last executing test programs:

6.202970485s ago: executing program 3 (id=708):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x0, 0x24, &(0x7f0000000a40)={{0x12, 0x1, 0x0, 0xc9, 0x9d, 0xc5, 0x10, 0x12d6, 0x444, 0x6cde, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xfc, 0xae, 0xb4}}]}}]}}, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xffff}, {0x6, 0x2f, 0x0, 0x7}]}, 0x8)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={0x0, 0xffffffffffffffff, 0x0, 0x1404}, 0x18)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a475d0000005c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001c08000640ffffff000800034000000028"], 0xb8}}, 0x0)

3.807977338s ago: executing program 1 (id=719):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000b702000014000000b7030000010100008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b70200000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2500, 0x0)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000480)={0x1})

3.493325093s ago: executing program 4 (id=722):
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20008004, &(0x7f0000000080)={0x2, 0x4e23, @broadcast}, 0x10)
sendmmsg$inet(r0, &(0x7f0000009280)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x97}}], 0x1, 0x20040800)

3.44735465s ago: executing program 4 (id=723):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000200))
ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f0000000100)=0x2000004)
pwritev(r0, &(0x7f0000000540)=[{&(0x7f00000003c0)="00214717a70700000000030600710a06069d856829c2f5d7a3c3b954c224baf5a405000000143d6ab27e0b6d80aa934dc082", 0x32}], 0x1, 0x0, 0x0)
r1 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r1)
r2 = socket$netlink(0x10, 0x3, 0x0)
getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="6400000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff000000001c0012800b00010067726574617000000c00028008000100", @ANYRES32=r3, @ANYBLOB="28000d800900009e7665746800000000180002801400010000000000", @ANYRES32=0x0, @ANYBLOB="00000000e99dd190b5c768496d00000000000000091eaa1650e8c48de1bcd54fcbd583309661b4700c616f8e4be81b5c45df450ef784cf0000000000000000"], 0x64}}, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
r5 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$int_in(r5, 0x5452, &(0x7f00000001c0)=0x1)
mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0)
r6 = userfaultfd(0x1)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000004c0))
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x3})
ioctl$UFFDIO_ZEROPAGE(r6, 0xc020aa04, &(0x7f0000000140)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}})
close(r6)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r5, 0xc0045516, &(0x7f0000000000)=0xffb)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc1105517, &(0x7f0000000080)={{0x1009, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 'syz0\x00', 0x0})
close_range(r4, 0xffffffffffffffff, 0x0)

3.240314396s ago: executing program 4 (id=724):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = socket$netlink(0x10, 0x3, 0x2)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r0) (async)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000280)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r1, 0xffffffffffffffff, 0x0) (async)
syz_open_dev$loop(&(0x7f00000000c0), 0x10080004, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB='\b\x00', @ANYRES32=0x0, @ANYBLOB="60240100000002006c0012800b00010062617461647600005c0002800d0001004241544d414e5f49560000000c0001004241544d414e5f560b0001004241544d414e5f49560000000d0001004241544d414e5f49560000000d0001004241544d414e5f49560000000c0001004241544d414e5f56"], 0x8c}}, 0x0)

3.225856147s ago: executing program 4 (id=726):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0)
r1 = openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
tee(r1, r2, 0x2, 0x0)
getsockopt$inet_udp_int(r2, 0x11, 0x67, 0x0, &(0x7f0000000040))

3.111785505s ago: executing program 4 (id=727):
socket$netlink(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000040)={0x38, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'nicvf0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0xa}]}, 0x38}}, 0x0)

2.9475309s ago: executing program 4 (id=728):
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x40000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
clock_nanosleep(0xfffffdfc, 0x0, &(0x7f0000000080)={0x77359400}, 0x0)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000001e80)=0x6, 0x4)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
syz_emit_ethernet(0x4a, &(0x7f0000001080)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x14, 0x6, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_buf(r4, 0x6, 0x0, 0x0, 0x38)
ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000280)=ANY=[@ANYBLOB="01"])
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f0000000340)=ANY=[@ANYBLOB="01"])
r5 = syz_usb_connect$uac1(0x0, 0x91, &(0x7f00000006c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0xff, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7f, 0x3, 0x1, 0x1, 0xa0, 0xff, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x3, 0x4}, [@mixer_unit={0xb, 0x24, 0x4, 0x4, 0x4, "6a098454b4a7"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0x5, 0x9, 0x2b}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x3, 0x1, 0x6f, 0x4, "f35812f0"}]}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0x80, 0x9, 0x0, {0x7, 0x25, 0x1, 0x81, 0x6, 0x2}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x40, 0xf, 0x0, 0x7, {0x7, 0x25, 0x1, 0x3, 0x2, 0xf4}}}}}}}]}}, 0x0)
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmmsg(r6, 0x0, 0x0, 0x0)
syz_usb_control_io$uac1(r5, &(0x7f0000000380)={0xc, &(0x7f00000002c0)={0x20, 0xe, 0x6a, {0x6a, 0x31, "49c224dc3390476f9eddcd7d555fe2208a0a8a0b2d73d2620624bc4223c105b5ef5dbc2895f3b20eb2c5acacf4ec8679743514c1274f896e24a62e0aa378a945544306c7a2a172afe6e9077b8d1a23c949e55436fa5ebc17e19dbc185ffe5e30ca120b7826d4a809"}}, &(0x7f0000000240)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0xf4ff}}}, &(0x7f0000000680)={0x24, &(0x7f00000003c0)={0x0, 0xe, 0xf6, "e68dc7cd0fe3e19ee9d45812eeca83a50f6f836f4140d7cb1f4f24c01253d6893e41ed7c7320f27a698afd1a7910bce4dbde498fc1f6722b3d18e99ea71d878cf1c949bb36df88ef2fada31085f5414117d17528646dc8cb960f5b2844e2a81a41bb65107b56247955f998c74a025ae1e2c762c63abfbf52165a8c80c9b77337d2143dd84a4464e97774d4ebfa840f152c9ee13d0e2480790366e4cf8d3b3e16aeedc2a96aaf470920bbcd60cac04efdd9b7876a78559c04bf992a8ac1710eb463333bfa0236cb160263c979521a5a331882116d03ffa77cb7d4e12b6b160ccbd93b9b4ae419bd5f6369ada0ead64c83bee019c7c3ac"}, &(0x7f00000004c0)={0x0, 0xa, 0x1, 0xdd}, &(0x7f0000000500)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000540)={0x20, 0x81, 0x2, "d6b1"}, &(0x7f0000000580)={0x20, 0x82, 0x1, "8b"}, &(0x7f00000005c0)={0x20, 0x83, 0x1, 't'}, &(0x7f0000000600)={0x20, 0x84, 0x4, "04513d92"}, &(0x7f0000000640)={0x20, 0x85, 0x3, "f3b78d"}})
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000001100)={'wlan1\x00'})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r9, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r6, &(0x7f0000001040)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000001000)={&(0x7f00000007c0)={0x800, r7, 0x101, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_TID_CONFIG={0xb0, 0x11d, 0x0, 0x1, [{0x2c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x2}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x51}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc}]}, {0x4c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x1}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x2}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x6635}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x4}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x10}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x43}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x7}]}]}, @NL80211_ATTR_TID_CONFIG={0x17c, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x6}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x9}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x32}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x5}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x96}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xb0}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}, {0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x1}]}, {0xe0, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x7}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0xc0, 0xd, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x38, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x1d, 0x1, [0x1, 0xc, 0x6, 0x18, 0x30, 0x36, 0x6c, 0x5, 0x48, 0x18, 0x6, 0x16, 0x16, 0x5, 0x0, 0x3, 0x30, 0x24, 0xb, 0x20, 0x16, 0x1b, 0x3, 0x16, 0x12]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x9, 0xff7f, 0xfff7, 0x6, 0x8000, 0x100, 0x2]}}]}, @NL80211_BAND_5GHZ={0x54, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x4e, 0x2, [{0x2, 0x3}, {0x0, 0x9}, {0x6, 0x6}, {0x7, 0x9}, {0x4, 0x7}, {0x4}, {0x5, 0x4}, {0x7, 0x5}, {0x6}, {0x4, 0x6}, {0x5, 0x7}, {0x6, 0x2}, {0x1, 0x9}, {0x4, 0x2}, {0x0, 0x4}, {0x1, 0x5}, {0x0, 0xa}, {0x3, 0x3}, {0x5, 0x3}, {0x5, 0x2}, {0x1}, {0x2, 0x3}, {0x4, 0x5}, {0x0, 0x5}, {0x4}, {0x1, 0x1}, {0x7, 0x1}, {0x6, 0xa}, {0x1, 0x6}, {0x6, 0x4}, {0x5, 0x4}, {0x0, 0x7}, {0x5, 0x1}, {0x6, 0xa}, {0x7, 0x3}, {0x4, 0x6}, {0x1, 0x9}, {0x6, 0x6}, {0x1, 0x7}, {0x0, 0xa}, {0x1, 0x9}, {0x0, 0x4}, {0x5, 0xa}, {0x6, 0x8}, {0x2, 0x2}, {0x0, 0x9}, {0x0, 0x5}, {0x3, 0x9}, {0x5, 0x4}, {0x4, 0x6}, {0x6, 0x9}, {0x2, 0x6}, {0x1, 0x4}, {0x0, 0xa}, {0x2, 0x1}, {0x0, 0x3}, {0x7, 0x5}, {0x3, 0x9}, {0x5, 0xa}, {}, {0x0, 0x4}, {0x3, 0x7}, {0x1, 0x3}, {0x1, 0x6}, {0x7, 0x3}, {0x0, 0x8}, {0x5, 0x8}, {0x1, 0x2}, {0x0, 0x1}, {0x0, 0xa}, {0x1, 0x6}, {0x7, 0x1}, {0x3, 0x2}, {0x2, 0x9}]}]}, @NL80211_BAND_2GHZ={0x30, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_LEGACY={0x8, 0x1, [0x4, 0x4, 0xb, 0x6c]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x2, 0xb574, 0x6, 0x6, 0x401, 0x46a5, 0x4, 0xc5d5]}}]}]}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xd7}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xc2}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}]}]}, @NL80211_ATTR_TID_CONFIG={0x334, 0x11d, 0x0, 0x1, [{0x20, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x14}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x7fffffffffffffff}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xcd}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xf}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}]}, {0x30, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xcc}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x61}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc}]}, {0x278, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x260, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x48, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x2, 0x5, 0x9, 0x40, 0x3, 0x3, 0x3, 0xe]}}]}, @NL80211_BAND_2GHZ={0x58, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0xd, 0x5, 0x5, 0xffcf, 0x4, 0x469, 0x2, 0x8]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x2, 0x3, 0xffff, 0x0, 0x2ec, 0x5, 0x1000]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x2, 0x8, 0xfff, 0x4ef, 0x3, 0x2, 0x4]}}]}, @NL80211_BAND_5GHZ={0x68, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0xb, 0x1, [0x5, 0x6c, 0x5, 0x2, 0xb, 0x6c, 0x5]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x8, 0x2f6, 0x7, 0x3ff, 0x8, 0x8000, 0x6]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8000, 0x8, 0x1, 0x8, 0x1, 0xed0, 0x7, 0x2]}}, @NL80211_TXRATE_LEGACY={0x17, 0x1, [0x12, 0x60, 0x9, 0x4, 0x2, 0x2, 0xc, 0x18, 0x3, 0x12, 0x1, 0x4, 0x16, 0x1b, 0x5, 0x16, 0x30, 0x2, 0x36]}]}, @NL80211_BAND_60GHZ={0x34, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x14, 0x1, [0x0, 0x16, 0x72, 0x6c, 0x60, 0x5a, 0x30, 0x6c, 0x9, 0x60, 0x1b, 0x0, 0x48, 0x12, 0x5, 0xb]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0x6757, 0x5, 0xd, 0x5, 0x4, 0x101, 0x1]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}, @NL80211_BAND_6GHZ={0x64, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_LEGACY={0x24, 0x1, [0xc, 0xc, 0x48, 0x12, 0xc, 0x60, 0xb, 0xb, 0x3, 0x3, 0x12, 0x16, 0xc, 0x18, 0x48, 0x16, 0x27, 0x2, 0x1b, 0x2, 0x48, 0x16, 0x16, 0x18, 0xc, 0x6c, 0x5, 0x5, 0x36, 0x70, 0x60, 0x4]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x4, 0x1, 0xfd, 0xcde, 0x7, 0x2f]}}]}, @NL80211_BAND_6GHZ={0xbc, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1000, 0x0, 0x40, 0x400, 0xa4, 0x8, 0x6, 0x5]}}, @NL80211_TXRATE_HT={0x9, 0x2, [{0x4, 0x7}, {0x0, 0x7}, {0x4, 0x5}, {0x1, 0x9}, {0x0, 0x8}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x2, 0x1, 0x0, 0x7104, 0x7, 0xb, 0x64]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0xb, 0x7, 0x5, 0x6, 0x1ff, 0xfff, 0x9280]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HT={0x4a, 0x2, [{0x4, 0x6}, {0x5, 0x4}, {0x0, 0x2}, {0x2, 0x3}, {0x4, 0x7}, {0x3, 0x4}, {0x7, 0x6}, {0x4}, {0x0, 0x9}, {0x5, 0x3}, {0x3, 0x8}, {0x1, 0x8}, {0x0, 0x1}, {0x2}, {0x0, 0x6}, {0x1, 0x8}, {0x7, 0x5}, {0x5, 0x6}, {0x3, 0x6}, {0x1, 0x4}, {0x5, 0x6}, {0x1, 0xa}, {0x3, 0x5}, {0x6, 0x6}, {0x6}, {0x6, 0xa}, {0x0, 0x5}, {0x0, 0x8}, {0x7, 0x2}, {0x3, 0xa}, {0x3, 0x1}, {0x4, 0x9}, {0x1}, {0x7, 0x2}, {0x5, 0x6}, {0x4, 0x8}, {0x3, 0x4}, {0x5, 0x5}, {0x1, 0x1}, {0x0, 0x6}, {0x1, 0x4}, {0x7, 0x5}, {0x3}, {0x1, 0x1}, {0x7, 0x2}, {0x1, 0x3}, {0x1, 0xa}, {0x6, 0x6}, {0x7, 0x5}, {0x0, 0x3}, {0x7, 0x9}, {0x1, 0x9}, {0x2, 0xa}, {0x5, 0x2}, {0x7, 0x1}, {0x4, 0x2}, {0x7, 0x5}, {0x1, 0x8}, {0x1, 0x6}, {0x1, 0x8}, {0x5, 0x3}, {0x6, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x5, 0x7}, {0x3}, {0x0, 0x8}, {0x6, 0x1}, {0x1, 0x4}, {0x6, 0x1}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x5, 0xf114, 0x9, 0x1, 0x4, 0x3, 0x3]}}]}]}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xbe}]}, {0x20, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x6}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x99}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}]}, {0x8, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}]}, @NL80211_ATTR_TID_CONFIG={0x284, 0x11d, 0x0, 0x1, [{0x48, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xdb}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x84}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x56}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0xe}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}]}, {0x4c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x36}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xb2}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x5}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}]}, {0x1d4, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x8}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x43}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x2}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x1a8, 0xd, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x4}, @NL80211_BAND_6GHZ={0x90, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x19, 0x2, [{0x3, 0x6}, {0x4, 0x6}, {0x4, 0x9}, {0x3, 0x6}, {0x0, 0x7}, {0x5, 0x7}, {0x4, 0x1}, {0x4, 0x1}, {0x2, 0x2}, {0x1, 0x1}, {0x0, 0x8}, {0x5, 0xa}, {0x4}, {0x2, 0x7}, {0x0, 0x2}, {0x0, 0x8}, {0x4, 0x2}, {0x3, 0x3}, {0x4, 0xa}, {0x3, 0x8}, {0x0, 0x2}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x4, 0x0, 0x401, 0x7, 0xff, 0x8, 0x2]}}, @NL80211_TXRATE_HT={0x41, 0x2, [{0x0, 0x3}, {0x4, 0x6}, {0x4, 0x4}, {0x5, 0x2}, {0x0, 0x7}, {0x4, 0x9}, {0x1, 0x4}, {0x7, 0x3}, {0x4, 0x8}, {0x0, 0x6}, {0x2}, {0x7, 0x4}, {0x7, 0x3}, {0x3}, {0x5, 0x1}, {0x7, 0x3}, {0x6, 0x5}, {0x2, 0x6}, {0x2, 0x7}, {0x7, 0x3}, {0x0, 0x1}, {0x1, 0x2}, {0x4, 0x2}, {0x7, 0x1}, {0x5, 0xa}, {0x6, 0x3}, {0x4, 0x7}, {0x0, 0x3}, {0x5, 0x1}, {0x1, 0x9}, {0x7}, {0x3, 0x3}, {0x2, 0x4}, {0x6, 0x6}, {0x5, 0xa}, {0x7, 0xa}, {0x3, 0x6}, {0x5, 0x6}, {0x4, 0x2}, {0x7, 0x4}, {0x3, 0x7}, {0x1, 0x3}, {0x0, 0x9}, {0x2, 0x7}, {0x4, 0x8}, {0x4, 0x4}, {0x3, 0x5}, {0x1, 0x4}, {0x6}, {0x7, 0x6}, {0x1}, {0x6, 0xa}, {0x3, 0x4}, {0x0, 0x7}, {0x3, 0xa}, {0x3, 0x4}, {0x1, 0x6}, {0x5, 0x6}, {0x1, 0x7}, {0x1, 0x2}, {0x5, 0x9}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_6GHZ={0x34, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x1c, 0x2, [{0x5, 0x1}, {0x4, 0x8}, {0x6, 0x2}, {0x1, 0x9}, {0x1, 0x2}, {0x1, 0x5}, {0x7, 0x3}, {0x0, 0x2}, {0x1, 0x2}, {0x6, 0x6}, {0x5}, {0x1, 0xa}, {0x3, 0x6}, {0x6, 0x2}, {0x0, 0x9}, {0x0, 0x9}, {0x0, 0x9}, {0x6, 0x7}, {0x6, 0xa}, {0x5, 0xa}, {0x2, 0x7}, {0x2, 0x2}, {0x4, 0x2}, {0x4, 0x2}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xfd3e, 0x401, 0x7, 0xb, 0x6, 0x5, 0x6, 0x3d96]}}]}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x4}]}, @NL80211_BAND_2GHZ={0x68, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HT={0x42, 0x2, [{0x6, 0x4}, {}, {0x3, 0x8}, {0x3, 0xa}, {0x7, 0x9}, {0x4, 0x7}, {0x3, 0x6}, {0x2}, {0x2}, {0x2, 0x7}, {0x4, 0x3}, {0x6, 0x3}, {0x1, 0x7}, {0x3, 0x6}, {0x6, 0x5}, {0x7, 0x3}, {0x2, 0x1}, {0x3, 0x4}, {0x1, 0x5}, {0x4, 0xa}, {0x3, 0x7}, {0x0, 0x6}, {0x1, 0x5}, {0x0, 0x8}, {0x5, 0x1}, {0x1, 0x1}, {0x1, 0x9}, {0x5, 0x4}, {0x1, 0x2}, {0x1, 0x3}, {0x7, 0x5}, {0x7, 0x5}, {0x7, 0x2}, {0x0, 0x2}, {0x2, 0x6}, {0x7}, {0x2}, {0x0, 0x9}, {0x1, 0x1}, {0x7, 0x6}, {0x4, 0x2}, {0x0, 0x9}, {0x2, 0x4}, {0x3, 0x6}, {0x0, 0x7}, {0x6, 0x1}, {0x3, 0x5}, {0x0, 0x9}, {0x0, 0x8}, {0x5, 0x4}, {0x7, 0x4}, {0x0, 0x14}, {0x6, 0x3}, {0x0, 0xa}, {0x7, 0x4}, {0x4, 0x1}, {0x0, 0x2}, {0x3, 0x5}, {0x1, 0x9}, {0x1, 0x2}, {0x0, 0x2}, {0x1, 0x4}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}]}, @NL80211_BAND_60GHZ={0x6c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x5, 0x1, 0xe, 0x4, 0x9, 0x8, 0x1, 0x3]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x6, 0x1, 0x3, 0x51, 0xd, 0x0, 0x2]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x4, 0x0, 0x9, 0x3, 0x2, 0x3, 0x48, 0x3]}}, @NL80211_TXRATE_HT={0x21, 0x2, [{0x6, 0x3}, {0x5, 0x2}, {0x2, 0x8}, {0x7, 0x2}, {0x0, 0x8}, {0x2, 0xa}, {0x0, 0x5}, {0x5, 0x4}, {0x0, 0x6}, {0x4, 0x2}, {0x1, 0x7}, {0x2}, {0x7}, {0x3, 0x8}, {0x0, 0x3}, {0x0, 0x5}, {0x3, 0x2}, {0x1, 0x1}, {0x0, 0x4}, {0x4, 0x2}, {0x0, 0x9}, {0x1, 0x9}, {0x2, 0xa}, {0x4, 0x4}, {0x0, 0x8}, {0x3, 0xa}, {0x0, 0xa}, {0x3, 0x8}, {0x7, 0x4}]}]}]}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}]}, {0x4}]}]}, 0x800}, 0x1, 0x0, 0x0, 0x20000000}, 0x84044)

2.868292775s ago: executing program 3 (id=729):
socket$nl_rdma(0x10, 0x3, 0x14)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000001480)=@ipv6_getroute={0x1c, 0x1a, 0x121, 0x0, 0xfffffffd}, 0x1c}}, 0x400c1)
r1 = socket(0x10, 0x80003, 0x0)
write(r1, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x85)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000080)={'sit0\x00'})

2.808727033s ago: executing program 0 (id=730):
r0 = socket$rds(0x15, 0x5, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x275a, 0x0)
r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
dup2(r2, r1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12, r1, 0x0)
ioctl$KVM_GET_REG_LIST(r1, 0xc008aeb0, &(0x7f0000000100)=ANY=[@ANYBLOB="03000001000000000000000700000000000000080000795482b4e4"])
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
socket$inet6_sctp(0xa, 0x5, 0x84)
pipe(&(0x7f0000000580)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r6, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10)
connect$inet(r6, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10)
sendto$inet(r6, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000c80)={'lo\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001240)=@newqdisc={0x124, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_netem={{0xa}, {0xf4, 0x2, {{0x0, 0x0, 0xfffffffe}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x101, 0x6fceafab, 0x5, 0x5, 0x6, 0x159}}, @TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0xfffffffa, 0x0, 0x8, 0xaa2c, 0x5}}]}, @TCA_NETEM_RATE64={0xc, 0x8, 0x6cee43483cd60c97}, @TCA_NETEM_LOSS={0x78, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x4, 0xf, 0x6, 0x5, 0x8000}}, @NETEM_LOSS_GI={0x18, 0x1, {0x100, 0x2, 0x9, 0xe3, 0x4ae}}, @NETEM_LOSS_GI={0x18, 0x1, {0x9, 0x5, 0xe, 0x3}}, @NETEM_LOSS_GE={0x14, 0x2, {0xfc, 0x10001, 0x7, 0x401}}, @NETEM_LOSS_GI={0x18, 0x1, {0xfffffff9, 0x2, 0x6, 0x80, 0xf8e3}}]}, @TCA_NETEM_CORRUPT={0xc, 0x4, {0xfffffffa, 0x5}}]}}}]}, 0x124}}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000010c0)=ANY=[@ANYBLOB="1c0000002a00090000000000230000000400002c08001a809627fdca79838fbadc9aef5802c6c2f109f00eca"], 0x1c}, 0x1, 0x3000000}, 0x0)
write$binfmt_misc(r4, &(0x7f0000000000), 0xfffffecc)
splice(r3, 0x0, r5, 0x0, 0x4ffe2, 0x0)

2.78659542s ago: executing program 1 (id=731):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r1 = syz_open_dev$midi(&(0x7f0000000000), 0x2, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r1, 0x810c5701, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_REG(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)={0x1c, r0, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'aa\x00'}]}, 0x1c}}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) (async)
socket$inet(0x2, 0x3, 0x1) (async)
socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xfffd) (async)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) (async)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r4 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) (async)
sendmmsg$inet(r4, &(0x7f0000005240), 0x4000095, 0x0) (async, rerun: 64)
open_by_handle_at(r3, &(0x7f0000000100)=@shmem={0xc, 0x1, {0x80, 0x80000001}}, 0x688a01) (async, rerun: 64)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x34}}, 0x0)
r5 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xf, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000049167c52619a4e4c00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
rseq(0x0, 0x0, 0x0, 0x0)
msgsnd(0x0, &(0x7f0000000d00)=ANY=[], 0x401, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0xc, 0xe, &(0x7f0000001040)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
ioctl$USBDEVFS_CLEAR_HALT(r3, 0x80045515, &(0x7f00000001c0)={0x1}) (async)
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0xa000000d})

2.726879808s ago: executing program 3 (id=733):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = io_uring_setup(0x3c92, &(0x7f0000000100))
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x20, 0x30}, 0xc)
bind$inet6(r1, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r1, &(0x7f00000002c0)="9e", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r1, &(0x7f0000000c80)="7cffa9061b2f8b082b6f69ae50430c8a8b6aa3162ba083c4a52e1ab0ac50ed4a19b1a69988000d5bed4433daaa4932dbb1cb3550dee8b23579d76ce37d574b43fca1eed8ebd38d1303240ed0d84517692128dd5aef5c4d60a6659952a1437c6f0ac3ed75806011ccbaa504f41a7e0abcf8823bc4a71ef8c52c2b297b539eaf752c56ebfe9b0542543069257dafcbf76c958d4cbf4eaaa67c5c2bd9e6518be34b56add7613ab83d389724b664e62c154e1a5aac073a53a0e8cadcf51ef495ebbcc77d5e36ff24c3f282289cc077374b714e08fbfecbdc8f14ef3fd409af4caf6fcb7d663beab335f239a1e93b399c93d7c036e1b39a7c477945f82b6dde53b1c21b590a58ba688ac4fb530d2c5b1195a127d2eaec840ab59f090d7047c278611e080cebe7b28588c11a44be99fe6f88c73441bf625b70565669997f4c3cda5afe1d6429908a69a459d35ba8c2f28076d8711f2667de749a783fac94ebd02680f20fb723c35c287a1f45064846385750665ffa74579083fbb1b1d6b7c90168252b1c5313544569203e7adb8e271a94f7413e5cfd6aa3157c4fc29bddba3683fcd032aecb513b2f27530fbefa0000000000000003c058e812d8db87de5e3eceae268b91f7d59daf77646fa4df99877dd5a9540934c7af91b96486eea62897be6acbe1bae8e46b112f1385e7cea9e4daccc6f1b98ce3b4322af8299a45ddcb5be8d3e469fdde9896ca324a2f3c88c616a7dccde331698ce2d39f96220251011b4dfbec953b5c30e94adb5586cec0af234859805bb7df1101ae80318ff127e913178d79cfa918d54585b6184255e872e2dc33a5c7c30a756bbd63c32a3e6a22863781747d185acb64583976c4289394d642b07d18e2932d0a78bd2ccf92b3e94e82f1e9239fa272402f4c9efcf068709a44d6f652a4f23df89f9a15e6bf0c7e65d8f3e32c35e83d30298074d16cb5ff4ded1df81009bbae888fceb9a8109ba319605e1776e52d2069b5cd7de07cf8dc488ba6a9c7559ff49674a490991f323736f302004007d0ccf2e5eaceac6b56f48f2b00592d7a378f118d8b3e5ecd2035c8252374c91bc79cf26ac11ddffe2c09e1aa032da0713732387f950e3f4e301eb1d26e5a2b19318e50d555c832e279894d8c9b03e8940738c0fe391b29907d0d5f9214d6e697a19247f4e8221aca2ac47debd7c45b8344941cbecbaf44af343b24a4f88caf207d72002fb8b7d156997cb7275f535e6a9d6480046246e60bea0cf6f54abc69ff9418b6cb9301eb6890227215b633a886fb13c89698e51e482c42ca99613b20e22e5ce15272f5bda8b18cf53d49130a94135dd8a9692c", 0x34000, 0xbcff, 0x0, 0x0)
r2 = syz_io_uring_setup(0x2ddd, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000140)=<r3=>0x0)
syz_io_uring_setup(0x5fc, &(0x7f0000000200), &(0x7f0000000300)=<r4=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4})
io_uring_enter(r2, 0x381b, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000080), 0xc)
writev(r1, &(0x7f0000001300)=[{&(0x7f0000000100)='^', 0xa043}], 0x1)
close_range(r0, 0xffffffffffffffff, 0x0)

2.612407268s ago: executing program 1 (id=734):
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000000), 0x0, 0x5}}, 0x20)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x190, 0x10000, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd27f9b364b6be2347dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000200)={0x0, {}, 0x0, {}, 0x190, 0x12, 0x2, 0x18, "c2f801d7939fc5a61f7bc636c3b4708ed1822999c50c148ae304129e2cb69a35921249997102d1f23585278452d144d4916de120da8a9bbb75533c137c4bd0ec", "570130ecb38039e59315c9a0b1d43d65ed50920f66d7a04b99f1001a54cba06f", [0x10000c2, 0x80007]})

2.535187998s ago: executing program 1 (id=736):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x60, 0x0, 0x10000000, 0xfffffffc, 0x18, 0x0, {0x0, 0x2}, {}, {0x0, 0x0, 0xffffffff}, {0x4, 0x3}, 0x0, 0x3f0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})

2.392308476s ago: executing program 1 (id=737):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x56a, 0xb3, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0xff, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x0, "a5247d20"}]}}, 0x0}, 0x0)
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x14, 0x3, 0x1, 0x401, 0x0, 0x0, {0x2}}, 0x14}}, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_pressure(r3, &(0x7f00000003c0)='io.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r4, &(0x7f0000000340)={'some', 0x20, 0x7, 0x20, 0xffffa}, 0x2f)
r5 = epoll_create(0x8000)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000100)={0x2000})
r6 = openat$cgroup_pressure(r3, &(0x7f00000000c0)='io.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r6, &(0x7f0000000340)={'some', 0x20, 0x7, 0x20, 0xffffa}, 0x2f)
close(r6)
r7 = openat$sequencer(0xffffff9c, &(0x7f0000001bc0), 0x0, 0x0)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r7, 0x40045109, &(0x7f0000000000))
ioctl$VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000040)={0x54, 0xa, 0x0, "3258c546dacccfae1e008faa00000000f4ff4000"})

2.138187539s ago: executing program 2 (id=741):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000b702000014000000b7030000010100008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b70200000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2500, 0x0)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000480)={0x1})

1.870539718s ago: executing program 0 (id=742):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="940000000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff0200000000000000000000000000011400040020010000000000000000fb00000000010800074000000001"], 0x94}, 0x1, 0x0, 0x0, 0x4041}, 0x2000c841)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), 0xffffffffffffffff) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x24, r1, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x1000}, @L2TP_ATTR_PEER_CONN_ID={0x8}]}, 0x24}}, 0x0) (async)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="540000000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c000280050680"], 0x54}}, 0x0)

1.776534214s ago: executing program 3 (id=743):
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305-generic\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendto$inet(r1, &(0x7f0000000000)='o', 0x1, 0x8041, 0x0, 0x0)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000500)={0x0}}, 0x0)
socket(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
r2 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
close(r2)
execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x53f7)
bind$inet(r2, &(0x7f00000002c0)={0x2, 0x0, @private}, 0x10)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
socket$kcm(0x11, 0xa, 0x300)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000343000/0x3000)=nil, 0x3000}, 0x1})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f0000000c80)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10)
r5 = socket$kcm(0x21, 0x2, 0xa)
sendmsg$kcm(r5, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @private}}, 0x80, 0x0, 0x0, &(0x7f0000001240)=[{0x10, 0x110, 0x1, "dc"}], 0x10}, 0x0)
recvmsg$kcm(r5, &(0x7f0000001b80)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001b40)=""/40, 0x28}, 0x0)
sendto$inet(r4, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00)

1.648044158s ago: executing program 0 (id=744):
socket$inet_udplite(0x2, 0x2, 0x88)
socket(0x10, 0x2, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0xa, &(0x7f0000000200)=[{0x510, 0x30, 0xf6, 0x6}, {0x8a1, 0xa, 0xd7, 0x7}, {0x6, 0x5, 0x9, 0x3cd}, {0x10, 0xc1, 0x4, 0x1}, {0x401, 0x4, 0x1, 0x8}, {0x6, 0x7, 0x1, 0x821}, {0x9, 0x1, 0x7f, 0x1}, {0x7, 0x0, 0xc, 0xd9}, {0x6, 0x9, 0x5, 0x158}, {0x3b, 0xf5, 0x0, 0x8}]})
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000b80)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000b40), 0x106}}, 0x20)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000700)={0x0, 0x18, 0xfa00, {0x2, &(0x7f00000006c0), 0x2, 0x6}}, 0x20)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000003c0)={{{@in6=@loopback, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x33}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, {}, 0x0, 0x0, 0x1}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x2b}, 0x0, @in6=@remote}}, 0xe4)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000680)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000b80)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000b40), 0x106}}, 0x20)
r3 = socket(0x1e, 0x1, 0x0)
connect$tipc(r3, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
syz_emit_ethernet(0x175, &(0x7f0000000740)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x18}, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x167, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x17, 0x0, 0x0, 0x0, 0x0, {[@exp_fastopen={0xfe, 0x13, 0xf989, "4caa153915ba428ed2cd3e37f22f00"}, @generic={0x0, 0x5, "974ff4"}, @exp_fastopen={0xfe, 0x14, 0xf989, "1bf09857e4b3559c741b725a5e23b7fe"}, @exp_smc={0xfe, 0x6}, @exp_smc={0xfe, 0x6}, @exp_smc={0xfe, 0x6}, @sack_perm={0x4, 0x2}, @exp_smc={0xfe, 0x6}]}}, {"c868b6325c2209c1f393c8ec88c7c46d1e3c2a66ebe808d84abb294bbad0f0cdbb0b16683370a11eec361632a75845d1e76ab174232fa4402031f9f7859bb165805bcf2f046196e7719f48f8bdaf7c2ba8b5bb523e1f2ed6d720de1b17ca550d938cf188a655db29b55c81a2aecf7d660c686039c4dd92c828964fa13a1212368369e0ac8cd67de580cd249bb320f147e0a4663015ead5fb0e6fb8fc7f1146437e470ca40ea85c9480fcd1ae1d6ac330bc0446ec7f0a4d28a5f8d403960f9518e2de1832b0d0a41dbeaa6a6b12dfd055f9ce9d934977581b6c212bedd418e416326f77bd6827aa87317e23518ff75bee950911b30db6f0"}}}}}}, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000080)=0x801, 0x0, 0x4)
write$binfmt_misc(r3, &(0x7f0000000080), 0x2000011a)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SOUND_PCM_READ_RATE(r4, 0x80045002, 0x0)
mmap$dsp(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x5, 0x11, r4, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000080)=0x3f)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x30, r6, 0x1, 0x0, 0x0, {{}, {}, {0x14}}}, 0x30}}, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000900), 0x111}}, 0x20)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000009c0), 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100), 0x111}}, 0x20)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)

1.620890855s ago: executing program 3 (id=745):
r0 = socket(0x10, 0x3, 0x0) (async)
r1 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r1)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) (async, rerun: 32)
r2 = socket$packet(0x11, 0x2, 0x300) (rerun: 32)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000002c0)={'vxcan1\x00', <r3=>0x0})
sendto$packet(r2, &(0x7f0000000080)="18", 0x10, 0x0, &(0x7f00000000c0)={0x11, 0xe, r3, 0x1, 0x0, 0x6, @multicast}, 0x14)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) (async)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
close(0xffffffffffffffff) (async)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) (async)
io_setup(0x7, &(0x7f0000000280)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000000080)=[&(0x7f0000000540)={0x4c5, 0x0, 0x0, 0x800000000001, 0x0, 0xffffffffffffffff, &(0x7f0000000040), 0x4}]) (async)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000020c0)=@newqdisc={0x44, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0xffffffffffffff7c, 0x1, {0x2, 0x2, 0x6}}}}]}, 0x44}}, 0x0) (async)
getsockname$packet(r0, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) (async)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="400100001000130100000000000000007f0000010000000000000000000000007f00000100000000000000000000000000000000000000000000002000000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414aa0000000000000000000000000000000032000000ac141400000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008097fc12800000000000000000000000020000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001c00", @ANYRES32=0x0, @ANYBLOB="875bd214c2cb6fca43fdddc54f708c1e3602de0699e4d16efa2fea7ce23b8d59"], 0x140}}, 0x0) (async)
r7 = socket$key(0xf, 0x3, 0x2)
ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r7, 0x8010661b, &(0x7f0000000240)) (async)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@newtfilter={0x38, 0x28, 0xc2f, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xffe0}, {}, {0x3}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x8, 0x2, [@TCA_CGROUP_ACT={0x4}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x2000c880}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 64)
r8 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) (rerun: 64)
r9 = dup(r8)
write$6lowpan_enable(r9, &(0x7f0000000000)='0', 0xfffffd2c) (async)
r10 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x0, 0x0, 0x0, r9}, &(0x7f0000000180)=<r11=>0x0, &(0x7f00000001c0)=<r12=>0x0)
syz_io_uring_submit(r11, r12, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) (async)
io_uring_enter(r10, 0x2ded, 0x4000, 0x0, 0x0, 0x0) (async, rerun: 64)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) (rerun: 64)
socket(0x25, 0x800, 0x6)

1.177796153s ago: executing program 2 (id=746):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, {{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x3f}, {}, {0x85, 0x0, 0x0, 0x5}}, {}, [], {{0x7, 0x1, 0xb, 0x8}, {0x5, 0x0, 0xb, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

1.044294328s ago: executing program 3 (id=747):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
getgroups(0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010000a0000904000001030101000921000800012201000905", @ANYRES64], 0x0)
syz_emit_vhci(&(0x7f0000000640)=ANY=[@ANYBLOB="040e040035550068b40cb94644613afe2f9a2fe05589c3ec64f073f4faf998e78ae4dda0402e1faa0633699a45c18005f367e6a00d440ecafc4f7a54f2da7a0f1271b9d673c75fd5461fdd3a6a3af9c3b0b0461abf5de2e3158e1ababdd8533695b2eba296ff8c3e7638d9b25644a717951c99990782bea192230e3fbb78d65d8791783667eb6d3d2bfc77309ce06a82ae7b73086a258e5938cb6e67c0a78d2e79dd1cf1e04bb9eb0f79adfdf3faa4ba2a31f0acdb6310a3000000b444a60cf5b7056d39812c44cfdc00"], 0x7)
r1 = socket$inet(0x2, 0x800, 0x5)
ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x1, @local}, 0x4a, {0x2, 0x0, @dev}})
ioctl$sock_inet_SIOCSARP(r1, 0x8953, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x0, @local}, 0x4a, {0x2, 0x0, @broadcast}, 'syz_tun\x00'})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="00020c0000000c0002", @ANYRES64], 0x0, 0x0, 0x0}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e023bd2a9eca19e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd6"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r3, 0x1, 0x1000000000000f, &(0x7f0000000080)=0x7fffffff, 0x4)
setsockopt$sock_attach_bpf(r3, 0x1, 0x34, &(0x7f0000000040)=r2, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="b7000000ecffffff0c0000000000000095000000000000005e0c83dfb64a3eb1cdfa541cd3957aa8a96b9fa4591c1eb556e38defc504b011face5a06294c2115a9ad943bac350e8d7961537181f79ead9176dc7c3ed2d45004deb987fa0d"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r5 = dup2(r4, r2)
setsockopt$sock_attach_bpf(r3, 0x1, 0x34, &(0x7f00000000c0)=r5, 0x4)

1.021854147s ago: executing program 0 (id=748):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @dup_ipv6={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_DUP_SREG_ADDR={0x8, 0x1, 0x1, 0x0, 0x13}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x70}}, 0x24000000)

996.825941ms ago: executing program 2 (id=749):
socket$netlink(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00'})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, 0x0, 0x0)

884.443018ms ago: executing program 0 (id=750):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
fcntl$lock(r0, 0x6, &(0x7f0000002000)={0x0, 0x0, 0xb75})
fcntl$lock(r0, 0x26, &(0x7f00000031c0)={0x1})
fcntl$lock(r0, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x7})
fcntl$lock(r0, 0x6, &(0x7f0000000000))
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x8, 0x10, &(0x7f0000000000)=@framed={{}, [@snprintf={{}, {0x3, 0x0, 0x3, 0xa, 0xa}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0x8}}]}, &(0x7f0000000300)='GPL\x00', 0x4, 0xff7, &(0x7f0000001e00)=""/4087, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_DAEMON(r2, 0x0, 0x487, &(0x7f0000001dc0), &(0x7f0000002040)=0x30)

883.881062ms ago: executing program 2 (id=751):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
r1 = socket$inet6(0xa, 0x80002, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000000fc0)=[{{0x0, 0x0, 0x0, 0x40000}}, {{&(0x7f00000001c0)={0xa, 0x4e22, 0x0, @remote, 0x20}, 0x1c, 0x0}}, {{0x0, 0x0, 0x0}}], 0x3, 0x4001c00)

857.953188ms ago: executing program 2 (id=752):
r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x440, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x10, &(0x7f0000000180)=[@in={0x2, 0x4e20, @remote}]}, &(0x7f0000000140)=0xc)
r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000140)='source', &(0x7f0000000040)='[:::\x00', 0x0)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000400)=0x1000000000010001)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x20)
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r5, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x400}, 0xc)
r6 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r6, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x0, 0x0, 0x7}}, 0xe8)
sendmmsg(r6, &(0x7f0000000480), 0x2e9, 0x0)
r7 = add_key(&(0x7f0000000080)='big_key\x00', &(0x7f00000000c0)={'syz', 0x0}, &(0x7f0000000000)='z', 0x1, 0xffffffffffffffff)
keyctl$update(0x2, r7, &(0x7f0000000600)="83694c790b8980a54c93519a9228074696fb84a01ee2bd98b8aace0f25966bb6ae6bcea1022a32af2268cfea767dbc46dd3d1e16aba57e1428b83690d24a6234a4a56f39472d0757f6f0e295db7c4c581ba81d554ad9f79646d9ba0169e715ffb2909cbf40e32b86b7685709e4e7c090473c59eb31488f2bf972dd792f58cd3fe6b11cf930db6ae288df924fc51b3e907aea883430330aec1eb42a18b092d78d065a2cb3e4232375ea2e4e14cff5cb9edacf9869a46b82654413f4fd71328645ad97448529b53f9d4bbc702a64490c4ae78824dfcb7dc3516cbfd98f4e0a570ff43b002fce821b04beecead603117dc305ee9a656d0a85fffd6a2c348e838f3b283b69cc1800e845226121b883190d35b978e3aaa355c9f8baf24d62a1245c3fcad5494d9720dabec7b5fa23f82996ebd8b0f5b6c51fc6d4affa56b346ef9e6206ca7359e5ad633145749b098f4e158bf72c68e695842940175aedefe171dd4206dacc63e9adcee022cd32dbd2054ded07db2055918906d5625984b09098cbd876bcea50b9642618f3c3d764a00ac207a384544535a99a8e243449d3ee37377965a8bdd8f93b3bee861dcd5255d5ca43e1c4bb501f87554a36d28a8ec5e13f8746ebab7cf5b4fcfbd27ff4d125bdf6ff4c7ab1071c65f51df1335bc614e6c197bd9f4acd62edeff4f9fc028d68a0d64a99bafaed5dbeaad45e3804727d9eb0abe0dbf9acd439a12051a94b57fb471930ce4daf39448b4378b5d3ebd4523048d44b79bb56ac4e8e2fb3903f26216d72a9ba212d1131fd37f4851ec180b309ec1668c69023037890db37ab40a2dafde329914a2fb8c27285b5014022b3bba57098f443a5736f162976d468f58018e9b7733d8a7bea45a745868af1dc57723ebcfb59d57d2280c439283d3244fb2e4cdfa91695d295f538794fd12954aaae033e67ac12bd9c733d00917e06c924503b90522283fd08b1f1d182c7411f373a6bd47dd37d83fb334b0e0cb28edb6f75867187c39fd7dcc484dff56eaf", 0x2da)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r2, 0x84, 0xc, &(0x7f0000000100), 0x4)
listen(r2, 0xffffffff)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRES16=r5, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r8=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r8, {0x7, 0x1f}}, 0x50)
r9 = syz_open_dev$sndctrl(&(0x7f0000002e80), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r9, 0xc008551b, 0x0)

698.728294ms ago: executing program 1 (id=753):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
openat$sysfs(0xffffff9c, &(0x7f0000000300)='/sys/power/disk', 0x80001, 0x4)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x64, &(0x7f0000000080)=0x249, 0x4)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
ioctl$BTRFS_IOC_GET_FEATURES(r1, 0x80189439, &(0x7f0000000140))
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0)
r2 = syz_io_uring_setup(0xd2, &(0x7f0000000500)={0x0, 0x20f4, 0x0, 0x0, 0xfffffffd}, &(0x7f0000000100)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r0, 0xc1105511, &(0x7f0000000580)={{0x5, 0x3, 0x10, 0x10, 'syz0\x00', 0x7bb}, 0x5, 0x4, 0x4, 0xffffffffffffffff, 0x9, 0x1, 'syz0\x00', &(0x7f00000001c0)=['\x00', '\x00', '\x00', '/dev/kvm\x00', '\x86#[}{,$.)(%(\x00', '#\\\x1e\x00', '/dev/hwrng\x00', '*^+!$)/@\x00', '-]^#\x00'], 0x36})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
socket$inet_smc(0x2b, 0x1, 0x0)
io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0)
r5 = openat$iommufd(0xffffff9c, &(0x7f0000000040), 0x400000, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r5, 0x3ba0, &(0x7f0000000240)={0x48, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
r8 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
lseek(r8, 0x800080000000203, 0x2)
ioctl$IOMMU_HWPT_INVALIDATE$TEST(r5, 0x3b8d, 0x0)
socket$inet6(0xa, 0x6, 0x8b)
r9 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r9, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f0000000000)={<r10=>0x0, 0x1c, &(0x7f0000000340)=[@in6={0xa, 0x4e22, 0xc3, @ipv4={'\x00', '\xff\xff', @multicast1}, 0xc}]}, &(0x7f0000000440)=0xc)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r9, 0x84, 0x72, &(0x7f0000000080)={r10}, &(0x7f00000000c0)=0x18)

604.301923ms ago: executing program 2 (id=754):
syz_open_procfs(0x0, &(0x7f0000000040)='timerslack_ns\x00')
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x20010004, 0x0, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x9)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r6, 0x4008ae90, &(0x7f00000005c0)={0x1, 0x0, [{0x7, 0x101, 0x4, 0x7ff, 0x9, 0xc, 0x41}]})
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
close(0x4)
close_range(r0, 0xffffffffffffffff, 0x0)

0s ago: executing program 0 (id=755):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$SNDCTL_DSP_STEREO(r2, 0xc0045003, &(0x7f0000000180)=0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0x1a, 0x0, 0x1, 0x8a4, 0x108, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x3, 0x0, @void, @value, @void, @value}, 0x50)
ioctl$SNDCTL_DSP_SETTRIGGER(r2, 0x40045010, &(0x7f0000000200))
syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="440000001000390c00"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b00010067656e657665000014000280080001000000000005000c0001000200"], 0x44}}, 0x0)
openat$sysfs(0xffffff9c, &(0x7f00000000c0)='/sys/power/pm_test', 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
pselect6(0x40, &(0x7f0000004580)={0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x400000000}, &(0x7f0000004e00)={0x2, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-generic\x00'}, 0x58)
r5 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$alg(r5, &(0x7f0000001780)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000180)="97dc867793fd623d278a6c9d09c26afbcbcde86b", 0x14}, {&(0x7f0000000300)="adb840948d114bcd4a368b6090e808eda54f878eedfee7ab5af4b0efe6f67f1f28f4425bcd2f162d3fee649df713362033c7f3f326b6c96d4eeb29b18026eb3675c80f4d23f319895050ad5f58d6cf26f9", 0x51}, {&(0x7f00000003c0)="2564b826ad10e4c32ff9d7e60000000000000009d068e26fb1aad2e8ad4521805afc1a2dbb3c88eafde0a85c79f187a984f1fca11cc393e3bc37a4380dc8ae8a499432a24ed343d8435358e058477ad42e9a855081589db7ed", 0x59}], 0x3}, 0x0)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000240)=ANY=[@ANYBLOB="120100007292bd404020305500000109021b00010000005b9b04000001df7fa900090509000000000000000000d402663be3e87e54fea8698f73286f1938e60ff6e2a67f6223ddf1b5ae55de02d5539d77799669c487571bb08222"], 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mremap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000, 0xa, &(0x7f0000ffd000/0x1000)=nil)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="54ec514cecf8427e9b8d1a71000000000000000000", 0x15)
r7 = accept4(r6, 0x0, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[], 0xfdef}}, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000100), r7)

kernel console output (not intermixed with test programs):

r): interface not active
[  172.414785][ T5373] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  172.417828][ T5231] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  172.436763][ T5231] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  172.444392][ T7684] batman_adv: batadv0: Adding interface: wlan1
[  172.450659][ T7684] batman_adv: batadv0: The MTU of interface wlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  172.451045][ T5231] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  172.486538][ T7684] batman_adv: batadv0: Interface activated: wlan1
[  172.516300][ T7595] 8021q: adding VLAN 0 to HW filter on device bond0
[  172.536603][ T7685] batman_adv: batadv0: Interface deactivated: wlan1
[  172.594357][ T7615] hsr_slave_0: entered promiscuous mode
[  172.603170][ T5373] usb 4-1: Using ep0 maxpacket: 16
[  172.615081][ T5373] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8
[  172.626284][ T7615] hsr_slave_1: entered promiscuous mode
[  172.630969][ T5373] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 5.00
[  172.641419][ T7615] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  172.642620][ T5373] usb 4-1: New USB device strings: Mfr=251, Product=1, SerialNumber=3
[  172.659085][ T5373] usb 4-1: Product: syz
[  172.662907][ T7615] Cannot create hsr debugfs directory
[  172.663580][ T5373] usb 4-1: Manufacturer: syz
[  172.673266][ T5373] usb 4-1: SerialNumber: syz
[  172.686463][ T5373] usb 4-1: config 0 descriptor??
[  172.695759][ T5373] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[  172.718321][ T5373] usb 4-1: Detected FT2232C/D
[  172.773221][ T5231] Bluetooth: hci3: command tx timeout
[  172.800765][ T7595] 8021q: adding VLAN 0 to HW filter on device team0
[  172.835880][ T7595] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  172.846356][ T7595] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  172.896322][ T5373] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  172.911584][ T5373] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  172.929843][ T2944] bridge0: port 1(bridge_slave_0) entered blocking state
[  172.936728][ T5373] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  172.936975][ T2944] bridge0: port 1(bridge_slave_0) entered forwarding state
[  172.960440][ T5373] usb 4-1: USB disconnect, device number 41
[  172.972347][ T2944] bridge0: port 2(bridge_slave_1) entered blocking state
[  172.979615][ T2944] bridge0: port 2(bridge_slave_1) entered forwarding state
[  173.001031][ T5373] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  173.033433][ T5373] ftdi_sio 4-1:0.0: device disconnected
[  173.128463][ T7595] 8021q: adding VLAN 0 to HW filter on device batadv0
[  173.246509][  T730] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.263089][ T5231] Bluetooth: hci0: command tx timeout
[  173.351504][  T730] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.427728][  T730] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.478614][ T7595] veth0_vlan: entered promiscuous mode
[  173.517108][ T7688] chnl_net:caif_netlink_parms(): no params data found
[  173.555119][  T730] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.749704][ T7595] veth1_vlan: entered promiscuous mode
[  173.878006][ T7688] bridge0: port 1(bridge_slave_0) entered blocking state
[  173.885438][ T7688] bridge0: port 1(bridge_slave_0) entered disabled state
[  173.893340][ T7688] bridge_slave_0: entered allmulticast mode
[  173.901225][ T7688] bridge_slave_0: entered promiscuous mode
[  173.952379][ T7688] bridge0: port 2(bridge_slave_1) entered blocking state
[  173.959889][ T7688] bridge0: port 2(bridge_slave_1) entered disabled state
[  173.969540][ T7688] bridge_slave_1: entered allmulticast mode
[  173.980233][ T7688] bridge_slave_1: entered promiscuous mode
[  174.007443][  T730] bridge_slave_1: left allmulticast mode
[  174.023095][  T730] bridge_slave_1: left promiscuous mode
[  174.028874][  T730] bridge0: port 2(bridge_slave_1) entered disabled state
[  174.042263][  T730] bridge_slave_0: left allmulticast mode
[  174.050083][  T730] bridge_slave_0: left promiscuous mode
[  174.057258][  T730] bridge0: port 1(bridge_slave_0) entered disabled state
[  174.243355][ T7720] netlink: 4 bytes leftover after parsing attributes in process `syz.3.526'.
[  174.419369][ T5243] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  174.442615][ T5243] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  174.451676][ T5243] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  174.472893][ T5243] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  174.488178][ T5243] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  174.509158][ T5243] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  174.533680][ T5243] Bluetooth: hci2: command tx timeout
[  174.595508][ T7731] xt_connbytes: Forcing CT accounting to be enabled
[  174.602958][ T7731] Cannot find del_set index 0 as target
[  174.734746][  T730] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  174.746254][  T730] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  174.756642][  T730] bond0 (unregistering): Released all slaves
[  174.795490][ T7688] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  174.835507][ T7688] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  174.862998][ T5231] Bluetooth: hci3: command tx timeout
[  174.897733][ T7595] veth0_macvtap: entered promiscuous mode
[  174.934673][ T7688] team0: Port device team_slave_0 added
[  174.953682][ T7688] team0: Port device team_slave_1 added
[  174.987110][ T7595] veth1_macvtap: entered promiscuous mode
[  175.065717][ T7688] batman_adv: batadv0: Adding interface: batadv_slave_0
[  175.075305][ T7688] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  175.103962][ T7688] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  175.116943][ T7688] batman_adv: batadv0: Adding interface: batadv_slave_1
[  175.124893][ T7688] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  175.151104][ T7688] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  175.194672][  T730] hsr_slave_0: left promiscuous mode
[  175.200545][  T730] hsr_slave_1: left promiscuous mode
[  175.207387][  T730] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  175.215019][  T730] batman_adv: batadv0: Removing interface: batadv_slave_0
[  175.223632][  T730] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  175.231052][  T730] batman_adv: batadv0: Removing interface: batadv_slave_1
[  175.250322][  T730] veth1_macvtap: left promiscuous mode
[  175.256524][  T730] veth0_macvtap: left promiscuous mode
[  175.262079][  T730] veth1_vlan: left promiscuous mode
[  175.267505][  T730] veth0_vlan: left promiscuous mode
[  175.333310][ T5231] Bluetooth: hci0: command tx timeout
[  175.682379][  T730] team0 (unregistering): Port device team_slave_1 removed
[  175.729323][  T730] team0 (unregistering): Port device team_slave_0 removed
[  176.108201][ T7595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  176.119175][ T7595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  176.129354][ T7595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  176.140000][ T7595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  176.150919][ T7595] batman_adv: batadv0: Interface activated: batadv_slave_0
[  176.188716][ T7615] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  176.197993][ T7615] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  176.239402][ T7688] hsr_slave_0: entered promiscuous mode
[  176.251660][ T7688] hsr_slave_1: entered promiscuous mode
[  176.261148][ T7688] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  176.269445][ T7688] Cannot create hsr debugfs directory
[  176.276688][ T7615] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  176.288741][ T7595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  176.301070][ T7595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  176.311129][ T7595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  176.321961][ T7595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  176.332517][ T7595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  176.343717][ T7595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  176.355167][ T7595] batman_adv: batadv0: Interface activated: batadv_slave_1
[  176.389483][ T7615] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  176.499153][ T7595] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  176.509434][ T7595] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  176.520284][ T7595] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  176.529807][ T7595] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  176.613075][ T5231] Bluetooth: hci2: command tx timeout
[  176.632803][ T5231] Bluetooth: hci1: command tx timeout
[  176.847497][ T7729] chnl_net:caif_netlink_parms(): no params data found
[  176.886895][ T2972] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  176.904388][ T2972] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  176.942879][ T5231] Bluetooth: hci3: command tx timeout
[  177.061962][ T5243] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  177.073475][ T5243] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  177.085989][  T730] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.104466][ T5243] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  177.118852][ T5243] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  177.128026][ T5243] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  177.139091][ T5243] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  177.245395][  T730] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.386151][  T730] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.432683][ T7615] 8021q: adding VLAN 0 to HW filter on device bond0
[  177.442674][ T5515] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  177.450717][ T5515] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  177.480281][ T7729] bridge0: port 1(bridge_slave_0) entered blocking state
[  177.491298][ T7729] bridge0: port 1(bridge_slave_0) entered disabled state
[  177.510002][ T7729] bridge_slave_0: entered allmulticast mode
[  177.519350][ T7729] bridge_slave_0: entered promiscuous mode
[  177.600915][  T730] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.626310][ T7729] bridge0: port 2(bridge_slave_1) entered blocking state
[  177.635458][ T7729] bridge0: port 2(bridge_slave_1) entered disabled state
[  177.643068][ T7729] bridge_slave_1: entered allmulticast mode
[  177.650086][ T7729] bridge_slave_1: entered promiscuous mode
[  177.681041][ T7615] 8021q: adding VLAN 0 to HW filter on device team0
[  177.778374][ T7729] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  177.839865][ T7729] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  177.886140][ T2972] bridge0: port 1(bridge_slave_0) entered blocking state
[  177.893574][ T2972] bridge0: port 1(bridge_slave_0) entered forwarding state
[  177.942476][ T2972] bridge0: port 2(bridge_slave_1) entered blocking state
[  177.949661][ T2972] bridge0: port 2(bridge_slave_1) entered forwarding state
[  177.991057][ T7729] team0: Port device team_slave_0 added
[  178.018315][ T7729] team0: Port device team_slave_1 added
[  178.097850][ T5281] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  178.123376][ T7729] batman_adv: batadv0: Adding interface: batadv_slave_0
[  178.130362][ T7729] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  178.159057][ T7729] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  178.171805][ T7729] batman_adv: batadv0: Adding interface: batadv_slave_1
[  178.179644][ T7729] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  178.206376][ T7729] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  178.294933][ T5281] usb 2-1: Using ep0 maxpacket: 8
[  178.318014][ T5281] usb 2-1: New USB device found, idVendor=052b, idProduct=1803, bcdDevice=28.77
[  178.319769][  T730] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  178.327421][ T5281] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  178.327446][ T5281] usb 2-1: Product: syz
[  178.327462][ T5281] usb 2-1: Manufacturer: syz
[  178.327478][ T5281] usb 2-1: SerialNumber: syz
[  178.336428][ T5281] usb 2-1: config 0 descriptor??
[  178.369799][ T5281] gspca_main: sunplus-2.14.0 probing 052b:1803
[  178.423631][ T7688] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  178.516505][  T730] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  178.532381][ T7688] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  178.576920][ T5281] gspca_sunplus: reg_r err -71
[  178.588028][ T5281] sunplus 2-1:0.0: probe with driver sunplus failed with error -71
[  178.600764][ T7752] chnl_net:caif_netlink_parms(): no params data found
[  178.606026][ T5281] usb 2-1: USB disconnect, device number 45
[  178.634434][ T7688] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  178.680487][  T730] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  178.693628][ T5231] Bluetooth: hci2: command tx timeout
[  178.699129][ T5243] Bluetooth: hci1: command tx timeout
[  178.711515][ T7729] hsr_slave_0: entered promiscuous mode
[  178.727471][ T7729] hsr_slave_1: entered promiscuous mode
[  178.738347][ T7729] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  178.758217][ T7729] Cannot create hsr debugfs directory
[  178.794785][ T7688] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  178.828925][  T730] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  178.993904][ T7752] bridge0: port 1(bridge_slave_0) entered blocking state
[  179.010283][ T7752] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.022152][ T7752] bridge_slave_0: entered allmulticast mode
[  179.038502][ T7752] bridge_slave_0: entered promiscuous mode
[  179.051471][ T7752] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.069891][ T7752] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.080089][ T7752] bridge_slave_1: entered allmulticast mode
[  179.091500][ T7752] bridge_slave_1: entered promiscuous mode
[  179.173636][ T5243] Bluetooth: hci4: command tx timeout
[  179.235658][ T7752] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  179.275830][ T7752] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  179.451756][ T7615] 8021q: adding VLAN 0 to HW filter on device batadv0
[  179.510438][ T7752] team0: Port device team_slave_0 added
[  179.518569][ T7752] team0: Port device team_slave_1 added
[  179.530452][  T730] bridge_slave_1: left allmulticast mode
[  179.540445][  T730] bridge_slave_1: left promiscuous mode
[  179.551396][  T730] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.560336][ T7828] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  179.569617][  T730] bridge_slave_0: left allmulticast mode
[  179.576016][  T730] bridge_slave_0: left promiscuous mode
[  179.583275][  T730] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.594077][  T730] bridge_slave_1: left allmulticast mode
[  179.599747][  T730] bridge_slave_1: left promiscuous mode
[  179.606043][  T730] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.615599][  T730] bridge_slave_0: left allmulticast mode
[  179.621305][  T730] bridge_slave_0: left promiscuous mode
[  179.627336][  T730] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.988072][ T5283] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  180.153522][ T5283] usb 2-1: Using ep0 maxpacket: 8
[  180.178602][ T5283] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  180.195599][ T5283] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  180.208592][ T5283] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  180.222117][  T730] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  180.228623][ T5283] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  180.248468][ T5283] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  180.257757][ T5283] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  180.263224][  T730] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  180.278700][  T730] bond0 (unregistering): Released all slaves
[  180.402873][  T730] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  180.417037][  T730] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  180.429707][  T730] bond0 (unregistering): Released all slaves
[  180.551002][ T7752] batman_adv: batadv0: Adding interface: batadv_slave_0
[  180.582318][ T7752] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  180.620543][ T7752] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  180.665652][ T5283] usb 2-1: usb_control_msg returned -71
[  180.677276][ T5283] usbtmc 2-1:16.0: can't read capabilities
[  180.694793][ T5283] usb 2-1: USB disconnect, device number 46
[  180.709389][ T7752] batman_adv: batadv0: Adding interface: batadv_slave_1
[  180.720188][ T7752] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  180.747969][ T7752] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  180.777259][ T5243] Bluetooth: hci1: command tx timeout
[  180.777289][ T5231] Bluetooth: hci2: command tx timeout
[  180.891568][ T7688] 8021q: adding VLAN 0 to HW filter on device bond0
[  180.922254][ T7752] hsr_slave_0: entered promiscuous mode
[  180.931486][ T7752] hsr_slave_1: entered promiscuous mode
[  180.941821][ T7752] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  180.950639][ T7752] Cannot create hsr debugfs directory
[  180.998083][  T730] batman_adv: batadv0: Removing interface: wlan1
[  181.071711][ T7688] 8021q: adding VLAN 0 to HW filter on device team0
[  181.111713][ T7615] veth0_vlan: entered promiscuous mode
[  181.142276][ T2931] bridge0: port 1(bridge_slave_0) entered blocking state
[  181.149391][ T2931] bridge0: port 1(bridge_slave_0) entered forwarding state
[  181.183711][ T7615] veth1_vlan: entered promiscuous mode
[  181.209170][ T2931] bridge0: port 2(bridge_slave_1) entered blocking state
[  181.216350][ T2931] bridge0: port 2(bridge_slave_1) entered forwarding state
[  181.252852][ T5231] Bluetooth: hci4: command tx timeout
[  181.274085][  T730] hsr_slave_0: left promiscuous mode
[  181.279980][  T730] hsr_slave_1: left promiscuous mode
[  181.287397][  T730] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  181.295042][  T730] batman_adv: batadv0: Removing interface: batadv_slave_0
[  181.303712][  T730] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  181.311129][  T730] batman_adv: batadv0: Removing interface: batadv_slave_1
[  181.322541][  T730] hsr_slave_0: left promiscuous mode
[  181.337209][  T730] hsr_slave_1: left promiscuous mode
[  181.347563][  T730] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  181.355255][  T730] batman_adv: batadv0: Removing interface: batadv_slave_0
[  181.363838][  T730] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  181.371260][  T730] batman_adv: batadv0: Removing interface: batadv_slave_1
[  181.399655][  T730] veth0_macvtap: left promiscuous mode
[  181.405370][  T730] veth1_vlan: left promiscuous mode
[  181.410638][  T730] veth0_vlan: left promiscuous mode
[  181.417953][  T730] veth1_macvtap: left promiscuous mode
[  181.424366][  T730] veth0_macvtap: left promiscuous mode
[  181.429931][  T730] veth1_vlan: left promiscuous mode
[  181.436445][  T730] veth0_vlan: left promiscuous mode
[  181.938968][  T730] team0 (unregistering): Port device team_slave_1 removed
[  181.982512][  T730] team0 (unregistering): Port device team_slave_0 removed
[  182.690795][  T730] team0 (unregistering): Port device team_slave_1 removed
[  182.728630][  T730] team0 (unregistering): Port device team_slave_0 removed
[  182.855295][ T5231] Bluetooth: hci1: command tx timeout
[  183.193103][ T7729] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  183.206384][ T7835] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  183.212354][ T7835] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  183.221284][ T7729] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  183.231386][ T7835] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  183.245338][ T7835] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  183.251451][ T7835] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  183.269207][ T7835] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  183.282612][ T7729] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  183.307415][ T7835] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  183.322989][ T7835] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  183.332799][ T5231] Bluetooth: hci4: command tx timeout
[  183.340895][ T7835] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  183.385417][ T7835] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  183.391441][ T7835] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  183.419700][ T7729] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  183.435081][ T7835] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  183.481643][ T7835] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  183.485302][ T7615] veth0_macvtap: entered promiscuous mode
[  183.506685][ T7835] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  183.525060][ T7835] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  183.647414][ T7615] veth1_macvtap: entered promiscuous mode
[  183.736078][ T7850] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  183.842483][ T7615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  183.863332][ T7615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  183.886133][ T7615] batman_adv: batadv0: Interface activated: batadv_slave_0
[  183.914778][ T7688] 8021q: adding VLAN 0 to HW filter on device batadv0
[  183.993060][ T7615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  184.035171][ T7615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.054282][ T7615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  184.073816][ T7615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.094541][ T7615] batman_adv: batadv0: Interface activated: batadv_slave_1
[  184.159819][ T7615] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  184.175542][ T7615] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  184.202926][ T7615] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  184.218538][ T7615] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  184.337771][ T7688] veth0_vlan: entered promiscuous mode
[  184.360122][ T7752] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  184.421588][ T7752] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  184.436761][ T7752] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  184.446712][ T7752] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  184.504751][ T7688] veth1_vlan: entered promiscuous mode
[  184.619427][ T5515] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  184.635707][ T5515] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  184.643272][ T5282] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  184.668738][ T7688] veth0_macvtap: entered promiscuous mode
[  184.687754][ T7729] 8021q: adding VLAN 0 to HW filter on device bond0
[  184.727881][ T7688] veth1_macvtap: entered promiscuous mode
[  184.745632][  T730] bridge_slave_1: left allmulticast mode
[  184.751322][  T730] bridge_slave_1: left promiscuous mode
[  184.758062][  T730] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.768656][  T730] bridge_slave_0: left allmulticast mode
[  184.775732][  T730] bridge_slave_0: left promiscuous mode
[  184.781515][  T730] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.809562][ T5282] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  184.827876][ T5282] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  184.839661][ T5282] usb 2-1: config 0 descriptor??
[  185.209676][  T730] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  185.224015][  T730] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  185.241419][  T730] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface
[  185.251412][ T7883] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  185.260134][ T5231] Bluetooth: hci0: command 0x0c1a tx timeout
[  185.263119][ T5243] Bluetooth: hci3: command 0x0c1a tx timeout
[  185.276847][  T730] bond0 (unregistering): Released all slaves
[  185.283942][ T7883] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  185.302098][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  185.339805][ T5243] Bluetooth: hci2: command 0x0c1a tx timeout
[  185.346086][ T7729] 8021q: adding VLAN 0 to HW filter on device team0
[  185.355379][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  185.377531][ T7873] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  185.398110][ T7688] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  185.409378][ T7688] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  185.419432][ T5243] Bluetooth: hci1: command 0x0c1a tx timeout
[  185.427003][ T7688] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  185.437911][ T7688] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  185.459583][ T7873] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  185.470417][ T7688] batman_adv: batadv0: Interface activated: batadv_slave_0
[  185.491028][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[  185.498188][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[  185.507519][ T5243] Bluetooth: hci4: command 0x0c1a tx timeout
[  185.545711][   T29] kauditd_printk_skb: 411 callbacks suppressed
[  185.545730][   T29] audit: type=1326 audit(1727590255.226:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7872 comm="syz.1.540" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73fd579 code=0x0
[  185.592601][ T7873] netlink: 'syz.1.540': attribute type 10 has an invalid length.
[  185.621909][ T7873] 8021q: adding VLAN 0 to HW filter on device batadv0
[  185.644418][ T7873] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  185.671186][ T7688] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  185.682141][ T7688] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  185.692117][ T7688] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  185.697969][ T5282] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00
[  185.702597][ T7688] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  185.724908][ T7688] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  185.731163][ T5282] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[  185.735492][ T7688] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  185.736673][ T7688] batman_adv: batadv0: Interface activated: batadv_slave_1
[  185.775525][ T5282] [drm:udl_init] *ERROR* Selecting channel failed
[  185.804767][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  185.811895][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  185.846487][ T7688] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  185.850341][ T5282] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2
[  185.864860][ T7688] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  185.873784][ T7688] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  185.887352][ T7688] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  185.889174][ T5282] [drm] Initialized udl on minor 2
[  185.946007][ T5282] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  185.972501][ T5282] udl 2-1:0.0: [drm] Cannot find any crtc or sizes
[  185.984286][ T5282] usb 2-1: USB disconnect, device number 47
[  186.079359][ T7752] 8021q: adding VLAN 0 to HW filter on device bond0
[  186.097921][ T7752] 8021q: adding VLAN 0 to HW filter on device team0
[  186.105591][ T7891] netlink: 4 bytes leftover after parsing attributes in process `syz.4.543'.
[  186.272280][  T730] hsr_slave_0: left promiscuous mode
[  186.283864][  T730] hsr_slave_1: left promiscuous mode
[  186.294563][  T730] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  186.302017][  T730] batman_adv: batadv0: Removing interface: batadv_slave_1
[  186.338750][  T730] veth1_macvtap: left promiscuous mode
[  186.345217][  T730] veth0_macvtap: left promiscuous mode
[  186.350846][  T730] veth1_vlan: left promiscuous mode
[  186.385237][  T730] veth0_vlan: left promiscuous mode
[  186.674373][    T8] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  186.723440][ T5373] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  186.833502][    T8] usb 2-1: device descriptor read/64, error -71
[  186.904250][ T5373] usb 5-1: Using ep0 maxpacket: 8
[  186.924470][ T5373] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  186.942813][ T5373] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  186.962398][ T5373] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  186.988395][ T5373] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  187.004115][ T5373] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  187.021178][ T5373] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  187.133844][    T8] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  187.158470][  T730] team0 (unregistering): Port device team_slave_1 removed
[  187.210166][  T730] team0 (unregistering): Port device team_slave_0 removed
[  187.312939][    T8] usb 2-1: device descriptor read/64, error -71
[  187.338705][ T5243] Bluetooth: hci3: command 0x0c1a tx timeout
[  187.338716][ T5231] Bluetooth: hci0: command 0x0c1a tx timeout
[  187.377747][ T5373] usb 5-1: usb_control_msg returned -71
[  187.383688][ T5373] usbtmc 5-1:16.0: can't read capabilities
[  187.394048][ T5373] usb 5-1: USB disconnect, device number 31
[  187.413788][ T5231] Bluetooth: hci2: command 0x0c1a tx timeout
[  187.423466][    T8] usb usb2-port1: attempt power cycle
[  187.492885][ T5231] Bluetooth: hci1: command 0x0c1a tx timeout
[  187.586051][ T5231] Bluetooth: hci4: command 0x0c1a tx timeout
[  187.714885][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.722007][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[  187.778099][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.785226][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  187.804471][    T8] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  187.856460][    T8] usb 2-1: device descriptor read/8, error -71
[  187.957846][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  187.969439][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  188.051703][ T7926] random: crng reseeded on system resumption
[  188.066365][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  188.092891][    T8] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  188.100655][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  188.113466][    T8] usb 2-1: device descriptor read/8, error -71
[  188.129686][ T7729] 8021q: adding VLAN 0 to HW filter on device batadv0
[  188.175934][ T7752] 8021q: adding VLAN 0 to HW filter on device batadv0
[  188.245454][    T8] usb usb2-port1: unable to enumerate USB device
[  188.262316][ T7729] veth0_vlan: entered promiscuous mode
[  188.277185][ T7729] veth1_vlan: entered promiscuous mode
[  188.341466][ T7752] veth0_vlan: entered promiscuous mode
[  188.359883][ T7729] veth0_macvtap: entered promiscuous mode
[  188.374952][ T7729] veth1_macvtap: entered promiscuous mode
[  188.388813][ T7752] veth1_vlan: entered promiscuous mode
[  188.422279][ T7729] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  188.440801][ T7729] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  188.451600][ T7729] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  188.469416][ T7729] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  188.480070][ T7729] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  188.493060][ T7729] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  188.510585][ T7729] batman_adv: batadv0: Interface activated: batadv_slave_0
[  188.521856][ T7729] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  188.532936][ T7729] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  188.543685][ T7729] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  188.554497][ T7729] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  188.564728][ T7729] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  188.576303][ T7729] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  188.587604][ T7729] batman_adv: batadv0: Interface activated: batadv_slave_1
[  188.609109][ T7729] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  188.618856][ T7729] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  188.628852][ T7729] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  188.639112][ T7729] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  188.657641][ T7752] veth0_macvtap: entered promiscuous mode
[  188.679275][ T7752] veth1_macvtap: entered promiscuous mode
[  188.738337][ T7752] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  188.755588][ T7752] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  188.765734][ T7752] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  188.776609][ T7752] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  188.786844][ T7752] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  188.797728][ T7752] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  188.807875][ T7752] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  188.818392][ T7752] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  188.829898][ T7752] batman_adv: batadv0: Interface activated: batadv_slave_0
[  188.839806][ T7752] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  188.850345][ T7752] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  188.860593][ T7752] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  188.871267][ T7752] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  188.881378][ T7752] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  188.892235][ T7752] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  188.902753][ T7752] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  188.913771][ T7752] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  188.925107][ T7752] batman_adv: batadv0: Interface activated: batadv_slave_1
[  188.970452][ T7752] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  188.973951][ T5283] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  188.980593][ T7752] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  188.996577][ T7752] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  189.007678][ T7752] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  189.070657][  T730] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  189.086671][  T730] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  189.139227][ T2931] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  189.179757][ T2931] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  189.188192][ T5283] usb 3-1: Using ep0 maxpacket: 16
[  189.215068][ T5283] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  189.226335][ T5283] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  189.242400][ T5283] usb 3-1: New USB device found, idVendor=1532, idProduct=010d, bcdDevice= 0.00
[  189.267460][ T5283] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.285881][ T5283] usb 3-1: config 0 descriptor??
[  189.354729][ T2944] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  189.362592][ T2944] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  189.413386][ T5231] Bluetooth: hci0: command 0x0c1a tx timeout
[  189.413520][ T5243] Bluetooth: hci3: command 0x0c1a tx timeout
[  189.453534][ T7936] netlink: 104 bytes leftover after parsing attributes in process `syz.0.525'.
[  189.472430][ T7936] netlink: 104 bytes leftover after parsing attributes in process `syz.0.525'.
[  189.494042][ T5243] Bluetooth: hci2: command 0x0c1a tx timeout
[  189.509224][ T2931] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  189.538330][ T2931] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  189.574092][ T5243] Bluetooth: hci1: command 0x0c1a tx timeout
[  189.654490][ T5243] Bluetooth: hci4: command 0x0c1a tx timeout
[  189.705677][ T7929] netlink: 8 bytes leftover after parsing attributes in process `syz.2.515'.
[  189.751275][ T7945] netlink: 8 bytes leftover after parsing attributes in process `syz.2.515'.
[  189.832539][ T5283] razer 0003:1532:010D.000C: unknown main item tag 0x0
[  189.846615][ T5283] razer 0003:1532:010D.000C: unknown main item tag 0x0
[  189.863511][ T5283] razer 0003:1532:010D.000C: unknown main item tag 0x0
[  189.870657][ T5283] razer 0003:1532:010D.000C: unknown main item tag 0x0
[  189.887815][ T5283] razer 0003:1532:010D.000C: unknown main item tag 0x0
[  189.899637][ T5283] razer 0003:1532:010D.000C: unknown main item tag 0x0
[  189.930831][ T5283] razer 0003:1532:010D.000C: hidraw0: USB HID v0.00 Device [HID 1532:010d] on usb-dummy_hcd.2-1/input0
[  190.032997][ T5282] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  190.093374][ T7958] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  190.099689][ T7958] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  190.109878][ T7958] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  190.122964][ T7958] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  190.148093][ T7958] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  190.192861][ T5282] usb 1-1: Using ep0 maxpacket: 32
[  190.205001][ T5282] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  190.246409][ T5282] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  190.272870][ T5282] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  190.305245][ T5282] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  190.326033][ T5282] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.348695][ T5282] usb 1-1: config 0 descriptor??
[  190.362999][ T7948] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  190.374707][ T5282] hub 1-1:0.0: USB hub found
[  190.579274][ T5243] Bluetooth: hci1: unexpected event for opcode 0x5535
[  190.782624][ T7988] sctp: [Deprecated]: syz.1.562 (pid 7988) Use of int in maxseg socket option.
[  190.782624][ T7988] Use struct sctp_assoc_value instead
[  190.812515][ T5282] hub 1-1:0.0: config failed, can't read hub descriptor (err -22)
[  190.833478][ T5282] usbhid 1-1:0.0: can't add hid device: -71
[  190.850855][ T5282] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  190.894731][ T5282] usb 1-1: USB disconnect, device number 21
[  191.023097][ T7999] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  191.029177][ T7999] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  191.039993][ T7999] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  191.048284][ T7999] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  191.054744][ T7999] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  191.309297][ T8017] bridge0: port 2(bridge_slave_1) entered disabled state
[  191.316924][ T8017] bridge0: port 1(bridge_slave_0) entered disabled state
[  191.338948][ T8017] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.346633][ T8017] bridge0: port 2(bridge_slave_1) entered forwarding state
[  191.355165][ T8017] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.362416][ T8017] bridge0: port 1(bridge_slave_0) entered forwarding state
[  191.379748][ T5283] usb 3-1: USB disconnect, device number 45
[  191.462373][ T8017] team0: Port device bridge0 added
[  191.482857][ T5373] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  191.523311][ T5282] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  191.575267][ T8026] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  191.586782][ T8026] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  191.602934][ T1173] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  191.643657][ T5373] usb 2-1: device descriptor read/64, error -71
[  191.696800][ T5282] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  191.705724][ T5282] usb 5-1: config 0 has no interface number 0
[  191.714939][ T5282] usb 5-1: New USB device found, idVendor=0bb4, idProduct=0a26, bcdDevice=bb.83
[  191.724650][ T5282] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.733162][ T5282] usb 5-1: Product: syz
[  191.737621][ T5282] usb 5-1: Manufacturer: syz
[  191.742362][ T5282] usb 5-1: SerialNumber: syz
[  191.752248][ T5282] usb 5-1: config 0 descriptor??
[  191.763697][ T1173] usb 4-1: Using ep0 maxpacket: 32
[  191.882880][ T5283] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  191.893914][ T5373] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[  192.025647][ T5283] usb 3-1: device descriptor read/64, error -71
[  192.033071][ T5373] usb 2-1: device descriptor read/64, error -71
[  192.062883][ T5286] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  192.120091][ T8037] team0: Port device team_slave_0 removed
[  192.153285][ T5373] usb usb2-port1: attempt power cycle
[  192.158186][ T5282] hub 5-1:0.1: bad descriptor, ignoring hub
[  192.171200][ T5282] hub 5-1:0.1: probe with driver hub failed with error -5
[  192.203738][ T5282] usb 5-1: USB disconnect, device number 32
[  192.226639][ T5286] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  192.240279][ T5286] usb 1-1: New USB device found, idVendor=054c, idProduct=0374, bcdDevice= 0.00
[  192.252008][ T5286] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  192.263342][ T5286] usb 1-1: config 0 descriptor??
[  192.276644][ T5283] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  192.412890][ T5283] usb 3-1: device descriptor read/64, error -71
[  192.505851][ T5373] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  192.519335][ T8032] netlink: 20 bytes leftover after parsing attributes in process `syz.0.580'.
[  192.523402][ T5283] usb usb3-port1: attempt power cycle
[  192.538802][ T8032] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  192.553908][ T5373] usb 2-1: device descriptor read/8, error -71
[  192.560713][ T8032] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  192.764528][ T8041] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  192.770939][ T8041] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  192.781412][ T5286] usbhid 1-1:0.0: can't add hid device: -71
[  192.781915][ T8041] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  192.799787][ T5286] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  192.803744][ T8041] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  192.818739][ T5286] usb 1-1: USB disconnect, device number 22
[  192.818953][ T5373] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[  192.838483][ T8041] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  192.863672][ T5373] usb 2-1: device descriptor read/8, error -71
[  192.882883][ T5283] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  192.927253][ T5283] usb 3-1: device descriptor read/8, error -71
[  192.983178][ T5373] usb usb2-port1: unable to enumerate USB device
[  193.152949][    T8] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  193.175517][ T5283] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  193.203492][ T5283] usb 3-1: device descriptor read/8, error -71
[  193.321381][    T8] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  193.321633][ T5283] usb usb3-port1: unable to enumerate USB device
[  193.329746][    T8] usb 5-1: config 0 has no interface number 0
[  193.347155][    T8] usb 5-1: New USB device found, idVendor=0bb4, idProduct=0a26, bcdDevice=bb.83
[  193.356737][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  193.365977][    T8] usb 5-1: Product: syz
[  193.370821][    T8] usb 5-1: Manufacturer: syz
[  193.376218][    T8] usb 5-1: SerialNumber: syz
[  193.395267][    T8] usb 5-1: config 0 descriptor??
[  193.807640][    T8] hub 5-1:0.1: bad descriptor, ignoring hub
[  193.825229][    T8] hub 5-1:0.1: probe with driver hub failed with error -5
[  193.870047][    T8] usb 5-1: USB disconnect, device number 33
[  194.232930][ T5283] usb 1-1: new full-speed USB device number 23 using dummy_hcd
[  194.336236][ T1173] usb 4-1: unable to get BOS descriptor or descriptor too short
[  194.356354][ T1173] usb 4-1: unable to read config index 0 descriptor/start: -71
[  194.367806][ T1173] usb 4-1: can't read configurations, error -71
[  194.397392][ T5283] usb 1-1: unable to get BOS descriptor or descriptor too short
[  194.421263][ T5283] usb 1-1: unable to read config index 0 descriptor/start: -71
[  194.435862][ T5283] usb 1-1: can't read configurations, error -71
[  194.463256][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[  194.469592][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[  194.689079][ T2944] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.772766][ T5231] Bluetooth: hci3: command 0x0c1a tx timeout
[  194.842478][ T2944] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.853166][ T5231] Bluetooth: hci4: command 0x0c1a tx timeout
[  194.853229][ T5231] Bluetooth: hci1: command 0x0c1a tx timeout
[  194.853262][ T5231] Bluetooth: hci2: command 0x0c1a tx timeout
[  194.979055][ T2944] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.051673][ T2944] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.183138][ T2944] bridge_slave_1: left allmulticast mode
[  195.191341][ T2944] bridge_slave_1: left promiscuous mode
[  195.198855][ T2944] bridge0: port 2(bridge_slave_1) entered disabled state
[  195.208801][ T2944] bridge_slave_0: left allmulticast mode
[  195.215517][ T8070] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  195.221164][ T2944] bridge_slave_0: left promiscuous mode
[  195.227797][ T2944] bridge0: port 1(bridge_slave_0) entered disabled state
[  195.229127][ T8070] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  195.241471][ T8070] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  195.250241][ T8070] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  195.640968][ T5231] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  195.658263][ T5231] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  195.670302][ T5231] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  195.684584][ T5231] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  195.693838][ T8088] FAULT_INJECTION: forcing a failure.
[  195.693838][ T8088] name failslab, interval 1, probability 0, space 0, times 0
[  195.708338][ T8088] CPU: 0 UID: 0 PID: 8088 Comm: syz.1.600 Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  195.718609][ T8088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  195.728684][ T8088] Call Trace:
[  195.731980][ T8088]  <TASK>
[  195.734930][ T8088]  dump_stack_lvl+0x241/0x360
[  195.739628][ T8088]  ? __pfx_dump_stack_lvl+0x10/0x10
[  195.744827][ T8088]  ? __pfx__printk+0x10/0x10
[  195.749420][ T8088]  ? __kmalloc_cache_noprof+0x44/0x2c0
[  195.754879][ T8088]  ? __pfx___might_resched+0x10/0x10
[  195.760167][ T8088]  should_fail_ex+0x3b0/0x4e0
[  195.764854][ T8088]  should_failslab+0xac/0x100
[  195.769535][ T8088]  ? sctp_datamsg_from_user+0x88/0xf20
[  195.775000][ T8088]  __kmalloc_cache_noprof+0x6c/0x2c0
[  195.780288][ T8088]  sctp_datamsg_from_user+0x88/0xf20
[  195.785571][ T8088]  ? __sk_mem_raise_allocated+0xa5f/0x1140
[  195.791389][ T8088]  sctp_sendmsg_to_asoc+0xf7e/0x1800
[  195.796684][ T8088]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  195.802667][ T8088]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  195.809008][ T8088]  ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10
[  195.814759][ T8088]  ? __local_bh_enable_ip+0x168/0x200
[  195.820133][ T8088]  ? sctp_sendmsg+0xbb9/0x3520
[  195.824909][ T8088]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  195.830628][ T8088]  ? sctp_sendmsg_check_sflags+0x181/0x2c0
[  195.836433][ T8088]  sctp_sendmsg+0x1bc3/0x3520
[  195.841119][ T8088]  ? aa_sk_perm+0x96d/0xab0
[  195.845615][ T8088]  ? __pfx_sctp_sendmsg+0x10/0x10
[  195.850643][ T8088]  ? __pfx_aa_sk_perm+0x10/0x10
[  195.855492][ T8088]  ? inet_sendmsg+0x330/0x390
[  195.860174][ T8088]  __sock_sendmsg+0x1a6/0x270
[  195.864866][ T8088]  sock_write_iter+0x2d7/0x3f0
[  195.869629][ T8088]  ? __pfx_sock_write_iter+0x10/0x10
[  195.874925][ T8088]  do_iter_readv_writev+0x600/0x880
[  195.880126][ T8088]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  195.885843][ T8088]  ? bpf_lsm_file_permission+0x9/0x10
[  195.891209][ T8088]  ? security_file_permission+0x74/0x280
[  195.896842][ T8088]  ? rw_verify_area+0x1c3/0x6f0
[  195.901693][ T8088]  vfs_writev+0x376/0xba0
[  195.906028][ T8088]  ? __pfx_vfs_writev+0x10/0x10
[  195.910872][ T8088]  ? __pfx_vfs_writev+0x10/0x10
[  195.915738][ T8088]  ? fdget_pos+0x19a/0x320
[  195.920153][ T8088]  do_writev+0x1b1/0x350
[  195.924396][ T8088]  ? __pfx_do_writev+0x10/0x10
[  195.929155][ T8088]  ? lockdep_hardirqs_on+0x99/0x150
[  195.934356][ T8088]  ? do_int80_emulation+0xe8/0x200
[  195.939460][ T8088]  do_int80_emulation+0x11f/0x200
[  195.944478][ T8088]  ? clear_bhb_loop+0x35/0x90
[  195.949184][ T8088]  ? clear_bhb_loop+0x35/0x90
[  195.953972][ T8088]  asm_int80_emulation+0x1a/0x20
[  195.958917][ T8088] RIP: 0023:0xf73fd579
[  195.962989][ T8088] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  195.982703][ T8088] RSP: 002b:00000000f56e656c EFLAGS: 00000206 ORIG_RAX: 0000000000000092
[  195.991129][ T8088] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020001300
[  195.999096][ T8088] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  196.007062][ T8088] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  196.015031][ T8088] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  196.022997][ T8088] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  196.030981][ T8088]  </TASK>
[  196.040944][ T5231] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  196.048797][ T5231] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  196.150279][ T2944] team0: Port device bridge0 removed
[  196.162972][ T5373] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  196.289564][    T9] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  196.299941][ T2944] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  196.308834][ T5373] usb 5-1: device descriptor read/64, error -71
[  196.317781][ T2944] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  196.328888][ T2944] bond0 (unregistering): Released all slaves
[  196.473311][    T9] usb 3-1: Using ep0 maxpacket: 32
[  196.480362][    T9] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  196.499273][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  196.508847][ T8104] netlink: 4 bytes leftover after parsing attributes in process `syz.1.605'.
[  196.511634][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  196.530890][    T9] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  196.540222][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.550336][    T9] usb 3-1: config 0 descriptor??
[  196.553006][ T5231] Bluetooth: hci0: command 0x0c1a tx timeout
[  196.556044][ T8094] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  196.568625][ T5373] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  196.608072][ T8104] netlink: 4 bytes leftover after parsing attributes in process `syz.1.605'.
[  196.620307][    T9] hub 3-1:0.0: USB hub found
[  196.762835][ T5373] usb 5-1: device descriptor read/64, error -71
[  196.880350][ T8095] chnl_net:caif_netlink_parms(): no params data found
[  196.889022][ T5373] usb usb5-port1: attempt power cycle
[  196.987096][ T5231] Bluetooth: hci2: unexpected event for opcode 0x5535
[  197.071426][    T9] hub 3-1:0.0: 2 ports detected
[  197.076813][    T9] hub 3-1:0.0: insufficient power available to use all downstream ports
[  197.207749][ T2944] hsr_slave_0: left promiscuous mode
[  197.217329][ T2944] hsr_slave_1: left promiscuous mode
[  197.225045][ T2944] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  197.232640][ T2944] batman_adv: batadv0: Removing interface: batadv_slave_0
[  197.245005][ T2944] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  197.252433][ T2944] batman_adv: batadv0: Removing interface: batadv_slave_1
[  197.259892][ T5231] Bluetooth: hci1: command 0x0c1a tx timeout
[  197.263210][ T5243] Bluetooth: hci3: command 0x0c1a tx timeout
[  197.277707][    T9] hub 3-1:0.0: hub_hub_status failed (err = -71)
[  197.289172][ T8140] Cannot find del_set index 0 as target
[  197.292316][    T9] hub 3-1:0.0: config failed, can't get hub status (err -71)
[  197.302887][ T5373] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  197.314964][ T2944] veth1_macvtap: left promiscuous mode
[  197.319892][    T9] usbhid 3-1:0.0: can't add hid device: -71
[  197.320766][ T2944] veth0_macvtap: left promiscuous mode
[  197.326551][    T9] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  197.333885][ T2944] veth1_vlan: left promiscuous mode
[  197.345432][ T5373] usb 5-1: device descriptor read/8, error -71
[  197.351573][ T2944] veth0_vlan: left promiscuous mode
[  197.384490][    T9] usb 3-1: USB disconnect, device number 50
[  197.607709][ T5373] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  197.643582][ T5373] usb 5-1: device descriptor read/8, error -71
[  197.763175][ T5373] usb usb5-port1: unable to enumerate USB device
[  197.795209][ T2944] team0 (unregistering): Port device team_slave_1 removed
[  197.853656][ T8131] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  197.869131][ T8131] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  197.879343][ T8131] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  197.895717][ T8131] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  197.912076][ T8131] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  197.921213][ T8131] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  197.931966][ T8131] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  198.640513][ T8142] netlink: 'syz.2.611': attribute type 6 has an invalid length.
[  198.701450][ T5283] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  198.741873][ T8095] bridge0: port 1(bridge_slave_0) entered blocking state
[  198.768463][ T8095] bridge0: port 1(bridge_slave_0) entered disabled state
[  198.798200][ T8095] bridge_slave_0: entered allmulticast mode
[  198.816898][ T8095] bridge_slave_0: entered promiscuous mode
[  198.840498][ T8095] bridge0: port 2(bridge_slave_1) entered blocking state
[  198.858573][ T8095] bridge0: port 2(bridge_slave_1) entered disabled state
[  198.871658][ T8095] bridge_slave_1: entered allmulticast mode
[  198.880994][ T5283] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  198.883624][ T8095] bridge_slave_1: entered promiscuous mode
[  198.897285][ T5283] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice= 9.99
[  198.911605][ T5283] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  198.959014][ T5283] usb 1-1: config 0 descriptor??
[  198.972325][ T8095] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  198.982350][ T5283] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  199.028720][ T8095] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  199.064838][ T8174] netlink: 8 bytes leftover after parsing attributes in process `syz.4.623'.
[  199.118048][ T8174] raw_sendmsg: syz.4.623 forgot to set AF_INET. Fix it!
[  199.158624][ T8095] team0: Port device team_slave_0 added
[  199.166074][ T8174] netlink: 48 bytes leftover after parsing attributes in process `syz.4.623'.
[  199.181180][ T5243] Bluetooth: hci0: command 0x0c1a tx timeout
[  199.188716][   T29] audit: type=1326 audit(1727590268.866:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8152 comm="syz.0.615" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf746d579 code=0x7ffc0000
[  199.214910][ T8095] team0: Port device team_slave_1 added
[  199.282313][   T29] audit: type=1326 audit(1727590268.866:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8152 comm="syz.0.615" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf746d579 code=0x7ffc0000
[  199.337571][ T5283] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -2
[  199.341919][   T29] audit: type=1326 audit(1727590268.876:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8152 comm="syz.0.615" exe="/root/syz-executor" sig=0 arch=40000003 syscall=184 compat=1 ip=0xf746d579 code=0x7ffc0000
[  199.390276][ T8095] batman_adv: batadv0: Adding interface: batadv_slave_0
[  199.414780][ T5283] usb 1-1: USB disconnect, device number 25
[  199.422263][ T8095] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  199.448224][    C0] vkms_vblank_simulate: vblank timer overrun
[  199.478974][   T29] audit: type=1326 audit(1727590268.876:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8152 comm="syz.0.615" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf746d579 code=0x7ffc0000
[  199.531817][ T8095] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  199.561347][   T29] audit: type=1326 audit(1727590268.876:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8152 comm="syz.0.615" exe="/root/syz-executor" sig=0 arch=40000003 syscall=301 compat=1 ip=0xf746d579 code=0x7ffc0000
[  199.599729][ T8195] netlink: 4 bytes leftover after parsing attributes in process `syz.4.628'.
[  199.611015][   T29] audit: type=1326 audit(1727590268.876:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8152 comm="syz.0.615" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf746d579 code=0x7ffc0000
[  199.642107][ T8095] batman_adv: batadv0: Adding interface: batadv_slave_1
[  199.659764][ T8095] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  199.685670][    C0] vkms_vblank_simulate: vblank timer overrun
[  199.697316][ T8199] netlink: 4 bytes leftover after parsing attributes in process `syz.4.628'.
[  199.707349][   T29] audit: type=1326 audit(1727590268.886:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8152 comm="syz.0.615" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf746d579 code=0x7ffc0000
[  199.729179][    C0] vkms_vblank_simulate: vblank timer overrun
[  199.763023][ T8095] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  199.903512][ T5243] Bluetooth: hci2: command 0x0c1a tx timeout
[  199.903523][ T5231] Bluetooth: hci3: command 0x0c1a tx timeout
[  199.983018][ T5231] Bluetooth: hci1: command 0x0c1a tx timeout
[  199.989160][ T5243] Bluetooth: hci4: command 0x041b tx timeout
[  200.053236][ T8095] hsr_slave_0: entered promiscuous mode
[  200.106151][ T8095] hsr_slave_1: entered promiscuous mode
[  200.220751][ T8226] debugfs: Directory 'netdev:nicvf0' with parent 'phy37' already present!
[  200.525962][ T8240] netlink: 40 bytes leftover after parsing attributes in process `syz.0.641'.
[  200.792931][ T5283] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  200.846940][ T8257] FAULT_INJECTION: forcing a failure.
[  200.846940][ T8257] name failslab, interval 1, probability 0, space 0, times 0
[  200.873086][ T8257] CPU: 1 UID: 0 PID: 8257 Comm: syz.2.645 Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  200.883414][ T8257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  200.893660][ T8257] Call Trace:
[  200.896963][ T8257]  <TASK>
[  200.899908][ T8257]  dump_stack_lvl+0x241/0x360
[  200.904610][ T8257]  ? __pfx_dump_stack_lvl+0x10/0x10
[  200.909901][ T8257]  ? __pfx__printk+0x10/0x10
[  200.909950][ T8257]  ? __kmalloc_cache_noprof+0x44/0x2c0
[  200.920002][ T8257]  ? __pfx___might_resched+0x10/0x10
[  200.925332][ T8257]  should_fail_ex+0x3b0/0x4e0
[  200.930045][ T8257]  should_failslab+0xac/0x100
[  200.934749][ T8257]  ? kvm_arch_vcpu_ioctl+0x126e/0x2b50
[  200.940238][ T8257]  __kmalloc_cache_noprof+0x6c/0x2c0
[  200.945558][ T8257]  kvm_arch_vcpu_ioctl+0x126e/0x2b50
[  200.950869][ T8257]  ? __lock_acquire+0x1384/0x2050
[  200.955925][ T8257]  ? validate_chain+0x11e/0x5920
[  200.960885][ T8257]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[  200.966533][ T8257]  ? __pfx_lock_acquire+0x10/0x10
[  200.971584][ T8257]  ? __pfx_validate_chain+0x10/0x10
[  200.976773][ T8257]  ? __pfx_lock_release+0x10/0x10
[  200.981798][ T8257]  ? unwind_next_frame+0x18e6/0x22d0
[  200.987083][ T8257]  ? preempt_count_add+0x93/0x190
[  200.992108][ T8257]  ? is_bpf_text_address+0x285/0x2a0
[  200.997389][ T8257]  ? is_bpf_text_address+0x26/0x2a0
[  201.002607][ T8257]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  201.008801][ T8257]  ? kernel_text_address+0xa7/0xe0
[  201.013949][ T8257]  ? __kernel_text_address+0xd/0x40
[  201.019183][ T8257]  ? unwind_get_return_address+0x4d/0x90
[  201.024859][ T8257]  ? mark_lock+0x9a/0x360
[  201.029217][ T8257]  ? __lock_acquire+0x1384/0x2050
[  201.032965][    T8] usb 5-1: new low-speed USB device number 38 using dummy_hcd
[  201.034284][ T8257]  ? __mutex_trylock_common+0x183/0x2e0
[  201.047295][ T8257]  ? __pfx___might_resched+0x10/0x10
[  201.052617][ T8257]  ? __pfx___mutex_trylock_common+0x10/0x10
[  201.058541][ T8257]  ? rcu_is_watching+0x15/0xb0
[  201.063329][ T8257]  ? trace_contention_end+0x3c/0x120
[  201.068639][ T8257]  ? __mutex_lock+0x2ef/0xd70
[  201.073345][ T8257]  ? kvm_vcpu_ioctl+0x1da/0xea0
[  201.078221][ T8257]  ? __pfx___mutex_lock+0x10/0x10
[  201.083283][ T8257]  ? kfree+0x1a0/0x440
[  201.087397][ T8257]  kvm_vcpu_ioctl+0x73e/0xea0
[  201.092106][ T8257]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  201.097337][ T8257]  ? tomoyo_path_number_perm+0x208/0x880
[  201.102993][ T8257]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  201.109099][ T8257]  ? __pfx_lock_acquire+0x10/0x10
[  201.114175][ T8257]  kvm_vcpu_compat_ioctl+0x23f/0x450
[  201.119501][ T8257]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  201.125333][ T8257]  ? __fget_files+0x3f3/0x470
[  201.130062][ T8257]  __se_compat_sys_ioctl+0x510/0xc90
[  201.135373][ T8257]  ? __pfx___se_compat_sys_ioctl+0x10/0x10
[  201.141211][ T8257]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  201.147223][ T8257]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  201.153592][ T8257]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  201.160212][ T8257]  ? lockdep_hardirqs_on+0x99/0x150
[  201.165445][ T8257]  __do_fast_syscall_32+0xb4/0x110
[  201.170578][ T8257]  ? exc_page_fault+0x590/0x8c0
[  201.175455][ T8257]  do_fast_syscall_32+0x34/0x80
[  201.180330][ T8257]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  201.186685][ T8257] RIP: 0023:0xf73cd579
[  201.190769][ T8257] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  201.210394][ T8257] RSP: 002b:00000000f56b656c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  201.218812][ T8257] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000008400ae8e
[  201.226778][ T8257] RDX: 0000000020000500 RSI: 0000000000000000 RDI: 0000000000000000
[  201.234741][ T8257] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  201.242708][ T8257] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  201.250668][ T8257] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  201.258640][ T8257]  </TASK>
[  201.282901][    T8] usb 5-1: Invalid ep0 maxpacket: 16
[  201.346994][ T5283] usb 2-1: device descriptor read/64, error -71
[  201.433346][    T8] usb 5-1: new low-speed USB device number 39 using dummy_hcd
[  201.592984][    T8] usb 5-1: Invalid ep0 maxpacket: 16
[  201.599985][    T8] usb usb5-port1: attempt power cycle
[  201.643690][ T5283] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[  201.714760][ T8095] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  201.726247][ T8095] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  201.733309][ T5373] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  201.749411][ T8095] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  201.764799][ T8095] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  201.782944][ T5283] usb 2-1: device descriptor read/64, error -71
[  201.876225][ T8095] 8021q: adding VLAN 0 to HW filter on device bond0
[  201.893248][ T5283] usb usb2-port1: attempt power cycle
[  201.905994][ T5373] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  201.927297][ T8095] 8021q: adding VLAN 0 to HW filter on device team0
[  201.935399][ T5373] usb 3-1: config 0 has no interfaces?
[  201.953508][ T5373] usb 3-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  201.967805][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  201.975008][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  201.984869][    T8] usb 5-1: new low-speed USB device number 40 using dummy_hcd
[  202.000435][ T5373] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.015871][ T2972] bridge0: port 2(bridge_slave_1) entered blocking state
[  202.023059][ T2972] bridge0: port 2(bridge_slave_1) entered forwarding state
[  202.034517][    T8] usb 5-1: Invalid ep0 maxpacket: 16
[  202.041677][ T5373] usb 3-1: config 0 descriptor??
[  202.053162][ T5243] Bluetooth: hci4: command 0x041b tx timeout
[  202.175214][    T8] usb 5-1: new low-speed USB device number 41 using dummy_hcd
[  202.229872][    T8] usb 5-1: Invalid ep0 maxpacket: 16
[  202.236877][    T8] usb usb5-port1: unable to enumerate USB device
[  202.242831][ T5283] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[  202.274127][ T8095] 8021q: adding VLAN 0 to HW filter on device batadv0
[  202.275430][ T5283] usb 2-1: device descriptor read/8, error -71
[  202.305403][ T5373] usb 3-1: string descriptor 0 read error: -71
[  202.326934][ T5373] usb 3-1: USB disconnect, device number 51
[  202.381211][ T8095] veth0_vlan: entered promiscuous mode
[  202.429092][ T8095] veth1_vlan: entered promiscuous mode
[  202.452489][ T8095] veth0_macvtap: entered promiscuous mode
[  202.462384][ T8095] veth1_macvtap: entered promiscuous mode
[  202.477941][ T8095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  202.488473][ T8095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  202.498599][ T8095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  202.509142][ T8095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  202.519189][ T8095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  202.530111][ T8095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  202.540199][ T8095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  202.550735][ T8095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  202.562081][ T8095] batman_adv: batadv0: Interface activated: batadv_slave_0
[  202.572087][ T8095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  202.582625][ T8095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  202.592888][ T8095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  202.603593][ T8095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  202.613933][ T8095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  202.622793][ T5283] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[  202.624823][ T8095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  202.642634][ T8095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  202.653337][ T5283] usb 2-1: device descriptor read/8, error -71
[  202.659712][ T8095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  202.670892][ T8095] batman_adv: batadv0: Interface activated: batadv_slave_1
[  202.689360][ T8095] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  202.698821][ T8095] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  202.707712][ T8095] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  202.716558][ T8095] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  202.764169][ T5283] usb usb2-port1: unable to enumerate USB device
[  202.865483][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  202.886061][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  202.935521][ T2944] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  202.951982][ T2944] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  203.159723][  T730] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.207673][ T8319] bond_slave_0: entered promiscuous mode
[  203.213478][ T8319] bond_slave_1: entered promiscuous mode
[  203.240171][ T8323] bond_slave_0: left promiscuous mode
[  203.245809][ T8323] bond_slave_1: left promiscuous mode
[  203.330663][   T29] audit: type=1326 audit(1727590273.006:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8330 comm="syz.3.597" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x0
[  203.376094][  T730] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.522406][  T730] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.756953][  T730] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.757848][ T5231] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  203.779410][ T5231] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  203.792223][ T5231] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  203.802148][ T5231] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  203.804165][ T8344] binder: BINDER_SET_CONTEXT_MGR already set
[  203.827262][ T5231] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  203.836395][ T5231] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  203.899520][ T8344] binder: 8342:8344 ioctl 4018620d 20000040 returned -16
[  203.974428][ T8345] netlink: 24 bytes leftover after parsing attributes in process `syz.2.658'.
[  204.047254][ T5243] Bluetooth: hci2: Malformed LE Event: 0x0b
[  204.126037][  T730] bridge_slave_1: left allmulticast mode
[  204.132966][ T5243] Bluetooth: hci4: command 0x041b tx timeout
[  204.180682][  T730] bridge_slave_1: left promiscuous mode
[  204.213047][  T730] bridge0: port 2(bridge_slave_1) entered disabled state
[  204.250192][  T730] bridge_slave_0: left allmulticast mode
[  204.264951][  T730] bridge_slave_0: left promiscuous mode
[  204.288305][  T730] bridge0: port 1(bridge_slave_0) entered disabled state
[  204.423107][ T1173] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[  204.592918][ T1173] usb 2-1: Using ep0 maxpacket: 32
[  204.602412][ T1173] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  204.619486][ T1173] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  204.630802][ T1173] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  204.642197][ T1173] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  204.651444][ T1173] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  204.662831][ T1173] usb 2-1: config 0 descriptor??
[  204.673429][ T8364] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  204.681883][ T1173] hub 2-1:0.0: USB hub found
[  204.798586][  T730] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  204.810377][  T730] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  204.821499][  T730] bond0 (unregistering): Released all slaves
[  204.901877][ T5243] Bluetooth: hci0: unexpected event for opcode 0x5535
[  204.975174][ T1173] hub 2-1:0.0: 2 ports detected
[  205.000378][ T1173] hub 2-1:0.0: insufficient power available to use all downstream ports
[  205.069615][ T8384] netlink: 8 bytes leftover after parsing attributes in process `syz.4.666'.
[  205.089645][ T8385] netlink: 8 bytes leftover after parsing attributes in process `syz.4.666'.
[  205.099287][ T8390] netlink: 48 bytes leftover after parsing attributes in process `syz.3.665'.
[  205.119375][ T8382] netlink: 8 bytes leftover after parsing attributes in process `syz.3.665'.
[  205.179889][ T1173] hub 2-1:0.0: hub_hub_status failed (err = -71)
[  205.197286][ T1173] hub 2-1:0.0: config failed, can't get hub status (err -71)
[  205.228250][ T1173] usbhid 2-1:0.0: can't add hid device: -71
[  205.280224][ T1173] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  205.326394][ T1173] usb 2-1: USB disconnect, device number 60
[  205.894830][ T5243] Bluetooth: hci1: command tx timeout
[  206.066058][ T8421] mac80211_hwsim hwsim45 syzkaller0: entered promiscuous mode
[  206.099384][ T8421] mac80211_hwsim hwsim45 syzkaller0: entered allmulticast mode
[  206.199579][  T730] hsr_slave_0: left promiscuous mode
[  206.213185][ T5243] Bluetooth: hci4: command 0x041b tx timeout
[  206.252381][  T730] hsr_slave_1: left promiscuous mode
[  206.278437][  T730] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  206.286781][  T730] batman_adv: batadv0: Removing interface: batadv_slave_0
[  206.298339][  T730] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  206.315724][  T730] batman_adv: batadv0: Removing interface: batadv_slave_1
[  206.392586][  T730] veth1_macvtap: left promiscuous mode
[  206.402827][  T730] veth0_macvtap: left promiscuous mode
[  206.412921][ T5283] usb 5-1: new full-speed USB device number 42 using dummy_hcd
[  206.420799][  T730] veth1_vlan: left promiscuous mode
[  206.437584][  T730] veth0_vlan: left promiscuous mode
[  206.612408][ T5283] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  206.636618][ T5283] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 8
[  206.646650][ T5283] usb 5-1: New USB device found, idVendor=045e, idProduct=01da, bcdDevice= 0.80
[  206.661331][ T5283] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.677005][ T5283] usb 5-1: config 0 descriptor??
[  207.028541][  T730] team0 (unregistering): Port device team_slave_1 removed
[  207.083701][  T730] team0 (unregistering): Port device team_slave_0 removed
[  207.652078][ T8356] chnl_net:caif_netlink_parms(): no params data found
[  207.694222][ T8431] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  207.712734][ T8431] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  207.718910][ T8431] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  207.728841][ T8431] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  207.753183][ T8431] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  207.759195][ T8431] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  207.811657][ T8431] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  207.834478][ T8356] bridge0: port 1(bridge_slave_0) entered blocking state
[  207.853095][ T8356] bridge0: port 1(bridge_slave_0) entered disabled state
[  207.860452][ T8356] bridge_slave_0: entered allmulticast mode
[  207.868212][ T8356] bridge_slave_0: entered promiscuous mode
[  207.884680][ T8356] bridge0: port 2(bridge_slave_1) entered blocking state
[  207.902176][ T8356] bridge0: port 2(bridge_slave_1) entered disabled state
[  207.922586][ T8356] bridge_slave_1: entered allmulticast mode
[  207.961487][ T8356] bridge_slave_1: entered promiscuous mode
[  208.124966][ T8356] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  208.175754][ T8356] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  208.279759][ T8356] team0: Port device team_slave_0 added
[  208.309956][ T8356] team0: Port device team_slave_1 added
[  208.392346][ T8356] batman_adv: batadv0: Adding interface: batadv_slave_0
[  208.426517][ T5286] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  208.434309][ T8356] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  208.468342][ T8356] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  208.494768][ T8356] batman_adv: batadv0: Adding interface: batadv_slave_1
[  208.501832][ T8356] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  208.573699][ T8356] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  208.622818][ T5286] usb 3-1: Using ep0 maxpacket: 16
[  208.629816][ T5286] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  208.645845][ T5286] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  208.661972][ T5286] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  208.675484][ T5281] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[  208.690190][ T5286] usb 3-1: Product: syz
[  208.694641][ T5286] usb 3-1: Manufacturer: syz
[  208.699245][ T5286] usb 3-1: SerialNumber: syz
[  208.711580][ T5286] usb 3-1: config 0 descriptor??
[  208.722109][ T5283] usb 5-1: USB disconnect, device number 42
[  208.739620][ T5286] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  208.755373][ T5286] em28xx 3-1:0.0: DVB interface 0 found: bulk
[  208.788603][ T8356] hsr_slave_0: entered promiscuous mode
[  208.803442][ T8356] hsr_slave_1: entered promiscuous mode
[  208.809965][ T8356] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  208.819284][ T8356] Cannot create hsr debugfs directory
[  208.853697][ T5281] usb 2-1: Using ep0 maxpacket: 32
[  208.866489][ T5281] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  208.896070][ T5281] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  208.932844][ T5281] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  208.962791][ T5281] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  208.977176][ T5281] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.994704][ T5281] usb 2-1: config 0 descriptor??
[  209.000853][ T8464] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  209.025007][ T5281] hub 2-1:0.0: USB hub found
[  209.226374][ T5243] Bluetooth: hci0: unexpected event for opcode 0x5535
[  209.285191][ T5281] hub 2-1:0.0: 2 ports detected
[  209.337203][ T5281] hub 2-1:0.0: insufficient power available to use all downstream ports
[  209.346386][ T5286] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  209.500036][ T5281] hub 2-1:0.0: hub_hub_status failed (err = -71)
[  209.523429][ T5281] hub 2-1:0.0: config failed, can't get hub status (err -71)
[  209.552171][ T5281] usbhid 2-1:0.0: can't add hid device: -71
[  209.552977][ T5282] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  209.559750][ T5281] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  209.606510][ T5281] usb 2-1: USB disconnect, device number 61
[  209.733155][ T5243] Bluetooth: hci4: command 0x041b tx timeout
[  209.739319][ T5243] Bluetooth: hci2: command 0x0c1a tx timeout
[  209.744006][ T5231] Bluetooth: hci3: command 0x0c1a tx timeout
[  209.778826][ T5282] usb 5-1: config 1 interface 0 altsetting 234 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  209.794583][ T5282] usb 5-1: config 1 interface 0 has no altsetting 0
[  209.816591][ T5231] Bluetooth: hci1: command 0x040f tx timeout
[  209.832964][ T5282] usb 5-1: New USB device found, idVendor=1b96, idProduct=0004, bcdDevice= 0.40
[  209.838563][ T8356] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  209.843851][ T5282] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  209.857249][ T5282] usb 5-1: Product: syz
[  209.861471][ T5282] usb 5-1: Manufacturer: syz
[  209.866246][ T5282] usb 5-1: SerialNumber: syz
[  209.875100][ T5282] usb 5-1: rejected 1 configuration due to insufficient available bus power
[  209.882515][ T8356] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  209.883915][ T5282] usb 5-1: no configuration chosen from 1 choice
[  209.915934][ T8356] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  209.925466][ T8356] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  209.962819][ T5272] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  210.011319][ T5286] em28xx 3-1:0.0: read from i2c device at 0xa0 failed with unknown error (status=65)
[  210.018855][ T8356] 8021q: adding VLAN 0 to HW filter on device bond0
[  210.040091][ T5286] em28xx 3-1:0.0: board has no eeprom
[  210.059954][ T8356] 8021q: adding VLAN 0 to HW filter on device team0
[  210.080990][  T730] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.088170][  T730] bridge0: port 1(bridge_slave_0) entered forwarding state
[  210.132959][ T5272] usb 4-1: Using ep0 maxpacket: 8
[  210.160883][ T8356] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  210.171381][ T8356] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  210.184956][  T730] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.192086][  T730] bridge0: port 2(bridge_slave_1) entered forwarding state
[  210.208818][ T5272] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  210.228652][ T5272] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  210.239254][ T5272] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  210.256613][ T5272] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  210.292221][ T8356] 8021q: adding VLAN 0 to HW filter on device batadv0
[  210.315415][ T5272] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  210.347677][ T5272] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  210.353120][ T5286] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  210.366590][ T5286] em28xx 3-1:0.0: dvb set to bulk mode.
[  210.372443][ T5282] em28xx 3-1:0.0: Binding DVB extension
[  210.379812][ T8356] veth0_vlan: entered promiscuous mode
[  210.405267][ T5286] usb 3-1: USB disconnect, device number 52
[  210.423814][ T5286] em28xx 3-1:0.0: Disconnecting em28xx
[  210.457190][ T5282] em28xx 3-1:0.0: Registering input extension
[  210.479087][ T5286] em28xx 3-1:0.0: Closing input extension
[  210.482522][ T8356] veth1_vlan: entered promiscuous mode
[  210.534779][ T5286] em28xx 3-1:0.0: Freeing device
[  210.545129][ T8356] veth0_macvtap: entered promiscuous mode
[  210.575580][ T8356] veth1_macvtap: entered promiscuous mode
[  210.614159][ T8356] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  210.626880][ T8356] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.639581][ T8356] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  210.653588][ T8356] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.667587][ T8356] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  210.678298][ T8356] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.692054][ T8356] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  210.703674][ T8356] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.715845][ T8356] batman_adv: batadv0: Interface activated: batadv_slave_0
[  210.735389][ T8356] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  210.762824][ T8356] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.773752][ T8356] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  210.788564][ T8356] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.798599][ T8356] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  210.809967][ T5272] usb 4-1: usb_control_msg returned -71
[  210.816450][ T5272] usbtmc 4-1:16.0: can't read capabilities
[  210.826469][ T8356] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.837492][ T5272] usb 4-1: USB disconnect, device number 44
[  210.855608][ T8356] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  210.870223][ T8356] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.887715][ T8356] batman_adv: batadv0: Interface activated: batadv_slave_1
[  210.907760][ T8356] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  210.933827][ T8356] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  210.942557][ T8356] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  210.960253][ T8356] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  211.023521][ T8504] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  211.029610][ T8504] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  211.042556][ T8504] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  211.052312][ T8504] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  211.059369][ T8504] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  211.128958][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  211.138384][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  211.204395][ T2944] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  211.224820][ T2944] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  211.776217][ T8537] netlink: 4 bytes leftover after parsing attributes in process `syz.1.689'.
[  211.881415][ T8556] netlink: 4 bytes leftover after parsing attributes in process `syz.2.692'.
[  212.095942][ T8566] netlink: 'syz.0.694': attribute type 21 has an invalid length.
[  212.205050][ T8570] netlink: 'syz.0.695': attribute type 1 has an invalid length.
[  212.366061][ T5272] usb 5-1: USB disconnect, device number 43
[  212.453846][ T5231] Bluetooth: hci0: command 0x0c1a tx timeout
[  212.481273][ T8582] FAULT_INJECTION: forcing a failure.
[  212.481273][ T8582] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  212.541818][ T8582] CPU: 0 UID: 0 PID: 8582 Comm: syz.4.699 Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  212.552117][ T8582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  212.562203][ T8582] Call Trace:
[  212.565503][ T8582]  <TASK>
[  212.568455][ T8582]  dump_stack_lvl+0x241/0x360
[  212.573160][ T8582]  ? __pfx_dump_stack_lvl+0x10/0x10
[  212.578384][ T8582]  ? __pfx__printk+0x10/0x10
[  212.583003][ T8582]  ? snprintf+0xda/0x120
[  212.587271][ T8582]  should_fail_ex+0x3b0/0x4e0
[  212.591976][ T8582]  _copy_to_user+0x2f/0xb0
[  212.596419][ T8582]  simple_read_from_buffer+0xca/0x150
[  212.601812][ T8582]  proc_fail_nth_read+0x1e9/0x250
[  212.606868][ T8582]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  212.612446][ T8582]  ? rw_verify_area+0x55e/0x6f0
[  212.617410][ T8582]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  212.622986][ T8582]  vfs_read+0x201/0xbc0
[  212.627176][ T8582]  ? __pfx_vfs_read+0x10/0x10
[  212.631898][ T8582]  ? fdget_pos+0x265/0x320
[  212.636342][ T8582]  ksys_read+0x183/0x2b0
[  212.640607][ T8582]  ? __pfx_ksys_read+0x10/0x10
[  212.645396][ T8582]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  212.652023][ T8582]  ? lockdep_hardirqs_on+0x99/0x150
[  212.657261][ T8582]  __do_fast_syscall_32+0xb4/0x110
[  212.662396][ T8582]  ? exc_page_fault+0x590/0x8c0
[  212.667276][ T8582]  do_fast_syscall_32+0x34/0x80
[  212.672160][ T8582]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  212.678519][ T8582] RIP: 0023:0xf73cd579
[  212.682602][ T8582] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  212.702323][ T8582] RSP: 002b:00000000f56b65a0 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  212.710773][ T8582] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f56b6620
[  212.718774][ T8582] RDX: 000000000000000f RSI: 00000000f73bbff4 RDI: 0000000000000000
[  212.726768][ T8582] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  212.734768][ T8582] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  212.742761][ T8582] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  212.750858][ T8582]  </TASK>
[  213.093330][ T5231] Bluetooth: hci1: command 0x040f tx timeout
[  213.093948][ T5243] Bluetooth: hci4: command 0x041b tx timeout
[  213.099433][ T5231] Bluetooth: hci2: command 0x0c1a tx timeout
[  213.105402][ T5237] Bluetooth: hci3: command 0x0c1a tx timeout
[  213.239283][ T8578] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  213.259242][ T8578] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  213.271456][ T8578] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  213.279435][ T8578] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  213.290774][ T8578] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  213.563670][ T5272] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  213.658304][ T8634] FAULT_INJECTION: forcing a failure.
[  213.658304][ T8634] name failslab, interval 1, probability 0, space 0, times 0
[  213.673563][ T8634] CPU: 0 UID: 0 PID: 8634 Comm: syz.2.714 Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  213.683843][ T8634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  213.693916][ T8634] Call Trace:
[  213.697224][ T8634]  <TASK>
[  213.700145][ T8634]  dump_stack_lvl+0x241/0x360
[  213.704832][ T8634]  ? __pfx_dump_stack_lvl+0x10/0x10
[  213.710038][ T8634]  ? __pfx__printk+0x10/0x10
[  213.714636][ T8634]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[  213.720642][ T8634]  ? __pfx___might_resched+0x10/0x10
[  213.725921][ T8634]  ? kasan_save_track+0x51/0x80
[  213.730761][ T8634]  ? __kasan_kmalloc+0x98/0xb0
[  213.735533][ T8634]  should_fail_ex+0x3b0/0x4e0
[  213.740224][ T8634]  should_failslab+0xac/0x100
[  213.744919][ T8634]  ? __alloc_skb+0x1c3/0x440
[  213.749518][ T8634]  kmem_cache_alloc_node_noprof+0x71/0x320
[  213.755334][ T8634]  __alloc_skb+0x1c3/0x440
[  213.759781][ T8634]  ? __pfx___alloc_skb+0x10/0x10
[  213.764728][ T8634]  _sctp_make_chunk+0x58/0x460
[  213.769523][ T8634]  sctp_make_datafrag_empty+0xa6/0x510
[  213.775000][ T8634]  ? sctp_assoc_set_bind_addr_from_cookie+0x10/0x130
[  213.781786][ T8634]  ? __kmalloc_cache_noprof+0x19c/0x2c0
[  213.787330][ T8634]  ? sctp_auth_send_cid+0x69/0x250
[  213.792444][ T8634]  sctp_datamsg_from_user+0x740/0xf20
[  213.797815][ T8634]  ? sctp_sched_fc_sched_all+0x3cf/0x3f0
[  213.803473][ T8634]  sctp_sendmsg_to_asoc+0xf7e/0x1800
[  213.808790][ T8634]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  213.814782][ T8634]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  213.821140][ T8634]  ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10
[  213.826890][ T8634]  ? __local_bh_enable_ip+0x168/0x200
[  213.832316][ T8634]  ? sctp_sendmsg+0xbb9/0x3520
[  213.837079][ T8634]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  213.842808][ T8634]  ? sctp_sendmsg_check_sflags+0x181/0x2c0
[  213.848630][ T8634]  sctp_sendmsg+0x1bc3/0x3520
[  213.853326][ T8634]  ? aa_sk_perm+0x96d/0xab0
[  213.857834][ T8634]  ? __pfx_sctp_sendmsg+0x10/0x10
[  213.862868][ T8634]  ? __pfx_aa_sk_perm+0x10/0x10
[  213.867757][ T8634]  ? inet_sendmsg+0x330/0x390
[  213.872431][ T8634]  __sock_sendmsg+0x1a6/0x270
[  213.877106][ T8634]  sock_write_iter+0x2d7/0x3f0
[  213.881881][ T8634]  ? __pfx_sock_write_iter+0x10/0x10
[  213.887195][ T8634]  do_iter_readv_writev+0x600/0x880
[  213.892399][ T8634]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  213.898131][ T8634]  ? bpf_lsm_file_permission+0x9/0x10
[  213.903503][ T8634]  ? security_file_permission+0x74/0x280
[  213.909146][ T8634]  ? rw_verify_area+0x1c3/0x6f0
[  213.914020][ T8634]  vfs_writev+0x376/0xba0
[  213.918371][ T8634]  ? __pfx_vfs_writev+0x10/0x10
[  213.923254][ T8634]  ? fdget_pos+0x19a/0x320
[  213.927679][ T8634]  do_writev+0x1b1/0x350
[  213.931917][ T8634]  ? __pfx_do_writev+0x10/0x10
[  213.936683][ T8634]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  213.943279][ T8634]  ? lockdep_hardirqs_on+0x99/0x150
[  213.948578][ T8634]  __do_fast_syscall_32+0xb4/0x110
[  213.953693][ T8634]  ? exc_page_fault+0x590/0x8c0
[  213.958555][ T8634]  do_fast_syscall_32+0x34/0x80
[  213.963410][ T8634]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  213.969755][ T8634] RIP: 0023:0xf73cd579
[  213.973829][ T8634] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  213.993471][ T8634] RSP: 002b:00000000f56b656c EFLAGS: 00000206 ORIG_RAX: 0000000000000092
[  214.001939][ T8634] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020001300
[  214.009932][ T8634] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  214.017903][ T8634] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  214.025890][ T8634] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  214.033885][ T8634] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  214.041875][ T8634]  </TASK>
[  214.049643][    T9] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  214.082826][ T5272] usb 4-1: Using ep0 maxpacket: 16
[  214.092333][ T5272] usb 4-1: New USB device found, idVendor=12d6, idProduct=0444, bcdDevice=6c.de
[  214.101675][ T5272] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  214.112643][ T5272] usb 4-1: Product: syz
[  214.117665][ T5272] usb 4-1: Manufacturer: syz
[  214.122736][ T5272] usb 4-1: SerialNumber: syz
[  214.128817][ T5272] usb 4-1: config 0 descriptor??
[  214.139196][ T5272] ems_usb 4-1:0.0 (unnamed net_device) (uninitialized): couldn't initialize controller: -22
[  214.150167][ T5272] ems_usb 4-1:0.0: probe with driver ems_usb failed with error -22
[  214.193009][ T5373] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[  214.200765][    T8] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  214.232845][    T9] usb 1-1: Using ep0 maxpacket: 16
[  214.245136][    T9] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[  214.260925][    T9] usb 1-1: config 0 has no interface number 0
[  214.270246][    T9] usb 1-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  214.281254][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  214.290310][    T9] usb 1-1: Product: syz
[  214.294818][    T9] usb 1-1: Manufacturer: syz
[  214.300092][    T9] usb 1-1: SerialNumber: syz
[  214.316196][    T9] usb 1-1: config 0 descriptor??
[  214.352822][    T8] usb 5-1: Using ep0 maxpacket: 16
[  214.362290][ T5373] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  214.370744][ T5373] usb 2-1: config 0 has no interface number 0
[  214.377207][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  214.398392][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  214.412154][    T8] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  214.422600][ T5373] usb 2-1: New USB device found, idVendor=0bb4, idProduct=0a26, bcdDevice=bb.83
[  214.431935][ T8641] netlink: 16 bytes leftover after parsing attributes in process `syz.3.708'.
[  214.440932][ T5373] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  214.449122][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  214.457192][ T5373] usb 2-1: Product: syz
[  214.461365][ T5373] usb 2-1: Manufacturer: syz
[  214.466984][ T5373] usb 2-1: SerialNumber: syz
[  214.473975][    T8] usb 5-1: config 0 descriptor??
[  214.480257][ T5373] usb 2-1: config 0 descriptor??
[  214.532161][    T9] usb 1-1: USB disconnect, device number 26
[  214.533121][ T5231] Bluetooth: hci0: command 0x0c1a tx timeout
[  214.672922][ T5286] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  214.692648][ T8632] netlink: 'syz.4.713': attribute type 30 has an invalid length.
[  214.834316][ T5286] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  214.845602][ T5286] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  214.860463][ T5373] hub 2-1:0.1: bad descriptor, ignoring hub
[  214.862814][ T5286] usb 3-1: New USB device found, idVendor=056e, idProduct=010c, bcdDevice= 0.00
[  214.875549][ T5373] hub 2-1:0.1: probe with driver hub failed with error -5
[  214.887324][ T5286] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  214.911724][ T5373] usb 2-1: USB disconnect, device number 62
[  214.915303][ T5286] usb 3-1: config 0 descriptor??
[  215.328613][ T5286] elecom 0003:056E:010C.000D: unknown main item tag 0x0
[  215.335782][ T5243] Bluetooth: hci4: command 0x041b tx timeout
[  215.335829][ T5243] Bluetooth: hci2: command 0x0c1a tx timeout
[  215.335891][ T5243] Bluetooth: hci3: command 0x0c1a tx timeout
[  215.335961][ T5231] Bluetooth: hci1: command 0x040f tx timeout
[  215.366098][ T5286] elecom 0003:056E:010C.000D: unknown main item tag 0x0
[  215.373234][ T5286] elecom 0003:056E:010C.000D: unknown main item tag 0x0
[  215.380219][ T5286] elecom 0003:056E:010C.000D: unknown main item tag 0x0
[  215.387277][ T5286] elecom 0003:056E:010C.000D: unknown main item tag 0x0
[  215.400976][ T5286] elecom 0003:056E:010C.000D: hidraw0: USB HID v0.00 Device [HID 056e:010c] on usb-dummy_hcd.2-1/input0
[  215.565210][ T8642] ip6gretap0: entered promiscuous mode
[  215.581250][ T8642] ip6gretap0: left promiscuous mode
[  215.638269][    T8] usbhid 5-1:0.0: can't add hid device: -71
[  215.646512][    T8] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  215.662197][    T8] usb 5-1: USB disconnect, device number 44
[  215.745343][ T8658] netlink: 76 bytes leftover after parsing attributes in process `syz.4.721'.
[  215.853466][ T8664] netlink: 'syz.4.723': attribute type 13 has an invalid length.
[  215.864618][ T8664] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  215.878221][ T8664] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  215.886002][ T8664] gretap1: entered promiscuous mode
[  215.891243][ T8664] gretap1: entered allmulticast mode
[  216.070782][   T29] audit: type=1326 audit(1727590285.746:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8668 comm="syz.0.725" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe0579 code=0x7ffc0000
[  216.093961][   T29] audit: type=1326 audit(1727590285.746:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8668 comm="syz.0.725" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe0579 code=0x7ffc0000
[  216.118458][   T29] audit: type=1326 audit(1727590285.746:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8668 comm="syz.0.725" exe="/root/syz-executor" sig=0 arch=40000003 syscall=219 compat=1 ip=0xf7fe0579 code=0x7ffc0000
[  216.141364][ T8672] usb usb9: usbfs: process 8672 (syz.0.725) did not claim interface 0 before use
[  216.158042][   T29] audit: type=1326 audit(1727590285.746:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8668 comm="syz.0.725" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe0579 code=0x7ffc0000
[  216.186361][   T29] audit: type=1326 audit(1727590285.756:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8668 comm="syz.0.725" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe0579 code=0x7ffc0000
[  216.200054][ T5286] usb 4-1: USB disconnect, device number 45
[  216.216556][   T29] audit: type=1326 audit(1727590285.756:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8668 comm="syz.0.725" exe="/root/syz-executor" sig=0 arch=40000003 syscall=171 compat=1 ip=0xf7fe0579 code=0x7ffc0000
[  216.216596][   T29] audit: type=1326 audit(1727590285.756:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8668 comm="syz.0.725" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe0579 code=0x7ffc0000
[  216.216628][   T29] audit: type=1326 audit(1727590285.756:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8668 comm="syz.0.725" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe0579 code=0x7ffc0000
[  216.216659][   T29] audit: type=1326 audit(1727590285.756:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8668 comm="syz.0.725" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fe0579 code=0x7ffc0000
[  216.216690][   T29] audit: type=1326 audit(1727590285.756:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8668 comm="syz.0.725" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe0579 code=0x7ffc0000
[  216.334663][ T8649] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  216.342430][ T8649] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  216.352258][ T8649] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  216.359470][ T8649] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  216.365795][ T8649] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  216.387710][ T1173] usb 3-1: USB disconnect, device number 53
[  216.836152][    T8] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  216.982936][    T8] usb 5-1: device descriptor read/64, error -71
[  217.041309][ T8710] netlink: 'syz.2.740': attribute type 10 has an invalid length.
[  217.072426][ T8710] 8021q: adding VLAN 0 to HW filter on device team0
[  217.080674][ T8710] bond0: (slave team0): Enslaving as an active interface with an up link
[  217.092398][ T8710] netlink: 'syz.2.740': attribute type 10 has an invalid length.
[  217.104202][ T5286] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[  217.242940][    T8] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  217.262866][ T5286] usb 2-1: Using ep0 maxpacket: 32
[  217.273633][ T5286] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[  217.284745][ T5286] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  217.295723][ T5286] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  217.305598][ T5286] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[  217.318738][ T5286] usb 2-1: New USB device found, idVendor=056a, idProduct=00b3, bcdDevice= 0.00
[  217.329583][ T5286] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  217.343414][ T5286] usb 2-1: config 0 descriptor??
[  217.393153][    T8] usb 5-1: device descriptor read/64, error -71
[  217.466129][ T8716] netlink: 4 bytes leftover after parsing attributes in process `syz.0.742'.
[  217.476203][ T8716] netlink: 8 bytes leftover after parsing attributes in process `syz.0.742'.
[  217.524697][    T8] usb usb5-port1: attempt power cycle
[  217.680466][ T8726] netlink: 4 bytes leftover after parsing attributes in process `syz.3.745'.
[  217.768613][ T5286] wacom 0003:056A:00B3.000E: unknown main item tag 0x0
[  217.778935][ T5286] wacom 0003:056A:00B3.000E: Unknown device_type for 'HID 056a:00b3'. Assuming pen.
[  217.793919][ T5286] wacom 0003:056A:00B3.000E: hidraw0: USB HID v0.00 Device [HID 056a:00b3] on usb-dummy_hcd.1-1/input0
[  217.813580][ T5286] input: Wacom Intuos3 12x12 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:00B3.000E/input/input15
[  217.874758][    T8] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  217.904124][    T8] usb 5-1: device descriptor read/8, error -71
[  217.981411][ T8712] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  217.996769][ T8712] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  218.013179][ T8712] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  218.023229][    T9] usb 2-1: USB disconnect, device number 63
[  218.038321][ T8712] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  218.048394][ T8712] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  218.183853][    T8] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  218.233452][    T8] usb 5-1: device descriptor read/8, error -71
[  218.343041][    T8] usb usb5-port1: unable to enumerate USB device
[  218.512857][ T5286] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  218.553829][ T8750] fuse: Bad value for 'user_id'
[  218.572807][ T8750] fuse: Bad value for 'user_id'
[  218.672830][ T5286] usb 4-1: Using ep0 maxpacket: 32
[  218.679426][ T5286] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  218.691156][ T5286] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  218.704162][ T5286] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  218.715515][ T5286] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  218.724650][ T5286] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  218.737700][ T5286] usb 4-1: config 0 descriptor??
[  218.743309][ T8739] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  218.751647][ T5286] hub 4-1:0.0: USB hub found
[  218.853171][    T8] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[  218.896310][ T5283] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[  218.954106][ T5231] Bluetooth: hci4: unexpected event for opcode 0x5535
[  219.013649][    T8] usb 2-1: Using ep0 maxpacket: 32
[  219.021163][ T5286] hub 4-1:0.0: 2 ports detected
[  219.026879][    T8] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  219.027120][ T5286] hub 4-1:0.0: insufficient power available to use all downstream ports
[  219.047069][    T8] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  219.058339][    T8] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  219.062930][ T5283] usb 3-1: Using ep0 maxpacket: 8
[  219.069553][    T8] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  219.087896][    T8] usb 2-1: config 0 interface 0 has no altsetting 0
[  219.095296][ T5283] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  219.106631][    T8] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  219.108080][ T5283] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  219.126432][ T5283] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  219.132774][    T8] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  219.137091][ T5283] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  219.149833][    T8] usb 2-1: Product: syz
[  219.158621][ T5283] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  219.162237][    T8] usb 2-1: Manufacturer: syz
[  219.171802][ T5283] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  219.181301][    T8] usb 2-1: SerialNumber: syz
[  219.195913][    T8] usb 2-1: config 0 descriptor??
[  219.213613][    T8] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  219.229783][ T5286] hub 4-1:0.0: hub_hub_status failed (err = -71)
[  219.231631][    T8] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  219.251622][ T5286] hub 4-1:0.0: config failed, can't get hub status (err -71)
[  219.266601][ T5231] Bluetooth: hci0: command 0x0c1a tx timeout
[  219.281054][ T5286] usbhid 4-1:0.0: can't add hid device: -71
[  219.290032][ T5286] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  219.336075][ T5286] usb 4-1: USB disconnect, device number 46
[  220.053163][ T5231] Bluetooth: hci1: command 0x040f tx timeout
[  220.059230][ T5231] Bluetooth: hci2: command 0x0c1a tx timeout
[  220.065393][   T55] Bluetooth: hci3: command 0x0c1a tx timeout
[  220.343084][ T5283] usb 3-1: usb_control_msg returned -71
[  220.348735][ T5283] usbtmc 3-1:16.0: can't read capabilities
[  228.172694][    C1] sched: DL replenish lagged too much
[  291.160840][ T5243] Bluetooth: hci1: command 0x040f tx timeout
[  291.172528][ T5243] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  291.186890][ T5243] Bluetooth: hci4: Injecting HCI hardware error event
[  291.241418][ T5243] Bluetooth: hci4: hardware error 0x00
[  317.553580][ T5243] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  322.363474][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[  322.398806][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[  323.957125][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[  323.973618][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[  324.681004][ T5283] usb 3-1: USB disconnect, device number 54
[  348.467845][   T62] bridge_slave_1: left allmulticast mode
[  348.492766][   T62] bridge_slave_1: left promiscuous mode
[  348.498511][   T62] bridge0: port 2(bridge_slave_1) entered disabled state
[  354.483415][   T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  354.496736][   T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  354.511995][   T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  354.521164][   T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  354.529831][   T55] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  354.539131][   T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  354.613615][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  354.639064][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  354.649948][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  354.690691][   T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  354.703372][   T55] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  354.711535][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  354.743265][   T55] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  354.755956][   T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  354.774250][   T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  354.788510][   T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  354.802882][   T55] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  354.811015][   T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  355.016540][ T5243] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  355.026533][ T5243] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  355.038687][ T5243] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  355.049987][ T5243] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  355.057866][ T5243] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  355.066047][ T5243] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  355.187826][   T55] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  355.200741][   T55] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  355.212823][   T55] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  355.221555][   T55] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  355.231094][   T55] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  355.238837][   T55] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  356.612785][   T55] Bluetooth: hci0: command tx timeout
[  356.773035][   T55] Bluetooth: hci1: command tx timeout
[  356.932871][   T55] Bluetooth: hci3: command tx timeout
[  357.172846][   T55] Bluetooth: hci4: command tx timeout
[  357.332965][   T55] Bluetooth: hci5: command tx timeout
[  358.694843][   T55] Bluetooth: hci0: command tx timeout
[  358.853086][   T55] Bluetooth: hci1: command tx timeout
[  359.012991][   T55] Bluetooth: hci3: command tx timeout
[  359.253047][   T55] Bluetooth: hci4: command tx timeout
[  359.412847][   T55] Bluetooth: hci5: command tx timeout
[  360.772762][   T55] Bluetooth: hci0: command tx timeout
[  360.933070][   T55] Bluetooth: hci1: command tx timeout
[  361.092805][   T55] Bluetooth: hci3: command tx timeout
[  361.332743][   T55] Bluetooth: hci4: command tx timeout
[  361.492983][   T55] Bluetooth: hci5: command tx timeout
[  362.852777][   T55] Bluetooth: hci0: command tx timeout
[  363.013130][   T55] Bluetooth: hci1: command tx timeout
[  363.181998][   T55] Bluetooth: hci3: command tx timeout
[  363.413145][   T55] Bluetooth: hci4: command tx timeout
[  363.572897][   T55] Bluetooth: hci5: command tx timeout
[  378.788553][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[  378.800502][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[  416.450713][ T5243] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  416.472848][ T5243] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  416.486403][ T5243] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  416.543836][ T5243] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  416.553020][ T5243] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  416.560364][ T5243] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  416.841548][   T55] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  416.853170][   T55] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  416.872434][   T55] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  416.880530][   T55] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  416.894499][   T55] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  416.901831][   T55] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  417.215504][   T55] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  417.232978][   T55] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  417.242645][   T55] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  417.263415][   T55] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  417.271283][   T55] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  417.279185][   T55] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  417.358618][ T5243] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  417.371064][ T5243] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  417.380082][ T5243] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  417.389596][ T5243] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  417.397898][ T5243] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3
[  417.411918][ T5243] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  417.593380][ T5243] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  417.609460][ T5243] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  417.618753][ T5243] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  417.627396][ T5243] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  417.635512][ T5243] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3
[  417.643689][ T5243] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  418.612934][   T55] Bluetooth: hci2: command tx timeout
[  419.013166][   T55] Bluetooth: hci6: command tx timeout
[  419.340599][   T55] Bluetooth: hci7: command tx timeout
[  419.492767][   T55] Bluetooth: hci8: command tx timeout
[  419.733644][   T55] Bluetooth: hci9: command tx timeout
[  420.692908][   T55] Bluetooth: hci2: command tx timeout
[  421.092729][   T55] Bluetooth: hci6: command tx timeout
[  421.420548][   T55] Bluetooth: hci7: command tx timeout
[  421.572737][   T55] Bluetooth: hci8: command tx timeout
[  421.812802][   T55] Bluetooth: hci9: command tx timeout
[  422.772802][   T55] Bluetooth: hci2: command tx timeout
[  423.172809][   T55] Bluetooth: hci6: command tx timeout
[  423.502070][   T55] Bluetooth: hci7: command tx timeout
[  423.652836][   T55] Bluetooth: hci8: command tx timeout
[  423.892832][   T55] Bluetooth: hci9: command tx timeout
[  424.853785][   T55] Bluetooth: hci2: command tx timeout
[  425.252684][   T55] Bluetooth: hci6: command tx timeout
[  425.580520][   T55] Bluetooth: hci7: command tx timeout
[  425.732763][   T55] Bluetooth: hci8: command tx timeout
[  425.972782][   T55] Bluetooth: hci9: command tx timeout
[  440.219069][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[  440.229900][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[  440.959930][    T8] usb 2-1: USB disconnect, device number 64
[  476.882123][ T8819] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  476.896591][ T8819] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  476.904843][ T8819] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  476.912843][ T8819] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  476.937787][ T8819] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3
[  476.945411][ T8819] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  478.082506][ T8818] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  478.094977][ T8818] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  478.104814][ T8818] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  478.113301][ T8818] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  478.120997][ T8818] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3
[  478.129849][ T8818] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  478.242266][ T5231] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1
[  478.252099][ T5231] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9
[  478.262061][ T5231] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9
[  478.270143][ T5231] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4
[  478.280860][ T5231] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3
[  478.295684][ T5231] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2
[  478.329352][ T8832] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1
[  478.339242][ T8832] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9
[  478.347545][ T8832] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9
[  478.364651][ T8832] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4
[  478.372761][ T8834] Bluetooth: hci0: command 0x0406 tx timeout
[  478.378971][ T8834] Bluetooth: hci1: command 0x0406 tx timeout
[  478.388127][ T8834] Bluetooth: hci3: command 0x0406 tx timeout
[  478.394216][ T8832] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3
[  478.401951][ T8834] Bluetooth: hci4: command 0x0406 tx timeout
[  478.408143][ T8832] Bluetooth: hci5: command 0x0406 tx timeout
[  478.419159][ T8832] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2
[  478.556454][ T8835] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1
[  478.570342][ T5243] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9
[  478.595695][ T5243] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9
[  478.631420][ T5243] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4
[  478.639310][ T5243] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3
[  478.654853][ T5243] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2
[  479.012994][ T5243] Bluetooth: hci10: command tx timeout
[  480.452883][ T5243] Bluetooth: hci13: command tx timeout
[  480.612923][   T55] Bluetooth: hci11: command tx timeout
[  480.626163][ T5243] Bluetooth: hci12: command tx timeout
[  480.692881][ T5243] Bluetooth: hci14: command tx timeout
[  481.092931][ T5243] Bluetooth: hci10: command tx timeout
[  482.538177][ T5243] Bluetooth: hci13: command tx timeout
[  482.692804][   T55] Bluetooth: hci11: command tx timeout
[  482.699518][ T5243] Bluetooth: hci12: command tx timeout
[  482.772916][ T5243] Bluetooth: hci14: command tx timeout
[  483.172984][ T5243] Bluetooth: hci10: command tx timeout
[  484.612683][ T5243] Bluetooth: hci13: command tx timeout
[  484.772873][   T55] Bluetooth: hci11: command tx timeout
[  484.778692][ T5243] Bluetooth: hci12: command tx timeout
[  484.852761][ T5243] Bluetooth: hci14: command tx timeout
[  485.252898][ T5243] Bluetooth: hci10: command tx timeout
[  486.692750][ T5243] Bluetooth: hci13: command tx timeout
[  486.852817][   T55] Bluetooth: hci11: command tx timeout
[  486.858397][ T5243] Bluetooth: hci12: command tx timeout
[  486.940591][ T5243] Bluetooth: hci14: command tx timeout
[  491.994873][ T5284] kworker/1:5 (5284) used greatest stack depth: 15984 bytes left
[  501.013022][   T30] INFO: task kworker/u8:4:62 blocked for more than 143 seconds.
[  501.020708][   T30]       Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  501.052664][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  501.061380][   T30] task:kworker/u8:4    state:D stack:21088 pid:62    tgid:62    ppid:2      flags:0x00004000
[  501.182605][   T30] Workqueue: netns cleanup_net
[  501.187449][   T30] Call Trace:
[  501.190745][   T30]  <TASK>
[  501.268302][   T30]  __schedule+0x1895/0x4b30
[  501.296833][   T30]  ? __pfx___schedule+0x10/0x10
[  501.301751][   T30]  ? __pfx_lock_release+0x10/0x10
[  501.361446][   T30]  ? kthread_data+0x52/0xd0
[  501.388154][   T30]  ? wq_worker_sleeping+0x66/0x240
[  501.412744][   T30]  ? schedule+0x90/0x320
[  501.417057][   T30]  schedule+0x14b/0x320
[  501.458756][   T30]  schedule_timeout+0xb0/0x310
[  501.488194][   T30]  ? __pfx_schedule_timeout+0x10/0x10
[  501.530625][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  501.554143][   T30]  ? wait_for_completion+0x2fe/0x620
[  501.559493][   T30]  ? wait_for_completion+0x2fe/0x620
[  501.609937][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  501.622575][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  501.659371][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[  501.665777][   T30]  ? wait_for_completion+0x2fe/0x620
[  501.671101][   T30]  wait_for_completion+0x355/0x620
[  501.682624][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[  501.728044][   T30]  ? __pfx_wait_for_completion+0x10/0x10
[  501.740268][   T30]  ? __flush_work+0xe7/0xc50
[  501.762688][   T30]  __flush_work+0xa37/0xc50
[  501.767245][   T30]  ? __flush_work+0xe7/0xc50
[  501.771862][   T30]  ? __pfx___flush_work+0x10/0x10
[  501.818347][   T30]  ? __pfx_wq_barrier_func+0x10/0x10
[  501.831452][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  501.848559][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  501.862670][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  501.867927][   T30]  unregister_netdevice_many_notify+0x87b/0x1da0
[  501.892939][   T30]  ? net_generic+0x1f/0x240
[  501.897499][   T30]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  501.928083][   T30]  ? unregister_netdevice_queue+0x26b/0x370
[  501.941835][   T30]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  501.967243][   T30]  ? nexthop_net_exit_batch_rtnl+0x100/0x150
[  501.976543][   T30]  cleanup_net+0x75d/0xcc0
[  501.981021][   T30]  ? __pfx_cleanup_net+0x10/0x10
[  502.002330][   T30]  ? process_scheduled_works+0x976/0x1850
[  502.018798][   T30]  process_scheduled_works+0xa63/0x1850
[  502.024705][   T30]  ? __pfx_process_scheduled_works+0x10/0x10
[  502.030722][   T30]  ? assign_work+0x364/0x3d0
[  502.062703][   T30]  worker_thread+0x870/0xd30
[  502.067374][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  502.090365][   T30]  ? __kthread_parkme+0x169/0x1d0
[  502.107686][   T30]  ? __pfx_worker_thread+0x10/0x10
[  502.119470][   T30]  kthread+0x2f0/0x390
[  502.129327][   T30]  ? __pfx_worker_thread+0x10/0x10
[  502.149304][   T30]  ? __pfx_kthread+0x10/0x10
[  502.158313][   T30]  ret_from_fork+0x4b/0x80
[  502.172593][   T30]  ? __pfx_kthread+0x10/0x10
[  502.177241][   T30]  ret_from_fork_asm+0x1a/0x30
[  502.182046][   T30]  </TASK>
[  502.208238][   T30] INFO: task kworker/u8:6:2931 blocked for more than 144 seconds.
[  502.231700][   T30]       Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  502.254023][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  502.279098][   T30] task:kworker/u8:6    state:D stack:21944 pid:2931  tgid:2931  ppid:2      flags:0x00004000
[  502.308410][   T30] Workqueue: events_unbound linkwatch_event
[  502.325971][   T30] Call Trace:
[  502.329295][   T30]  <TASK>
[  502.332251][   T30]  __schedule+0x1895/0x4b30
[  502.380221][   T30]  ? __pfx___schedule+0x10/0x10
[  502.398008][   T30]  ? __pfx_lock_release+0x10/0x10
[  502.409646][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  502.427381][   T30]  ? kthread_data+0x52/0xd0
[  502.431941][   T30]  ? schedule+0x90/0x320
[  502.450022][   T30]  ? wq_worker_sleeping+0x66/0x240
[  502.468542][   T30]  ? schedule+0x90/0x320
[  502.478321][   T30]  schedule+0x14b/0x320
[  502.492114][   T30]  schedule_preempt_disabled+0x13/0x30
[  502.502793][   T30]  __mutex_lock+0x6a7/0xd70
[  502.507436][   T30]  ? __mutex_lock+0x52a/0xd70
[  502.512152][   T30]  ? linkwatch_event+0xe/0x60
[  502.550340][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  502.566967][   T30]  ? process_scheduled_works+0x976/0x1850
[  502.587659][   T30]  linkwatch_event+0xe/0x60
[  502.592237][   T30]  process_scheduled_works+0xa63/0x1850
[  502.612922][   T30]  ? __pfx_process_scheduled_works+0x10/0x10
[  502.618969][   T30]  ? assign_work+0x364/0x3d0
[  502.647457][   T30]  worker_thread+0x870/0xd30
[  502.658394][   T30]  ? __kthread_parkme+0x169/0x1d0
[  502.677970][   T30]  ? __pfx_worker_thread+0x10/0x10
[  502.692572][   T30]  kthread+0x2f0/0x390
[  502.696684][   T30]  ? __pfx_worker_thread+0x10/0x10
[  502.701817][   T30]  ? __pfx_kthread+0x10/0x10
[  502.727529][   T30]  ret_from_fork+0x4b/0x80
[  502.732003][   T30]  ? __pfx_kthread+0x10/0x10
[  502.752407][   T30]  ret_from_fork_asm+0x1a/0x30
[  502.764721][   T30]  </TASK>
[  502.772806][   T30] INFO: task syz-executor:7615 blocked for more than 145 seconds.
[  502.780734][   T30]       Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  502.808414][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  502.832662][   T30] task:syz-executor    state:D stack:20704 pid:7615  tgid:7615  ppid:1      flags:0x20004006
[  502.860939][   T30] Call Trace:
[  502.868406][   T30]  <TASK>
[  502.871376][   T30]  __schedule+0x1895/0x4b30
[  502.888203][   T30]  ? __pfx___schedule+0x10/0x10
[  502.909900][   T30]  ? __pfx_lock_release+0x10/0x10
[  502.915227][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  502.935127][   T30]  ? schedule+0x90/0x320
[  502.939629][   T30]  schedule+0x14b/0x320
[  502.957834][   T30]  schedule_preempt_disabled+0x13/0x30
[  502.974833][   T30]  __mutex_lock+0x6a7/0xd70
[  502.979414][   T30]  ? __mutex_lock+0x52a/0xd70
[  503.002612][   T30]  ? tun_chr_close+0x3b/0x1b0
[  503.007346][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  503.012406][   T30]  ? __pfx_call_rcu+0x10/0x10
[  503.035452][   T30]  tun_chr_close+0x3b/0x1b0
[  503.040011][   T30]  ? __pfx_tun_chr_close+0x10/0x10
[  503.067814][   T30]  __fput+0x23f/0x880
[  503.072044][   T30]  task_work_run+0x24f/0x310
[  503.086238][   T30]  ? kasan_quarantine_put+0xdc/0x230
[  503.091579][   T30]  ? __pfx_task_work_run+0x10/0x10
[  503.114295][   T30]  ? do_exit+0xa2a/0x28e0
[  503.118681][   T30]  ? kmem_cache_free+0x1a2/0x420
[  503.148158][   T30]  ? do_exit+0xa2a/0x28e0
[  503.154486][   T30]  do_exit+0xa2f/0x28e0
[  503.158693][   T30]  ? __pfx_do_exit+0x10/0x10
[  503.185126][   T30]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  503.190575][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  503.222611][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  503.228998][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  503.248447][   T30]  do_group_exit+0x207/0x2c0
[  503.259970][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  503.279122][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  503.289261][   T30]  get_signal+0x16a3/0x1740
[  503.306560][   T30]  ? __pfx_get_signal+0x10/0x10
[  503.311475][   T30]  ? __pfx_vfs_read+0x10/0x10
[  503.352677][   T30]  arch_do_signal_or_restart+0x96/0x860
[  503.358294][   T30]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  503.382710][   T30]  ? ksys_read+0x241/0x2b0
[  503.387191][   T30]  ? syscall_exit_to_user_mode+0xa3/0x370
[  503.412065][   T30]  syscall_exit_to_user_mode+0xc9/0x370
[  503.430195][   T30]  __do_fast_syscall_32+0xc4/0x110
[  503.448316][   T30]  ? exc_page_fault+0x590/0x8c0
[  503.457299][   T30]  do_fast_syscall_32+0x34/0x80
[  503.462197][   T30]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  503.490891][   T30] RIP: 0023:0xf73cd579
[  503.502698][   T30] RSP: 002b:00000000f751fd80 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  503.511173][   T30] RAX: 0000000000000000 RBX: 00000000000000f9 RCX: 00000000f751fe54
[  503.541106][   T30] RDX: 0000000000000024 RSI: 00000000f73bbff4 RDI: 0000000000000000
[  503.559156][   T30] RBP: 00000000f751fe54 R08: 0000000000000000 R09: 0000000000000000
[  503.578560][   T30] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  503.607389][   T30] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  503.630539][   T30]  </TASK>
[  503.641739][   T30] INFO: task syz-executor:7688 blocked for more than 145 seconds.
[  503.674779][   T30]       Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  503.682109][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  503.709292][   T30] task:syz-executor    state:D stack:20704 pid:7688  tgid:7688  ppid:1      flags:0x20004006
[  503.728104][   T30] Call Trace:
[  503.731461][   T30]  <TASK>
[  503.748725][   T30]  __schedule+0x1895/0x4b30
[  503.756856][   T30]  ? __pfx___schedule+0x10/0x10
[  503.761763][   T30]  ? __pfx_lock_release+0x10/0x10
[  503.787155][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  503.800877][   T30]  ? schedule+0x90/0x320
[  503.817979][   T30]  schedule+0x14b/0x320
[  503.822193][   T30]  schedule_preempt_disabled+0x13/0x30
[  503.838540][   T30]  __mutex_lock+0x6a7/0xd70
[  503.853005][   T30]  ? __mutex_lock+0x52a/0xd70
[  503.857727][   T30]  ? tun_chr_close+0x3b/0x1b0
[  503.862432][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  503.888967][   T30]  ? __pfx_call_rcu+0x10/0x10
[  503.902610][   T30]  tun_chr_close+0x3b/0x1b0
[  503.907163][   T30]  ? __pfx_tun_chr_close+0x10/0x10
[  503.912295][   T30]  __fput+0x23f/0x880
[  503.937615][   T30]  task_work_run+0x24f/0x310
[  503.942268][   T30]  ? kasan_quarantine_put+0xdc/0x230
[  503.962652][   T30]  ? __pfx_task_work_run+0x10/0x10
[  503.967821][   T30]  ? do_exit+0xa2a/0x28e0
[  503.972200][   T30]  ? kmem_cache_free+0x1a2/0x420
[  504.002605][   T30]  ? do_exit+0xa2a/0x28e0
[  504.006995][   T30]  do_exit+0xa2f/0x28e0
[  504.011181][   T30]  ? __pfx_do_exit+0x10/0x10
[  504.025543][   T30]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  504.030975][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  504.043239][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  504.049618][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  504.062169][   T30]  do_group_exit+0x207/0x2c0
[  504.067151][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  504.072387][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  504.087102][   T30]  get_signal+0x16a3/0x1740
[  504.091663][   T30]  ? __pfx_get_signal+0x10/0x10
[  504.100429][   T30]  ? __pfx___sys_socket+0x10/0x10
[  504.108039][   T30]  arch_do_signal_or_restart+0x96/0x860
[  504.118317][   T30]  ? __se_compat_sys_socketcall+0xa73/0x1430
[  504.126860][   T30]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  504.137523][   T30]  ? syscall_exit_to_user_mode+0xa3/0x370
[  504.146866][   T30]  syscall_exit_to_user_mode+0xc9/0x370
[  504.152455][   T30]  __do_fast_syscall_32+0xc4/0x110
[  504.161309][   T30]  ? exc_page_fault+0x590/0x8c0
[  504.168873][   T30]  do_fast_syscall_32+0x34/0x80
[  504.178432][   T30]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  504.189142][   T30] RIP: 0023:0xf73cd579
[  504.197394][   T30] RSP: 002b:00000000f751f6e0 EFLAGS: 00000206 ORIG_RAX: 0000000000000066
[  504.209670][   T30] RAX: 0000000000000003 RBX: 0000000000000001 RCX: 00000000f751f6f0
[  504.222183][   T30] RDX: 00000000f73bbff4 RSI: 00000000f73bbff4 RDI: 0000000000000003
[  504.232784][   T30] RBP: 00000000f751fe08 R08: 0000000000000000 R09: 0000000000000000
[  504.240797][   T30] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  504.256107][   T30] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  504.265611][   T30]  </TASK>
[  504.268669][   T30] INFO: task syz-executor:8095 blocked for more than 146 seconds.
[  504.282463][   T30]       Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  504.293167][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  504.302030][   T30] task:syz-executor    state:D stack:20400 pid:8095  tgid:8095  ppid:1      flags:0x20004006
[  504.318566][   T30] Call Trace:
[  504.321879][   T30]  <TASK>
[  504.326691][   T30]  __schedule+0x1895/0x4b30
[  504.331259][   T30]  ? __pfx___schedule+0x10/0x10
[  504.342216][   T30]  ? __pfx_lock_release+0x10/0x10
[  504.348715][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  504.358916][   T30]  ? schedule+0x90/0x320
[  504.365727][   T30]  schedule+0x14b/0x320
[  504.369927][   T30]  schedule_preempt_disabled+0x13/0x30
[  504.380355][   T30]  __mutex_lock+0x6a7/0xd70
[  504.386321][   T30]  ? __mutex_lock+0x52a/0xd70
[  504.393392][   T30]  ? tun_chr_close+0x3b/0x1b0
[  504.398109][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  504.410584][   T30]  ? __pfx_call_rcu+0x10/0x10
[  504.415674][   T30]  tun_chr_close+0x3b/0x1b0
[  504.420392][   T30]  ? __pfx_tun_chr_close+0x10/0x10
[  504.433322][   T30]  __fput+0x23f/0x880
[  504.437379][   T30]  task_work_run+0x24f/0x310
[  504.441996][   T30]  ? kasan_quarantine_put+0xdc/0x230
[  504.456878][   T30]  ? __pfx_task_work_run+0x10/0x10
[  504.462125][   T30]  ? do_exit+0xa2a/0x28e0
[  504.472569][   T30]  ? kmem_cache_free+0x1a2/0x420
[  504.477552][   T30]  ? do_exit+0xa2a/0x28e0
[  504.481903][   T30]  do_exit+0xa2f/0x28e0
[  504.491283][   T30]  ? __pfx_do_exit+0x10/0x10
[  504.499227][   T30]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  504.510605][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  504.516929][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  504.530305][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  504.537291][   T30]  do_group_exit+0x207/0x2c0
[  504.541915][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  504.552932][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  504.558174][   T30]  get_signal+0x16a3/0x1740
[  504.568881][   T30]  ? __pfx_get_signal+0x10/0x10
[  504.574062][   T30]  ? __pfx_vfs_read+0x10/0x10
[  504.578776][   T30]  arch_do_signal_or_restart+0x96/0x860
[  504.590267][   T30]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  504.599757][   T30]  ? ksys_read+0x241/0x2b0
[  504.610326][   T30]  ? syscall_exit_to_user_mode+0xa3/0x370
[  504.629625][   T30]  syscall_exit_to_user_mode+0xc9/0x370
[  504.637146][   T30]  __do_fast_syscall_32+0xc4/0x110
[  504.642299][   T30]  ? exc_page_fault+0x590/0x8c0
[  504.652632][   T30]  do_fast_syscall_32+0x34/0x80
[  504.657539][   T30]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  504.670219][   T30] RIP: 0023:0xf7fc7579
[  504.674738][   T30] RSP: 002b:00000000f75afd80 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  504.690395][   T30] RAX: fffffffffffffe00 RBX: 00000000000000f9 RCX: 00000000f75afe54
[  504.704371][   T30] RDX: 0000000000000024 RSI: 00000000f744bff4 RDI: 0000000000000000
[  504.719675][   T30] RBP: 00000000f75afe54 R08: 0000000000000000 R09: 0000000000000000
[  504.728422][   T30] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  504.742244][   T30] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  504.751793][   T30]  </TASK>
[  504.761128][   T30] INFO: task syz.1.689:8549 blocked for more than 147 seconds.
[  504.770128][   T30]       Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  504.784047][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  504.798352][   T30] task:syz.1.689       state:D stack:25656 pid:8549  tgid:8549  ppid:7595   flags:0x20004006
[  504.812168][   T30] Call Trace:
[  504.821332][   T30]  <TASK>
[  504.824608][   T30]  __schedule+0x1895/0x4b30
[  504.829175][   T30]  ? __pfx___schedule+0x10/0x10
[  504.840129][   T30]  ? __pfx_lock_release+0x10/0x10
[  504.846495][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  504.852007][   T30]  ? schedule+0x90/0x320
[  504.862280][   T30]  schedule+0x14b/0x320
[  504.867178][   T30]  schedule_preempt_disabled+0x13/0x30
[  504.879692][   T30]  __mutex_lock+0x6a7/0xd70
[  504.884535][   T30]  ? __mutex_lock+0x52a/0xd70
[  504.889250][   T30]  ? tun_chr_close+0x3b/0x1b0
[  504.899967][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  504.908562][   T30]  ? __pfx_call_rcu+0x10/0x10
[  504.919954][   T30]  tun_chr_close+0x3b/0x1b0
[  504.924810][   T30]  ? __pfx_tun_chr_close+0x10/0x10
[  504.929953][   T30]  __fput+0x23f/0x880
[  504.941332][   T30]  task_work_run+0x24f/0x310
[  504.946285][   T30]  ? kasan_quarantine_put+0xdc/0x230
[  504.951614][   T30]  ? __pfx_task_work_run+0x10/0x10
[  504.962612][   T30]  ? do_exit+0xa2a/0x28e0
[  504.966996][   T30]  ? kmem_cache_free+0x1a2/0x420
[  504.971965][   T30]  ? do_exit+0xa2a/0x28e0
[  504.983159][   T30]  do_exit+0xa2f/0x28e0
[  504.987376][   T30]  ? __pfx_do_exit+0x10/0x10
[  504.991993][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  505.007532][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  505.017825][   T30]  do_group_exit+0x207/0x2c0
[  505.022455][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  505.030294][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  505.040235][   T30]  get_signal+0x16a3/0x1740
[  505.047366][   T30]  ? do_nanosleep+0x80/0x600
[  505.052007][   T30]  ? __pfx_get_signal+0x10/0x10
[  505.060833][   T30]  ? hrtimer_nanosleep+0x331/0x3f0
[  505.069698][   T30]  arch_do_signal_or_restart+0x96/0x860
[  505.078957][   T30]  ? __pfx_get_old_timespec32+0x10/0x10
[  505.087501][   T30]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  505.099644][   T30]  ? __se_sys_clock_nanosleep_time32+0x32d/0x3c0
[  505.110457][   T30]  ? syscall_exit_to_user_mode+0xa3/0x370
[  505.120049][   T30]  syscall_exit_to_user_mode+0xc9/0x370
[  505.129204][   T30]  __do_fast_syscall_32+0xc4/0x110
[  505.137945][   T30]  ? exc_page_fault+0x590/0x8c0
[  505.145442][   T30]  do_fast_syscall_32+0x34/0x80
[  505.150336][   T30]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  505.161483][   T30] RIP: 0023:0xf73fd579
[  505.168089][   T30] RSP: 002b:00000000f56a4470 EFLAGS: 00000206 ORIG_RAX: 000000000000010b
[  505.181003][   T30] RAX: fffffffffffffdfc RBX: 0000000000000000 RCX: 0000000000000000
[  505.196480][   T30] RDX: 00000000f56a44a4 RSI: 00000000f56a449c RDI: 00000000f56a44a4
[  505.205984][   T30] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  505.221838][   T30] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  505.231325][   T30] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  505.245746][   T30]  </TASK>
[  505.248824][   T30] INFO: task syz.0.755:8762 blocked for more than 147 seconds.
[  505.260280][   T30]       Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  505.271303][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  505.285906][   T30] task:syz.0.755       state:D stack:24624 pid:8762  tgid:8760  ppid:8356   flags:0x20004006
[  505.298808][   T30] Call Trace:
[  505.302125][   T30]  <TASK>
[  505.310486][   T30]  __schedule+0x1895/0x4b30
[  505.319693][   T30]  ? __pfx___schedule+0x10/0x10
[  505.329940][   T30]  ? __pfx_lock_release+0x10/0x10
[  505.336541][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  505.342050][   T30]  ? schedule+0x90/0x320
[  505.352244][   T30]  schedule+0x14b/0x320
[  505.357924][   T30]  schedule_preempt_disabled+0x13/0x30
[  505.368202][   T30]  __mutex_lock+0x6a7/0xd70
[  505.374236][   T30]  ? __mutex_lock+0x52a/0xd70
[  505.378951][   T30]  ? tun_chr_close+0x3b/0x1b0
[  505.389562][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  505.396094][   T30]  ? __pfx_call_rcu+0x10/0x10
[  505.400813][   T30]  tun_chr_close+0x3b/0x1b0
[  505.410198][   T30]  ? __pfx_tun_chr_close+0x10/0x10
[  505.420315][   T30]  __fput+0x23f/0x880
[  505.429173][   T30]  task_work_run+0x24f/0x310
[  505.435286][   T30]  ? kasan_quarantine_put+0xdc/0x230
[  505.440617][   T30]  ? __pfx_task_work_run+0x10/0x10
[  505.451721][   T30]  ? do_exit+0xa2a/0x28e0
[  505.457549][   T30]  ? kmem_cache_free+0x1a2/0x420
[  505.462806][   T30]  ? do_exit+0xa2a/0x28e0
[  505.467173][   T30]  do_exit+0xa2f/0x28e0
[  505.471357][   T30]  ? __pfx_do_exit+0x10/0x10
[  505.482586][   T30]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  505.488006][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  505.502863][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  505.509248][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  505.523012][   T30]  do_group_exit+0x207/0x2c0
[  505.527675][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  505.539555][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  505.545129][   T30]  get_signal+0x16a3/0x1740
[  505.549702][   T30]  ? __pfx_get_signal+0x10/0x10
[  505.561678][   T30]  ? fput+0x1a8/0x230
[  505.566001][   T30]  arch_do_signal_or_restart+0x96/0x860
[  505.571590][   T30]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  505.582796][   T30]  ? syscall_exit_to_user_mode+0xa3/0x370
[  505.588569][   T30]  syscall_exit_to_user_mode+0xc9/0x370
[  505.599115][   T30]  __do_fast_syscall_32+0xc4/0x110
[  505.605550][   T30]  ? ret_from_fork_asm+0x1a/0x30
[  505.610549][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  505.623732][   T30]  do_fast_syscall_32+0x34/0x80
[  505.628632][   T30]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  505.640333][   T30] RIP: 0023:0xf7fe0579
[  505.646971][   T30] RSP: 002b:00000000f574556c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  505.667288][   T30] RAX: fffffffffffffff4 RBX: 0000000000000007 RCX: 0000000040045010
[  505.678793][   T30] RDX: 0000000020000200 RSI: 0000000000000000 RDI: 0000000000000000
[  505.690479][   T30] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  505.702202][   T30] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  505.714092][   T30] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  505.728850][   T30]  </TASK>
[  505.731958][   T30] INFO: task syz-executor:8783 blocked for more than 148 seconds.
[  505.750060][   T30]       Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  505.759094][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  505.773716][   T30] task:syz-executor    state:D stack:26816 pid:8783  tgid:8783  ppid:1      flags:0x20004006
[  505.788684][   T30] Call Trace:
[  505.792008][   T30]  <TASK>
[  505.797679][   T30]  __schedule+0x1895/0x4b30
[  505.802418][   T30]  ? __pfx___schedule+0x10/0x10
[  505.812233][   T30]  ? __pfx_lock_release+0x10/0x10
[  505.818741][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  505.831876][   T30]  ? schedule+0x90/0x320
[  505.837728][   T30]  schedule+0x14b/0x320
[  505.841926][   T30]  schedule_preempt_disabled+0x13/0x30
[  505.852319][   T30]  __mutex_lock+0x6a7/0xd70
[  505.859799][   T30]  ? __mutex_lock+0x52a/0xd70
[  505.869169][   T30]  ? register_nexthop_notifier+0x84/0x290
[  505.876320][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  505.881386][   T30]  ? __asan_memset+0x23/0x50
[  505.891896][   T30]  register_nexthop_notifier+0x84/0x290
[  505.899051][   T30]  ? __pfx_lockdep_init_map_type+0x10/0x10
[  505.909574][   T30]  ? __pfx_debug_check_no_locks_freed+0x10/0x10
[  505.918411][   T30]  ? __pfx_register_nexthop_notifier+0x10/0x10
[  505.931355][   T30]  ? __asan_memset+0x23/0x50
[  505.937603][   T30]  ops_init+0x31e/0x590
[  505.941991][   T30]  ? lockdep_init_map_type+0xa1/0x910
[  505.952659][   T30]  setup_net+0x287/0x9e0
[  505.956962][   T30]  ? __pfx_down_read_killable+0x10/0x10
[  505.968839][   T30]  ? __pfx_setup_net+0x10/0x10
[  505.974250][   T30]  copy_net_ns+0x33f/0x570
[  505.978721][   T30]  create_new_namespaces+0x425/0x7b0
[  505.991306][   T30]  unshare_nsproxy_namespaces+0x124/0x180
[  505.997403][   T30]  ksys_unshare+0x619/0xc10
[  506.001964][   T30]  ? __pfx_ksys_unshare+0x10/0x10
[  506.012571][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  506.018615][   T30]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  506.033785][   T30]  __ia32_sys_unshare+0x37/0x40
[  506.038685][   T30]  __do_fast_syscall_32+0xb4/0x110
[  506.050981][   T30]  ? exc_page_fault+0x590/0x8c0
[  506.057050][   T30]  do_fast_syscall_32+0x34/0x80
[  506.061950][   T30]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  506.075794][   T30] RIP: 0023:0xf7f52579
[  506.079903][   T30] RSP: 002b:00000000f753ff7c EFLAGS: 00000206 ORIG_RAX: 0000000000000136
[  506.092074][   T30] RAX: ffffffffffffffda RBX: 0000000040000000 RCX: 0000000000000000
[  506.102582][   T30] RDX: 00000000f73dbff4 RSI: 00000000f72b224b RDI: 0000000030000000
[  506.110592][   T30] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  506.124914][   T30] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  506.145566][   T30] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  506.158505][   T30]  </TASK>
[  506.161569][   T30] INFO: task syz-executor:8784 blocked for more than 148 seconds.
[  506.172035][   T30]       Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  506.182823][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  506.191523][   T30] task:syz-executor    state:D stack:25808 pid:8784  tgid:8784  ppid:1      flags:0x20004006
[  506.208717][   T30] Call Trace:
[  506.212048][   T30]  <TASK>
[  506.217502][   T30]  __schedule+0x1895/0x4b30
[  506.222083][   T30]  ? __pfx___schedule+0x10/0x10
[  506.236505][   T30]  ? __pfx_lock_release+0x10/0x10
[  506.241585][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  506.252099][   T30]  ? schedule+0x90/0x320
[  506.257888][   T30]  schedule+0x14b/0x320
[  506.262090][   T30]  schedule_preempt_disabled+0x13/0x30
[  506.273897][   T30]  __mutex_lock+0x6a7/0xd70
[  506.278444][   T30]  ? __mutex_lock+0x52a/0xd70
[  506.289139][   T30]  ? register_nexthop_notifier+0x84/0x290
[  506.296434][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  506.301507][   T30]  ? __asan_memset+0x23/0x50
[  506.312027][   T30]  register_nexthop_notifier+0x84/0x290
[  506.318320][   T30]  ? __pfx_lockdep_init_map_type+0x10/0x10
[  506.331491][   T30]  ? __pfx_debug_check_no_locks_freed+0x10/0x10
[  506.340123][   T30]  ? __pfx_register_nexthop_notifier+0x10/0x10
[  506.352310][   T30]  ? __asan_memset+0x23/0x50
[  506.358409][   T30]  ops_init+0x31e/0x590
[  506.368595][   T30]  ? lockdep_init_map_type+0xa1/0x910
[  506.374452][   T30]  setup_net+0x287/0x9e0
[  506.378732][   T30]  ? __pfx_down_read_killable+0x10/0x10
[  506.390421][   T30]  ? __pfx_setup_net+0x10/0x10
[  506.396793][   T30]  copy_net_ns+0x33f/0x570
[  506.401267][   T30]  create_new_namespaces+0x425/0x7b0
[  506.412674][   T30]  unshare_nsproxy_namespaces+0x124/0x180
[  506.418463][   T30]  ksys_unshare+0x619/0xc10
[  506.429538][   T30]  ? __pfx_ksys_unshare+0x10/0x10
[  506.435089][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  506.450280][   T30]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  506.458451][   T30]  __ia32_sys_unshare+0x37/0x40
[  506.469208][   T30]  __do_fast_syscall_32+0xb4/0x110
[  506.474765][   T30]  ? exc_page_fault+0x590/0x8c0
[  506.479659][   T30]  do_fast_syscall_32+0x34/0x80
[  506.491630][   T30]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  506.498411][   T30] RIP: 0023:0xf747d579
[  506.502512][   T30] RSP: 002b:00000000f75cff7c EFLAGS: 00000206 ORIG_RAX: 0000000000000136
[  506.518281][   T30] RAX: ffffffffffffffda RBX: 0000000040000000 RCX: 0000000000000000
[  506.532203][   T30] RDX: 00000000f746bff4 RSI: 00000000f734224b RDI: 0000000030000000
[  506.545951][   T30] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  506.561108][   T30] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  506.569487][   T30] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  506.583926][   T30]  </TASK>
[  506.587774][   T30] INFO: task syz-executor:8787 blocked for more than 148 seconds.
[  506.600612][   T30]       Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  506.610532][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  506.622564][   T30] task:syz-executor    state:D stack:26816 pid:8787  tgid:8787  ppid:1      flags:0x20004006
[  506.637994][   T30] Call Trace:
[  506.641308][   T30]  <TASK>
[  506.647765][   T30]  __schedule+0x1895/0x4b30
[  506.652347][   T30]  ? __pfx___schedule+0x10/0x10
[  506.663766][   T30]  ? __pfx_lock_release+0x10/0x10
[  506.668838][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  506.680334][   T30]  ? schedule+0x90/0x320
[  506.686052][   T30]  schedule+0x14b/0x320
[  506.690249][   T30]  schedule_preempt_disabled+0x13/0x30
[  506.709741][   T30]  __mutex_lock+0x6a7/0xd70
[  506.715803][   T30]  ? __mutex_lock+0x52a/0xd70
[  506.720519][   T30]  ? register_nexthop_notifier+0x84/0x290
[  506.731181][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  506.738883][   T30]  ? __asan_memset+0x23/0x50
[  506.746301][   T30]  register_nexthop_notifier+0x84/0x290
[  506.751912][   T30]  ? __pfx_lockdep_init_map_type+0x10/0x10
[  506.763811][   T30]  ? __pfx_debug_check_no_locks_freed+0x10/0x10
[  506.770097][   T30]  ? __pfx_register_nexthop_notifier+0x10/0x10
[  506.787425][   T30]  ? __asan_memset+0x23/0x50
[  506.792083][   T30]  ops_init+0x31e/0x590
[  506.800238][   T30]  ? lockdep_init_map_type+0xa1/0x910
[  506.809456][   T30]  setup_net+0x287/0x9e0
[  506.816216][   T30]  ? __pfx_down_read_killable+0x10/0x10
[  506.821803][   T30]  ? __pfx_setup_net+0x10/0x10
[  506.830352][   T30]  copy_net_ns+0x33f/0x570
[  506.838442][   T30]  create_new_namespaces+0x425/0x7b0
[  506.848683][   T30]  unshare_nsproxy_namespaces+0x124/0x180
[  506.857844][   T30]  ksys_unshare+0x619/0xc10
[  506.864936][   T30]  ? __pfx_ksys_unshare+0x10/0x10
[  506.869995][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  506.881288][   T30]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  506.890532][   T30]  __ia32_sys_unshare+0x37/0x40
[  506.900166][   T30]  __do_fast_syscall_32+0xb4/0x110
[  506.907894][   T30]  ? exc_page_fault+0x590/0x8c0
[  506.916340][   T30]  do_fast_syscall_32+0x34/0x80
[  506.921234][   T30]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  506.931312][   T30] RIP: 0023:0xf7f35579
[  506.939081][   T30] RSP: 002b:00000000f751ff7c EFLAGS: 00000206 ORIG_RAX: 0000000000000136
[  506.952165][   T30] RAX: ffffffffffffffda RBX: 0000000040000000 RCX: 0000000000000000
[  506.967410][   T30] RDX: 00000000f73bbff4 RSI: 00000000f729224b RDI: 0000000030000000
[  506.975804][   T30] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  506.990059][   T30] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  506.999620][   T30] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  507.013801][   T30]  </TASK>
[  507.016965][   T30] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
[  507.032377][   T30] INFO: task syz-executor:8789 blocked for more than 149 seconds.
[  507.041777][   T30]       Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  507.056962][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  507.069671][   T30] task:syz-executor    state:D stack:26560 pid:8789  tgid:8789  ppid:1      flags:0x20004006
[  507.087054][   T30] Call Trace:
[  507.090375][   T30]  <TASK>
[  507.096443][   T30]  __schedule+0x1895/0x4b30
[  507.101007][   T30]  ? __pfx___schedule+0x10/0x10
[  507.109912][   T30]  ? __pfx_lock_release+0x10/0x10
[  507.118539][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  507.127769][   T30]  ? schedule+0x90/0x320
[  507.132090][   T30]  schedule+0x14b/0x320
[  507.138958][   T30]  schedule_preempt_disabled+0x13/0x30
[  507.149271][   T30]  __mutex_lock+0x6a7/0xd70
[  507.158369][   T30]  ? __mutex_lock+0x52a/0xd70
[  507.166787][   T30]  ? register_nexthop_notifier+0x84/0x290
[  507.176920][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  507.182003][   T30]  ? __asan_memset+0x23/0x50
[  507.191555][   T30]  register_nexthop_notifier+0x84/0x290
[  507.199664][   T30]  ? __pfx_lockdep_init_map_type+0x10/0x10
[  507.209546][   T30]  ? __pfx_debug_check_no_locks_freed+0x10/0x10
[  507.219541][   T30]  ? __pfx_register_nexthop_notifier+0x10/0x10
[  507.229548][   T30]  ? __asan_memset+0x23/0x50
[  507.236797][   T30]  ops_init+0x31e/0x590
[  507.241001][   T30]  ? lockdep_init_map_type+0xa1/0x910
[  507.251338][   T30]  setup_net+0x287/0x9e0
[  507.261027][   T30]  ? __pfx_down_read_killable+0x10/0x10
[  507.270407][   T30]  ? __pfx_setup_net+0x10/0x10
[  507.278802][   T30]  copy_net_ns+0x33f/0x570
[  507.286987][   T30]  create_new_namespaces+0x425/0x7b0
[  507.292339][   T30]  unshare_nsproxy_namespaces+0x124/0x180
[  507.301283][   T30]  ksys_unshare+0x619/0xc10
[  507.311924][   T30]  ? __pfx_ksys_unshare+0x10/0x10
[  507.320017][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  507.329969][   T30]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  507.340741][   T30]  __ia32_sys_unshare+0x37/0x40
[  507.349263][   T30]  __do_fast_syscall_32+0xb4/0x110
[  507.356983][   T30]  ? exc_page_fault+0x590/0x8c0
[  507.364177][   T30]  do_fast_syscall_32+0x34/0x80
[  507.369070][   T30]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  507.382490][   T30] RIP: 0023:0xf73dd579
[  507.386952][   T30] RSP: 002b:00000000f752ff7c EFLAGS: 00000206 ORIG_RAX: 0000000000000136
[  507.402156][   T30] RAX: ffffffffffffffda RBX: 0000000040000000 RCX: 0000000000000000
[  507.410634][   T30] RDX: 00000000f73cbff4 RSI: 00000000f72a224b RDI: 0000000030000000
[  507.422965][   T30] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  507.430988][   T30] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  507.445044][   T30] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  507.456813][   T30]  </TASK>
[  507.459867][   T30] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
[  507.477706][   T30] INFO: task syz-executor:8791 blocked for more than 149 seconds.
[  507.491867][   T30]       Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  507.505438][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  507.516925][   T30] task:syz-executor    state:D stack:26528 pid:8791  tgid:8791  ppid:1      flags:0x20004006
[  507.531289][   T30] Call Trace:
[  507.537665][   T30]  <TASK>
[  507.540659][   T30]  __schedule+0x1895/0x4b30
[  507.548974][   T30]  ? __pfx___schedule+0x10/0x10
[  507.556831][   T30]  ? __pfx_lock_release+0x10/0x10
[  507.561901][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  507.572800][   T30]  ? schedule+0x90/0x320
[  507.582637][   T30]  schedule+0x14b/0x320
[  507.586849][   T30]  schedule_preempt_disabled+0x13/0x30
[  507.592341][   T30]  __mutex_lock+0x6a7/0xd70
[  507.602709][   T30]  ? __mutex_lock+0x52a/0xd70
[  507.607439][   T30]  ? register_nexthop_notifier+0x84/0x290
[  507.618418][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  507.624970][   T30]  ? __asan_memset+0x23/0x50
[  507.629606][   T30]  register_nexthop_notifier+0x84/0x290
[  507.640164][   T30]  ? __pfx_lockdep_init_map_type+0x10/0x10
[  507.648401][   T30]  ? __pfx_debug_check_no_locks_freed+0x10/0x10
[  507.660647][   T30]  ? __pfx_register_nexthop_notifier+0x10/0x10
[  507.670299][   T30]  ? __asan_memset+0x23/0x50
[  507.679864][   T30]  ops_init+0x31e/0x590
[  507.685933][   T30]  ? lockdep_init_map_type+0xa1/0x910
[  507.691369][   T30]  setup_net+0x287/0x9e0
[  507.700687][   T30]  ? __pfx_down_read_killable+0x10/0x10
[  507.707755][   T30]  ? __pfx_setup_net+0x10/0x10
[  507.717687][   T30]  copy_net_ns+0x33f/0x570
[  507.722174][   T30]  create_new_namespaces+0x425/0x7b0
[  507.729069][   T30]  unshare_nsproxy_namespaces+0x124/0x180
[  507.749425][   T30]  ksys_unshare+0x619/0xc10
[  507.754919][   T30]  ? __pfx_ksys_unshare+0x10/0x10
[  507.759989][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  507.769745][   T30]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  507.781657][   T30]  __ia32_sys_unshare+0x37/0x40
[  507.787949][   T30]  __do_fast_syscall_32+0xb4/0x110
[  507.797771][   T30]  ? exc_page_fault+0x590/0x8c0
[  507.804825][   T30]  do_fast_syscall_32+0x34/0x80
[  507.809720][   T30]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  507.822638][   T30] RIP: 0023:0xf749d579
[  507.826740][   T30] RSP: 002b:00000000f75eff7c EFLAGS: 00000206 ORIG_RAX: 0000000000000136
[  507.841396][   T30] RAX: ffffffffffffffda RBX: 0000000040000000 RCX: 0000000000000000
[  507.849721][   T30] RDX: 00000000f748bff4 RSI: 00000000f736224b RDI: 0000000030000000
[  507.862826][   T30] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  507.879631][   T30] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  507.888107][   T30] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  507.902889][   T30]  </TASK>
[  507.905942][   T30] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
[  507.920976][   T30] 
[  507.920976][   T30] Showing all locks held in the system:
[  507.930246][   T30] 5 locks held by kworker/0:0/8:
[  507.941098][   T30] 4 locks held by kworker/0:1/9:
[  507.946455][   T30] 1 lock held by khungtaskd/30:
[  507.951337][   T30]  #0: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[  507.968509][   T30] 5 locks held by kworker/u8:4/62:
[  507.976226][   T30]  #0: ffff88801baed948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  507.993775][   T30]  #1: ffffc900015d7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  508.009940][   T30]  #2: ffffffff8fcc49d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[  508.019840][   T30]  #3: ffffffff8fcd14c8 (rtnl_mutex){+.+.}-{3:3}, at: cleanup_net+0x6af/0xcc0
[  508.032667][   T30]  #4: ffffffff8e7d1dd0 (cpu_hotplug_lock){++++}-{0:0}, at: unregister_netdevice_many_notify+0x5ea/0x1da0
[  508.049829][   T30] 3 locks held by kworker/u8:6/2931:
[  508.058713][   T30]  #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  508.078369][   T30]  #1: ffffc9000a267d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  508.092184][   T30]  #2: ffffffff8fcd14c8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[  508.106516][   T30] 2 locks held by getty/4987:
[  508.111228][   T30]  #0: ffff88814b7570a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  508.126159][   T30]  #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00
[  508.141316][   T30] 3 locks held by kworker/0:3/5272:
[  508.149090][   T30] 3 locks held by kworker/u8:10/5517:
[  508.159272][   T30]  #0: ffff88802da47148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  508.172425][   T30]  #1: ffffc9000a127d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  508.200194][   T30]  #2: ffffffff8fcd14c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30
[  508.210876][   T30] 1 lock held by syz-executor/7615:
[  508.222903][   T30]  #0: ffffffff8fcd14c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0
[  508.231951][   T30] 1 lock held by syz-executor/7688:
[  508.243586][   T30]  #0: ffffffff8fcd14c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0
[  508.258422][   T30] 1 lock held by syz-executor/8095:
[  508.264171][   T30]  #0: ffffffff8fcd14c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0
[  508.280149][   T30] 1 lock held by syz.1.689/8549:
[  508.287423][   T30]  #0: ffffffff8fcd14c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0
[  508.302901][   T30] 1 lock held by syz.0.755/8762:
[  508.307871][   T30]  #0: ffffffff8fcd14c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0
[  508.324090][   T30] 2 locks held by syz-executor/8783:
[  508.329405][   T30]  #0: ffffffff8fcc49d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  508.346360][   T30]  #1: ffffffff8fcd14c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  508.359077][   T30] 2 locks held by syz-executor/8784:
[  508.368022][   T30]  #0: ffffffff8fcc49d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  508.382631][   T30]  #1: ffffffff8fcd14c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  508.409604][   T30] 2 locks held by syz-executor/8787:
[  508.415317][   T30]  #0: ffffffff8fcc49d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  508.430667][   T30]  #1: ffffffff8fcd14c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  508.442233][   T30] 2 locks held by syz-executor/8789:
[  508.452574][   T30]  #0: ffffffff8fcc49d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  508.462055][   T30]  #1: ffffffff8fcd14c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  508.478230][   T30] 2 locks held by syz-executor/8791:
[  508.485071][   T30]  #0: ffffffff8fcc49d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  508.502805][   T30]  #1: ffffffff8fcd14c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  508.518928][   T30] 2 locks held by syz-executor/8803:
[  508.524540][   T30]  #0: ffffffff8fcc49d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  508.541099][   T30]  #1: ffffffff8fcd14c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  508.551500][   T30] 2 locks held by syz-executor/8806:
[  508.562594][   T30]  #0: ffffffff8fcc49d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  508.572065][   T30]  #1: ffffffff8fcd14c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  508.589846][   T30] 2 locks held by syz-executor/8809:
[  508.596665][   T30]  #0: ffffffff8fcc49d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  508.612294][   T30]  #1: ffffffff8fcd14c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  508.632402][   T30] 2 locks held by syz-executor/8810:
[  508.638064][   T30]  #0: ffffffff8fcc49d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  508.652567][   T30]  #1: ffffffff8fcd14c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  508.669946][   T30] 2 locks held by syz-executor/8812:
[  508.675616][   T30]  #0: ffffffff8fcc49d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  508.691886][   T30]  #1: ffffffff8fcd14c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  508.710768][   T30] 2 locks held by syz-executor/8827:
[  508.720823][   T30]  #0: ffffffff8fcc49d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  508.732912][   T30]  #1: ffffffff8fcd14c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  508.748978][   T30] 2 locks held by syz-executor/8830:
[  508.755878][   T30]  #0: ffffffff8fcc49d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  508.770285][   T30]  #1: ffffffff8fcd14c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  508.791446][   T30] 2 locks held by syz-executor/8836:
[  508.802790][   T30]  #0: ffffffff8fcc49d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  508.812274][   T30]  #1: ffffffff8fcd14c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  508.829786][   T30] 2 locks held by syz-executor/8837:
[  508.835454][   T30]  #0: ffffffff8fcc49d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  508.851848][   T30]  #1: ffffffff8fcd14c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  508.866132][   T30] 2 locks held by syz-executor/8841:
[  508.871453][   T30]  #0: ffffffff8fcc49d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  508.888138][   T30]  #1: ffffffff8fcd14c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  508.901060][   T30] 
[  508.910403][   T30] =============================================
[  508.910403][   T30] 
[  508.919308][   T30] NMI backtrace for cpu 1
[  508.923666][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  508.933849][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  508.943926][   T30] Call Trace:
[  508.947217][   T30]  <TASK>
[  508.950168][   T30]  dump_stack_lvl+0x241/0x360
[  508.954871][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  508.960181][   T30]  ? __pfx__printk+0x10/0x10
[  508.964804][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[  508.969771][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  508.975249][   T30]  ? _printk+0xd5/0x120
[  508.979426][   T30]  ? __pfx__printk+0x10/0x10
[  508.984041][   T30]  ? __wake_up_klogd+0xcc/0x110
[  508.988913][   T30]  ? __pfx__printk+0x10/0x10
[  508.993526][   T30]  ? __rcu_read_unlock+0xa1/0x110
[  508.998573][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  509.004580][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[  509.010670][   T30]  watchdog+0xff4/0x1040
[  509.014948][   T30]  ? watchdog+0x1ea/0x1040
[  509.019394][   T30]  ? __pfx_watchdog+0x10/0x10
[  509.024097][   T30]  kthread+0x2f0/0x390
[  509.028266][   T30]  ? __pfx_watchdog+0x10/0x10
[  509.032969][   T30]  ? __pfx_kthread+0x10/0x10
[  509.037571][   T30]  ret_from_fork+0x4b/0x80
[  509.042007][   T30]  ? __pfx_kthread+0x10/0x10
[  509.046611][   T30]  ret_from_fork_asm+0x1a/0x30
[  509.051407][   T30]  </TASK>
[  509.055537][   T30] Sending NMI from CPU 1 to CPUs 0:
[  509.060781][    C0] NMI backtrace for cpu 0
[  509.060794][    C0] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  509.060813][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  509.060825][    C0] Workqueue: events_power_efficient neigh_periodic_work
[  509.060849][    C0] RIP: 0010:stack_trace_consume_entry+0x111/0x280
[  509.060873][    C0] Code: 8d 1c c3 48 89 d8 48 c1 e8 03 80 3c 10 00 74 1a 4d 89 cf 48 89 df 49 89 d6 49 89 f5 e8 38 ff 7d 00 4d 89 f9 4c 89 ee 4c 89 f2 <48> 89 33 41 8b 19 41 0f b6 04 14 84 c0 0f 85 34 01 00 00 3b 5d 00
[  509.060888][    C0] RSP: 0018:ffffc90000006af0 EFLAGS: 00000246
[  509.060901][    C0] RAX: 1ffff92000000da7 RBX: ffffc90000006d38 RCX: ffffffff917b9000
[  509.060915][    C0] RDX: dffffc0000000000 RSI: ffffffff89953b82 RDI: ffffc90000006c2c
[  509.060928][    C0] RBP: ffffc90000006c28 R08: 000000000000000d R09: ffffc90000006c30
[  509.060940][    C0] R10: ffffc90000006b90 R11: ffffffff818099c0 R12: 1ffff92000000d85
[  509.060952][    C0] R13: 1ffff92000000d85 R14: 000000000000000e R15: 1ffff92000000d86
[  509.060964][    C0] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  509.060978][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  509.060989][    C0] CR2: 00005620bda2d008 CR3: 000000000e734000 CR4: 00000000003526f0
[  509.061004][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  509.061013][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  509.061024][    C0] Call Trace:
[  509.061029][    C0]  <NMI>
[  509.061036][    C0]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[  509.061056][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  509.061086][    C0]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  509.061104][    C0]  ? nmi_handle+0x2a/0x5a0
[  509.061128][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  509.061150][    C0]  ? nmi_handle+0x14f/0x5a0
[  509.061165][    C0]  ? nmi_handle+0x2a/0x5a0
[  509.061182][    C0]  ? stack_trace_consume_entry+0x111/0x280
[  509.061201][    C0]  ? default_do_nmi+0x63/0x160
[  509.061220][    C0]  ? exc_nmi+0x123/0x1f0
[  509.061239][    C0]  ? end_repeat_nmi+0xf/0x53
[  509.061256][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  509.061276][    C0]  ? __init_begin+0x41000/0x41000
[  509.061292][    C0]  ? process_backlog+0x662/0x15b0
[  509.061313][    C0]  ? stack_trace_consume_entry+0x111/0x280
[  509.061333][    C0]  ? stack_trace_consume_entry+0x111/0x280
[  509.061353][    C0]  ? stack_trace_consume_entry+0x111/0x280
[  509.061373][    C0]  </NMI>
[  509.061378][    C0]  <IRQ>
[  509.061383][    C0]  ? process_backlog+0x662/0x15b0
[  509.061404][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  509.061424][    C0]  arch_stack_walk+0x10e/0x150
[  509.061443][    C0]  ? process_backlog+0x662/0x15b0
[  509.061465][    C0]  stack_trace_save+0x118/0x1d0
[  509.061483][    C0]  ? stack_trace_save+0x118/0x1d0
[  509.061502][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  509.061522][    C0]  ? __asan_memset+0x23/0x50
[  509.061545][    C0]  ? unwind_next_frame+0x193b/0x22d0
[  509.061563][    C0]  kasan_save_track+0x3f/0x80
[  509.061578][    C0]  ? kasan_save_track+0x3f/0x80
[  509.061593][    C0]  ? __kasan_slab_alloc+0x66/0x80
[  509.061609][    C0]  ? kmem_cache_alloc_node_noprof+0x16b/0x320
[  509.061630][    C0]  ? __alloc_skb+0x1c3/0x440
[  509.061644][    C0]  ? synproxy_send_client_synack+0x1ba/0xf30
[  509.061666][    C0]  ? nft_synproxy_eval_v4+0x3ca/0x610
[  509.061688][    C0]  ? nft_synproxy_do_eval+0x362/0xa60
[  509.061709][    C0]  ? nft_do_chain+0x4ad/0x1da0
[  509.061722][    C0]  ? nft_do_chain_inet+0x418/0x6b0
[  509.061744][    C0]  ? nf_hook_slow+0xc3/0x220
[  509.061763][    C0]  ? NF_HOOK+0x29e/0x450
[  509.061780][    C0]  ? NF_HOOK+0x3a4/0x450
[  509.061796][    C0]  ? __netif_receive_skb+0x2bf/0x650
[  509.061833][    C0]  __kasan_slab_alloc+0x66/0x80
[  509.061850][    C0]  ? __alloc_skb+0x1c3/0x440
[  509.061865][    C0]  kmem_cache_alloc_node_noprof+0x16b/0x320
[  509.061888][    C0]  __alloc_skb+0x1c3/0x440
[  509.061905][    C0]  ? __pfx___alloc_skb+0x10/0x10
[  509.061925][    C0]  synproxy_send_client_synack+0x1ba/0xf30
[  509.061948][    C0]  ? kasan_quarantine_put+0xdc/0x230
[  509.061964][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[  509.061988][    C0]  ? __pfx_synproxy_send_client_synack+0x10/0x10
[  509.062011][    C0]  ? synproxy_pernet+0x45/0x270
[  509.062034][    C0]  nft_synproxy_eval_v4+0x3ca/0x610
[  509.062059][    C0]  ? __pfx_nft_synproxy_eval_v4+0x10/0x10
[  509.062088][    C0]  ? nf_ip_checksum+0x13a/0x500
[  509.062113][    C0]  nft_synproxy_do_eval+0x362/0xa60
[  509.062137][    C0]  ? __pfx_nft_synproxy_do_eval+0x10/0x10
[  509.062159][    C0]  ? validate_chain+0x11e/0x5920
[  509.062179][    C0]  ? __pfx_validate_chain+0x10/0x10
[  509.062201][    C0]  nft_do_chain+0x4ad/0x1da0
[  509.062222][    C0]  ? __pfx_nft_do_chain+0x10/0x10
[  509.062236][    C0]  ? __local_bh_enable_ip+0x168/0x200
[  509.062269][    C0]  ? __pfx_nf_nat_inet_fn+0x10/0x10
[  509.062288][    C0]  nft_do_chain_inet+0x418/0x6b0
[  509.062311][    C0]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  509.062332][    C0]  ? ipt_do_table+0x312/0x1860
[  509.062362][    C0]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  509.062383][    C0]  nf_hook_slow+0xc3/0x220
[  509.062403][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  509.062421][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  509.062440][    C0]  NF_HOOK+0x29e/0x450
[  509.062458][    C0]  ? NF_HOOK+0x9a/0x450
[  509.062474][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[  509.062493][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  509.062514][    C0]  ? ip_rcv_finish+0x406/0x560
[  509.062534][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[  509.062551][    C0]  NF_HOOK+0x3a4/0x450
[  509.062567][    C0]  ? __lock_acquire+0x1384/0x2050
[  509.062588][    C0]  ? NF_HOOK+0x9a/0x450
[  509.062603][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[  509.062619][    C0]  ? ip_rcv_core+0x801/0xd10
[  509.062636][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[  509.062658][    C0]  ? __pfx_ip_rcv+0x10/0x10
[  509.062673][    C0]  __netif_receive_skb+0x2bf/0x650
[  509.062694][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  509.062717][    C0]  ? __pfx___netif_receive_skb+0x10/0x10
[  509.062737][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  509.062760][    C0]  ? __pfx_lock_release+0x10/0x10
[  509.062784][    C0]  ? _raw_spin_lock_irq+0xdf/0x120
[  509.062813][    C0]  process_backlog+0x662/0x15b0
[  509.062838][    C0]  ? process_backlog+0x33b/0x15b0
[  509.062863][    C0]  ? __pfx_process_backlog+0x10/0x10
[  509.062883][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  509.062907][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  509.062934][    C0]  __napi_poll+0xcb/0x490
[  509.062956][    C0]  net_rx_action+0x89b/0x1240
[  509.062987][    C0]  ? __pfx_net_rx_action+0x10/0x10
[  509.063012][    C0]  ? sched_clock+0x4a/0x70
[  509.063040][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  509.063076][    C0]  handle_softirqs+0x2c5/0x980
[  509.063101][    C0]  ? do_softirq+0x11b/0x1e0
[  509.063123][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  509.063148][    C0]  do_softirq+0x11b/0x1e0
[  509.063168][    C0]  </IRQ>
[  509.063175][    C0]  <TASK>
[  509.063181][    C0]  ? __pfx_do_softirq+0x10/0x10
[  509.063202][    C0]  ? __pfx_lockdep_softirqs_on+0x10/0x10
[  509.063229][    C0]  ? rcu_is_watching+0x15/0xb0
[  509.063248][    C0]  __local_bh_enable_ip+0x1bb/0x200
[  509.063269][    C0]  ? neigh_periodic_work+0xb35/0xd50
[  509.063289][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  509.063310][    C0]  ? neigh_destroy+0x423/0x580
[  509.063331][    C0]  neigh_periodic_work+0xb35/0xd50
[  509.063354][    C0]  ? process_scheduled_works+0x976/0x1850
[  509.063376][    C0]  process_scheduled_works+0xa63/0x1850
[  509.063409][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  509.063434][    C0]  ? assign_work+0x364/0x3d0
[  509.063456][    C0]  worker_thread+0x870/0xd30
[  509.063483][    C0]  ? __kthread_parkme+0x169/0x1d0
[  509.063507][    C0]  ? __pfx_worker_thread+0x10/0x10
[  509.063528][    C0]  kthread+0x2f0/0x390
[  509.063543][    C0]  ? __pfx_worker_thread+0x10/0x10
[  509.063563][    C0]  ? __pfx_kthread+0x10/0x10
[  509.063579][    C0]  ret_from_fork+0x4b/0x80
[  509.063600][    C0]  ? __pfx_kthread+0x10/0x10
[  509.063616][    C0]  ret_from_fork_asm+0x1a/0x30
[  509.063644][    C0]  </TASK>
[  509.879431][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  509.886329][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  509.896498][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  509.906569][   T30] Call Trace:
[  509.909859][   T30]  <TASK>
[  509.912798][   T30]  dump_stack_lvl+0x241/0x360
[  509.917495][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  509.922708][   T30]  ? __pfx__printk+0x10/0x10
[  509.927318][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  509.933326][   T30]  ? vscnprintf+0x5d/0x90
[  509.937681][   T30]  panic+0x349/0x880
[  509.941686][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  509.947860][   T30]  ? __pfx_panic+0x10/0x10
[  509.952295][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[  509.957690][   T30]  ? __irq_work_queue_local+0x137/0x410
[  509.963271][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  509.968666][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  509.974842][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[  509.981019][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[  509.987197][   T30]  watchdog+0x1033/0x1040
[  509.991551][   T30]  ? watchdog+0x1ea/0x1040
[  509.996003][   T30]  ? __pfx_watchdog+0x10/0x10
[  510.000698][   T30]  kthread+0x2f0/0x390
[  510.004785][   T30]  ? __pfx_watchdog+0x10/0x10
[  510.009480][   T30]  ? __pfx_kthread+0x10/0x10
[  510.014083][   T30]  ret_from_fork+0x4b/0x80
[  510.018517][   T30]  ? __pfx_kthread+0x10/0x10
[  510.023123][   T30]  ret_from_fork_asm+0x1a/0x30
[  510.027915][   T30]  </TASK>
[  510.031275][   T30] Kernel Offset: disabled
[  510.035596][   T30] Rebooting in 86400 seconds..