last executing test programs:

1h6m13.266653756s ago: executing program 1 (id=56):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000480)="00d0954942b108d5185389ebdd8a5036c2fa43f51c5afb9821984d", 0x0, 0x0, 0x0, 0x8}, 0x31)

1h6m1.953406762s ago: executing program 1 (id=57):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="5000000010000104000000000000000036000000", @ANYRES32=0x0], 0x50}, 0x1, 0x0, 0x0, 0xc845}, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1h5m55.108357105s ago: executing program 1 (id=58):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000004c0)=@newtaction={0x98, 0x30, 0x1, 0x0, 0x0, {}, [{0x84, 0x1, [@m_tunnel_key={0x50, 0x1, 0x0, 0x0, {{0xf}, {0x20, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x3, 0x100, 0x2, 0x7, 0xd4}, 0x2}}]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}}, 0x8000)

1h5m31.671702319s ago: executing program 1 (id=61):
unshare(0xc020400)
r0 = fanotify_init(0x8, 0x400)
fanotify_mark(r0, 0x80, 0x40100420, 0xffffffffffffffff, 0x0)

1h5m28.382232788s ago: executing program 1 (id=63):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = syz_io_uring_setup(0xa0, &(0x7f00000002c0)={0x0, 0x105cc6, 0x1, 0x0, 0x207}, &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r3, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}, {0x0}], 0x2, 0x12})
io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0x0)

1h5m1.363389157s ago: executing program 1 (id=66):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0xa0042, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f00000003c0)={0x10000000008005, r2, 0x1})

1h4m15.10270949s ago: executing program 32 (id=66):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0xa0042, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f00000003c0)={0x10000000008005, r2, 0x1})

1h3m59.413103621s ago: executing program 0 (id=81):
r0 = syz_io_uring_setup(0x5c2, &(0x7f00000002c0)={0x0, 0x3594, 0x10, 0x1003, 0x21e}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0x2a5cc081, 0x0, 0x4)
syz_io_uring_submit(r1, r2, 0x0)
io_uring_enter(r0, 0x6efc, 0x3900, 0xb, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f00000000c0)={0x1, 0xffffffffffffffff, 0x0, {0x5, 0x5}, 0x1}, 0x1)

1h3m53.731683882s ago: executing program 0 (id=82):
r0 = eventfd2(0x5, 0x80801)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000))
read$FUSE(r0, &(0x7f00000042c0)={0x2020}, 0x2020)

1h3m47.320071576s ago: executing program 0 (id=83):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r0, 0x0, 0x41)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_GET_WOWLAN(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x28}}, 0x0)
getsockname$packet(r4, &(0x7f0000000140)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r5, 0x10681, 0x20000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}}, 0x20044002)
r6 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000180)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@ipv6_newaddr={0x18, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r7}}, 0x18}}, 0x0)
r8 = socket(0x10, 0x803, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
sendmsg$nl_route(r8, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r2, @ANYBLOB], 0x3c}}, 0x0)
r9 = getpid()
sched_setscheduler(r9, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x5f4c5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
connect$unix(r10, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r11, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r10, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r12 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r12, 0xc4c85512, &(0x7f00000000c0)={{0xa, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x8, 0x0, 0xfffffffffffffffe, 0x0, 0x80000000005, 0x4, 0x10000, 0x4, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x3, 0x6, 0x8000000000000000, 0x0, 0x6, 0xae4f, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x9, 0x7fffffffffffffff, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfa2, 0x0, 0xfffffffffffffffb, 0xea4d, 0x375, 0xffffffffffffffff, 0xffffffff, 0x0, 0x0, 0x0, 0x4000, 0x1, 0x3ffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x9, 0x4000000000000, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x7, 0xdeb, 0x0, 0x0, 0x0, 0x71]})

1h3m29.591653907s ago: executing program 0 (id=84):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket(0x1d, 0x1, 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000640)=ANY=[@ANYRESOCT=r0, @ANYBLOB="439a1ce17ecd3e8b731d64fd3cb4a7e6a615eb83ff9a54702b8b99125a1b21d582f8a4049b7a8ce378cfa7ae269b3df6cd5dea94f90d995976e3464f5001b71c25ad51cb8f509649db7ed99a3edef9a4f166f65cdbf1e62f18c7c2bc751a1beeb287133e89acdc80f08a491a7b0cea5eb1bb1c4e5ede3e69c3d26bcfc73f14dfe91fb3e3fcd04b38d3f0eb54ab3e018cf352fa8e3c714423c3974a285536b269277ba59f6a7da057a5cee9eeb5e4d5b9855e586beda327c79065144e3be899218d7afd3165cdfa1e87b63fff1ac3b6a9a9ff63181d0e544a12e1"], &(0x7f0000000000)='GPL\x00', 0x2, 0xb7, &(0x7f0000000140)=""/183, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet6_SIOCDELRT(r5, 0x890c, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r6, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r6, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f0000000040), 0x4)
setsockopt$inet6_tcp_TLS_TX(r6, 0x11a, 0x1, &(0x7f0000000180)=@gcm_128={{0x304}, "d56d9847bfcb49e2", "16549f18408d640d012ebcc31bd9870b", "bcd58d40", "4f5b22bc20c62b22"}, 0x28)
sendto$inet6(r6, &(0x7f0000000340)="d1", 0x1, 0x8000, 0x0, 0x0)
write$binfmt_aout(r6, 0x0, 0xfdef)
sendto$inet6(r6, &(0x7f0000000240)="c62ee5d6a89f2387cb4093532f7c0a22ce", 0x11, 0x8040, 0x0, 0x0)
write$binfmt_elf64(r6, 0x0, 0x78)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)

1h3m3.963222814s ago: executing program 0 (id=85):
r0 = syz_io_uring_setup(0x5c2, &(0x7f00000002c0)={0x0, 0x3594, 0x10, 0x1003, 0x21e}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0x2a5cc081, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x4, 0x0, 0x80, 0x2, 0x0, 0x127})
io_uring_enter(r0, 0x6efc, 0x3900, 0xb, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, 0x0, 0x1)

1h2m26.671091637s ago: executing program 0 (id=86):
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, 0x0, 0x24004800)
r4 = syz_io_uring_setup(0x8d2, &(0x7f0000000240)={0x0, 0x0, 0x1000, 0x2}, &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000080)=<r6=>0x0)
ptrace$getregset(0x4205, 0x0, 0x200, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r2, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x20000044})
io_uring_enter(r4, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)

1h1m39.138227612s ago: executing program 33 (id=86):
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, 0x0, 0x24004800)
r4 = syz_io_uring_setup(0x8d2, &(0x7f0000000240)={0x0, 0x0, 0x1000, 0x2}, &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000080)=<r6=>0x0)
ptrace$getregset(0x4205, 0x0, 0x200, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r2, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x20000044})
io_uring_enter(r4, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)

59m31.702797402s ago: executing program 2 (id=77):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000280)={@fd={0x66642a85, 0x0, r3}, @fd={0x66642a85, 0x0, r0}, @fda={0x66646185, 0x5, 0x1, 0x800000018}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})

59m24.5744736s ago: executing program 2 (id=88):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x707c, 0x400, 0x3, 0x288}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x12a8f, 0xf264, 0x40, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000380)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wlan1\x00'})
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffff7feffff8000]}, 0x0, 0x8)
gettid()
mkdirat(0xffffffffffffffff, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)

58m38.211060272s ago: executing program 34 (id=88):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x707c, 0x400, 0x3, 0x288}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x12a8f, 0xf264, 0x40, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000380)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wlan1\x00'})
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffff7feffff8000]}, 0x0, 0x8)
gettid()
mkdirat(0xffffffffffffffff, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)

49m1.595298083s ago: executing program 4 (id=149):
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1d, 0x0, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @lsm=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

48m38.628334983s ago: executing program 4 (id=150):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window, @mss, @window, @window], 0x20000000000000e4)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0xc7)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x15, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25)

48m23.406603569s ago: executing program 4 (id=152):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fsopen(&(0x7f00000000c0)='ecryptfs\x00', 0x0)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
recvmmsg(r3, &(0x7f0000006b40)=[{{0x0, 0x0, 0x0}, 0x2}], 0x1, 0x40000000, 0x0)

47m56.865354205s ago: executing program 4 (id=156):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'virt_wifi0\x00', <r2=>0x0})
socket(0x2c, 0x3, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socket(0x2c, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x5a, &(0x7f0000000240)={&(0x7f0000000280)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x2000, {0x0, 0x0, 0x74, r2, {0xd, 0x10}, {0x1, 0xfff1}, {0x9, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x30004804}, 0x840)

47m47.250687255s ago: executing program 4 (id=158):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7)
read(r0, 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)

47m37.870215234s ago: executing program 4 (id=161):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xb8, &(0x7f0000000140), 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910700004f78d4c1a0731cccff"], 0x1c}}, 0x8000)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000000240)='system.posix_acl_default\x00', 0x0, 0x2c, 0x0)
recvmmsg$unix(r2, &(0x7f0000002380)=[{{0x0, 0x4000000, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0xecc}], 0x1}}], 0x8, 0x0, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
socket(0x2, 0x80805, 0x0)
accept4(r1, &(0x7f0000000380)=@qipcrtr, &(0x7f0000000400)=0x80, 0x800)
sendmsg$key(r3, 0x0, 0x80)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f0000000000)={0x3, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f0000001040)={0x3, {{0x2, 0x0, @multicast1}}}, 0x88)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='gid_map\x00')
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r7=>0x0})
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000300)={@cgroup=r5, 0xc, 0x0, 0x25d4, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0x0, 0x0, 0x0], &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0xffffffff, {0x0, 0x0, 0x0, r7, {}, {}, {0xfff3}}}, 0x24}}, 0x0)

46m49.904212414s ago: executing program 35 (id=161):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xb8, &(0x7f0000000140), 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910700004f78d4c1a0731cccff"], 0x1c}}, 0x8000)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000000240)='system.posix_acl_default\x00', 0x0, 0x2c, 0x0)
recvmmsg$unix(r2, &(0x7f0000002380)=[{{0x0, 0x4000000, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0xecc}], 0x1}}], 0x8, 0x0, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
socket(0x2, 0x80805, 0x0)
accept4(r1, &(0x7f0000000380)=@qipcrtr, &(0x7f0000000400)=0x80, 0x800)
sendmsg$key(r3, 0x0, 0x80)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f0000000000)={0x3, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f0000001040)={0x3, {{0x2, 0x0, @multicast1}}}, 0x88)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='gid_map\x00')
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r7=>0x0})
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000300)={@cgroup=r5, 0xc, 0x0, 0x25d4, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0x0, 0x0, 0x0], &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0xffffffff, {0x0, 0x0, 0x0, r7, {}, {}, {0xfff3}}}, 0x24}}, 0x0)

33m45.881243578s ago: executing program 3 (id=239):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="480000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002800128008000100687372001c000280050007000100000008000200", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r3], 0x48}}, 0x0)
syz_emit_ethernet(0x26, &(0x7f0000000000)={@random="48edbdecc59b", @multicast, @val={@val={0x88a8, 0x4, 0x0, 0x2}, {0x8100, 0x5, 0x1, 0x3}}, {@can={0xc, {{0x1, 0x0, 0x0, 0x1}, 0x7, 0x3, 0x0, 0x0, "f4c56a518e8196f8"}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@local, @multicast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0000f5", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)

33m39.959753761s ago: executing program 3 (id=241):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB="3400000010000d04aabd70000000000000000000", @ANYBLOB="010000002405000014001280090001"], 0x34}}, 0x0)

33m31.045911679s ago: executing program 3 (id=242):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={0x0, r0}, 0x18)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x101440, 0x0)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x20000000, 0x0, "0062ba7d82000000000000000000f7ffffff00"})
ppoll(&(0x7f0000000140)=[{r2}], 0x1, 0x0, 0x0, 0x0)
syz_open_pts(r2, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

33m19.572401053s ago: executing program 3 (id=244):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000200)='contention_begin\x00', r0}, 0x10)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
r2 = syz_open_dev$dri(0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806})
close_range(r1, 0xffffffffffffffff, 0x0)

33m13.233732323s ago: executing program 3 (id=246):
r0 = syz_usb_connect(0x2, 0x36, &(0x7f00000005c0)={{0x12, 0x1, 0x0, 0x3a, 0x37, 0x5, 0x20, 0x781, 0x5, 0x5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xe6, 0x2, 0x2, 0x5b, 0xbd, 0x97, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000240)={0x40, 0x0, 0x1, "c5"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000200)={0x1c, &(0x7f0000000140)={0x20, 0x12, 0x1, "f8"}, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000980)={0x34, &(0x7f00000006c0)={0x40, 0x14, 0x1, "f6"}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x4240, 0x0)

32m46.794534757s ago: executing program 3 (id=248):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x4885, 0x100, 0x4, 0x1d}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000600)=<r4=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r2, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x0, 0x3, 0xf4}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r5, 0x0, 0x0, 0x0, 0x12321, 0x1, {0x1}})
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0)

31m59.210171741s ago: executing program 36 (id=248):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x4885, 0x100, 0x4, 0x1d}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000600)=<r4=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r2, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x0, 0x3, 0xf4}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r5, 0x0, 0x0, 0x0, 0x12321, 0x1, {0x1}})
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0)

24m19.57415339s ago: executing program 5 (id=304):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x7, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000407b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

24m5.159038084s ago: executing program 5 (id=307):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r0, 0x0, 0x0)
write$FUSE_INIT(r0, &(0x7f00000004c0)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x262659b}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r0, &(0x7f0000002140)="59f1e4552e75986be30344c577df27f4b4a41646039fbf9beda7bf5a572121f6414ca8bd405e18b655af5c5e013e0c7388225a727cc1eb4eb7c7cd47b2c3d353dec75184436dfd9933bd374d8dfd322d0a5b705731fba628d06c11ab04e155f747b67108a4e376b5711565b653281ada57116b0dbf782e6f343532ef258b42d65df4a96f83b00ce9c66eb1a1ab23f2039927adfe99a3872de7a80ec34aa05b8be26021e61d2e1509d903f77783525e515ae5051541be24502d5123d1a08e06d959aae764ee7bed31361802c486a3f9fbb3824a21fc1b73f95d88167f7659cd90bbb4b7eb78c21e01a9da912544402618285e461cc1c9a1ada2f273d3799feb3d90e373c4f0132554fc3ebe0b8557d521e89f66531514ca337bb1149f86158e7ac94d88fc583a59b7ead0fc249ae26a4ef2ff5bab62209000575441363025553f5012b8eea50bb087202114f8b48ab602fe3fd952bf9886dcc41a9d6c22bfd543f7dec92f32758b99cd239cb69a2fe1c4560426e101666b862aec3e235fd308a6e7560aa2207cc185acabd03b20d4091ff7936120b450b1db200228cd435c434c2626f641cdd8180946982d665352ee755358afa123e7fd9a202e912c528929067ce785f3ba1877968a047f56dfb7cef747d59feeabcff03e73aa3dd3dafb367f32758de4d98dfe15737ba1cb7400ee5bdf4220d6e667c651757d4f8bf536771309d6dfa928e59c9171fa7a710a6d308e757775ce029e0724971c8d7782e29b8ca82de04e883ba042f92e6f7c6b2e627e1242e1f2033ca5bcc81797ba39359e320139cfcf6335086cd646b842e13ab0f90d2fa92ae3cdbeac38deebfc485b2f10f4e29507c858046ae009df144c4ab38ae70e25cccff11078408d7ef4d7bb262310fec1663f1a1dc035864a40616b4690c841c986630ccb784d7af382fef327e7e64817a48db2eae499584fb6cb758a4da7967d283c7400e87657443148a94a352bc46154849a9d6eaf85e4e5556c648017e7f5456be988abcbbcf4a5e2228d2cebf144229fb8b8b6ad244be8f6ccfecfa6df74278761bae6be823eeb6cd08bd0bc01283d04fb719f546cf4d2de5388d1f90eec21674d35c9e295cb1bff104689395cdb6349efcf3d3d99e0141b7bdd4f0ef24fdd6afc35fdca10ade6d539bf1e32ca2e5ab5223e4e975a3cdbfa604dc7904755919905e3ab5e4a1932e2cd7741dd80f4993d0822bbeaf7ea70541e7d18af5a36aa1b928b801bf5a8652adac57dd76f0b7d0629a9fa493db118d6420a18236ca92487cf1b751477bd7b66b6ab97a280306f921493eb9a6172a70cb4f62526c09bd73d148faefe36c47275a0b8822b71c6b09dc80dce0b130ede61296ea03951a563bbf020c75aeea843b95d134bd7228915c22c6e34579bf71479eb4185bf4d11f9735093d9b9d5f18f443a1925f59d2041ff9f6a017eebe9923e5b46de296ba24c25019591cde699475c075904b97f01a639dee3bfce62ecabd2ce078e5fd84b8733392e42e77a6dbb0f51fb0fc59cd7286b6912a8796cdb22e6c3949f6052a014c17b73b3cce6e531127173569d70f07d76359755a6d8bb239f135becb8524ff638452db9d7786e6c52efaa254590a9bfe6bcd485ae8b7114948d58d8c0b9620eb9ace67211e0f7eb4e75740b51f23c0d59903cf2bbcdba9fb516afb8c64cab133c51c0ccca855eba033cc4eb08bbc7632f427f6fb8de4a11bc292aa090503e96a2ae414d5c8907e599874c7e9ffbb8e57ed9b1564ea52f09afffeddb8da0a9ed228da5bbae4a1ef608a0d327cdd7f19fac5d342c31088bbd05cf87c1bb73c55db60087e058c21d313c899071a38ac027e7c2704516b2cbeeb3c18771ecaec46d90c18aaf7cc207cecd60faf27fa4fbea3fecf0dc67336263870e21a1ef39c35e89254fd02bb75848f3729450a08990a410331ac720c1b9c3859a436d65899158caacff7aea71f3bb34e69d954994b698e608836a52b88d8ae8303fb918956e13bc1bb99f955c72474d53ab8ba2ee131730f7fb7dcc4ebcf14b9c3c0553a783d6123c3b9a3cd5ff9c6c2d588c38bae6e81b5f0dabc3b4f6b2d9805474453f66e3f6bbc29b64604374ec82a602109cce44bf4ca88a8b0ea2dd27a49f70eb481f3fb59a4ec5cd0b2196c05a96905cbd0f3b01b579401d20f12aabffc6f9e869af2fb43b0c3362f67a015dbe51b33281236326c3cf93f466a07f5baa29cac348ee7c17088aca34bff6844cc60c5f9376c4869afef5e14b74d780ba0fe5ba3f919d6e3ad2c5a9b259c3a79da133173f107bc2fdf426cdbc144a96a33951bdbc43d5b5a6a5c4e8aeb90816cbde9ffcec6630ca37ae6ccddcd61dc6893b75fc6d951be9d2144b6ae4bf739ddce3400456f0bed97dcec4330b717f590ae2f30cde4203d592a4abc864b27fce63bff3da754425fa0caa91e173f8f99fb0c81910df88b01e2e4918e424322149a283a69a04effe4da0cb417126d674d802455a67bb72aa88f1a6beba6a82f9f0529caff162285679cff18c0a9387abd6ac70135ddd07d04c8cc18143c57bdbf5676feacfb5afcdde7233abc411ad08372a885ee2047017c51167112b1dfb4c3a06a829c8c57c2e6d55c85ed97063c9a5843aa299ff3c63e61440baa42b696adf218d37b39231314acc6ffff7b23d16c8762562ef8a056e31c385d57f8fda45862034abf4487d6abd7816ebda9a7aa8bcd753508babb0d4c08cc25ee88fe3a5eb26842ef5a0687f5bd5c3f0b29e4723fbacfd852f3e194e47ffcc9fefea63b972cb9f3293956ee71308ad6ccb891d760469a62c5864069cefa60b247c5366b32d864d5d63a495209627b1b36b9db1bc0979e13dbf2f7203ba69596ad6cd991dc22cadd0fc55ce89db7fed238b082674458c8fa10398e6fe69b50b8cc8df9324180305fc4c17c3f0ecab996c44f8bb2eb575bbe4300e1c93c39a34ce0f255522f4bad18b6f7ed2b5d712baf19c39bfd974dea6181511e4bce407a38e2ce591f989001bcbff570f78649b8d80d7c51d9415dfe8871f1c4161e685d9a361ee2c3f7386c7d89570ae6894f59219c9e53059a13149fe6f3d37f982c503e11f9a90fff483e3b2e4016f376fbf81a3a95d666460fa0c3f6e873ed7ba2e9b6da20b62eec19de014c540b9dc4c3c25995c0435fa5dac1d5cefd66b248db8cc951a84913341e308a318bf94d1d49e12d80053712d3d68fb4acbf8c07ff3ab721c982b114f98edb9e693afed4c80892d8d75484cf228a41fb9af3e59a31c802bb5883d88f5d804806a1747bee00a1347edffc1d832d5e01d15dcd4c7e21f35c47e90761904d0381b56e8200d69338edba5f5e5992d2439143846e1295aa77dd0745c1f33b02b108e987a3d675d8bd593ad22b49068a6f91478a807275b05261dd14553a112fc85cab73dceea1fd31a319db40ff6646afce5a9dc0588747afc06bd36c4326a5f495a12c4eb6ca44e4b23dc52836336832e267db22165554caf7925cf13c84685ee31bfd19fb988a42a2d931fe0212a64e6ffcf9fcaaeeb9fd211a529364abb1a915811a46c41289da4a3a730942d4e0b9534944ec993555d96fcfb68e4f85c53c297f1ea34781b55b69b25bbdf4f0cfc9572e924adfd354b4c291d77d802bfbdc7d7b24f1d266cabc9ecf63ea5b48d5e7f30d8ce1ee4ad861537c441667405b8223e81ba71f55e09d0e92f1c4233227eb276db865b23c8d28df9b2738f025b59d10a118e156b04da94a15b7d8393783dbbb29131603bd11397625c8cb5d8a86cabf660906bf714079f9261c901815688b76afbc65962aeba08e940c20931ea1e3b875427afbb608634eda3f7f69da64906616f24a8a750abf2da50c1e47cec369ffa25d4c199caf1da2f51ebeca7de266e7550dc12019f0e7dcd8f814c2095b12cbf94404e3343e032ebdb8b598febec6390c84fdb65c3eda086c341c09321d1ee471896be010214de39a658cf48585660010578290b3349f0233e301dce10a9dcaa372ade8a4a7170e68522add35f6cdb23c688ba42b425775f077bd0d9f6706722499763efb84c98ee3717b293b26eb46d097a7af1e8097cec825a2d92cb1038980a8a73a7a351001a6efabf812b00788bb950e8b88784054a299906786b7dbd25c9d8ef4146e45b84611d65e7ad898ac1d234574d174acb1d23d8e206518fa40e521bd3c3953c95aedf265c3755243374ce36500a62dd57a94ac22aa6c9b6d79edbad8c0633263f9ffc04524d23e64a18a22cfc1d9ff00eab75a48cffa364f025b31fc632d4ba3f1a829e78b08a9297d59b9ac9c2ae3fe7ef21a0bdc4ee34477654b4bb80b30e117dd846a4f71750f76cf93afb134eb28e0409b92016ce47871fd2a531b2b05d7684421f524833f7a9ac4a02d8c92a1c83150fbb6c68edf0c4ecc833c9e2e058c91f8f9ba81ee48ba5fb71132bb84c4e4993561b0f0ee77405a5573df396469fa5a1a761a9398e618221bdb888a9f2f07a1e9247fc7e3ff2d72bdad77654645171fc89cf4e93d6eaae95f4e7bd9dc75c1b1fc5c7926aa0d0c70b7b442ab657e734fb39660b058403057f94ae3e9b96233647216e29b891272e4403e3a155e4f77fb227cd56a3e3856969cf3ce85d1aca889c2cb1ddfab9cfdcaba80e2411243e8370757725e2875bceebec0d8174ecdda380dd8bcf63cfc619ebfd4b562949e32c8ae7173d630df595b79afc5b0c2ba6e9613ebdc3912db74a1c41bbd4c50428e1dfeff661fe3c3cbcd8fbe4a6d1c02d2b06068e3fe7fa5fb63eed98361baa5c075ea1694a575551818d3ca4988dd080df8c604f2fcaf0d3d3bd922f142ecd2b88efec2563686447750a1e814926e037c2e4d2c530bae36a0cba4b9b42d21b63d6ff403f1a5bea1a169eb494192a7adcb0787759a944043d0df72d57d775e9604a5236775b44d9553dd186f63512bfd3d4b65667f8d715bc9c100a0855e2ed963da442e0ef54b809b2e794eb9b29daea42a84c2d45c220a1ab3242bf7e2f41754feaba92998b834391aee0005c3b5bf05ca648577d77712c6a2107c0d017b1828b82a63ac32587023ae8214e55b907a08c774d12be071ae593716426038f326b45e565900ae67778cfed493dd873b613d457837bf505622d6270f7c2177b8b0048ada47e3fc97a913552d9b65be45a914c29fe5e2e398c9dc7d541f8244c9ce1fdb8d20547471ae840cdf88e4362e05b3091a80c3b32afec6747b05033f98456bb0503240d63b18d1756bd24656def9f79e6bbaca8084caf07dfd17d77f98343fb3f141f788ed0a9397f0a591023c332f4a16e468643b8dffb950f798d7cb165757b18ffa1863898de59c892b148d268b4d0ec3e5f2e4790358cbe0a40007a4be6cb789ac11badcf369f1aff5c458b5c9514b24cfc395b4b4f0df30ab6b3228feb960d545d027a76abfecf455b673be7caadf0d0f2544cb5473ecbc3a339b08652b444a3b5a28d834e63ae4d831d5abb077297428bc3b6542477fb6d4ffdb1398349cea95e7d6131184e7d793603582e81253974e10f8f947d339d2fdfa4c8871b33403cc23b2e225462d29d0450f285433c75959774fe65058188cc54488bc23a20880a0b786e6cc4622c5621f427af5dc294420c07c268cb04eef4400fcaf6fd1a500504fe59cd3c44836a0b477a62d05c8f43e96962a367cbae1f88dd4f4c22e0c7d2afea8a2de91917599f6db37449474048ba84f144532af50b65cdaba868f50f079a4a495d2ee921d835badc2ac45e2521dfc559bbc664f6f27446a6d5afcc8c0d90d68f991dd503291d7687f64641fd052c73be1786b507252749fd788c0c8edf25ab5efe9ddb2a67ec7e24f22f9fe28966d64338b691222c7cc493a9a5c10430ce0f074703047757a9abed0ee0cca14c20cfa9cb521f0e4e91e886e4b1285ffc996912ca7c9f81f2e8e64454fe6846ff44dd21c294b888d52c37bc386ba8cd7f7c0fedcd524ebf603f0a5b5f19be9c7e0f6da5d0ddbc2543d1adf46f5d0140d40c8798f8baa4ba49d99aa0171ffc797e3f919b21a37d3ca8b7a729781aa262d68a0451a2705f59f18268387fdecaed03045fd6f1759a694a5224c46f7a4c6c4eab6b11089b114e5a78546c258f23a2b80fe7f9503d006799d2b8fed769d87e9dafaf6f923ad1be071538789b771d13125049b58a2f2c4f91a5cedbfd725e419e8b640b9d704f48b96efab1b249784bed0e6c3c938b5ce66b6766ca0bbea73aa3a514a57ad7d1907f72072128be570e016a2a5b5754f60e2b0bcc3bd9a4ed21fe4e9b4655ca22656ab6cccf5091a1f85251e51f59094762252c996d9609430cfba1d160702643060cf386f3c3ab02eb5943326312444ebc0e5df143dfa8e868fafb719fbe1f5b355c472adc7694967522e39c1b162b57d49aeda122bc4a60393bba6db3f083751a41f9aa2d6cb59038f94b896a5623f82bad390d2b729f66d5f87b72cc9b54a2f08b3e7ad321310e8f79556ed4dd0c8a058e6a434b6a3fdf28a6b669b53694c16a72e14c1bce34f81c67071152d75ee8f146e465849a7b3eefc2fddb779fa34685effe59432444b3a6fc237da95fc7655aad861aa319a75880e53858ca6a7dad341b2643918e69e3c81969fecf6cdecec304c519ddd0f54b659ed7f9c3782c58202ba393c3811aa1f34d710db2cd0bd1478db3b3445c5d20811dfeb0e4bc3434ae4fa3518c9c36ebcc73d2e40a1701496f82d186309885af32b9694a7a6616bba665b94bff24ab493488c9a53cf1de2eaac644cd0f8d9ef4930f8bf56797b5ac4abc8132f62125905f7e18db3048a90c4a4779b5e29815830fb4093956bda4e2596bb8956c45313ce4e4662143a95779e5c23933e9312372e29c00ee668e82c7d4de290a5a6a66b85e6738528a58b4d169221a0ac5367196cea76c58b4c236b7da73ae1ce463656941f322d4cdec390d91d813c2c9bd70b10151673585457016c0d302f23f323c4a118fcc32a8076be44606d3241bfa66e78178c8d991093d9dd5d93d3eb455ed085eb5e88d83f3a47ce9c5fa7f9035df5c407eb27daa231c538ab58765668ed5a80e8f8a3a4470181b9f15b56d5c4a43708e7287775ee1e991c8e28af2afefef93b19ce3c4a1cf5d25e9b232f424a312cd4883230ffb071343986092141ea12e9647e5f5ab4e70de17d17756eec8ff64328c0050794c568baf183dce6c798e9b01dc53e76c4b9a0b61f1b65cfb74152d9936e05505df63048cd62cec15a97ec79995c5381b0491e65661c2804cc7a5cba0f418d5ec420ecdcf1363cc48777ac6a9901a30d6aed7bb62651480da8f84c93a61bd66ee6f218f2999d052e7e3fbcb002b57bf3c1292cf75a52a164d5c7f1265f1c7f881683dc8d6572853eef350f3834f888a1ab0eff22ee3b93ec2d82f93ddcb5b915f2c273a296be81f3ea3d5e9855863fb5cdc7289770111d02a7e0ee6558e46e754a5c11e4d36c55946fbc62d0c89f87156e33db0ac968dfb67c3a43a55328996a73cce287d518d45f5753f45051bba90d6dd06d95bd14c13d7707bc1afb44595da6783a48d6675c8e28affea30a55ee55a904d9ffb31e9c4fe04fe3dcdbb459d62d36156b2c6aa015b20205f6222008692f6be91ae531afafba348725ba820bb9fb2b93d3013e3f4766dec362a1e0cf40534eb1a18168c18afe08dfdd65e9953869353ba14cd1daaed1fc0c0ae1fc8deaa98c79b74ebd2043b18076dae9c2b4625ca9459a354ce3571b8c33870cc291983da1c0f32f87133192564e6c22abce03fdde7a7cca192d623253e99d5d1ee2f5e4c6535cb027eaae8fb1486ebd7c09881a14c88494a03030f5dba58f7e45a78905b10a5645409ea754162aeae8551d1026021da8685d4cbafbcb0ad980a1a16199be14b11434b0cd62a559b8584cd373bf9f959641059b17a654523cf3f3e7fd94a809e44a21ce2242cce6f79a32dd5443b79df68ddbbdc73eef492ef6a9f093f3131874064f89f26ff32eda7e6451081990a022a0fe52f189cd1deba409dcc090f91d10fa769d1bd75d11ec22b6e85405cbf9b3256e4f8913d7b8eda2945069e219fb4abca2a191e024d5af78e75cdbe0d9d5471a1d8e8aeb9e0a00274d4474ab6b0ebbb66d41bfc1683642c88a1155c91a7eb2295c4b9aa93eb0e77dc5a928e1698490de1226c65a7ef79fa9237dc9f7fdb8fcf9b54658ee3c714b14297fcaa1371c22e746151608f6f1f49bfdddce0ce24e6fc8da8f8dec534e5fe36106c81f25250be3fc496a4df508e79f49c7a4341d50bb6f96289afab14dbf4e8802a14ae82705a75e18330884c9bb1152792249a68ced40afc63deeb59daf9711484b982ec2675f5d9239f182849c4780046460e59aed8cdaaee156544370962771ced877365d37723bd9f935e8192ffd677348db41e3884704b5cbc6002c32111c9168dfcbbcc1c1ae3fd907b494a1fc7a8da0077517b55cc86393f61b07cf71408c47c9f4ca78c9cd48bf62c3b48232f74fa04f4e1fe9e5a4b88e94cae83397ca74948acc002afad739a3891c16c102fe026e2d1ac172a8b0f8c26689d99c371e275671b4f7ba1a08f7e955175b0dd88bdc63f6c1416fdaad20924c7dfec72d961b7fdde56de6ec0c11d43abf60fba174f4a689a1ff15016e7bbe378255f6724fac6a877a00d34a44b85c332ffb3b48101cb6137ccbb5e79f0e0ebe144800c8eb8ee3540cd23def571a4419908604a4217e4da5c72ac49c188e050c6c154df8f1ae2275a6bf123da80196a01cabbd699b215e6e1d7762c299d22e5b72dc1d17fafc2b42bf8c1546694772a2bd9a5f1f75504906c649988f88dd1f1236ab3e92907da0b87b7b674f5f3856c2d0996c20795a2cf7eca5b8dbbb4715dd4e67ce6ef38848bd50389686f17c059070fd9f1bfbd0409e3df16e7a73fb115c66cebb217cd01c5967c774143aa11d9815f2b0f9030f012bb8df1548a4e495e3553ea8524d374772a287beb18a7e88c88f4678e8835f35ee901eba3276b55095122d36a4da666e3b2a70114bc7c8faa5c73b89744c47aa138463c619a322e4dd8e4414ab12b143d2465401cafd97f500b2b035ee96f87131b3c5acbd7d336d926973e70b7c409372a1bb270e0666831de3fb5f059d25cb733106554ad892b2d46f5b33b00ae6198573c4c57b059266f806943e864a34a2b830003bdb7447fd105244bb975b0d7f1b6e25a72ac98a6fa3be7e3b430701633b95f8560620a58caa3366b0ddef41d153452417e4a5b48cfde67e6525d23c538a90d87f9b3cbd4205ccb30ebbbd54a00c4b0fb30cba4d02c5f108cb25af1cd791711d244c87de9738afd56401755ad8f5e62198d28164475997d7719f91ed7685829c6d536a090353b0b2de436d27e9f1fecb09917c1a3e7cbbe33024a74883790c9d18c2349a3f748f6362a79b92b95f1b3e8ddf118c87fc389c1ca08786b81513b62ebefb9fe472ff79eddbfa06d6569faaa1b8df516e2d0365256bf012da3571c6bc8589c49e0573da6d9ea1f7ad35840450a9f334d5d2cf9aa343dcc0f9864129bc548914507b30075d1a153d98af8a6def82e5c8619d9656f8ed0598b3463632c1cfa8ce86cbb90c772cf1298709fab835fe07b755a955f0d05c0f4dbffecaa7f6b1b6d40fffda03965021fd8f1316b62ee8e2bf6fffa01bc2740c066b7655d39f4be9d96f39713fab5ba34fc5431cd86c7384ee9177c20bf5ed5b9242b5abaefd4429a73195c166366527daaad6ce29136edf7fa974415fdeca13adb617e35d357d9c8d76953b6704bd04c391eb3070b1536342224577305c75b69cbe622e308722b3b76fdd3ad0ee69e7cef96a9cd267a92d846863b97862613b2ff5667559ed286e2fe6805a3a09ffc25e4df4b58302844e747a65310d4eb9d64c1b31995a2df3dce8026426e445b60520933fea52f4a9fc8e15033b75e5f412866f4c75371b6cb6436acb118d62752da91b64f15d40c8263bdc6ab718020442bc9cb8005ff30e90ca8bb4f489b0eb4218d323b39022fc542dcc16841899d094d4a5bf134281a330efdfb2445bb31d818b11d9abfd0e58c6497d2db7ac72a26d068b6b4b62de8d291188d4de82d9e53f3cf597e9c383a308a6a52814269c18a18b654bbf4db4502c11856637400b8c2ec3aa0127a659efcaaf5377adf69cb3d9ec65130864cd49320a8ac21aeb31c1c08f92a483c70318870b0107b4ac6070575e548bf70a25d1b220d8192697bbcf891521e4217efb59429c9ca2638a6eb13845d74a91ce45471e8df8f9d8a3a4ea4c8fab267017294f8054e43af04394dd3cbd35b6e60911f049d0f1048d1941effae8ed0ef726efeabe24607e3036e95297f7ee8d3bade2ca8cc431504524b6b40bfff220cc60f9f64376ad5b5fa7cd8dbc3baf145d6ff4ac00a4a8fc2de132af0e2d84302d02c5677b927d76094d38c8b644c1480c6dbcb7274d15362a3ec973cbe40086137160e6447ebaeec5aeeee932ef2bb03fd0754a7708968f2bba76ce16209e7bf1de26971f8c112581f9c417828a4a0fe4b6f243b939e8c4a7595230039f3f81fb64d84227c3725cde10c89d6413354e53811b2cbfc8a0d27dfb11884af23522a51a68f5415ba529690561df7d3f3d053166fc97e6c931d80968477384da3107cb5321b88940c3602a25195b870af1d956f749ecf6f0321f0bdead7cac3627d2895db23f74a244ba8cef7a7d1ff04f5258d45f5e1aa4a4baa83a36abb0e5fc94104e32314ef739725d83de8d0027218b7aea54c6de45dac43f955dd2ae4f7b89774219f12a25a7d47213d545357d7a0977486f8bbad66d8ef36bc26671c1a9c2a54d35e2e303b7cc4e3c431c2068ac10e6168ff1a0c023bf68868a20f20612ef5062ccc978332f2a97b58b0b92cbefa1ce73815776ef3e658145074592a463e5fce30fb89d3657906129fbbf369f0a7af4d9f1f153b0a840dfb80607da59ab2f01e72413d364f0c4f90a13b313b03df460696a8506c6c1dc6964918093274054bb9b46b7373a30efdea62c115fe9fd396c989c53c31402ee4b6bf6d9db19bf75906a0fd0e807f7e6cb7c5ef4daf0b21edcbf2f64605ccb7b5238bef39231d470d1542da1eab747084516fb6ef188308e62658540bf37e10215f26e2b1cab4d91a2a429e51bc270cb07c4628a8fe4066192893253d22b3a24edb3f3d02e227c613067231da02b449dc5ecce6a6e605ee5708817b2b72453fcf0f4e04f0c22996871d01cc3684e2b73573604366ca12a604f450edd6e113f4d1bda649939270c0ca493eafce9f46547b2ca1dcd8a63ec6053b99a2705a26c71df3a9dc7a347152dfc55b036701e9f7dffbe9138e6f619daff7721ab2c79e41c7f7fc829e3a22c2fc286f08a0117fc53d63d7c241aed27350badef0ff11ffee83920d62fb09f6be8ae44eab4273560e0ff14096afd10580306ab96cf9998da75e1dd04a9f70023673935a470c015762480b4182c32cf4715d7cdec146b1c8f50709c8a704922900bd1941e1e8172981b373f5de5260e84a498ec8110d55de18c99a5310ec0a7c69fcf54c8b70", 0x2000, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006480)={0xe8, 0x0, 0x0, [{{0x3, 0xfffffffffffffffe, 0xffffffffffffffff, 0x7, 0x0, 0x173d4, {0x0, 0x8000, 0x3f8, 0x0, 0x0, 0x0, 0x400, 0x0, 0x8000, 0x0, 0x2, 0x0, 0x0, 0x2, 0xdffffffd}}, {0x4, 0x0, 0x3e, 0x0, '.&^\'\x9b\x8e\xf1\x8a\xbb\xbe\xddn=@\x9bE\xe4c\xfd\xcc\xba\xed\x0f\xd1\xb5}v-\xccq\x91\xe6\xbdw5\x06\x15\xd5\xf8\xec\"|\x00\x00\x00\x7f\xdf\xdf\xac&{d)v\x94\xd4B\xfd\'\xbc@\x95'}}]}, 0x0, 0x0, 0x0})
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000000)=""/192, 0xc0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)

23m52.977027378s ago: executing program 5 (id=309):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000800)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="4800000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c00028005000100000000000800154000000000080008"], 0x48}}, 0x4000000)

23m41.501944699s ago: executing program 5 (id=311):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000011c0)={{0x14}, [@NFT_MSG_DELCHAIN={0x14, 0x5, 0xa, 0x3, 0x0, 0x0, {0x2}}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0x3}}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x5, 0x0, 0x0, {0x2, 0x0, 0x1}}, @NFT_MSG_NEWFLOWTABLE={0x38, 0x16, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x7}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x1}]}, @NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x8}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xdc}}, 0x0)

23m30.579254431s ago: executing program 5 (id=312):
sendmsg$AUDIT_GET_FEATURE(0xffffffffffffffff, 0x0, 0x80)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r0 = socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x2, 0x2, &(0x7f0000000680)=ANY=[@ANYBLOB], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2a, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r3 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r3, 0x0, 0xca, &(0x7f00000001c0)={0x1, 0x4, 0x6, 0x5, @vifc_lcl_addr=@multicast2, @private=0xa010102}, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644ae98a8cb8dffff3b7ba14d7971910b559623af8295", 0x13c}], 0x2, 0x0, 0x48}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8b18, &(0x7f0000000000)={'wlan0\x00'})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0xf, 0x0, 0x0)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
sendmmsg(r2, 0x0, 0x0, 0x4)
getpeername$packet(r5, &(0x7f0000000000)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r4, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r6}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)='O', 0x1}, {&(0x7f00000001c0)="e1e93a5c3a9ed5d78e", 0x9}], 0x2}}], 0x1, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x13, 0xffffffffffffffff, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000004940), 0x8)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000004980)='blkio.bfq.idle_time\x00', 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc854}, 0x8010)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x600, &(0x7f0000000840)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

23m9.169691897s ago: executing program 5 (id=315):
r0 = socket(0x840000000002, 0x3, 0xfa)
connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0)
socket$netlink(0x10, 0x3, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x24, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="58000000020605000000000000000000000000001400078005001400090000000800124008001f000500010006000000050005000a00000005000400000000000900020073797a31000000000c000300686173683a6970"], 0x58}}, 0x0)

22m23.841569619s ago: executing program 37 (id=315):
r0 = socket(0x840000000002, 0x3, 0xfa)
connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0)
socket$netlink(0x10, 0x3, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x24, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="58000000020605000000000000000000000000001400078005001400090000000800124008001f000500010006000000050005000a00000005000400000000000900020073797a31000000000c000300686173683a6970"], 0x58}}, 0x0)

2m30.924726597s ago: executing program 7 (id=468):
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x6}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x4c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xe, 0x6}, {}, {0xd645d28e815807f6}}, [@filter_kind_options=@f_matchall={{0xd}, {0x18, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xffff, 0x2}}, @TCA_MATCHALL_ACT={0x4}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x1}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x40)

2m16.869775633s ago: executing program 7 (id=470):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000b80)={0x44, 0x0, &(0x7f0000000980)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000300)={0x30, 0x30, 0x30}}}], 0x50, 0x0, &(0x7f0000000a80)="c741295a7ef60012e65f9814e461f7717343065ab6440a457c11c6b43c5048f4042a00714cba6a4379e131450840e7d72e4a9d82c7aede96f666537577058dd630a74d5ae776ebf065d36674bd889153"})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})

2m2.547932011s ago: executing program 7 (id=472):
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x8, 0x2)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

1m42.99186165s ago: executing program 7 (id=474):
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x10, 0x6, 0x4e0, 0x0, 0x0, 0x340, 0x0, 0x0, 0x410, 0x410, 0x410, 0x410, 0x410, 0x6, 0x0, {[{{@ipv6={@private2, @remote, [0xffffffff, 0xffffff00, 0x0, 0xff], [0xffffff, 0xffffffff, 0xffffffff, 0xffffffff], 'veth1_macvtap\x00', 'ip6_vti0\x00', {0xff}, {0xff}, 0x5e, 0x6e, 0x3}, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @HL={0x28}}, {{@ipv6={@loopback, @loopback, [0x0, 0x0, 0xff000000], [0x0, 0x0, 0xffffffff], 'lo\x00', 'dvmrp0\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x2}}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0x33}, @private2={0xfc, 0x2, '\x00', 0x1}, [0x7f8000ff, 0xffffff00, 0xffffff00, 0xff000000], [0xffffff00, 0xffffff00, 0xff000000, 0xffff00], 'macsec0\x00', 'macvtap0\x00', {}, {0xff}, 0x88, 0xb, 0x7, 0x7c}, 0x0, 0xa8, 0x410}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @local}, @local, [0xff, 0xffffff00, 0x0, 0xff], [0xff, 0xff000000, 0xff000000], 'veth1_to_hsr\x00', 'geneve0\x00', {}, {}, 0x73, 0xe, 0x6, 0x58}, 0x0, 0xa8, 0xd0}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0x3, 0x9}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x540)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x80800)
ioctl$TCSETS(0xffffffffffffffff, 0x89f3, &(0x7f00000000c0)={0x4, 0x0, 0x0, 0x7ff, 0xa, "5dee000000594000"})
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

1m26.320413535s ago: executing program 6 (id=476):
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x6}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x4c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xe, 0x6}, {}, {0xd645d28e815807f6}}, [@filter_kind_options=@f_matchall={{0xd}, {0x18, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xffff, 0x2}}, @TCA_MATCHALL_ACT={0x4}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x1}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x40)

1m20.473857129s ago: executing program 7 (id=477):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r0, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x10, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
preadv(r1, &(0x7f0000000640)=[{&(0x7f0000000140)=""/134, 0x86}], 0x1, 0x0, 0x0)

1m7.231993792s ago: executing program 7 (id=478):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x38, 0x1403, 0x1, 0x0, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'ipvlan1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4040034}, 0xc812)
read$hidraw(0xffffffffffffffff, &(0x7f0000000100)=""/245, 0xf5)

1m4.428883369s ago: executing program 6 (id=479):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r0, &(0x7f00000057c0)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, &(0x7f0000002cc0)=[{0x0, 0xea}, {&(0x7f00000017c0)=""/130, 0x94}], 0x2}, 0xa1}], 0x2, 0x0, 0x0)

51.09550118s ago: executing program 6 (id=480):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000500)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4f, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724"})

41.0786339s ago: executing program 6 (id=481):
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
setpgid(0x0, r0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x1], 0x0, 0x0, 0x1, 0x1}}, 0x40)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)

30.587719042s ago: executing program 6 (id=482):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r0, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x10, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
preadv(r1, &(0x7f0000000640)=[{&(0x7f0000000140)=""/134, 0x86}], 0x1, 0x0, 0x0)

24.795657711s ago: executing program 6 (id=483):
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x6}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x4c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xe, 0x6}, {}, {0xd645d28e815807f6}}, [@filter_kind_options=@f_matchall={{0xd}, {0x18, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xffff, 0x2}}, @TCA_MATCHALL_ACT={0x4}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x1}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x40)

3.551862058s ago: executing program 38 (id=483):
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x6}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x4c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xe, 0x6}, {}, {0xd645d28e815807f6}}, [@filter_kind_options=@f_matchall={{0xd}, {0x18, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xffff, 0x2}}, @TCA_MATCHALL_ACT={0x4}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x1}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x40)

0s ago: executing program 39 (id=478):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x38, 0x1403, 0x1, 0x0, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'ipvlan1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4040034}, 0xc812)
read$hidraw(0xffffffffffffffff, &(0x7f0000000100)=""/245, 0xf5)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:62783' (ED25519) to the list of known hosts.
syzkaller login: [  358.025837][ T3167] cgroup: Unknown subsys name 'net'
[  358.648960][ T3167] cgroup: Unknown subsys name 'cpuset'
[  358.788325][ T3167] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  419.184386][ T3167] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  501.283981][ T3174] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  501.804764][ T3174] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  501.871481][ T3175] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  502.368571][ T3175] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  516.184015][ T3174] hsr_slave_0: entered promiscuous mode
[  516.228398][ T3174] hsr_slave_1: entered promiscuous mode
[  518.357858][ T3175] hsr_slave_0: entered promiscuous mode
[  518.378736][ T3175] hsr_slave_1: entered promiscuous mode
[  518.415046][ T3175] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  518.417960][ T3175] Cannot create hsr debugfs directory
[  525.406790][ T3174] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  525.564583][ T3174] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  525.657033][ T3174] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  525.876035][ T3174] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  527.518446][ T3175] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  527.707779][ T3175] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  527.862515][ T3175] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  528.058128][ T3175] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  539.345095][ T3174] 8021q: adding VLAN 0 to HW filter on device bond0
[  540.857887][ T3175] 8021q: adding VLAN 0 to HW filter on device bond0
[  576.668930][ T3174] veth0_vlan: entered promiscuous mode
[  577.032237][ T3174] veth1_vlan: entered promiscuous mode
[  578.638078][ T3175] veth0_vlan: entered promiscuous mode
[  578.723536][ T3174] veth0_macvtap: entered promiscuous mode
[  579.228850][ T3174] veth1_macvtap: entered promiscuous mode
[  579.833653][ T3175] veth1_vlan: entered promiscuous mode
[  581.615553][ T3174] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  581.618808][ T3174] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  581.643301][ T3174] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  581.645334][ T3174] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  583.116057][ T3175] veth0_macvtap: entered promiscuous mode
[  583.684096][ T3175] veth1_macvtap: entered promiscuous mode
[  586.088956][ T3175] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  586.103780][ T3175] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  586.105911][ T3175] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  586.107990][ T3175] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  587.266173][ T3174] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  599.238943][ T3882] netlink: 'syz.0.4': attribute type 10 has an invalid length.
[  624.315665][ T3894] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6'.
[  624.319103][ T3894] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6'.
[  644.072306][ T3909] Zero length message leads to an empty skb
[  659.792959][   T36] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  660.216601][   T36] usb 2-1: Using ep0 maxpacket: 8
[  660.322965][   T36] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  660.326041][   T36] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  660.328979][   T36] usb 2-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  660.347584][   T36] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  660.534675][   T36] usb 2-1: config 0 descriptor??
[  661.313690][   T36] usbhid 2-1:0.0: can't add hid device: -71
[  661.341536][   T36] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  661.551313][   T36] usb 2-1: USB disconnect, device number 2
[  667.332737][ T3169] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  667.543503][ T3169] usb 1-1: Using ep0 maxpacket: 16
[  667.617445][ T3169] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  667.643780][ T3169] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  667.646490][ T3169] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  667.743495][ T3169] usb 1-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[  667.745619][ T3169] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  667.747323][ T3169] usb 1-1: Product: syz
[  667.748676][ T3169] usb 1-1: Manufacturer: syz
[  667.764244][ T3169] usb 1-1: SerialNumber: syz
[  667.919290][ T3169] usb 1-1: config 0 descriptor??
[  668.876323][ T3828] usb 1-1: USB disconnect, device number 2
[  671.644640][ T3957] netlink: 'syz.1.16': attribute type 1 has an invalid length.
[  698.772367][ T3858] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[  699.129047][ T3858] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  699.134714][ T3858] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  699.137444][ T3858] usb 2-1: New USB device found, idVendor=05ac, idProduct=0240, bcdDevice= 0.00
[  699.158119][ T3858] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  699.342062][ T3858] usb 2-1: config 0 descriptor??
[  701.584744][ T3858] apple 0003:05AC:0240.0001: unknown main item tag 0x0
[  701.587314][ T3858] apple 0003:05AC:0240.0001: unknown main item tag 0x0
[  701.588949][ T3858] apple 0003:05AC:0240.0001: unknown main item tag 0x0
[  701.613285][ T3858] apple 0003:05AC:0240.0001: unknown main item tag 0x0
[  701.615307][ T3858] apple 0003:05AC:0240.0001: unknown main item tag 0x0
[  701.616908][ T3858] apple 0003:05AC:0240.0001: unknown main item tag 0x0
[  701.618500][ T3858] apple 0003:05AC:0240.0001: unknown main item tag 0x0
[  701.847805][ T3858] apple 0003:05AC:0240.0001: hidraw0: USB HID v0.01 Device [HID 05ac:0240] on usb-dummy_hcd.1-1/input0
[  702.109015][ T3858] usb 2-1: USB disconnect, device number 3
[  711.873127][ T3872] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  712.112926][ T3872] usb 1-1: Using ep0 maxpacket: 8
[  712.155987][ T3872] usb 1-1: no configurations
[  712.158081][ T3872] usb 1-1: can't read configurations, error -22
[  712.417163][ T3872] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  712.714938][ T3872] usb 1-1: Using ep0 maxpacket: 8
[  712.769001][ T3872] usb 1-1: no configurations
[  712.775700][ T3872] usb 1-1: can't read configurations, error -22
[  712.800211][ T3872] usb usb1-port1: attempt power cycle
[  713.382722][ T3872] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  713.443273][ T3872] usb 1-1: Using ep0 maxpacket: 8
[  713.477682][ T3872] usb 1-1: no configurations
[  713.480854][ T3872] usb 1-1: can't read configurations, error -22
[  713.672590][ T3872] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  713.728177][ T3872] usb 1-1: Using ep0 maxpacket: 8
[  713.827757][ T3872] usb 1-1: no configurations
[  713.841619][ T3872] usb 1-1: can't read configurations, error -22
[  713.861835][ T3872] usb usb1-port1: unable to enumerate USB device
[  733.865977][ T4055] macsec0: entered promiscuous mode
[  733.874595][ T4055] macsec0: entered allmulticast mode
[  733.876837][ T4055] veth1_macvtap: entered allmulticast mode
[  813.606305][ T4116] netlink: 48 bytes leftover after parsing attributes in process `syz.1.57'.
[  813.628160][ T4116] netlink: 48 bytes leftover after parsing attributes in process `syz.1.57'.
[  842.192101][ T4134] netlink: 48 bytes leftover after parsing attributes in process `syz.0.62'.
[  842.248203][ T4134] netlink: 48 bytes leftover after parsing attributes in process `syz.0.62'.
[  859.583033][   T94] null_blk: rq ffffaf801aea0000 timed out
[  859.586871][   T94] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 0
[  859.593313][   T94] null_blk: rq ffffaf801aea0180 timed out
[  859.594815][   T94] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 0
[  859.597141][   T94] null_blk: rq ffffaf801aea0300 timed out
[  859.598620][   T94] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 0
[  859.602538][   T94] null_blk: rq ffffaf801aea0480 timed out
[  859.604051][   T94] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 0
[  859.606358][   T94] null_blk: rq ffffaf801aea0600 timed out
[  859.607842][   T94] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 0
[  859.610875][   T94] null_blk: rq ffffaf801aea0780 timed out
[  859.612404][   T94] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 0
[  859.614713][   T94] null_blk: rq ffffaf801aea0900 timed out
[  859.616212][   T94] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 0
[  859.618412][   T94] null_blk: rq ffffaf801aea0a80 timed out
[  859.621263][   T94] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 0
[  859.623548][   T94] null_blk: rq ffffaf801aea0c00 timed out
[  859.625007][   T94] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 0
[  859.627311][   T94] null_blk: rq ffffaf801aea0d80 timed out
[  859.628753][   T94] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 0
[  859.632773][   T94] null_blk: rq ffffaf801aea0f00 timed out
[  859.634858][   T94] null_blk: rq ffffaf801aea1080 timed out
[  859.636791][   T94] null_blk: rq ffffaf801aea1200 timed out
[  859.642461][   T94] null_blk: rq ffffaf801aea1380 timed out
[  859.644389][   T94] null_blk: rq ffffaf801aea1500 timed out
[  859.646371][   T94] null_blk: rq ffffaf801aea1680 timed out
[  859.648416][   T94] null_blk: rq ffffaf801aea1800 timed out
[  859.652024][   T94] null_blk: rq ffffaf801aea1980 timed out
[  859.653987][   T94] null_blk: rq ffffaf801aea1b00 timed out
[  859.655938][   T94] null_blk: rq ffffaf801aea1c80 timed out
[  859.657854][   T94] null_blk: rq ffffaf801aea1e00 timed out
[  859.661305][   T94] null_blk: rq ffffaf801aea1f80 timed out
[  859.663280][   T94] null_blk: rq ffffaf801aea2100 timed out
[  859.665219][   T94] null_blk: rq ffffaf801aea2280 timed out
[  859.667206][   T94] null_blk: rq ffffaf801aea2400 timed out
[  859.669217][   T94] null_blk: rq ffffaf801aea2580 timed out
[  859.672039][   T94] null_blk: rq ffffaf801aea2700 timed out
[  859.673963][   T94] null_blk: rq ffffaf801aea2880 timed out
[  859.675915][   T94] null_blk: rq ffffaf801aea2a00 timed out
[  859.677799][   T94] null_blk: rq ffffaf801aea2b80 timed out
[  859.680429][   T94] null_blk: rq ffffaf801aea2d00 timed out
[  859.682348][   T94] null_blk: rq ffffaf801aea2e80 timed out
[  859.684273][   T94] null_blk: rq ffffaf801aea3000 timed out
[  863.302395][   T10] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  863.543203][   T10] usb 1-1: Using ep0 maxpacket: 16
[  863.743320][   T10] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  863.745357][   T10] usb 1-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  863.746560][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  863.846585][   T10] usb 1-1: config 0 descriptor??
[  864.426509][   T10] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input0
[  870.453975][ T4147] bcm5974 1-1:0.0: could not read from device
[  870.812302][ T3828] usb 1-1: USB disconnect, device number 7
[  885.442119][ T4178] netlink: 48 bytes leftover after parsing attributes in process `syz.0.68'.
[  885.595798][ T4178] netlink: 48 bytes leftover after parsing attributes in process `syz.0.68'.
[  904.160701][ T4189] netlink: 48 bytes leftover after parsing attributes in process `syz.0.73'.
[  904.186424][ T4189] netlink: 48 bytes leftover after parsing attributes in process `syz.0.73'.
[  919.533817][ T4198] netlink: 48 bytes leftover after parsing attributes in process `syz.0.78'.
[  919.629009][ T4198] netlink: 48 bytes leftover after parsing attributes in process `syz.0.78'.
[  924.473341][   T35] audit: type=1326 audit(923.590:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4199 comm="syz.0.79" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb906 code=0x7ffc0000
[  924.492971][   T35] audit: type=1326 audit(923.640:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4199 comm="syz.0.79" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb906 code=0x7ffc0000
[  924.757858][   T35] audit: type=1326 audit(923.910:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4199 comm="syz.0.79" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdb906 code=0x7ffc0000
[  924.821353][   T35] audit: type=1326 audit(923.970:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4199 comm="syz.0.79" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb906 code=0x7ffc0000
[  924.846478][   T35] audit: type=1326 audit(924.000:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4199 comm="syz.0.79" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdb906 code=0x7ffc0000
[  924.871416][   T35] audit: type=1326 audit(924.000:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4199 comm="syz.0.79" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb906 code=0x7ffc0000
[  924.901149][   T35] audit: type=1326 audit(924.020:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4199 comm="syz.0.79" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb906 code=0x7ffc0000
[  924.903223][   T35] audit: type=1326 audit(924.040:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4199 comm="syz.0.79" exe="/syz-executor" sig=0 arch=c00000f3 syscall=177 compat=0 ip=0xdb906 code=0x7ffc0000
[  924.904927][   T35] audit: type=1326 audit(924.040:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4199 comm="syz.0.79" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb906 code=0x7ffc0000
[  932.598345][   T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  933.218736][   T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  934.328573][   T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  935.174507][   T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  945.157261][ T4236] netlink: 28 bytes leftover after parsing attributes in process `syz.0.83'.
[  949.394662][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  949.553540][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  949.644158][   T13] bond0 (unregistering): Released all slaves
[  951.648845][   T13] hsr_slave_0: left promiscuous mode
[  951.751308][   T13] hsr_slave_1: left promiscuous mode
[  952.372590][   T13] veth1_macvtap: left allmulticast mode
[  952.378649][   T13] veth1_macvtap: left promiscuous mode
[  952.413455][   T13] veth0_macvtap: left promiscuous mode
[  952.428600][   T13] veth1_vlan: left promiscuous mode
[  952.450504][   T13] veth0_vlan: left promiscuous mode
[ 1015.712805][ T4203] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1015.798551][ T4203] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1028.743409][  T926] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[ 1029.275656][  T926] usb 1-1: config 0 has no interfaces?
[ 1029.584315][  T926] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1029.586493][  T926] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1029.588307][  T926] usb 1-1: Product: syz
[ 1029.605312][  T926] usb 1-1: Manufacturer: syz
[ 1029.607179][  T926] usb 1-1: SerialNumber: syz
[ 1029.855395][  T926] usb 1-1: config 0 descriptor??
[ 1033.889224][ T4203] hsr_slave_0: entered promiscuous mode
[ 1033.992154][ T4203] hsr_slave_1: entered promiscuous mode
[ 1049.628830][ T4203] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1049.985900][ T4203] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1050.228084][ T4203] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1050.484359][ T4203] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1079.576883][ T4203] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1145.856379][ T3858] usb 1-1: USB disconnect, device number 8
[ 1150.632026][ T4210] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1151.358134][ T4614] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1151.714944][ T4210] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1152.066696][ T4614] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1153.571656][ T4210] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1155.906569][ T4210] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1158.987509][ T4203] veth0_vlan: entered promiscuous mode
[ 1165.829121][ T4210] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1166.111917][ T4210] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1166.267162][ T4210] bond0 (unregistering): Released all slaves
[ 1167.163161][ T4210] hsr_slave_0: left promiscuous mode
[ 1167.217638][ T4210] hsr_slave_1: left promiscuous mode
[ 1167.773275][ T4210] veth1_macvtap: left promiscuous mode
[ 1167.776621][ T4210] veth0_macvtap: left promiscuous mode
[ 1167.802391][ T4210] veth1_vlan: left promiscuous mode
[ 1185.912912][ T4203] veth1_vlan: entered promiscuous mode
[ 1189.368608][ T4203] veth0_macvtap: entered promiscuous mode
[ 1189.569106][ T4203] veth1_macvtap: entered promiscuous mode
[ 1192.037198][ T4203] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1192.051435][ T4203] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1192.053706][ T4203] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1192.055549][ T4203] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1197.202226][ T4614] hsr_slave_0: entered promiscuous mode
[ 1197.279186][ T4614] hsr_slave_1: entered promiscuous mode
[ 1197.354413][ T4614] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1197.357110][ T4614] Cannot create hsr debugfs directory
[ 1208.911791][ T4614] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1209.293875][ T4614] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1209.535466][ T4614] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1209.738793][ T4614] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1228.577877][ T4614] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1311.758906][ T4614] veth0_vlan: entered promiscuous mode
[ 1313.125157][ T4614] veth1_vlan: entered promiscuous mode
[ 1316.255829][ T4614] veth0_macvtap: entered promiscuous mode
[ 1316.811306][ T4614] veth1_macvtap: entered promiscuous mode
[ 1319.897599][ T4614] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1319.950889][ T4614] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1319.953302][ T4614] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1319.955359][ T4614] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1338.038061][ T3872] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[ 1338.288783][ T3872] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1341.958532][ T5059] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1342.578403][ T5059] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1350.774407][ T5287] netlink: 8 bytes leftover after parsing attributes in process `syz.3.90'.
[ 1358.828893][ T5295] fuse: Bad value for 'fd'
[ 1383.051902][ T4210] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1389.682706][ T4210] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1394.173007][ T4210] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1396.266729][ T4210] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1397.138721][ T5059] hsr_slave_0: entered promiscuous mode
[ 1397.237608][ T5059] hsr_slave_1: entered promiscuous mode
[ 1397.314352][ T5059] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1397.316427][ T5059] Cannot create hsr debugfs directory
[ 1398.867444][ T5375] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1399.065071][ T5375] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1416.679283][ T4210] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1416.838838][ T4210] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1417.061932][ T4210] bond0 (unregistering): Released all slaves
[ 1418.392838][ T4210] hsr_slave_0: left promiscuous mode
[ 1418.477296][ T4210] hsr_slave_1: left promiscuous mode
[ 1418.795988][ T4210] veth1_macvtap: left promiscuous mode
[ 1418.798356][ T4210] veth0_macvtap: left promiscuous mode
[ 1418.831478][ T4210] veth1_vlan: left promiscuous mode
[ 1418.834092][ T4210] veth0_vlan: left promiscuous mode
[ 1469.116587][ T5059] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1469.313618][ T5059] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1469.794664][ T5059] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1470.226527][ T5059] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1505.258447][ T5059] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1536.223735][ T5531] binder: 5529:5531 ioctl c0306201 200000000240 returned -11
[ 1540.384581][ T5537] netlink: 48 bytes leftover after parsing attributes in process `syz.3.104'.
[ 1558.692254][ T5551] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1558.798528][ T5551] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1570.665444][ T5565] binder: 5563:5565 ioctl c0306201 200000000240 returned -11
[ 1592.961232][ T5593] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1592.968611][ T5593] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1593.825982][ T5059] veth0_vlan: entered promiscuous mode
[ 1595.110149][ T5059] veth1_vlan: entered promiscuous mode
[ 1597.590010][ T5059] veth0_macvtap: entered promiscuous mode
[ 1597.877471][ T5059] veth1_macvtap: entered promiscuous mode
[ 1601.876124][ T5059] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1601.878610][ T5059] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1601.916977][ T5059] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1601.919038][ T5059] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1623.846713][   T25] null_blk: rq ffffaf801aea3000 timed out
[ 1623.849073][   T25] blk_print_req_error: 23 callbacks suppressed
[ 1623.854505][   T25] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 0
[ 1623.858232][   T25] null_blk: rq ffffaf801aea3180 timed out
[ 1623.861743][   T25] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 0
[ 1623.864396][   T25] null_blk: rq ffffaf801aea3300 timed out
[ 1623.866031][   T25] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 0
[ 1623.868585][   T25] null_blk: rq ffffaf801aea3480 timed out
[ 1623.871733][   T25] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 0
[ 1623.874994][   T25] null_blk: rq ffffaf801aea3600 timed out
[ 1623.876604][   T25] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 0
[ 1623.879132][   T25] null_blk: rq ffffaf801aea3780 timed out
[ 1623.904080][   T25] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 0
[ 1623.906927][   T25] null_blk: rq ffffaf801aea3900 timed out
[ 1623.908556][   T25] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 0
[ 1623.913351][   T25] null_blk: rq ffffaf801aea3a80 timed out
[ 1623.915137][   T25] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 0
[ 1623.917686][   T25] null_blk: rq ffffaf801aea3c00 timed out
[ 1623.920465][   T25] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 0
[ 1623.923185][   T25] null_blk: rq ffffaf801aea3d80 timed out
[ 1623.924844][   T25] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 0
[ 1623.927431][   T25] null_blk: rq ffffaf801aea3f00 timed out
[ 1623.933805][   T25] null_blk: rq ffffaf801aea4080 timed out
[ 1645.666617][ T5624] x_tables: ip_tables: osf match: only valid for protocol 6
[ 1661.101728][ T5627] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1661.193199][ T5627] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1687.407521][ T5641] ptm ptm0: ldisc open failed (-12), clearing slot 0
[ 1696.715120][ T5649] binder: 5648:5649 ioctl c0306201 200000000240 returned -11
[ 1697.048546][ T5653] netlink: 48 bytes leftover after parsing attributes in process `syz.3.119'.
[ 1697.189091][ T5653] netlink: 48 bytes leftover after parsing attributes in process `syz.3.119'.
[ 1715.035640][ T5670] netlink: 48 bytes leftover after parsing attributes in process `syz.3.125'.
[ 1715.067333][ T5670] netlink: 48 bytes leftover after parsing attributes in process `syz.3.125'.
[ 1724.970605][ T5677] binder: 5676:5677 ioctl c0306201 200000000240 returned -11
[ 1728.055805][ T5681] netlink: 48 bytes leftover after parsing attributes in process `syz.3.130'.
[ 1728.215235][ T5681] netlink: 48 bytes leftover after parsing attributes in process `syz.3.130'.
[ 1761.377478][ T5696] netlink: 48 bytes leftover after parsing attributes in process `syz.4.135'.
[ 1761.607123][ T5696] netlink: 48 bytes leftover after parsing attributes in process `syz.4.135'.
[ 1898.115641][ T5784] netlink: 4 bytes leftover after parsing attributes in process `syz.4.156'.
[ 1923.379130][ T5807] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 1949.625754][ T5820] Driver unsupported XDP return value 0 on prog  (id 30) dev N/A, expect packet loss!
[ 1993.917682][ T5828] binder_alloc: 5826: binder_alloc_buf, no vma
[ 1994.026282][ T5828] binder: 5826:5828 ioctl c0306201 200000000240 returned -11
[ 1999.593305][ T4210] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2001.056093][ T4210] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2002.446422][ T4210] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2003.972913][ T4210] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2022.100509][ T4210] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2022.498221][ T4210] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2022.894524][ T4210] bond0 (unregistering): Released all slaves
[ 2025.436851][ T4210] hsr_slave_0: left promiscuous mode
[ 2025.545220][ T4210] hsr_slave_1: left promiscuous mode
[ 2026.310291][ T4210] veth1_macvtap: left promiscuous mode
[ 2026.337337][ T4210] veth0_macvtap: left promiscuous mode
[ 2026.375999][ T4210] veth1_vlan: left promiscuous mode
[ 2026.407370][ T4210] veth0_vlan: left promiscuous mode
[ 2116.280735][    C0] hrtimer: interrupt took 8763100 ns
[ 2130.179250][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2130.598394][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2173.055931][ T5827] hsr_slave_0: entered promiscuous mode
[ 2173.117581][ T5827] hsr_slave_1: entered promiscuous mode
[ 2190.714242][ T6198] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2190.873837][ T6198] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2192.440985][ T6198] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2192.534309][ T6198] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2196.483526][ T5827] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 2197.094275][ T5827] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 2197.732034][ T5827] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 2198.247365][ T5827] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 2254.547503][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2299.276060][ T6298] netlink: 40 bytes leftover after parsing attributes in process `syz.3.189'.
[ 2464.847737][ T5827] veth0_vlan: entered promiscuous mode
[ 2467.476031][ T5827] veth1_vlan: entered promiscuous mode
[ 2473.716532][ T5827] veth0_macvtap: entered promiscuous mode
[ 2475.214550][ T5827] veth1_macvtap: entered promiscuous mode
[ 2480.336342][ T5827] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2480.352633][ T5827] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2480.355773][ T5827] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2480.361676][ T5827] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2495.556089][ T6390] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2495.614103][ T6390] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2520.394814][ T6399] netlink: 4 bytes leftover after parsing attributes in process `syz.5.202'.
[ 2623.033465][ T6450] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2623.134327][ T6450] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2664.493769][ T6468] netlink: 4 bytes leftover after parsing attributes in process `syz.5.226'.
[ 2664.566249][ T6467] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2664.722931][ T6467] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2666.045799][ T6467] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2666.206444][ T6467] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2699.430691][   T35] audit: type=1326 audit(2698.510:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6506 comm="syz.3.233" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb906 code=0x7ffc0000
[ 2699.530742][   T35] audit: type=1326 audit(2698.670:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6506 comm="syz.3.233" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb906 code=0x7ffc0000
[ 2700.015394][   T35] audit: type=1326 audit(2699.150:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6506 comm="syz.3.233" exe="/syz-executor" sig=0 arch=c00000f3 syscall=449 compat=0 ip=0xdb906 code=0x7ffc0000
[ 2700.065495][   T35] audit: type=1326 audit(2699.190:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6506 comm="syz.3.233" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb906 code=0x7ffc0000
[ 2700.102488][   T35] audit: type=1326 audit(2699.250:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6506 comm="syz.3.233" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb906 code=0x7ffc0000
[ 2708.434365][   T35] audit: type=1326 audit(5285.570:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6510 comm="syz.3.234" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0xdb906 code=0x0
[ 2748.048103][ T6537] syz_tun: entered promiscuous mode
[ 2748.430309][ T6537] batadv_slave_0: entered promiscuous mode
[ 2755.066253][ T6545] netlink: 8 bytes leftover after parsing attributes in process `syz.3.241'.
[ 2790.714621][ T6560] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2792.206334][ T6560] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2834.097928][ T6575] netlink: 104 bytes leftover after parsing attributes in process `syz.5.251'.
[ 2843.018919][ T6577] netlink: 'syz.5.252': attribute type 1 has an invalid length.
[ 2848.288476][ T6578] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[ 2848.347237][ T6364] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[ 2848.560108][ T6364] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[ 2849.283536][ T6580] 8021q: adding VLAN 0 to HW filter on device bond1
[ 2852.617025][ T6609] veth3: entered promiscuous mode
[ 2852.987932][ T6609] bond1: (slave veth3): Enslaving as a backup interface with a down link
[ 2854.784963][ T6577] bond0: (slave bond_slave_0): Releasing backup interface
[ 2856.444110][ T6577] bond0: (slave bond_slave_1): Releasing backup interface
[ 2858.623052][ T6577] bond1: (slave ip6gretap1): Removing an active aggregator
[ 2858.683936][ T6616] bond1: Warning: Found an uninitialized port
[ 2859.087820][ T6577] bond1: (slave ip6gretap1): Releasing backup interface
[ 2859.090018][ T6577] bond1: (slave ip6gretap1): the permanent HWaddr of slave - 42:66:eb:17:f3:28 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[ 2859.965551][ T6630] bond1: Warning: Found an uninitialized port
[ 2860.005765][ T6577] bond1: (slave veth3): Releasing backup interface
[ 2898.349365][ T6567] syz_tun (unregistering): left promiscuous mode
[ 2901.287579][ T6630] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2902.359533][ T6630] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2904.308770][ T6630] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2906.554748][ T6630] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2921.119525][  T855] block nbd0: Receive control failed (result -32)
[ 2926.699516][ T6630] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2927.227977][ T6630] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2927.591821][ T6630] bond0 (unregistering): Released all slaves
[ 2929.665767][ T6630] batadv_slave_0: left promiscuous mode
[ 2930.100286][ T6630] hsr_slave_0: left promiscuous mode
[ 2930.225245][ T6630] hsr_slave_1: left promiscuous mode
[ 2930.700587][ T6630] veth1_macvtap: left promiscuous mode
[ 2930.705155][ T6630] veth0_macvtap: left promiscuous mode
[ 2930.726517][ T6630] veth1_vlan: left promiscuous mode
[ 2930.732962][ T6630] veth0_vlan: left promiscuous mode
[ 2932.398697][ T6690] syz.5.260 uses obsolete (PF_INET,SOCK_PACKET)
[ 2979.219644][ T6680] block nbd1: Receive control failed (result -32)
[ 2987.702270][ T6790] batadv_slave_0: entered promiscuous mode
[ 2988.055139][ T6790] netlink: 16 bytes leftover after parsing attributes in process `syz.5.263'.
[ 3005.397334][ T6633] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3006.029659][ T6633] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3015.137468][ T6882] nbd: must specify a size in bytes for the device
[ 3037.284598][ T6633] hsr_slave_0: entered promiscuous mode
[ 3037.327259][ T6633] hsr_slave_1: entered promiscuous mode
[ 3037.368536][ T6633] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 3037.411313][ T6633] Cannot create hsr debugfs directory
[ 3058.046424][ T6633] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 3058.631223][ T6633] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 3059.055092][ T6633] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 3059.631713][ T6633] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 3100.121196][ T6633] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3148.136079][ T7110] netlink: 'syz.5.279': attribute type 11 has an invalid length.
[ 3160.711894][ T6633] veth0_vlan: entered promiscuous mode
[ 3161.564451][ T6633] veth1_vlan: entered promiscuous mode
[ 3165.334715][ T6633] veth0_macvtap: entered promiscuous mode
[ 3165.913297][ T6633] veth1_macvtap: entered promiscuous mode
[ 3169.613445][ T6633] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3169.627233][ T6633] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3169.629466][ T6633] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3169.631748][ T6633] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3222.892645][ T7148] netlink: 44 bytes leftover after parsing attributes in process `syz.5.290'.
[ 3245.014398][ T7163] batadv_slave_0: entered promiscuous mode
[ 3249.211161][ T7163] pimreg: entered allmulticast mode
[ 3249.660249][ T7167] pimreg: left allmulticast mode
[ 3253.408853][ T7162] batadv_slave_0: left promiscuous mode
[ 3372.939163][ T7237] pimreg: entered allmulticast mode
[ 3374.547129][ T7234] netlink: 'syz.5.312': attribute type 10 has an invalid length.
[ 3393.688060][ T7254] netlink: 'syz.6.316': attribute type 13 has an invalid length.
[ 3393.690144][ T7254] netlink: 'syz.6.316': attribute type 17 has an invalid length.
[ 3460.827532][ T7274] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3461.348849][ T7274] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3462.501047][ T7274] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3462.609685][ T7274] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3513.328586][ T7363] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3513.359507][ T7363] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3514.166011][ T7363] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3514.272527][ T7363] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3545.994200][ T7271] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3546.331546][ T7271] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3591.570137][ T7271] hsr_slave_0: entered promiscuous mode
[ 3591.948823][ T7271] hsr_slave_1: entered promiscuous mode
[ 3592.005288][ T7271] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 3592.008610][ T7271] Cannot create hsr debugfs directory
[ 3598.358809][ T7578] netlink: 96 bytes leftover after parsing attributes in process `syz.6.333'.
[ 3606.513802][ T7616] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3606.864276][ T7616] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3624.465395][ T7271] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 3624.836560][ T7271] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 3625.187459][ T7271] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 3625.843490][ T7271] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 3646.575159][ T7659] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3646.629658][ T7659] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3652.185191][ T7271] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3688.464245][ T7684] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3688.501715][ T7684] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3748.745734][ T7271] veth0_vlan: entered promiscuous mode
[ 3748.790247][    C1] vcan0: j1939_tp_rxtimer: 0xffffaf80215bc000: rx timeout, send abort
[ 3748.798302][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffffaf80215bc000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[ 3749.126000][ T7271] veth1_vlan: entered promiscuous mode
[ 3750.075291][    C1] vcan0: j1939_tp_rxtimer: 0xffffaf801c3cd000: rx timeout, send abort
[ 3750.083639][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffffaf801c3cd000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[ 3751.980229][ T7271] veth0_macvtap: entered promiscuous mode
[ 3752.605039][ T7271] veth1_macvtap: entered promiscuous mode
[ 3757.205403][ T7271] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3757.240296][ T7271] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3757.241473][ T7271] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3757.242632][ T7271] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3822.704192][ T7779] netlink: 316 bytes leftover after parsing attributes in process `syz.6.365'.
[ 3844.134509][    C0] vcan0: j1939_tp_rxtimer: 0xffffaf802eac0400: rx timeout, send abort
[ 3844.152708][ T7789] netlink: 4 bytes leftover after parsing attributes in process `syz.7.368'.
[ 3866.650395][ T7801] netlink: 28 bytes leftover after parsing attributes in process `syz.7.372'.
[ 4017.368674][ T7867] netlink: 8 bytes leftover after parsing attributes in process `syz.7.391'.
[ 4058.982198][ T7879] xt_hashlimit: size too large, truncated to 1048576
[ 4061.743519][ T7880] syz_tun: entered allmulticast mode
[ 4064.955590][ T7877] syz_tun: left allmulticast mode
[ 4116.528716][ T7899] netlink: 28 bytes leftover after parsing attributes in process `syz.6.402'.
[ 4127.538538][ T7883] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[ 4127.988409][ T7883] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 4163.323381][ T6530] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[ 4163.566883][ T6530] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 4163.803602][ T7923] netlink: 28 bytes leftover after parsing attributes in process `syz.6.408'.
[ 4196.866155][ T6456] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[ 4197.238458][ T6456] hid-generic 0000:0000:0000.0005: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 4199.585220][ T7950] netlink: 28 bytes leftover after parsing attributes in process `syz.7.414'.
[ 4211.338130][ T7957] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 4211.571725][ T7957] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 4244.117864][ T7975] netlink: 28 bytes leftover after parsing attributes in process `syz.6.420'.
[ 4248.999512][ T6968] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[ 4249.221154][ T6968] hid-generic 0000:0000:0000.0006: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 4281.315453][ T7994] veth1_to_bond: default FDB implementation only supports local addresses
[ 4288.341874][ T7997] netlink: 28 bytes leftover after parsing attributes in process `syz.6.426'.
[ 4293.900903][ T6456] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[ 4294.264539][ T6456] hid-generic 0000:0000:0000.0007: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 4324.642057][ T8027] netlink: 8 bytes leftover after parsing attributes in process `syz.7.431'.
[ 4340.623332][ T5027] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[ 4341.061797][ T5027] hid-generic 0000:0000:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 4376.416758][ T8058] netlink: 8 bytes leftover after parsing attributes in process `syz.7.437'.
[ 4409.776638][ T8069] xt_hashlimit: size too large, truncated to 1048576
[ 4436.580228][ T8080] netlink: 8 bytes leftover after parsing attributes in process `syz.6.443'.
[ 4483.058570][ T8093] syzkaller1: entered promiscuous mode
[ 4483.061756][ T8093] syzkaller1: entered allmulticast mode
[ 4511.584180][ T8110] netlink: 8 bytes leftover after parsing attributes in process `syz.7.449'.
[ 4520.998328][ T8117] netlink: 4 bytes leftover after parsing attributes in process `syz.7.449'.
[ 4541.103946][ T8124] binder: 8123:8124 ioctl c0306201 200000000240 returned -11
[ 4554.320541][ T8140] syz.7.455: attempt to access beyond end of device
[ 4554.320541][ T8140] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 4560.494314][ T8144] binder: 8143:8144 ioctl c0306201 200000000240 returned -11
[ 4619.030681][ T8192] fuse: Bad value for 'fd'
[ 4739.723198][ T8242] infiniband syz1: set down
[ 4739.740186][ T8242] infiniband syz1: added ipvlan1
[ 4740.109353][ T8242] syz1: rxe_create_cq: returned err = -12
[ 4740.121539][ T8242] infiniband syz1: Couldn't create ib_mad CQ
[ 4740.142220][ T8242] infiniband syz1: Couldn't open port 1
[ 4742.740441][ T8242] RDS/IB: syz1: added
[ 4742.767865][ T8242] smc: adding ib device syz1 with port count 1
[ 4742.771649][ T8242] smc:    ib device syz1 port 1 has pnetid 
[ 4746.302201][ T6630] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4748.262277][ T6630] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4751.087140][ T6630] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4753.238178][ T6630] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4792.757610][ T6630] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 4793.592016][ T6630] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 4794.344592][ T6630] bond0 (unregistering): Released all slaves
[ 4873.108151][ T6630] hsr_slave_0: left promiscuous mode
[ 4874.198469][ T6630] hsr_slave_1: left promiscuous mode
[ 4874.889337][ T6630] veth1_macvtap: left promiscuous mode
[ 4874.894754][ T6630] veth0_macvtap: left promiscuous mode
[ 4874.920288][ T6630] veth1_vlan: left promiscuous mode
[ 4874.935905][ T6630] veth0_vlan: left promiscuous mode
[ 4939.156714][ T6630] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4941.460386][ T6630] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4943.533197][ T6630] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4947.875096][ T6630] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 4968.324846][ T6630] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 4968.644975][ T6630] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 4968.933161][ T6630] bond0 (unregistering): Released all slaves
[ 4982.544880][ T6630] hsr_slave_0: left promiscuous mode
[ 4982.585614][ T6630] hsr_slave_1: left promiscuous mode
[ 4982.834702][ T6630] veth1_macvtap: left promiscuous mode
[ 4982.837702][ T6630] veth0_macvtap: left promiscuous mode
[ 4982.841143][ T6630] veth1_vlan: left promiscuous mode
[ 4982.843279][ T6630] veth0_vlan: left promiscuous mode
[ 4994.083850][ T5714] smc: removing ib device syz1
[ 5020.239266][ T7876] ==================================================================
[ 5020.243155][ T7876] BUG: KASAN: slab-use-after-free in __ethtool_get_link_ksettings+0x182/0x198
[ 5020.250735][ T7876] Read of size 8 at addr ffffaf802f6ce2e8 by task kworker/0:4/7876
[ 5020.253010][ T7876] 
[ 5020.255975][ T7876] CPU: 0 UID: 0 PID: 7876 Comm: kworker/0:4 Not tainted 6.16.0-rc1-syzkaller-g306e57988197 #0 PREEMPT 
[ 5020.256900][ T7876] Hardware name: riscv-virtio,qemu (DT)
[ 5020.257558][ T7876] Workqueue: events smc_ib_port_event_work
[ 5020.258510][ T7876] Call Trace:
[ 5020.258879][ T7876] [<ffffffff80078bbe>] dump_backtrace+0x2e/0x3c
[ 5020.259480][ T7876] [<ffffffff8000327a>] show_stack+0x30/0x3c
[ 5020.259900][ T7876] [<ffffffff8006103e>] dump_stack_lvl+0x12e/0x1a6
[ 5020.260492][ T7876] [<ffffffff8000ef70>] print_report+0x28e/0x5fe
[ 5020.261019][ T7876] [<ffffffff80af393a>] kasan_report+0xf0/0x214
[ 5020.261451][ T7876] [<ffffffff80af59d2>] __asan_report_load8_noabort+0x12/0x1a
[ 5020.261935][ T7876] [<ffffffff854c8a2c>] __ethtool_get_link_ksettings+0x182/0x198
[ 5020.262505][ T7876] [<ffffffff83210e12>] ipvlan_ethtool_get_link_ksettings+0x46/0x5c
[ 5020.263255][ T7876] [<ffffffff854c89a2>] __ethtool_get_link_ksettings+0xf8/0x198
[ 5020.263860][ T7876] [<ffffffff845872ea>] ib_get_eth_speed+0x13a/0xb9c
[ 5020.264458][ T7876] [<ffffffff847eeb3e>] rxe_query_port+0x124/0x2e6
[ 5020.264920][ T7876] [<ffffffff845a1c32>] ib_query_port+0x3f2/0x862
[ 5020.265369][ T7876] [<ffffffff85faab48>] smc_ib_port_event_work+0x140/0xb88
[ 5020.265886][ T7876] [<ffffffff801bd390>] process_one_work+0x96a/0x1f32
[ 5020.266408][ T7876] [<ffffffff801c04a0>] worker_thread+0x5ce/0xde8
[ 5020.266926][ T7876] [<ffffffff801ddcbc>] kthread+0x39c/0x7d4
[ 5020.267344][ T7876] [<ffffffff8006977a>] ret_from_fork_kernel+0x2a/0xbb2
[ 5020.267789][ T7876] [<ffffffff863251ea>] ret_from_fork_kernel_asm+0x16/0x18
[ 5020.268521][ T7876] 
[ 5020.301154][ T7876] Allocated by task 7271:
[ 5020.302338][ T7876]  stack_trace_save+0xa0/0xd2
[ 5020.303676][ T7876]  kasan_save_stack+0x3e/0x6a
[ 5020.304755][ T7876]  kasan_save_track+0x16/0x28
[ 5020.306080][ T7876]  kasan_save_alloc_info+0x30/0x3e
[ 5020.308067][ T7876]  __kasan_kmalloc+0xa0/0xa6
[ 5020.309840][ T7876]  __kvmalloc_node_noprof+0x27a/0x6ac
[ 5020.312039][ T7876]  alloc_netdev_mqs+0xcc/0x11da
[ 5020.314106][ T7876]  rtnl_create_link+0xb2a/0xe54
[ 5020.316093][ T7876]  rtnl_newlink+0xb54/0x1d78
[ 5020.317969][ T7876]  rtnetlink_rcv_msg+0x9e2/0xdbe
[ 5020.319983][ T7876]  netlink_rcv_skb+0x206/0x3be
[ 5020.321862][ T7876]  rtnetlink_rcv+0x26/0x30
[ 5020.323876][ T7876]  netlink_unicast+0x4f0/0x82c
[ 5020.325727][ T7876]  netlink_sendmsg+0x85e/0xdd6
[ 5020.327952][ T7876]  __sock_sendmsg+0xcc/0x160
[ 5020.330011][ T7876]  __sys_sendto+0x27a/0x34e
[ 5020.332094][ T7876]  __riscv_sys_sendto+0xc0/0x158
[ 5020.334327][ T7876]  syscall_handler+0x94/0x118
[ 5020.337103][ T7876]  do_trap_ecall_u+0x396/0x530
[ 5020.339612][ T7876]  handle_exception+0x146/0x152
[ 5020.341794][ T7876] 
[ 5020.343094][ T7876] Freed by task 6630:
[ 5020.345373][ T7876]  stack_trace_save+0xa0/0xd2
[ 5020.347622][ T7876]  kasan_save_stack+0x3e/0x6a
[ 5020.349644][ T7876]  kasan_save_track+0x16/0x28
[ 5020.351733][ T7876]  kasan_save_free_info+0x40/0x5a
[ 5020.354218][ T7876]  __kasan_slab_free+0x4e/0x68
[ 5020.356459][ T7876]  kfree+0x252/0x4da
[ 5020.357915][ T7876]  kvfree+0x28/0x32
[ 5020.359913][ T7876]  netdev_release+0x84/0xb0
[ 5020.362050][ T7876]  device_release+0x90/0x21c
[ 5020.364555][ T7876]  kobject_put+0x238/0x4f0
[ 5020.366997][ T7876]  netdev_run_todo+0x6a6/0x10b4
[ 5020.369233][ T7876]  rtnl_unlock+0x14/0x1c
[ 5020.370332][ T7876]  default_device_exit_batch+0x67c/0x8b0
[ 5020.371609][ T7876]  ops_undo_list+0x3e8/0x9dc
[ 5020.372834][ T7876]  cleanup_net+0x3e0/0x7ce
[ 5020.373931][ T7876]  process_one_work+0x96a/0x1f32
[ 5020.375129][ T7876]  worker_thread+0x5ce/0xde8
[ 5020.376321][ T7876]  kthread+0x39c/0x7d4
[ 5020.377747][ T7876]  ret_from_fork_kernel+0x2a/0xbb2
[ 5020.379708][ T7876]  ret_from_fork_kernel_asm+0x16/0x18
[ 5020.381062][ T7876] 
[ 5020.382280][ T7876] The buggy address belongs to the object at ffffaf802f6ce000
[ 5020.382280][ T7876]  which belongs to the cache kmalloc-cg-4k of size 4096
[ 5020.387661][ T7876] The buggy address is located 744 bytes inside of
[ 5020.387661][ T7876]  freed 4096-byte region [ffffaf802f6ce000, ffffaf802f6cf000)
[ 5020.389504][ T7876] 
[ 5020.390413][ T7876] The buggy address belongs to the physical page:
[ 5020.392205][ T7876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xaf6c8
[ 5020.394434][ T7876] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 5020.396105][ T7876] memcg:ffffaf801c1f0841
[ 5020.397216][ T7876] anon flags: 0xffe000000000040(head|node=0|zone=0|lastcpupid=0x7ff)
[ 5020.399371][ T7876] page_type: f5(slab)
[ 5020.401734][ T7876] raw: 0ffe000000000040 ffffaf80114093c0 0000000000000000 0000000000000001
[ 5020.403526][ T7876] raw: 0000000000000000 0000000000040004 00000000f5000000 ffffaf801c1f0841
[ 5020.406925][ T7876] head: 0ffe000000000040 ffffaf80114093c0 0000000000000000 0000000000000001
[ 5020.410093][ T7876] head: 0000000000000000 0000000000040004 00000000f5000000 ffffaf801c1f0841
[ 5020.412179][ T7876] head: 0ffe000000000003 ffff8d8000bdb201 00000000ffffffff 00000000ffffffff
[ 5020.413291][ T7876] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 5020.415784][ T7876] page dumped because: kasan: bad access detected
[ 5020.418444][ T7876] page_owner tracks the page as allocated
[ 5020.420425][ T7876] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 7271, tgid 7271 (syz-executor), ts 3529754807600, free_ts 3527504387600
[ 5020.427082][ T7876]  __set_page_owner+0x94/0x4a8
[ 5020.429299][ T7876]  post_alloc_hook+0xdc/0x1ba
[ 5020.431453][ T7876]  get_page_from_freelist+0x880/0x3660
[ 5020.433912][ T7876]  __alloc_frozen_pages_noprof+0x22e/0x2124
[ 5020.436254][ T7876]  alloc_pages_mpol+0x1fa/0x5ba
[ 5020.438267][ T7876]  alloc_frozen_pages_noprof+0x174/0x2f0
[ 5020.440543][ T7876]  new_slab+0x26e/0x34c
[ 5020.442336][ T7876]  ___slab_alloc+0xb64/0x1214
[ 5020.444509][ T7876]  __slab_alloc.constprop.0+0x60/0xb0
[ 5020.445772][ T7876]  __kmalloc_noprof+0x1c8/0x584
[ 5020.446969][ T7876]  __register_sysctl_table+0xcc/0x1600
[ 5020.448091][ T7876]  register_net_sysctl_sz+0x26a/0x416
[ 5020.449072][ T7876]  __addrconf_sysctl_register+0x1b8/0x34a
[ 5020.449818][ T7876]  addrconf_sysctl_register+0x15a/0x1d8
[ 5020.450633][ T7876]  ipv6_add_dev+0xa52/0x15c0
[ 5020.451464][ T7876]  addrconf_notify+0x4b6/0x1878
[ 5020.452314][ T7876] page last free pid 7271 tgid 7271 stack trace:
[ 5020.452892][ T7876]  __reset_page_owner+0x78/0x1ba
[ 5020.453550][ T7876]  __free_frozen_pages+0x998/0x1580
[ 5020.454238][ T7876]  free_frozen_pages+0xe/0x16
[ 5020.454874][ T7876]  __free_slab+0xc6/0x17c
[ 5020.455596][ T7876]  free_slab+0x38/0x1ae
[ 5020.456206][ T7876]  __put_partials+0x178/0x1e6
[ 5020.456824][ T7876]  put_cpu_partial+0x17c/0x296
[ 5020.457466][ T7876]  __slab_free+0x1f6/0x34e
[ 5020.458082][ T7876]  ___cache_free+0x1a4/0x1de
[ 5020.458720][ T7876]  qlist_free_all+0x76/0x168
[ 5020.459593][ T7876]  kasan_quarantine_reduce+0x158/0x1ba
[ 5020.460486][ T7876]  __kasan_slab_alloc+0x5c/0x82
[ 5020.461505][ T7876]  kmem_cache_alloc_noprof+0x104/0x3d0
[ 5020.462682][ T7876]  __kernfs_new_node+0xfc/0x8e2
[ 5020.463720][ T7876]  kernfs_new_node+0x10e/0x1ac
[ 5020.464794][ T7876]  __kernfs_create_file+0x4e/0x33a
[ 5020.466116][ T7876] 
[ 5020.466618][ T7876] Memory state around the buggy address:
[ 5020.467676][ T7876]  ffffaf802f6ce180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 5020.468557][ T7876]  ffffaf802f6ce200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 5020.469684][ T7876] >ffffaf802f6ce280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 5020.470721][ T7876]                                                           ^
[ 5020.471810][ T7876]  ffffaf802f6ce300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 5020.472906][ T7876]  ffffaf802f6ce380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 5020.474249][ T7876] ==================================================================
[ 5020.566151][ T7876] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 5020.568860][ T7876] CPU: 0 UID: 0 PID: 7876 Comm: kworker/0:4 Not tainted 6.16.0-rc1-syzkaller-g306e57988197 #0 PREEMPT 
[ 5020.570556][ T7876] Hardware name: riscv-virtio,qemu (DT)
[ 5020.571799][ T7876] Workqueue: events smc_ib_port_event_work
[ 5020.575360][ T7876] Call Trace:
[ 5020.576286][ T7876] [<ffffffff80078bbe>] dump_backtrace+0x2e/0x3c
[ 5020.577685][ T7876] [<ffffffff8000327a>] show_stack+0x30/0x3c
[ 5020.579042][ T7876] [<ffffffff80061020>] dump_stack_lvl+0x110/0x1a6
[ 5020.580796][ T7876] [<ffffffff800610d2>] dump_stack+0x1c/0x24
[ 5020.582369][ T7876] [<ffffffff80003baa>] panic+0x38c/0x86a
[ 5020.584203][ T7876] [<ffffffff80142ab2>] check_panic_on_warn+0xc0/0xe4
[ 5020.585777][ T7876] [<ffffffff8000ec82>] end_report.part.0+0x4e/0xae
[ 5020.588250][ T7876] [<ffffffff80af3984>] kasan_report+0x13a/0x214
[ 5020.590644][ T7876] [<ffffffff80af59d2>] __asan_report_load8_noabort+0x12/0x1a
[ 5020.593734][ T7876] [<ffffffff854c8a2c>] __ethtool_get_link_ksettings+0x182/0x198
[ 5020.596697][ T7876] [<ffffffff83210e12>] ipvlan_ethtool_get_link_ksettings+0x46/0x5c
[ 5020.599459][ T7876] [<ffffffff854c89a2>] __ethtool_get_link_ksettings+0xf8/0x198
[ 5020.602425][ T7876] [<ffffffff845872ea>] ib_get_eth_speed+0x13a/0xb9c
[ 5020.605259][ T7876] [<ffffffff847eeb3e>] rxe_query_port+0x124/0x2e6
[ 5020.607989][ T7876] [<ffffffff845a1c32>] ib_query_port+0x3f2/0x862
[ 5020.610479][ T7876] [<ffffffff85faab48>] smc_ib_port_event_work+0x140/0xb88
[ 5020.612991][ T7876] [<ffffffff801bd390>] process_one_work+0x96a/0x1f32
[ 5020.614619][ T7876] [<ffffffff801c04a0>] worker_thread+0x5ce/0xde8
[ 5020.616126][ T7876] [<ffffffff801ddcbc>] kthread+0x39c/0x7d4
[ 5020.617370][ T7876] [<ffffffff8006977a>] ret_from_fork_kernel+0x2a/0xbb2
[ 5020.618832][ T7876] [<ffffffff863251ea>] ret_from_fork_kernel_asm+0x16/0x18
[ 5020.620748][ T7876] SMP: stopping secondary CPUs
[ 5020.624917][ T7876] Rebooting in 86400 seconds..

VM DIAGNOSIS:
10:12:46  Registers:
info registers vcpu 0

CPU#0
 V      =   0
 pc       ffffffff8000ed44
 mhartid  0000000000000000
 mstatus  0000000a000000a0
 hstatus  0000000200000000
 vsstatus 0000000a00000000
 mip      0000000000000222
 mie      000000000000022a
 mideleg  0000000000001666
 hideleg  0000000000000444
 medeleg  0000000000f0b509
 hedeleg  000000000000b109
 mtvec    00000000800004f0
 stvec    ffffffff86324f84
 vstvec   0000000000000000
 mepc     ffffffff8030b986
 sepc     ffffffff80a4d48a
 vsepc    0000000000000000
 mcause   8000000000000003
 scause   8000000000000005
 vscause  0000000000000000
 mtval    0000000000000000
 stval    0000000000000000
 htval    0000000000000000
 mtval2   0000000000000000
 mscratch 000000008004a000
 sscratch 0000000000000000
 satp     90748000000b4eca
 x0/zero  0000000000000000 x1/ra    ffffffff8000ed10 x2/sp    ffff8f80009c7580 x3/gp    ffffffff89c7e9c0
 x4/tp    ffffaf801e224ec0 x5/t0    ffff8f80009c7174 x6/t1    fffff5ef0dda4af2 x7/t2    4153414b203a4755
 x8/s0    ffff8f80009c7600 x9/s1    ffff8f80009c7610 x10/a0   ffffaf802f6ce2e8 x11/a1   ffffffff87c46e88
 x12/a2   0000000000000008 x13/a3   ffffffff803028e2 x14/a4   0000000000000000 x15/a5   0000000000000000
 x16/a6   0000000000000003 x17/a7   ffffaf806ed25793 x18/s2   ffffaf802f6ce2e8 x19/s3   0000000000000008
 x20/s4   ffffffff854c8a2c x21/s5   ffffaf80188db85a x22/s6   ffffaf80188db859 x23/s7   0000000000000001
 x24/s8   ffffffff89d88a80 x25/s9   0000000000000000 x26/s10  ffffaf80188db9a0 x27/s11  ffffaf80188db958
 x28/t3   ffffffff90e40f77 x29/t4   fffff5ef0dda4af2 x30/t5   fffff5ef0dda4af3 x31/t6   ffff8f80009c6f58
 fcsr     0000000000000000
 f0/ft0   0000000000000000 f1/ft1   0000000000000000 f2/ft2   0000000000000000 f3/ft3   0000000000000000
 f4/ft4   0000000000000000 f5/ft5   0000000000000000 f6/ft6   0000000000000000 f7/ft7   0000000000000000
 f8/fs0   0000000000000000 f9/fs1   0000000000000000 f10/fa0  0000000000000000 f11/fa1  0000000000000000
 f12/fa2  0000000000000000 f13/fa3  0000000000000000 f14/fa4  0000000000000000 f15/fa5  0000000000000000
 f16/fa6  0000000000000000 f17/fa7  0000000000000000 f18/fs2  0000000000000000 f19/fs3  0000000000000000
 f20/fs4  0000000000000000 f21/fs5  0000000000000000 f22/fs6  0000000000000000 f23/fs7  0000000000000000
 f24/fs8  0000000000000000 f25/fs9  0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8  0000000000000000 f29/ft9  0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000
info registers vcpu 1

CPU#1
 V      =   0
 pc       ffffffff804eb5f6
 mhartid  0000000000000001
 mstatus  0000000a000000a2
 hstatus  0000000200000000
 vsstatus 0000000a00000000
 mip      0000000000000000
 mie      000000000000022a
 mideleg  0000000000001666
 hideleg  0000000000000444
 medeleg  0000000000f0b509
 hedeleg  000000000000b109
 mtvec    00000000800004f0
 stvec    ffffffff86324f84
 vstvec   0000000000000000
 mepc     ffffffff8008eba2
 sepc     00000000000dd0e6
 vsepc    0000000000000000
 mcause   0000000000000009
 scause   0000000000000008
 vscause  0000000000000000
 mtval    0000000000000000
 stval    0000000000000000
 htval    0000000000000000
 mtval2   0000000000000000
 mscratch 0000000080048000
 sscratch 0000000000000000
 satp     90748000000b4eca
 x0/zero  0000000000000000 x1/ra    ffffffff81a079b6 x2/sp    ffff8f800c9c70e0 x3/gp    ffffffff89c7e9c0
 x4/tp    ffffaf801b84cec0 x5/t0    ffffaf801869e220 x6/t1    fffff1ef01938e3c x7/t2    ffffffff868068d0
 x8/s0    ffff8f800c9c7120 x9/s1    0000000000000000 x10/a0   0000000000000005 x11/a1   ffffffff86b8d120
 x12/a2   0000000000000002 x13/a3   ffffffff81a079a4 x14/a4   0000000000000008 x15/a5   0000000000000008
 x16/a6   0000000000000003 x17/a7   0000000000000000 x18/s2   0000000000000007 x19/s3   0000000000000005
 x20/s4   ffffffff81a079b6 x21/s5   0000000000000003 x22/s6   ffff8f800c9c7260 x23/s7   1ffff5f0053e4c84
 x24/s8   000000000000001c x25/s9   ffffaf8029f26420 x26/s10  0000000000000043 x27/s11  ffff8f800c9c7800
 x28/t3   fffffffff3f30000 x29/t4   0000000000000000 x30/t5   0000000000000000 x31/t6   0000000000000002
 fcsr     0000000000000000
 f0/ft0   0000000000000000 f1/ft1   0000000000000000 f2/ft2   0000000000000000 f3/ft3   0000000000000000
 f4/ft4   0000000000000000 f5/ft5   0000000000000000 f6/ft6   0000000000000000 f7/ft7   0000000000000000
 f8/fs0   0000000000000000 f9/fs1   0000000000000000 f10/fa0  0000000000000000 f11/fa1  0000000000000000
 f12/fa2  0000000000000000 f13/fa3  0000000000000000 f14/fa4  0000000000000000 f15/fa5  0000000000000000
 f16/fa6  0000000000000000 f17/fa7  0000000000000000 f18/fs2  0000000000000000 f19/fs3  0000000000000000
 f20/fs4  0000000000000000 f21/fs5  0000000000000000 f22/fs6  0000000000000000 f23/fs7  0000000000000000
 f24/fs8  0000000000000000 f25/fs9  0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8  0000000000000000 f29/ft9  0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000