 44 bytes leftover after parsing attributes in process `syz.6.1554'.
[  621.868719][T11211] hsr_slave_0: entered promiscuous mode
[  621.870159][T11211] hsr_slave_1: entered promiscuous mode
[  621.872280][T11211] debugfs: 'hsr0' already exists in 'hsr'
[  621.872324][T11211] Cannot create hsr debugfs directory
[  621.997842][T11395] netlink: 'syz.2.1556': attribute type 11 has an invalid length.
[  621.997867][T11395] netlink: 'syz.2.1556': attribute type 11 has an invalid length.
[  621.997883][T11395] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1556'.
[  622.229064][T11408] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1558'.
[  622.430922][    C1] vkms_vblank_simulate: vblank timer overrun
[  622.954159][T11392] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  623.250238][T11423] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1564'.
[  624.599530][T11211] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  624.702378][T11447] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1571'.
[  624.732138][T11448] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1570'.
[  625.421655][T11211] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  625.525432][T11452] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1572'.
[  625.532478][T11211] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  625.668821][T11211] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  625.939720][T11211] 8021q: adding VLAN 0 to HW filter on device bond0
[  625.984679][T11211] 8021q: adding VLAN 0 to HW filter on device team0
[  626.008229][ T1014] bridge0: port 1(bridge_slave_0) entered blocking state
[  626.008459][ T1014] bridge0: port 1(bridge_slave_0) entered forwarding state
[  626.054092][T11472] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1576'.
[  626.057026][ T6013] bridge0: port 2(bridge_slave_1) entered blocking state
[  626.058660][ T6013] bridge0: port 2(bridge_slave_1) entered forwarding state
[  626.434803][T11477] 9pnet_virtio: no channels available for device syz
[  627.549741][T11211] 8021q: adding VLAN 0 to HW filter on device batadv0
[  627.654367][T11503] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1582'.
[  627.665476][T11500] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  627.665608][T11500] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  627.665721][T11500] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  627.665826][T11500] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  627.665925][T11500] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  627.666028][T11500] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  627.666128][T11500] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  627.666238][T11500] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  627.666342][T11500] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  627.666445][T11500] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  628.153538][T11511] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1583'.
[  629.144687][T11545] netlink: 'syz.0.1584': attribute type 11 has an invalid length.
[  629.144712][T11545] netlink: 'syz.0.1584': attribute type 11 has an invalid length.
[  629.144727][T11545] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1584'.
[  629.674467][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  629.674543][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  629.913334][T11551] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1586'.
[  630.312770][T11512] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  630.373224][T11211] veth0_vlan: entered promiscuous mode
[  630.426546][T11211] veth1_vlan: entered promiscuous mode
[  630.474399][T11211] veth0_macvtap: entered promiscuous mode
[  630.480590][T11211] veth1_macvtap: entered promiscuous mode
[  630.582156][T11211] batman_adv: batadv0: Interface activated: batadv_slave_0
[  630.608131][T11211] batman_adv: batadv0: Interface activated: batadv_slave_1
[  630.638709][   T12] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  630.639294][   T12] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  630.640819][   T12] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  630.682448][   T12] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  631.092240][T11588] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1594'.
[  631.111937][ T1141] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  631.111961][ T1141] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  631.275674][T11038] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  631.275698][T11038] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  631.327112][T11592] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1596'.
[  631.512496][T11596] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1598'.
[  631.821825][T11600] netlink: 'syz.6.1599': attribute type 1 has an invalid length.
[  631.908933][T11600] bond1: entered promiscuous mode
[  631.909427][T11600] 8021q: adding VLAN 0 to HW filter on device bond1
[  632.115266][T11600] 8021q: adding VLAN 0 to HW filter on device bond1
[  632.120023][T11600] bond1: (slave gre1): The slave device specified does not support setting the MAC address
[  632.120050][T11600] bond1: (slave gre1): Setting fail_over_mac to active for active-backup mode
[  632.139951][T11600] bond1: (slave gre1): making interface the new active one
[  632.139976][T11600] gre1: entered promiscuous mode
[  632.159404][T11600] bond1: (slave gre1): Enslaving as an active interface with an up link
[  633.020466][T11624] netlink: 76 bytes leftover after parsing attributes in process `syz.6.1604'.
[  634.201962][T11638] netlink: 'syz.1.1608': attribute type 1 has an invalid length.
[  634.407299][T11648] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1611'.
[  634.643460][T11638] bond1: entered promiscuous mode
[  634.645228][T11638] 8021q: adding VLAN 0 to HW filter on device bond1
[  634.704223][T11655] net_ratelimit: 6583 callbacks suppressed
[  634.704248][T11655] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  634.704610][T11655] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  634.704772][T11655] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  634.704910][T11655] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  634.705042][T11655] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  634.705198][T11655] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  634.705335][T11655] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  634.705495][T11655] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  634.706093][T11655] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  634.706266][T11655] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  634.790850][T11657] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1613'.
[  635.288551][T11641] 8021q: adding VLAN 0 to HW filter on device bond1
[  635.289099][T11641] bond1: (slave gre1): The slave device specified does not support setting the MAC address
[  635.289124][T11641] bond1: (slave gre1): Setting fail_over_mac to active for active-backup mode
[  635.347953][T11641] bond1: (slave gre1): making interface the new active one
[  635.347981][T11641] gre1: entered promiscuous mode
[  635.368024][T11641] bond1: (slave gre1): Enslaving as an active interface with an up link
[  635.389067][T11662] netlink: 76 bytes leftover after parsing attributes in process `syz.7.1615'.
[  637.421144][ T5874] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  637.595229][ T5874] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  637.595255][ T5874] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  637.595285][ T5874] usb 8-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  637.595302][ T5874] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  637.647100][ T5874] usb 8-1: config 0 descriptor??
[  638.546345][ T5874] uclogic 0003:256C:006D.0009: failed retrieving Huion firmware version: -71
[  638.546420][ T5874] uclogic 0003:256C:006D.0009: failed probing parameters: -71
[  638.546536][ T5874] uclogic 0003:256C:006D.0009: probe with driver uclogic failed with error -71
[  638.624036][ T5874] usb 8-1: USB disconnect, device number 2
[  638.857507][T11706] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1628'.
[  639.574996][T11708] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(8)
[  639.575097][T11708] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  639.583868][T11708] vhci_hcd vhci_hcd.0: Device attached
[  640.038584][T11711] vhci_hcd: connection closed
[  640.288506][T11038] vhci_hcd: stop threads
[  640.289847][T11038] vhci_hcd: release socket
[  640.296484][T11038] vhci_hcd: disconnect device
[  642.589776][T11719] 9pnet_virtio: no channels available for device syz
[  645.060804][T11744] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1641'.
[  645.302737][ T5874] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  645.309464][T11744] bridge_slave_1 (unregistering): left allmulticast mode
[  645.309506][T11744] bridge_slave_1 (unregistering): left promiscuous mode
[  645.310371][T11744] bridge0: port 2(bridge_slave_1) entered disabled state
[  645.458824][ T5874] usb 7-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  645.458857][ T5874] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  645.523075][ T5874] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  645.523112][ T5874] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  645.523136][ T5874] usb 7-1: Product: syz
[  645.523153][ T5874] usb 7-1: Manufacturer: syz
[  645.523169][ T5874] usb 7-1: SerialNumber: syz
[  645.593802][ T5874] hub 7-1:1.0: bad descriptor, ignoring hub
[  645.593843][ T5874] hub 7-1:1.0: probe with driver hub failed with error -5
[  645.951662][   T10] usb 7-1: USB disconnect, device number 3
[  646.875981][T11805] kAFS: No cell specified
[  648.536640][T11826] netlink: 'syz.2.1664': attribute type 10 has an invalid length.
[  648.537004][T11826] team0: Cannot enslave team device to itself
[  648.851251][T11835] kAFS: No cell specified
[  650.767526][    C0] ------------[ cut here ]------------
[  650.767545][    C0] refcount_t: addition on 0; use-after-free.
[  650.768559][    C0] WARNING: CPU: 0 PID: 16 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0
[  650.768617][    C0] Modules linked in:
[  650.768651][    C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  650.768679][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  650.768698][    C0] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0
[  650.768728][    C0] Code: 00 00 e8 f9 5d 45 fd 5b 41 5e c3 cc cc cc cc cc e8 eb 5d 45 fd c6 05 f6 0a 47 0a 01 90 48 c7 c7 80 2e 3d 8b e8 f7 a2 09 fd 90 <0f> 0b 90 90 eb d7 e8 cb 5d 45 fd c6 05 d7 0a 47 0a 01 90 48 c7 c7
[  650.768750][    C0] RSP: 0018:ffffc90000157830 EFLAGS: 00010246
[  650.768772][    C0] RAX: e33031e4935d0800 RBX: 0000000000000002 RCX: ffff88801b2d5a00
[  650.768803][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100
[  650.768818][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000100
[  650.768832][    C0] R10: dffffc0000000000 R11: ffffed101710487b R12: 1ffff9200002af18
[  650.768850][    C0] R13: ffff88803257c060 R14: ffff88803257bc80 R15: dffffc0000000000
[  650.768869][    C0] FS:  0000000000000000(0000) GS:ffff888126df9000(0000) knlGS:0000000000000000
[  650.768889][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  650.768906][    C0] CR2: 00007f5885124f98 CR3: 000000003a980000 CR4: 00000000003526f0
[  650.768926][    C0] Call Trace:
[  650.768940][    C0]  <TASK>
[  650.768952][    C0]  mptcp_schedule_work+0x164/0x1a0
[  650.768982][    C0]  mptcp_tout_timer+0x21/0xa0
[  650.769021][    C0]  call_timer_fn+0x17e/0x5f0
[  650.769054][    C0]  ? __pfx_mptcp_tout_timer+0x10/0x10
[  650.769084][    C0]  ? call_timer_fn+0xbe/0x5f0
[  650.769116][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  650.769162][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  650.769195][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  650.769226][    C0]  ? __pfx_mptcp_tout_timer+0x10/0x10
[  650.769260][    C0]  __run_timer_base+0x648/0x970
[  650.769310][    C0]  ? __pfx___run_timer_base+0x10/0x10
[  650.769362][    C0]  run_timer_softirq+0xb7/0x180
[  650.769394][    C0]  handle_softirqs+0x22f/0x710
[  650.769437][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  650.769481][    C0]  run_ktimerd+0xcf/0x190
[  650.769513][    C0]  ? __pfx_run_ktimerd+0x10/0x10
[  650.769544][    C0]  ? schedule+0x91/0x360
[  650.769584][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  650.769612][    C0]  smpboot_thread_fn+0x542/0xa60
[  650.769645][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  650.769687][    C0]  kthread+0x711/0x8a0
[  650.769727][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  650.769758][    C0]  ? __pfx_kthread+0x10/0x10
[  650.769791][    C0]  ? rt_spin_unlock+0x150/0x200
[  650.769823][    C0]  ? rt_spin_unlock+0x161/0x200
[  650.769847][    C0]  ? __pfx_kthread+0x10/0x10
[  650.769885][    C0]  ret_from_fork+0x4bc/0x870
[  650.769917][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  650.769956][    C0]  ? __switch_to_asm+0x39/0x70
[  650.769980][    C0]  ? __switch_to_asm+0x33/0x70
[  650.770002][    C0]  ? __pfx_kthread+0x10/0x10
[  650.770047][    C0]  ret_from_fork_asm+0x1a/0x30
[  650.770094][    C0]  </TASK>
[  650.770110][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  650.770126][    C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  650.770153][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  650.770167][    C0] Call Trace:
[  650.770177][    C0]  <TASK>
[  650.770186][    C0]  dump_stack_lvl+0x99/0x250
[  650.770224][    C0]  ? __asan_memcpy+0x40/0x70
[  650.770254][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  650.770291][    C0]  ? __pfx__printk+0x10/0x10
[  650.770339][    C0]  vpanic+0x237/0x6d0
[  650.770362][    C0]  ? __pfx_vpanic+0x10/0x10
[  650.770399][    C0]  panic+0xb9/0xc0
[  650.770421][    C0]  ? __pfx_panic+0x10/0x10
[  650.770466][    C0]  __warn+0x31b/0x4b0
[  650.770487][    C0]  ? refcount_warn_saturate+0xfa/0x1d0
[  650.770517][    C0]  ? refcount_warn_saturate+0xfa/0x1d0
[  650.770543][    C0]  report_bug+0x2be/0x4f0
[  650.770573][    C0]  ? refcount_warn_saturate+0xfa/0x1d0
[  650.770600][    C0]  ? refcount_warn_saturate+0xfa/0x1d0
[  650.770626][    C0]  ? refcount_warn_saturate+0xfc/0x1d0
[  650.770653][    C0]  handle_bug+0x84/0x160
[  650.770691][    C0]  exc_invalid_op+0x1a/0x50
[  650.770729][    C0]  asm_exc_invalid_op+0x1a/0x20
[  650.770751][    C0] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0
[  650.770776][    C0] Code: 00 00 e8 f9 5d 45 fd 5b 41 5e c3 cc cc cc cc cc e8 eb 5d 45 fd c6 05 f6 0a 47 0a 01 90 48 c7 c7 80 2e 3d 8b e8 f7 a2 09 fd 90 <0f> 0b 90 90 eb d7 e8 cb 5d 45 fd c6 05 d7 0a 47 0a 01 90 48 c7 c7
[  650.770797][    C0] RSP: 0018:ffffc90000157830 EFLAGS: 00010246
[  650.770817][    C0] RAX: e33031e4935d0800 RBX: 0000000000000002 RCX: ffff88801b2d5a00
[  650.770834][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100
[  650.770849][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000100
[  650.770863][    C0] R10: dffffc0000000000 R11: ffffed101710487b R12: 1ffff9200002af18
[  650.770881][    C0] R13: ffff88803257c060 R14: ffff88803257bc80 R15: dffffc0000000000
[  650.770923][    C0]  mptcp_schedule_work+0x164/0x1a0
[  650.770955][    C0]  mptcp_tout_timer+0x21/0xa0
[  650.770984][    C0]  call_timer_fn+0x17e/0x5f0
[  650.771023][    C0]  ? __pfx_mptcp_tout_timer+0x10/0x10
[  650.771053][    C0]  ? call_timer_fn+0xbe/0x5f0
[  650.771085][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  650.771130][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  650.771181][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  650.771212][    C0]  ? __pfx_mptcp_tout_timer+0x10/0x10
[  650.771247][    C0]  __run_timer_base+0x648/0x970
[  650.771299][    C0]  ? __pfx___run_timer_base+0x10/0x10
[  650.771353][    C0]  run_timer_softirq+0xb7/0x180
[  650.771386][    C0]  handle_softirqs+0x22f/0x710
[  650.771429][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  650.771475][    C0]  run_ktimerd+0xcf/0x190
[  650.771509][    C0]  ? __pfx_run_ktimerd+0x10/0x10
[  650.771541][    C0]  ? schedule+0x91/0x360
[  650.771581][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  650.771612][    C0]  smpboot_thread_fn+0x542/0xa60
[  650.771645][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  650.771690][    C0]  kthread+0x711/0x8a0
[  650.771732][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  650.771763][    C0]  ? __pfx_kthread+0x10/0x10
[  650.771798][    C0]  ? rt_spin_unlock+0x150/0x200
[  650.771831][    C0]  ? rt_spin_unlock+0x161/0x200
[  650.771855][    C0]  ? __pfx_kthread+0x10/0x10
[  650.771895][    C0]  ret_from_fork+0x4bc/0x870
[  650.771928][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  650.771969][    C0]  ? __switch_to_asm+0x39/0x70
[  650.771993][    C0]  ? __switch_to_asm+0x33/0x70
[  650.772023][    C0]  ? __pfx_kthread+0x10/0x10
[  650.772063][    C0]  ret_from_fork_asm+0x1a/0x30
[  650.772112][    C0]  </TASK>
[  650.772485][    C0] Kernel Offset: disabled