last executing test programs:

11.284451475s ago: executing program 0 (id=785):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r1 = syz_io_uring_setup(0x2bbe, &(0x7f0000000000)={0x0, 0xfffffffd, 0x800, 0x3, 0xfffffffc, 0x0, r0}, &(0x7f0000000100)=<r2=>0x0, &(0x7f00000011c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r0, 0x38d, 0xeef2, 0x1, &(0x7f00000000c0)={[0xb]}, 0x8)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x5400, 0x0)

10.737836725s ago: executing program 1 (id=788):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f00000000c0)={0x48, 0x2, r2, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f00000002c0)={0x28, 0x0, r2, 0x0, &(0x7f00004c7000/0x4000)=nil, 0x4000})
ioctl$IOMMU_DESTROY$stdev(r1, 0x3b80, &(0x7f0000000040)={0x8, r3})
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x20, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x80000000, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f0000000100)={0x0, 0x0, 0x0, {0x3, @vbi}})
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000007300)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000003180), 0x0, 0x0, 0x50}}], 0x3, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
ioctl$KVM_RUN(r7, 0xae80, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
ioctl$SIOCSIFHWADDR(r8, 0x8924, 0x0)
r9 = syz_usb_connect$printer(0x6, 0x2d, &(0x7f0000000300)=ANY=[@ANYBLOB="12011003000000402505a8a440000102030109020107010228090501020004b008254950fe9979d1a026fd386e09a23e81a0299923b1cee0fadecbd10f5e00"/73], 0x0)
syz_usb_control_io(r9, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x2972, &(0x7f0000000080)={0x0, 0x0, 0x6, 0x1, 0x171}, &(0x7f0000ff0000), 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))

10.127856223s ago: executing program 0 (id=790):
r0 = socket$kcm(0x2, 0x3, 0x106)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000300)={&(0x7f0000000040)})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = syz_open_dev$evdev(&(0x7f0000000180), 0x2, 0x0)
ioctl$EVIOCGKEYCODE_V2(r2, 0x80284504, &(0x7f00000002c0)=""/29)
r3 = openat$fb0(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r3, 0x541b, 0x0)
sendmsg$inet(r0, &(0x7f0000000340)={&(0x7f0000000380)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x0)
r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000040)={0x0})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000300)={0x0, &(0x7f0000000240)=[0x0], 0x0, 0x0, 0x0, 0x1})
r5 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d3e457201e040b40e73e000000010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r6, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x6, 0x0)
ioctl$UI_DEV_DESTROY(r6, 0x5502)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r7, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r7, 0x0)
setsockopt$sock_int(r7, 0x1, 0xf, &(0x7f0000000000)=0x8, 0x4)
syz_emit_ethernet(0x0, 0x0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaa4461807f10a0800450000280000000000069078ac", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c100000907800009a663df419e240a9ae82074603473196c1f46ea08014cf1618d41b4196484a9ae8207dc076c3c3"], 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
renameat(0xffffffffffffffff, &(0x7f0000000240)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)

9.2640005s ago: executing program 1 (id=792):
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xe7, 0xcc, 0x61, 0x20, 0x10c4, 0x818a, 0x7d8f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0xc0, 0x5, [{{0x9, 0x4, 0x23, 0x0, 0x0, 0x3}}]}}]}}, 0x0)
r0 = syz_open_dev$swradio(&(0x7f00000000c0), 0x0, 0x2)
ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000040)={0xf0f041})
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x4002011, r0, 0x0)
syz_usb_connect$printer(0x6, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x4, 0x0, 0x4, [{{0x9, 0x4, 0x0, 0xd8, 0x2, 0x7, 0x1, 0x2, 0x3, "", {{{0x9, 0x5, 0x1, 0x2, 0x3ff, 0x44, 0x4, 0x3}}, [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0x6}}]}}}]}}]}}, &(0x7f0000000640)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x250, 0xcb, 0x7f, 0x5, 0x40, 0x1}, 0x11e, &(0x7f00000000c0)={0x5, 0xf, 0x11e, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x8, "9ea0a5f7635904d9ed4311e08c32d8f9"}, @ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x7, "1571513dbe3e08e3670b49b8868bfaf2"}, @ptm_cap={0x3}, @generic={0xeb, 0x10, 0x3, "6c798cd0f9fe633335cacb9a57bbe9d43ad5db320b90e41986291b0aef9668c18bd2228d7735b4cbe55e41521ac423ec4dd481f3f17b578a469dfee519dd49ad65c0d7a410c29c6ca2b0d894a17f3da9ac1c87af7a1e30da348172d1e218b37c40883c333df04b6373860205cb4361a351252d91d111c6e1b11468c5125648ebbeb82f11e4c968f057ef46346cb9df6eb81ec78e11528706e705243a7ac2495762a2886e1fdaf62a406af04a444ea5c63c4b4c3f2aa93b32272e9ca72cd47f33e6cc197e5bc4e98a0c369348ed24b2d99f788a822c58115d609f8fbc1cded63b82d138708c774dc9"}]}, 0x8, [{0xaa, &(0x7f0000000200)=@string={0xaa, 0x3, "e5b5e1e2833acb2b3f91fb121fa4699e963005ef3f1ecd031af62097899e0fc4d302c00644bb20c2b6a29c7628669f587cbce018ecbc1500333bbd5161ae8f741cc90276705c54c46cedeefc2f85ad84cc3e562bc1b7dc28a7ac205386218643b73ca57b7a6ffd0cd74747b456f4fab5ba7d70bc9d8f51dfc08152654264089abbfad10327f0bb60210de4a6b7ed923b318c84ecab9ab197cd94ef933303551031e340d9e8a0eea1"}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x860}}, {0x36, &(0x7f0000000300)=@string={0x36, 0x3, "3f7c3c8e2c2171746ce4cb96a3cb5aa0cb4d728f909ce5b7e81b8aa4cddd9630ef2cbb204b3480e03061351bf70f439ddef6e0e6"}}, {0xd2, &(0x7f0000000340)=@string={0xd2, 0x3, "e8504f6605665459e86c2f8e76ce2ac00e739262e461722739d19a753020480797dc3633ef2df7f2ab1c69a4ea19c5746472a024b237b1f8453194b70e4551b12535e6cc4e0664ac6fccf0ded9a7c2a54879183df921b34471f1950343451b4a843aa8aed8b22d9bb4f9dc54dade3e2cba6d8e90ecd7880fb14db1cfc76153a6f62ac1d51124b6314b746d613f0c12124faeb0e389f5534befa92036f847aa6d6f32fb715b47cdf4919f256f2b066b25f9d1b2b6287e6106df9c1609211331ed794ce09fbe96a4177ef9628a0e86d25b"}}, {0x67, &(0x7f0000000440)=@string={0x67, 0x3, "f6b3a7eff65abe0755f3e73ec6e3491f0ce3dcff8a63dbf40f6bbaeee6cd05712ebb5e80fdcce62ce69449f5748c63e2cdfccdf0dbaa4e721fa5541c550a2ed5bd841be8f9bfb6945dd44efa8936dcb94703fa9558ab91a0718a3851db2adcfa2c784431d6"}}, {0x17, &(0x7f00000004c0)=@string={0x17, 0x3, "621c90471f579804cb77a0f57e411b7be5fa135998"}}, {0x94, &(0x7f0000000500)=@string={0x94, 0x3, "9c24013b3a4752626458ef797cf3ecb4fd68e2cc9b9efdfc37e38d64b994b0d57f251be6d5f15ed1240c24c1f2c6c82d7e51cbc5e8f9dd4506ee94d8d12bfbec6c372303db833b78ee072d9f6a0d3f0805a95471b6980c1cffa6173a5dbd3e50e663915d1a039baba6567ef57fa923bdbcc4bdb64266b80e008f98dc63111e877c053ad2553b29507fa8ea7b17b3513740d5"}}, {0x6a, &(0x7f00000005c0)=@string={0x6a, 0x3, "4b47609f44f10f0bccbbea84e8d8b522a78022fe92f61a67f83294997a1b7ac84c4b85bd4723a7e46dde7d8e70f510f704dc5254c5f5fd00577626e02809cab819912c01365912516d25e94776575aa6c3f6a907722a1ba5ff5121fb25b742a99737875763f576fa"}}]})

7.6117583s ago: executing program 0 (id=797):
r0 = socket$igmp6(0xa, 0x3, 0x2)
capset(&(0x7f0000000000), 0x0)
r1 = getpid()
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ptrace$ARCH_ENABLE_TAGGED_ADDR(0x1e, r1, 0x3, 0x4002)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_JOIN_IBSS(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=ANY=[@ANYBLOB="40000000703f4df8df8a905c57c3fc8f49e97c846c05a6c9bf2a91bff1f755bb1f3f67eda378c94dca21e295ebe6a2e71258516de3e4ca4e2e081bf893d4ee87888e5ab3b2e76fa8372bdc0662f08d2b139c2b80655884fdd7fb6471194bb9c7b4ebb2cebbfda9cbbeafb21b92766791ed9011d3a7ac1b7db1537c7c40f6", @ANYRES16=r3, @ANYBLOB="000000000000000000002b00000008000300", @ANYRES32=0x0, @ANYBLOB="100051800c00008005000900000000000a00340002020202020200000800260094090000"], 0x40}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040))
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000340)={0x48, 0x2, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0xa}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0xb8}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xc0000000}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x80}, @IPSET_ATTR_CIDR={0x5, 0x3, 0xa7}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x20008004}, 0x1)
syz_usb_connect(0x0, 0x2d, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000fd9e1a40f30c74933bbc0000000109021b0001040000000904000065d4695e000905", @ANYBLOB="d14728"], 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @range={{0xa}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_RANGE_SREG={0x8, 0x1, 0x1, 0x0, 0xe}, @NFTA_RANGE_OP={0x8}, @NFTA_RANGE_TO_DATA={0xc, 0x4, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, "a8"}]}, @NFTA_RANGE_FROM_DATA={0xc, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, "8d"}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0)
r6 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/reserved_size', 0x42, 0x22)
syz_emit_ethernet(0x36, &(0x7f0000000340)={@multicast, @dev, @val={@void}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x4, 0x0, @dev, @multicast1}, {0x0, 0x0, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0)
write$binfmt_elf32(r7, 0x0, 0x84a)
keyctl$read(0xf, r6, &(0x7f0000000240)=""/112, 0x349b7f55)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'netdevsim0\x00', <r8=>0x0})
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="440000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="15eaffffffffffff130012800b0001006d616373656300000400028008000500", @ANYRES32=r8, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x44}, 0x1, 0x0, 0x0, 0x40081}, 0x828)

6.895417714s ago: executing program 4 (id=755):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000500)={'filter\x00', 0x4, 0x4, 0x3e0, 0x0, 0x108, 0x1f0, 0x2f8, 0x2f8, 0x2f8, 0x7fffffe, 0x0, {[{{@uncond, 0xc0, 0x108, 0x300, {0x3ed}}, @unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x20c49a, 'syz0\x00'}}}, {{@arp={@rand_addr, @loopback, 0xf0010000, 0x0, 0x0, 0x0, {}, {@mac=@link_local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'team_slave_0\x00', 'bridge_slave_0\x00'}, 0xc0, 0xe8}, @unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x0, 0x6}}}, {{@arp={@remote, @broadcast, 0x0, 0x0, 0x0, 0x0, {}, {@mac}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_to_bridge\x00', 'lo\x00'}, 0xc0, 0x108}, @unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x41c9, 'syz0\x00'}}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x2}}}}, 0x430)

6.696829439s ago: executing program 2 (id=800):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
ptrace$poke(0x4, 0x0, &(0x7f00000001c0), 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="02142000110000000040000000000000030005000000000002000000ffffffff0000000000000000080012000000010000000000000000000600000000000027b20e97a6a9ecae000000ee00000000000000000000000000fc020000000000000000000000000000030006000000000002000000e00000010000000000000000010018"], 0x88}}, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000040)={0x4000000, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="020f00001200000000000000ffdbdf2505000500000000000a004e2100000000fe8000000000000000000000000000aa0004005200000000080012000000010000000000000000000600000000000000000000000000000000000000000000000000000000000000fc020000000000000000000000000000030006000000000002000000e00000010000000000000000"], 0x90}}, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
sched_setscheduler(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
unshare(0x22020600)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ppoll(&(0x7f0000000040)=[{r4}], 0x1, &(0x7f0000000080)={0x77359400}, 0x0, 0x0)
mkdir(&(0x7f00000000c0)='./file1/file1/file0\x00', 0xc)
lsetxattr$system_posix_acl(&(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="02000000010000000000f400040000000000000020"], 0x1c, 0x0)
mkdir(&(0x7f00000002c0)='./file1/file1\x00', 0x0)
creat(&(0x7f0000000280)='./file1/file1/file0\x00', 0x0)
r5 = socket(0x11, 0x1, 0xffffffff)
mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0)
mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0)

6.587934274s ago: executing program 4 (id=801):
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x242400, 0x0)
r1 = fspick(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r0, 0xc018937d, &(0x7f0000000100)={{0x1, 0x1, 0x18, r1, {0x81}}, './file0\x00'})
r2 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r2, &(0x7f0000000000)={0x18, 0x2, {0x0, @dev={0xac, 0x14, 0x14, 0x11}}}, 0x1e)
connect$pptp(r2, &(0x7f0000000040)={0x18, 0x2, {0x0, @multicast1}}, 0x1e)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = open(&(0x7f0000000000)='./cgroup.net/devices.allow\x00', 0x0, 0x0)
r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
sendfile(r4, r3, 0x0, 0x4000000053d2)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000300), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r5, 0x40047438, &(0x7f0000000180)=""/246)
close(0x3)
r6 = syz_open_dev$video4linux(&(0x7f0000000080), 0x200000000003, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r6, 0xc0585605, &(0x7f00000002c0)={0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xc, 0xa, 0x5}})
writev(r5, &(0x7f0000000680)=[{&(0x7f00000002c0)="2614", 0xf00}], 0x1)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x3)

6.312039702s ago: executing program 4 (id=802):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000002fc0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000e80)=ANY=[@ANYBLOB="240000001a000100000000000000000002000000000000000030000008000100ac1414ff09"], 0x24}}, 0x0)
r1 = socket$inet6(0xa, 0x3, 0x3c)
setsockopt$inet6_int(r1, 0x29, 0x10, &(0x7f0000000000), 0x4)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0xfe000000, @private0={0xfc, 0x0, '\x00', 0x1}, 0x400}, 0x1c)
getsockopt$inet6_buf(r1, 0x29, 0x10, 0x0, &(0x7f0000000040))
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000073000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0x0, 0x10, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
gettid()
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x10001, 0x7fff, 0x7f, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000001880)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000001780), 0x8, r3}, 0x38)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
unshare(0x2c020400)
unshare(0x22020000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x45)
pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000440)='./file0\x00')
getsockopt$inet6_mptcp_buf(r4, 0x11c, 0x4, &(0x7f0000000000)=""/1, &(0x7f0000000040)=0x1)

6.11642772s ago: executing program 1 (id=803):
socket$inet6_sctp(0xa, 0x5, 0x84) (async)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = gettid()
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000029000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$int_in(r0, 0x5421, &(0x7f0000000040)=0xfffffffffffffffb) (async)
ioctl$int_in(r0, 0x5421, &(0x7f0000000040)=0xfffffffffffffffb)
capset(0x0, 0x0)
prlimit64(0x0, 0xb, &(0x7f0000000300), 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
fcntl$setsig(r2, 0xa, 0x12) (async)
fcntl$setsig(r2, 0xa, 0x12)
ppoll(&(0x7f0000000100)=[{r3}], 0x1, 0x0, 0x0, 0x0)
dup2(r2, r3)
fcntl$setown(r3, 0x8, r1)
tkill(r1, 0x17)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x43, &(0x7f0000000080)=0x9, 0x4) (async)
setsockopt$inet6_int(r0, 0x29, 0x43, &(0x7f0000000080)=0x9, 0x4)
r4 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)=ANY=[@ANYBLOB="6800000010000100ffffffff0000000000000000", @ANYRES32=r6, @ANYBLOB="0001040000000000340016803000018024000c800d0001"], 0x68}}, 0x20040800)
sendto$inet6(r0, &(0x7f00000000c0)='H', 0x34000, 0x0, &(0x7f0000000180)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async)
sendto$inet6(r0, &(0x7f00000000c0)='H', 0x34000, 0x0, &(0x7f0000000180)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

6.022424525s ago: executing program 4 (id=804):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x48, 0x9, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_SET_ID={0x8}, @NFTA_SET_GC_INTERVAL={0x8, 0xc, 0x1, 0x0, 0xa}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_FLAGS={0x8}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8}, @NFTA_SET_ELEM_DATA={0x4}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xd0}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000100000000008400000000fc000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001c08000640ffffff000800034000000028580000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002c0003802800008008000340000000021c0002"], 0xec}}, 0x0)

5.775846282s ago: executing program 4 (id=805):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'veth0_vlan\x00'})
unshare(0x20000400)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000003a80)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000000000500000000000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960207142fa9ea4318123f602000000000080de89e661168c1886d0d4d94f204e345c65c26e278ef5b915395b19284a1a4bc72fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe8023c889fd4cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340bdc8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337bc5d58bcb5e51723257c872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e480cd9d48aeb12b1d6acabd38a817bcd222614d1f62734d679039a97d2b74f9e8e997ccd314000f7477137f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35db96c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae374bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798abe646f738bebd69413afc9d8a5edd7aaa000000000000001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d215c9e16e0c4736c819363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480efd8329d9a733d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c50008a2b50025419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba69279500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047acd083d3cd3856476a60a49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5604fbf0491245c0000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0c4367ef4124bfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2dde267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed1823cb7dde8212a8531bd9691dd4cc6a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d34df524b760ab92efcce7dd1574052c735935bf6a752c015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbebe6c74d71ec3b23e29895eff1d1017024fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de589020000dfb663a8d8ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba07982e7ad758f4e1eac69e7e88a63960975f490e161520b7e7d37b581a0f51fe26167e371ec8534791e3b61c685d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921414d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a930867094fd6a78218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9db696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee5237ada986b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800af3e59141fbf05a96113320c445f9ba8596970d5254727e804fbd99ccefb7c09229dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8fabea9930952f5da9b909c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c00000000000000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3138e2361c51cd1eab8a26b232acf6bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305d77eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f8720431132d8549f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39389f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f2fafd45bb7d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a411347051460326f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c3e1f5a76b85ed6e1f0000c67e6c5fcdc8c39381be4799b8cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9c5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba33770ce3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86d856b3cf79a3f7306436762dd1a08ce873e07cebc7892ec6f9f696da38feed3dc0001500e34adae1ba89a32bad2af9030f840f1ba4664f35547cdadd5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1e43eaaeca70db90f2fa39596443447671933079a24fe3681ad9ac361f71ac279a688f10a1cc4df1112105edebc5e3bbc394c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460eee57ceb3c33f4e9300b0144fe040cf5fcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c26dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f23d9eea2459f7844606e1202768d83c24cc791bde44a448022bbfa571fe029a7b2d5152639ee283894ab6168992ff0acc01b39a078f285ce615351f262019586eb9447bb3eaffd7b53d8f37ca6c5f1027dd5b7592996c8a7789ba108979cc9ad07ed86682843e2eaa855dd01443ee6ffde1811f10039d5d14458177096e15cc4d8f2582a1bea5cc98d992f3de7d1cdfb24384b9f10f615c87c441dc970ec896a5af6bf69b50a244bc138a1cae9868c3079bafe69769000000000000000000e99b63029d219cd3545a8426b56554a9f265d3557eefb3602894507c256cb8ee9ebadfecb6afeb84ba757bfa8d00a5af0dd6aa1e8144ef8ef04410d52204c335408941b8eccc5c734cc6a05247142ed647f89bcb5c043acfb382b9cc918bc3cdc368983157851cdf678800aa7eb2a6cbc12c7ae23bc88b8f10223ab2a093429f3f6965bc5af0114cf6f24600000000a80455f324746048ea24c0df0375e2cf333fa90a51cb4cc307e208a93d56368c920c239d0b3a21136d20d4c3ac328254adc96753ab34c4e31b500f71a49a75d9d598035765a72278bc823f63f770ee055e35c367be5301fcaf733e0caad10e0e1eb103b4783243c299729b4c9e26a4a6e0f2e1170e07c63fb58bcc8e145d9d9e54291361cd906ad379fa99b345a3002a2769af372eeadb9c8ebfd4402866f278781cc0d71ecbfcb16b0dfab8043f39b44cf8cc98266e6ffd9122fe16acf0b9071e359ff2fe351601c4ef491fc21cec175d0ed34885b80e8ab975f0552756be2ead3f963487d04a0fdf28aa7f59330c2f0c78ed3800d5eeaa9627472480af1e688e79bb873503c1aecdb0b5d3dda8cb3f0c189fad95955438c0fad34d4f60755d80e3977767be97443e95f7b7982c19a731a07cda09df5b746d5ad96c3e0b84493d94bd211ff1f0e30fc959322317aff59e86e512140a9cae22becca0f195b508905fce03ab6dd01dfb1c91600ef6119aeff341d04ee74c02a717b2f6107479989cd5075e806ea2c5aad0e02db9dc43b10d2792db042e7a2cc55779403b65e442a26d1ec0227fe5d05d0d63f4b0c1ae44f391b6"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
getpeername$packet(r1, 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x200000c, 0x10, r0, 0xf0d67000)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000040))
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r5 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r5, 0xc0884113, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffe, 0x2})
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
r10 = dup(r9)
r11 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r12 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
fcntl$setown(r12, 0x8, 0xffffffffffffffff)
ioctl$KVM_SET_MSRS(r10, 0xc048aeca, &(0x7f0000000200)=ANY=[])
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r5, 0xc0984124, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
chroot(0x0)
bind$l2tp6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x20)
r13 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r6)
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r11, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r13, @ANYBLOB="00012fbd7000fcdbdf090000000000000000000000000500370001000000d58593218f3c5168865182b4db0572520cefab2b450b8a64b1a80ecf3e143c8f624410f362a7d889f764524aa8641501a1598f2d1e734cb9079098f853441d1a3fe3d6168fb6d91479fa2a44bf7d49bf4ec4422e526cad2c7c054e6f3607d1db58a562e7d17a8cfd45f864bd676f3baad7bfe812cbc13decc827b3ffa085e321204892135839343e51b9db0893e98d"], 0x24}, 0x1, 0x0, 0x0, 0x10000}, 0x4000010)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', 0x1})

5.527204822s ago: executing program 1 (id=806):
r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
syz_open_dev$evdev(0x0, 0x3, 0x80402)
userfaultfd(0x800)
r1 = syz_usb_connect(0x0, 0x0, 0x0, 0x0)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
unshare(0x2000680)
r2 = open(0x0, 0x0, 0x0)
flock(r2, 0x1)
flock(0xffffffffffffffff, 0x1)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000140)={0x2, 0x4e20, @multicast2}, 0x10)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
syz_emit_ethernet(0x0, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
sendmmsg$inet(r3, &(0x7f0000000d80)=[{{0x0, 0x20000000, &(0x7f0000000500)=[{&(0x7f0000000100)='y', 0xf3406}], 0x1}}], 0xc, 0x206b99)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r4, &(0x7f00000021c0)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000000040)={0x50, 0x0, r5, {0x7, 0x1f}}, 0x50)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newlink={0x64, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x585d}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @loopback}]}]}, @IFLA_IFNAME={0x14, 0x3, 'ipvlan1\x00'}, @IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}]}, 0x64}}, 0x0)
syz_fuse_handle_req(r4, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x0, {0x0, 0x10}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r4, &(0x7f000000a380)="0c56bf6bb3baf02b9ab7fde676f32526c03ed51491838f438732f864b706a20873df4f29fe53dc049184abafc2bb563443641ed267b894e93a76cd0eb595a681ed40163d4319a0c1d4b2f1af412c1ad92e46192ba8f13ab88700785295acbfd5f0b7a29d66c035eb3f01570ffa6903253657c28df41f50564f9175a5bea19102876c3b9e1b30c5acfc500d6da1220831690f25857fd4d2c79229340d83b7cbba0cb5e4153fca7c66ea4b183e1dbd4c685d589a370b56a57d77b752615acd39aec11482fb74b3e4036e668df39b11e550a457e8fa7fd159dc81f3645c1c0b606d916cec0813b36b142509fcf96769331076f51dc9026cc5d5b50095fc876ba9e6350c158d3340795c03948bb00c8cd0407e67c90f125cae9050161392054026b20dcaa58896be95396a5c321e672065e49da32910e83b701f58cd776a64cfec5f26d48f5e43f451b66caeeccf3a90021611b6f006c76a40b66698b942ddec29d26a60eb01cdcc3fe8f34da7698b70d576591580e6f88b5a1f581d7835a10f598b4ade50f5a0d425d8235de898287d691cbe6770786172701a71df35331ecb2940f54e9c845fe3ef766d8ff5b89851d7ea3e2a5c9fa6ad1d387c43dc5e9c6fdcf8ceb6f2e0b2a6f8548c9c2104027c7f71692a671289a3e54562ebdc13a6230184e06e5d08685620d017ca7e870daeb3bee4fa2518dedd3db53c0e159624d7804bda3924495a0252fa5c8b04f5e493cb56551df3c36e71686c462c0259f0e49e849bd303382c1bfad5cdaf8e3fe96517c82e73145741f62b3beb95d733bdea541243b2784eb8ea008f47567ad664410d5b6e90dd050f329609713a67f3f38dfd0f6cd122a3c0b796db6d637e2f350212e91040757c855d10c71aebb15f702d784856a93f7f39d58feba303cc3bf1f8449def68b1b8ae35be5f4ff06b9e2dcefe575dd4a4b391023445cc638f775f39a557860e794475999b7677e6e28b655727c7a1e0c8c35fdb985d3ad453d7c7a09512509044e7ff02fd48e60241e0a5947f06dda5c983424f4fe19670597e36ae546a9406f4dddc3b1eb2fa4bd8013fd969bf74c91065e25b442701554d3354713fdea474702fa00080cab2afec5ec21d428d6bd81968775275d6d2d31f9d6bd63443db83cd820985f87cc9310cab4b49d2a8351b7c270aac0a5045e88f3e9df1facb07607b7bbb7dc0b58fdc5301410d274368841e1145888f9a9dfdea7480c3ce7b7635e034006f48e7f280f683705cb41fb3b6c90b3b1a967a234d0a197fd51216ec80b927baaaf4e7b91b6e300add576a717ec6f5ac00eb2b0d3bc0a52e2fe4100e4dda6c1ed2b99ade85a56c63880b10b771104611b5828fc41f4f6dfb3ace80dd22c6c04ebafbf07ab209f4e6212cdff1a186e4bb24db21a5ce9a6a5d0fb13d6e4e1d2bf5b369c1c1cca3774a5fee4ab9318a53c0ccb28b42f003705316c4a7e9d068b7120094c06addb3e9a230690e94975422d699540d66d4b4efda428fabb7d3eba20b5c98d8c2afe6c5c16d5a15b2398b36d929560f4647b81a5afe08b7a35a335b054762475f5a7eb3151e3dd4042ba9d67e0d781c4093d138950d637d605b488c82adf5d5c6a056db591e47694f796e0d4ffb45159780c0dfe88724e393c80d0a0166558210fb80c803d3e755c865ce7112ba393b3e34f1d2721838c6fb4f84d62743095d65752fb3332c3f51e130f19b23b5ad26fe5cb4da6f76711c502dee95a3217d9d7a757ec09b748224291ca10096dda69ef446edfbed2bbe1b47a35934197a842a11106cc8385b670e111301af2d2af93524504403b0efb77558327600ec5c432972247b68c87ade6687b193c893ab5dce94bdb47b8a3743b99ed87e5425d4e13a0fa7b45a835a486c5180572ef15b3d2e491b2e1d7416d8ef1ba6166872f7dc505a1f49f8f4c3bd7d80b3c016b6496f639cac8dd32455fce148755b4ad6fed72acc2df19456d79acf5679c3bfdff884c7a8e63dc1b18e6123ed1dfc789247770e47a42c0b29bb2f59ff0ff018b70cb69a6ba0391eb9fd9feeb543e089efd270c818923633e09a5ba04b1a60c95fb6dda75a50eaaf7701a7b586c264f10a6c9c9fa7f4e02536249525d3193829b03a9ca1eb858ffd95ad8b6ea4e3445caa8ac55fba6277f8d84596309a0e98053405a69166d2b69af81d6b755beb7f2082e7c4d7bbc9bca88bbcff6ee7687987b56feb0749c29177a396fbbc884e72e1828e9cd8819eb29b9db617355a25bd3a7900f58708aa12116a3597b7bb6fab4ce25a1cfffaed93787c63609120a6f9d73424831e415d909c0eb86aa74de86bd3164a0ada41509630048e6390799d9731e32a0b3dff811dccd6e58351a2421ccf1b77d147778facff2f0ca4145c7853d5a2e857bd5600be87093272d3b4336af55f195315f5ea534f3cf7d1a31a5f195e9768efb15ce9cacb414318bcfc93a6e377548ba447b12c44cdbf6bf72ff5cfb4ec4f81332067d4c9ac5b0829eee1243a8f05bdad9c6b4d92d17d0253d372555617e4c60493ab35ea11110c917f1ee4bf483e630c079586e9c6376e4da54d86a3d5300dc33470a42c1efdd9509cd6fe1da9330c667dc7822cec26ba25d92a4f08bf282d911f6e99a0c65cd25ed8b35ad7b4fd2a079874724a6dd143a8cabd1ed977db90404f3ef0446734d9b9c396a6e633784ef542bcc65817ed1ef259e1b0fe7e74199f98f5cb206847480269f7f1bd06c5651be5b3dca1261f52d4d2f9700e2a59a51a63a5ad201607fcbfba73e1c6cd7e39b1dd9ff8b34ac7aff2877449213fcf7df0c283bd78a538d91a1875a9f05d6f93bbdf4e7e20a3db136e36c05285dbfc1b348a8573ded32fe258142b6d62fc635dc9d74d73fd85dcb50738def9db4646a0284dd6890790706bb897b4fc442987adde96c9df15846db257acdfe8437626e6be5cf244feeb6eedf50f0a3e900f71cfb5b71495db50b423ac69d5ffae5845d4f7eb0cc417d977945e081d86fa938588e7f3976772e55c8c6c6d70b98fdc5b8f91d94e0f6b68d9479f9349dda1c03cb24b0a0ce77c0067a3c1223d1e5c551e7f97b7d4346aef12aaa741cbc3338c1b4d9a3d4b9169d67f7da22726316abdfb4c6dc6f8c546d6bdd60d437e4652684758a007f61d298477981c66b34a16ea509c7a0f6d3c076bb56efddbf248606c4aa9be4058b3c10708c952b7b0a78d1a68ad923dfc1b5505262db5b0528f6dfcad4493c43685a2ea77433ed168010f4b5321b3c996d47d30f7af6a3ba3d459f59a5c9612a126c6fe62138517b11393ac183809c8619520599c29aeea52c2609702ca2d6f883612bd56651ceadfbe2adf91a5f01d8bde413658dd118e8d0f8fb415f27063399e9595dccb68d15d749ede59891b9228817983f1ee0c8b523002cd406796266038d6a2d627ecec1aedb3d1ceffe6bbae380579dab73f97205ac78f6284fc5e3a002090aa3783d190d4825bb9ac6c08d7eb57c5a8de565681fde668e802e4e2394232181966a0ca6257bd2df988a8dff73a855d5d305cb30c9a7d8e3846df37d6c553f48aa7c8de8bf0c6d485e941b40c781c094f0b3249a96dad527f849345199d427457fb00af2160bac7a2c7a73871579ba9e737fdb1b22ece8e8405fe53c1491f44dfea36df84c41328728a1e19d019cbfed77c2cfbc1a170033fd41758478238fb6c0b5f6e3cd89e5db33755b3e3670942a0ae79485841bb8e3d5a7d3e9089641dec6016ef876956d5543e4047ed402f060095631dcea29d258b3820e5713e05e635489aeb7495a728b3fec4886b5e23448fcc36f72aabfc24a183b6fb518a88b99d87201497cfb30c635a70082352da98240940a1588a6708e4a0a0037049d0b451154bc70f10da41f779dc33f2a4ab0c5fb9faeaa70318f9df4492b5c6743bec001f5399d168f09c0dcffeb36b40b5669e31e893a2bf7de2221f278c45754f9b86f132587a142ba89eed4a8b0a6073ff4a653f7ef573c9012043cf9e569bdb1241039db1fcc9181e2bfe156b8fc8b4d4b3ddc52927e5305ed130ca76cd9120d3c72934dca24ebcd9b0d11113739c875e2921bcb2feaad54ba147fb8b3885528186de80e149678c0eb0f02413120db95bcd569bb9c3e05ef031eb51e16db33f911986ad1430614fb65e9501827a9197a20fe432edaed52da9f3e16e4dbf7e1c79a9abb716b5558b8eca92a142da92c0e197ae15ae232683c9ffd4bda9a7b9e7b7638dda9e15f669c191ff33c985e9cdc2a35da19df712de1aa88ea03d6bc84682334ca514d75ad5e6f8c50041edcbed15a340b673f498f853210a2e38b48cd05f9e22037967251b368e8e28ff779d3af87add48b456617c13ab83d083ce3d788c66eb2fa1d5b3a1c289c822c7d8dbf939439db6aa4c795751650a36eb31e2bd3f7b7bbb5119eebab64712e4d6efe99b6fdffa73dd4a4fa03c5d43172bb1b510df5a29d1dd12b972771349806ce3d42e39b88490330f17f61014ae43e55c315299450335207ed708d07a500421fa39b2170e46816eb6a1658e8b76ed4804b28d03ae6f536fc54d32e1e0489451b4c9c0bc2823f40f5771e4c8e947d031cb3eb0ac41ad9d9d177afcd807401babead6bfe84cc6aba840b31cf4f9b2e4a5078bd0030a3e4915339f3b92196c160c9b8e0cd64e6a43d0c0d47f766aafc151cb76858a9dc4544d43a7a55bad9113518a8e24f568dec35c04cf2dffd72f92994948528c0ec5a458c530a2738d88b6c227794ad84660d6d7a5edad80071c7de93b14c8fa58973788133c16652063bea22be7495c70640f5e1097d0dcd56f9e2a4c3f8521611152eef275f83f29a8ce228b24b55b4499a7c651dcba92bae2e7d608bee6703c56368cfc2836210f291ad3ae110606760b2c5d05af35d90144c7d2b31b0d7940422224bd737a15609c8960e48c11b7256a2152199a98d428dcd4cdd6064a479ba8043d77e38094b90d5ae33f85997d03dc67617d756a2ec35921895f2968d96efadbdc0a8f6a7a89fa345f379e2de0e73d2cf8ea61492e7387b9d68ab808b6820580f9264b634a080bf19be48c571c39b2727874c670a52f6b3bbb0a72468883437cd9536d91befe0bf81782160af6eaaf639c6aa44b4b012dc5228a6efb7d25eb75ae327ad4a646085e6bb5282a6b3a0f0b2b200b9037704f9b722ffc46e77e74de77832bcd5f6bfd6e16c78738fffeaac6a94f6e88a4c3fa2b9c6004b11b47743a7d7af39f445bdda9c0b201f82a0ef300820654799b2b46144cb66c518182325c464bc0657dece61bb7bc4e8bec73b3206c735eafd85878c83b16f56b6be0f648340b8b12ac1ea849b7a1053f03cb2cdc14556df49443fcf3b714921edf8139fce5398646e47ec87a1cc21140761ff069927d6f1ef5f077433811c4a1db4f3badf2451d42297708d96d9f4b7431d97615d76a0a134c91d83dbdd9943998c9d7508af2709e78e54b162592c95a924f2eecbd8d6f618a71e3b0ffa25319153434c4963ba53665b7183961b196454ae868bc3583b2f13e55075a29e13ab3c7308f5c4ed3c5663dc983a0260054f1afc642d0e247b02aa58efd96b75e191346c5a3028bd9f2e1162c7abc5316aaddf77b1d4be06b2774a761d9c6e4d57afb51c1457b13bf1dba9affe9e84033ffc8c1e691906ddd1b9c3aec8b1068f64170edfdc6a212e16c9dd981279a535fcc50b00488bd9a10c61ecd8e057f517688767c5901b9d83c8c8e04be5dd0a2c91b9894eaae9602956e604729459a2e37cf8b81b941142605f8857f927ad827c4227bc646708dc78ddef16b064cd5af73ea9210dadeb48cbbeb9fcc5aecbc7c4272123c753138cd005d9e62d106d5764ffaa3c98d2a0af64cf7eaeb85a542e79dd0330153612caff884d4aaec71eec41ab94cc7506862e280e6fcf94a47a33eb63957ed7aa308d014446b96a9043eab9846dc74f2431b2450d86f29b0861519cd690ffef5293f6d2f253de344f29c46c2112802e3f1cb7d5a3fcebaafbf447c0dffe63660cc719c1e4f542ae99b5b173c7ae74736c5091399ab7a07385ba2d7ef2e416f98c46ff1806a1061d3adc3fa5810e798243e06388db00a79aa37c631536fb2846f5983c02cb627ba4bd2aa860e1a9c1ac647f5e1c2faeb4c2d45fd567dc3bbfe35daae8884b5d1def75ab5ee1c308d5cbd8ea598529f8a0f144f0476b5b3ed5d3cb6f209fab07fe2c94da4d10f605293757116725446411d2b4c2298879071c2b9f6bd88666bedda62c9de54ac3fac823c005371cc3aae4cb3c6df8e0f8eeb263e6540cced93338ed287047cd3efd221c4cb2dfa41b3bc50e2bf29d175f2d92ba3de00a893b263e00d6185b86ce77f4432babf7a13668af5fb7e544edd085c106a9f264e2f4b7e23c20ae926b6c1c717c5bd1b4462858d1dae89c15c6c2e29ad8907a750c4c3510905cf1201f1037507129b5049e362813cdb8f00daa5350863b5701f725f01576c52711c9cac4ec074caeb6d43dde75027a33413dd85d6dc83ac57b5d2fc5e35d8d83dadf398eeb1b9c5d7ed90f4228e520591ae15ba6de091e57a29b65f716c181593a17afe2b2f465ef58e2f9588b53d4099ef6deca7f43d420b74abe0b48e6b63c57b5a6712122b03ce1dc281ecea7f553af0a2762806f2f3cac7e04fbea6b49888765378a19ec504f2f2fcb78d608d7b8e0446efe52c4752fd992e57e0168e57b83679cb18bb6756aed54da07d9de88650482288a0e8d2a65f69b7fee7117766ea426e0829cfac78cd82a6352c45c86a66489f5f0dae42bacd8e2f88cd1c3622ed355aa348a21cf1a42bf82833ed028f1ae9e06a01016a305208806f2145c52f78d6c3ebcd38eb5481ee79b12ebc072b97ed299c938521413b888c92321139c2ff4c50586c1d1248b56a4e7e77666d337a159c22da5d497d35c96efa048462ffc98c0726a20505d0ebb2b6666aea1750dcc5f4eab1b09fa0e2b5bbe6bd420110eb1ffe8889c2bb8537ed36a6cc01bbb0601cf81e23114705b257a27852cae1da0b290dd30384c38198631a80d9ceba039cff2b0665ffdb7bf7fbecac377029db1f5f13a64179a2b9696fed7599fd41db7a50bd093dda755d13363cb98d5800b164a4f462352225d3f9d136f2ac33c43d457852fdf3500e12b9996f3a68ba18506ee21b8e322e730de8c8cfe3451efff64cbeaa4d7d7445faf24dbfaa8b13fb6315d256c8e9463424f0cc1be6f916414383c6b3cb47dda38a7acf1dc530517f1115bda4eb63aa4bde5c80ea111f50c0c3845cb87e811aa61af0052f12cf816b3d467b079f97e170e4cd7eadd07b415ff200a3313d2e06bb75ef5d12b7bed63d896c787243ab267a8b0d2593a236e4e63524c8a5d4640c6e133a09ea94dba5daf95d54b5e6cfddd61ff2424cc406a5cf738820e47bb4956a3eaa4ec28cecf2e34ea417fe5735ab5ed00a2791746275b1c3cb8d4bbb9b7fbbae2d1450a20304610756d4b8cf1c68de447bd6b828a30dae3aa2071a1c682715ef9bda20f49961cc4db398f0f39bb8540004b551fd9af635a755b5d201bb798170a61620b0f9d475b72cc58ac208e4caf4d03fee3d4774994bab385bf6b0bcec938ea8cb03f7717d2b86f2cedd9bf456700c21054a0bf9bce55ab41db29aa664196d8c09b82e5672adf8deff00209d0b4b46e82e62ffd110862627e609a10212c2ed4deece164171d8c8c48ffe75195a3c63690f4173c502d477961405c8cc67b51399b8c5b470a7e681742111f27755247e888862fb49d8540ffa778f44195a0ce9613d504869a598ff8f468681b96655f160b52c770442c0139901b007d44c4086c60d4eb763869ce2c915d47d5704f29b63bb1da4bfb4c2244ef3dbe1636d909b1d4e0bf285e7b964b0da1ea12ba8ae52b65afac35365684cdf9f56f377344cfcf062896dc4d15506685b147a5d33eae0948bbaad3bafef07e9cfc79d7e42de2b0cf97b954726feefa09a9018d690e665c49b7837bbaec3a3d8efc22da9060f0a7c5b6d0523492bc7764350e10db44ce13c6f4fd62d4cbe6ca32b7c756698fd980593b976fb3425597cefd04fd626028f0934e7e55784f49e7c90d7dc18a4d50c812f4092f2d717921b8178af13abc436feabd81574342b4239f2a22b99914629ad9b57e366861fd016990f71b5fd288b9632b892a85ba53c31cc748c3c2f56b304187302b48daf3885dcacd6815f5966196944339d99aa65889d79e1ec6a3ffb85f896c27eb81216d935c2b8b78360d3e8e254b1c1f870d9482b8eb40b6a53fd144247eda6a20a804b37d40251473f738d65c4ff1e879ce25224f693350b60ff31368ebe0f4205c4bfb9eb2f7bc2bdb4e3349c894382c8050abc02b82ec52bc085b834d90409625c94cc8b7b82aa0ac45c79f5633bca9ee09977fec9627e5b6302ed69234ce47884f66534603f5a683d8642da2e1046e05db472a08c3c69b4aa5a0d2b5862830ae76d592bcb3288b1f611cc3b394fd831ccb0cd1b1e142c18503fb6d92e88222d0a413a124037e4d82f580f9b29f3edac46b6203b118377eb76796548f903802469cb30428ee77993c0c3458c39058904464d8ba4793d3773f31edf1db5da831a1e869990f13710e8c883e7f3df9bd2c70c8e697adb13c46cc110392abe565af80020ceac471a615bb3b241b94b3067b5a381fb3ea84e92ce0581db1d2885ba6a65f727a24d9827a6c4ba4eda4d73d16654b79a9a4f9d0c5eda02ef262270fde779df285e2d61dc18e21b807b883e6d5542fbeabf02afcea6fb26e5e7b93590d1073cadf25cfd4c5fefeebc9ba4d23cec6253be02b3a21d86743602d822540e3580f7458a761d23cf7945d244e7072527e3d62f87d5d141922d517fd15e837a9fa80f00af29d3610e55bf8e8d067b478fd036beaf79d9347dddc21185965d19462836866f11388606f4aa604aa07ef81fa0f9a20c5a33bd8515ef03d87f101c1c20c8c53ab824016e719ef7f592ea05c6541129c529837e3a9563dbca5a65baa2dea69ddb2fd93b4f03f3c9cbd31afb972acd955be97771155fcc26446ed9df9f3b7f2dd1c008a8f8e86fc60ebbc13020f20371098eb8d7232bbc5011580686e8408a7a5352d2fedf46bc57a0e81be1d62fa46ddc6997b4da2d24626d222a49eda179cfec104aef423461ebe50540d272242c324127675d4b90267d7baae6d700ab1b3fee7e765fd169a9d38c1ca51d133f3df9feb93c49e3543279ac48f16a82bbaf62aa097fdc05eea747e30d29215b391f0eca11a72ec4114229b2daebf3cb86366a1eefd4427104209d3f95dc3d77fb9bd613ac7bed316101d6b9ad2489e08dfa256e3ee3e4b397e22a3d275742e9cceee4e44fe53d52ae2878267db51710078e236afc0e5bae92a4fe04be47120159fee1af5fa7c4b2c8683cc2cf543e65625a0f2342620b31d8a5585f49f7de25edc624a70ff87b9b17c78c7ce93fdc4fa68c9462409ea09fa713b030ac2bce9276a9045666163fbfef7fe715f64313e1f7fe51b5f7cbf3688d6eddae9d8ae0ec6e9cb8783aa219f5c4107e146ac0ab386a4bce80d94f0d2106df00cbee7b4d2cb846b68e8b8ad53ad459cff5fc198c96f2689b275f96542bfed5ae02ebb647ad7da56e645ad826d82cd48e00199dfb2997e7116ac75e061eb3cdddce8416d7561f44391ec10c5ab6a807f8c094a412be6f40264d30cf4a66763446bec1d34b6cb6bd81fb408076110517b389c0a2f7eaf9cd9d0db7b0f493123db57fa1c544e846c63d9d43318c3870a42a9562d78d3b37df6ef2e7e5aeb95c29b3dc41c874df5f05676a56ffe82121dc7dd7706613ffeeb201dccb1166ed3a0ebc1f66ef053060d051bee5bfd8350382dd0a9667cead3813853330a26543b3b84bba2ff2da3eae8c593a2d68e05334b3b24c877d2a1c6c9c6e7881e29b01648b1f39d59ae19d3cdb555c39b17239de56f059d275638db6339a0861896a1cf62bf9b811deefbc3a604505bf1370814f6143d02c34a3e8274c927faf4a1b5b3a18b99441eb101f55ca2939d225aa9744314888b55b1783715f32b79421dec4607b931466b1b752fb683edf8a79b39e98f0e08faf2c55061b19688b7b1d8665b94cfbc1b3e2fe310a0897afb5e57505d63bef906b9590ca1eb0e52d7285a291590ee3c071a04f88d60ef31b6dd4170fba33e26001caa801d98573a64d3bb37f034c19a52eb34fe0edd29650c209631415b3343ad57eff0dbe833a4ecd406d6bda02879b52a96827ac19c2e4daf5542dacef7b1b0f6e583d99bdb09c9c3899b9f88d13fb4366a317e290437d70fd7eb2c9f1070878b2e98729d03d96fad951194c8f879c85a107da37ba8a001ea1495a9cde40effb24bfe7ba8b153cd1b37cfdf02d0fe05b0d201285dfc5cd22c83fdf6bb82c2455ec237a6b234b0288e047b07645fd37040287d0c927edbe42695bb21d3071902df247aaba97909e75dfa5b27446f2cb45f6d9d2ac8a7dc364a1f5b23a484d145eae0b95181c725f0ebb0328d2b30973a642ebb00f57cea63acc3c4b9951ce7864835ebec9fc5b24ebb73b8e4301f1a4334c365fbf5b80b326c34db997b7d5d947269e48ad8bdf4d01b69c7551cb32d5ff1a6745d3fc217d7f5a79de0f0597e973e0e49f071b0caaca88aeb1565fccbde3834db7420028079c8459ba9576648462576591c9e46d0f8fd7eab8c186106ef77ee249577b8e2255d30f549c2a991e03534e40edbdedbaa384e4fc13e79970e1d5636d7314c542a5b106b1b0a279965e85298caef35846afbdc9a36b8af202bf368a5f55c08084b3fa192607669ecfac68903e0363304f48ac8552dd16e8826e1daf820a009d50b2e560f413b7171fffe8de011f3f092d0d80fc2fcaf4dc8fff6fcd616041554584b85348591b3cbecfbdc65d0f420f63c818919cc72c6634291cd65a2708dbe69d9f56d47e2490a1d08852527827e7fbd0ac290606927889bb4557a850453a953376bb72b1405b9d6b90e586f5b829930222ebd2ecf3c60889c268bbadfa36797fe29869e439c0cd878b85263db6a6754250045c07ae1b9337b137526460353018f3eb006bf5c0e6edf68ba1cd92ca5c62c23eea5623c6ecc76b7bfa5ab0a2c8b0f8b290ec8e02a8de3a13fc2b23b0627b3f6aff3ec49ebdfd019c0c1df271c8432e6f929472926bb4a9beb32f92567b5d051466b58e032470b442c8f88e644ef1920621311e06e4a72e04690e203c6e032ee351222298722c20fa63e0e40c2bf54c5f68e8f618327b22e93985ab44dd25cc68c98d565340c1578e8f84fd0151cc23cbaecc38bd942771c691f2b7a651c54351ca1a71efd597aa5bffdcf6ea4b9dc65e634e54a6d737c7db6fc4c3a54951379e8e26bbb402e05641f4dec45e63603f6e8523bb6b2a8ce88032b7091e2230ba70db6bd6def319beea4482be6acc398f099b14dc8863b9d5fae5de44ae36e6b5693ccb9ecbc000543b5e9def0f49b6dba04eefee0d3accab0b8216665a6d505fa909f0b84ce62b2bf255fc532a4de7d4faff75a3480014629366f08b02009f2ee63118a5", 0x2000, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x18, 0xffffffffffffffda}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = dup(0xffffffffffffffff)
syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x200000, 0x10100, 0x40000}, &(0x7f0000000180)=<r8=>0x0, 0x0)
syz_io_uring_submit(r8, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
write$RDMA_USER_CM_CMD_BIND(r7, &(0x7f0000000380)={0x14, 0x88, 0xfa00, {0xffffffffffffffff, 0x30, 0x0, @ib={0x1b, 0x10, 0xd6d, {"69135aabf5f7b983f340ca7d684d73e7"}, 0x8}}}, 0x90)
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000001c0), 0x0)

5.343719375s ago: executing program 2 (id=807):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x20000000}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x8}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x7}, {}, {}, {}, {0x18, 0x8, 0x2, 0x0, r0}, {}, {0x46, 0x0, 0x0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x5, 0x0, 0xb, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

5.068063121s ago: executing program 2 (id=809):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x1f}, @NFTA_XFRM_DIR={0x5, 0x3, 0x2}, @NFTA_XFRM_KEY={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x2000000}}, 0x84}}, 0x0)

4.579351783s ago: executing program 1 (id=811):
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$packet(0x11, 0x2, 0x300)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$tipc(0x1e, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
socket$tipc(0x1e, 0x2, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000800)={{0x12, 0x1, 0x0, 0x96, 0x5d, 0x6, 0x40, 0x133e, 0x815, 0x7e66, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0x87, 0x28}}]}}]}}, 0x0)
socket$inet6(0xa, 0x200000000003, 0x87)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4000000010003b15004c00000000000000004888", @ANYRES32=0x0, @ANYBLOB="d530d995212cf95a2000128008000100687372001400028008000200", @ANYRES32=r0, @ANYBLOB="08000100", @ANYRES64=r2], 0x40}}, 0x4004040)

4.577922289s ago: executing program 2 (id=812):
clock_getres(0x2b85be7a825c77c0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{0x0}], 0x1, 0x0, 0x0)
pipe(&(0x7f0000000340)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r2, 0x47f9, 0x0, 0x0, 0x0, 0x0)
mq_open(0x0, 0x800, 0x0, 0x0)
socket(0x2000000000000021, 0x2, 0x2)
unshare(0x20000400)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x2cc, 0x7ff, &(0x7f0000000440))
vmsplice(r1, &(0x7f0000000300)=[{0x0}, {&(0x7f0000000080)="a1", 0x20000081}], 0x2, 0x0)
vmsplice(r1, &(0x7f0000000040)=[{&(0x7f00000000c0)='c', 0x1}], 0x1, 0x0)
chdir(&(0x7f0000000540)='./cgroup\x00')
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r6 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r6, &(0x7f0000000080)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x31}, 0x80, 0x0}, 0x0)
getdents(r5, 0x0, 0x0)

4.320135291s ago: executing program 1 (id=814):
r0 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'syz_tun\x00', <r1=>0x0})
bind$packet(r0, &(0x7f00000014c0)={0x11, 0x800, r1, 0x1, 0x0, 0x6, @link_local}, 0x14)
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @empty, @val={@void, {0x8100, 0x1, 0x0, 0x1}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @broadcast, @empty}, {0x2c, 0x0, 0x18, 0x0, @wg=@data}}}}}, 0x0)

4.005946698s ago: executing program 0 (id=816):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$qrtr(0x2a, 0x2, 0x0)
getsockopt$sock_buf(r2, 0x1, 0x1c, 0x0, &(0x7f00000000c0))
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0)
r4 = socket$inet6(0xa, 0x3, 0x2)
r5 = socket$l2tp6(0xa, 0x2, 0x73)
dup2(r5, r4)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f00000000c0)={@dev, 0x800, 0x0, 0x2, 0x9}, 0x20)
setsockopt$inet6_int(r4, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4)
sendmmsg(r4, &(0x7f0000002c00)=[{{&(0x7f0000000340)=@l2tp6={0xa, 0x500, 0x80000, @dev, 0x73}, 0x80, 0x0}, 0x5b4}], 0x1, 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0)
r6 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
ioctl$HIDIOCSREPORT(r6, 0x400c4808, &(0x7f0000000640)={0x1, 0x100, 0x10001})
ioctl$KVM_HYPERV_EVENTFD(r1, 0x4048aec9, &(0x7f0000000080)={0x6})

3.687823995s ago: executing program 3 (id=818):
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x9, &(0x7f0000000080)=""/245)
ptrace$pokeuser(0x6, r0, 0x8, 0xffff88806b13da00)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000200), 0x402, 0x0)
io_uring_setup(0x252f, &(0x7f0000000280)={0x0, 0x0, 0x542, 0x2, 0xfffffffe})
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
ioctl$KDSIGACCEPT(r2, 0x4b4e, 0x29)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
socket$isdn(0x22, 0x2, 0x26)
socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x4000000)
r3 = socket$inet6(0xa, 0x2, 0x0)
r4 = epoll_create(0x200)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000080)={0x20000002})
ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000000180)=0x3)
sendto$inet6(r3, 0x0, 0x0, 0x8001, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x66, &(0x7f0000000340)={@broadcast, @dev, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x88a8}, {0x0, 0x0, 0x0, 0x0, 0x11}}}}}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x2c, 0x3a, 0xb, 0x0, 0x0, {0x2}, [@nested={0xfffffffffffffec1, 0x0, 0x0, 0x1, [@typed={0x13, 0x3, 0x0, 0x0, @str='\r4\xd8\x02j,'}]}]}, 0x2c}}, 0x0)
write$binfmt_misc(r3, &(0x7f0000000200)=ANY=[@ANYRES32=r1, @ANYRESOCT=r1, @ANYRESHEX, @ANYRES8=r2, @ANYRESHEX], 0xffdc)
r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r6, 0xc0045006, &(0x7f0000000100)=0x6)

3.425711891s ago: executing program 2 (id=819):
socket$key(0xf, 0x3, 0x2) (async)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000004c0)={0x2, 0x7, 0x0, 0xa, 0x2}, 0x10}}, 0x0) (async)
sendmsg$key(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000004c0)={0x2, 0x7, 0x0, 0xa, 0x2}, 0x10}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84) (async)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
connect$inet6(r2, &(0x7f0000000300)={0xa, 0x0, 0x0, @private1}, 0x1c)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0xc, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000240)={r4, 0x1}, 0x8)
dup3(r3, r1, 0x0) (async)
dup3(r3, r1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x7, 0xd, &(0x7f0000000040)=ANY=[@ANYRES8=r4, @ANYRES64=r1, @ANYRESDEC=r1], 0x0, 0x9, 0x0, 0x0, 0x0, 0x57, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x7, 0xd, &(0x7f0000000040)=ANY=[@ANYRES8=r4, @ANYRES64=r1, @ANYRESDEC=r1], 0x0, 0x9, 0x0, 0x0, 0x0, 0x57, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = syz_usb_connect$cdc_ncm(0x0, 0x76, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902640002010000000904010001020d0000052406000105240000000d240f0100000000000000000006241a00000008241c00000008000905810300020000000904010000020d00000904010102020d0000090582020002000000090503"], 0x0)
syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_control_io$cdc_ncm(r5, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c}, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$cdc_ncm(r5, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c}, 0x0, 0x0, 0x0, 0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x1b, 0x0, '.\x00'}})
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x24, 0x3a, 0x809, 0x0, 0x0, {0x3}, [@nested={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @uid}]}]}, 0x24}}, 0x0)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r8, 0x0, 0x40, &(0x7f0000001040)=@filter={'filter\x00', 0x42, 0x4, 0x260, 0xffffffff, 0x130, 0x98, 0x0, 0xffffffff, 0xffffffff, 0x1f0, 0x1f0, 0x1f0, 0xffffffff, 0x8000000, 0x0, {[{{@ip={@local, @loopback, 0x0, 0x0, 'team_slave_0\x00', 'veth1_to_bond\x00', {}, {}, 0x0, 0x1}, 0x0, 0x70, 0x98, 0x0, {0x100000000000000}}, @REJECT={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @REJECT={0x28}}, {{@ip={@multicast1, @loopback, 0x0, 0x0, 'batadv_slave_0\x00', 'geneve1\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x98}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2c0)
syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0)

2.550027085s ago: executing program 3 (id=820):
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000001c0)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000080)={&(0x7f00003c3000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x1000})

1.926846742s ago: executing program 0 (id=821):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0) (async)
r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000940), 0xffffffffffffffff)
r4 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2)
r6 = memfd_create(&(0x7f0000000640)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xdeb\xfe3(\xef\x12\xfc\x19\xef\x1c\xb4NU~e\rr\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f\x18\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\b%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecj\x02\xc8\xc4\f\x04\x99\xf6\xfc\xd9\x86I\x92$tT\x1e9O}\xaa\x85\\\xd2o\xfdU\xd6\x8a\x1f\x8b0#\xfa\'\xa3}\x04w\x1b\x99sY\xf0P\xc2\x8c\xba\xbe\xbd\xa6O0\x84\x11{T\x11\xadLU\xbc[o\xb7*\xde`\x9b\x1c\xe9\xad\xba\xb7\x16\xb1\'\x8e\x05\x16\xd7\xaf\xdc\xd6\xed\xa7Z\xe6bE', 0x3)
ftruncate(r5, 0x80000000008025)
fcntl$addseals(r6, 0x409, 0x5) (async)
r7 = ioctl$UDMABUF_CREATE(r5, 0x40187542, &(0x7f00000002c0)={r6, 0x0, 0x0, 0x1000})
r8 = fcntl$dupfd(r7, 0x0, r7)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000180)={<r9=>0x0, 0x0, r8})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, &(0x7f0000000080)={r9, 0x0, <r10=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000200)={0x0, 0x0, r10}) (async)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x24, r3, 0x300, 0x0, 0x0, {{}, {}, {0x8}}}, 0x24}}, 0x0) (async)
ioctl$HIDIOCSREPORT(r1, 0x81044804, &(0x7f0000000000)={0x1})
r11 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r11, &(0x7f0000000000)={0x18, 0x0, {0x21, @broadcast, 'vlan1\x00'}}, 0x1e) (async)
recvmmsg(0xffffffffffffffff, &(0x7f0000002380)=[{{&(0x7f0000000380)=@ieee802154={0x24, @long}, 0x80, 0x0}}, {{&(0x7f0000000a00)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x80, 0x0}, 0xfffffffd}], 0x2, 0x101, 0x0)
sendmmsg(r11, &(0x7f0000002340)=[{{0x0, 0x0, 0x0}}], 0x3e8, 0x0) (async)
r12 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r12, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-avx\x00'}, 0x58)
r13 = accept4(r12, 0x0, 0x0, 0x0)
sendmsg$kcm(r13, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000009c0)="d744784ca67c03982403848e6df22054de2bd8ca3da64dfdea7d8eb74ffe057d7469066c6ca034a2677ce0c1c25e2b2a825d677e0fbac312a7da165cd5db94fa38cdf3a3f3f93b022a7515e0b1e441a3be644a296bcc765e7adc9ddb4d14006a69cbfcd2ddd156ba7d15efd16debeda2666c8950ac462f86c0da72ab829a060e", 0x80}], 0x1}, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
r14 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r14}, 0x2c, {'rootmode', 0x3d, 0x4000}}) (async)
read$FUSE(r14, &(0x7f00000077c0)={0x2020}, 0x2020)

1.707901867s ago: executing program 3 (id=822):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000002fc0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000e80)=ANY=[@ANYBLOB="240000001a000100000000000000070002000000000000000030000008000100ac1414ff09"], 0x24}}, 0x0)

1.588462191s ago: executing program 3 (id=823):
syz_clone3(&(0x7f0000000200)={0x100000, 0x0, 0x0, 0x0, {0x30}, &(0x7f0000000100)=""/110, 0x6e, 0x0, 0x0}, 0x58)
syz_emit_ethernet(0x38, &(0x7f0000000200)=ANY=[@ANYBLOB="0180c20000000180c200000008004900002a004000000000907800000000ffffffff00"], 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040)=ANY=[], 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

917.608914ms ago: executing program 3 (id=824):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=@newlink={0x50, 0x10, 0x503, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xffffffffffffff53, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_MEMBERSHIP_INTVL={0xc}, @IFLA_BR_VLAN_STATS_ENABLED={0x5, 0x29, 0x1}, @IFLA_BR_MCAST_MLD_VERSION={0x5, 0x2c, 0xf7}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x8884}, 0x0)

755.72899ms ago: executing program 0 (id=825):
r0 = syz_open_dev$video4linux(&(0x7f0000000040), 0x801ff, 0x323c01)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='rdma.current\x00', 0x275a, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/65, 0x118000, 0x800}, 0x20)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000240)={<r3=>r0, 0x0, 0x101, 0x5})
syz_open_dev$swradio(&(0x7f0000000000), 0x0, 0x2)
r4 = socket$inet(0x2, 0x3, 0x8d)
r5 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000180)={r6}, 0xc)
setsockopt$inet_msfilter(r4, 0x0, 0x8, &(0x7f0000000100)=ANY=[@ANYBLOB="be"], 0x1)
getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f00000000c0)={<r7=>0x0, @local, @local}, &(0x7f0000000140)=0xc)
r8 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x8916, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @broadcast}, 0x77, r7})
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f511, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={0x0, 0xffffffffffffff86}, 0x1, 0x0, 0x0, 0x4044854}, 0x4000810)
socket(0xa, 0x4, 0x0)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
syslog(0x3, 0xfffffffffffffffe, 0x13)
openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/keys\x00', 0x0, 0x0)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x318, 0x148, 0x4c, 0x1a, 0x0, 0x73, 0x278, 0x258, 0x258, 0x278, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @local, [], [], 'wg2\x00', 'macvlan1\x00'}, 0x0, 0xe8, 0x118, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @common=@inet=@SET2={0x30}}, {{@uncond, 0x0, 0xf8, 0x130, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@icmp6={{0x28}, {0x0, "e1f6"}}]}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x378)
r10 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, r10)
r11 = add_key$user(&(0x7f0000000100), &(0x7f00000001c0)={'syz', 0x2}, &(0x7f0000000300)="60f1da366dd4f181a60f2fdb8c4903b70db1cd110d263c152ca292fb9de2fca63e5b2f368330650459258ad455803a729f1f064e9504ab75bcca8163c629995ef015d597197c0a6225981974601418cf74c25c80e163080a7b4da104a689155644378a48c0d25a08b71510c546e6adefc010c1a4771b7088f8ad2c17bdb071564b6424508d6829b6710ae5a3316cdb393db81cebbe3758ce29", 0x99, 0x0)
keyctl$set_timeout(0xf, r11, 0x1000)
read$FUSE(r1, &(0x7f00000003c0)={0x2020}, 0x913)

540.495571ms ago: executing program 4 (id=826):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x42, 0x0)
io_submit(0x0, 0x0, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000404c05d50310000200000109022400010000000009041200010300000009210000000122010009058103"], 0x0)
r1 = syz_open_procfs$userns(0x0, &(0x7f0000000040))
fsetxattr$system_posix_acl(r1, &(0x7f00000000c0)='system.posix_acl_default\x00', &(0x7f0000002400)={{}, {0x8}}, 0x24, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000500)={@local, @broadcast, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x2, @dev, @multicast1, @random="e374636d35dc", @multicast1}}}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f0000000680)={0x0, 0x3, 0x85, {0x85, 0xa, "6c9c39885802f20b06be48b3a606a5829c6cea1941735d397c40c40581aa73f9f511aa9b3b75f73ec274fca8a48c12e917703ef1ab9bf016c861ecd518328726fc643a92848afded283ec040b1112da1ec46389c286132e3005c653db53325a50c75f34ebe699addfa2a21890c7600000f7c0f6182d688c94f455e0d37c43275001b15"}}, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4}}, &(0x7f00000001c0)={0x0, 0x22, 0xa, {[@local=@item_4={0x3, 0x2, 0x0, "91e3d2b8"}, @main=@item_4={0x3, 0x0, 0x8, "d9ae12bd"}]}}, &(0x7f0000000200)={0x0, 0x21, 0x9, {0x9, 0x21, 0x8001, 0x3, 0x1, {0x22, 0x6f8}}}}, &(0x7f0000000480)={0x2c, &(0x7f0000000280)={0x0, 0x0, 0x23, "ba4176948d54d6768be67fb6be3f96ff7016b427091a41ab9e1c1cb9d1d7e344db8468"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x1d}, 0x0, 0x0, &(0x7f0000000440)={0x20, 0x3, 0x1}})
syz_usb_control_io$hid(r0, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCETHTOOL(r2, 0x80108907, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/uevent_seqnum', 0x0, 0x0)
read$FUSE(r3, &(0x7f0000000f80)={0x2020}, 0x2020)
getsockname$l2tp6(0xffffffffffffffff, 0x0, &(0x7f0000000640))
syz_open_dev$evdev(0x0, 0x0, 0x0)
r4 = syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x14a042)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
syz_clone(0x84002100, 0x0, 0x0, 0x0, 0x0, 0x0)
write$hidraw(r4, &(0x7f0000000080)="68b0", 0x2)

193.950214ms ago: executing program 3 (id=827):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r0, &(0x7f0000000dc0)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0xc01, @mcast2}, 0x1c, 0x0}, 0xdc050000}, {{&(0x7f0000000840)={0xa, 0x4e22, 0x4, @private1, 0x28}, 0x1c, 0x0, 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x002\x00'/29, @ANYBLOB='\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x00)'], 0x78}}], 0x2, 0x4)

0s ago: executing program 2 (id=828):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x7}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x58}}, 0x0)

kernel console output (not intermixed with test programs):

71]  netlink_ack+0x13f/0xa30
[  154.493450][ T7271]  ? ____sys_sendmsg+0x52a/0x7e0
[  154.498382][ T7271]  ? __sys_sendmsg+0x2aa/0x390
[  154.503138][ T7271]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.509219][ T7271]  netlink_rcv_skb+0x262/0x430
[  154.513983][ T7271]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  154.519437][ T7271]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  154.524730][ T7271]  ? apparmor_capable+0x13b/0x1b0
[  154.529750][ T7271]  ? bpf_lsm_capable+0x9/0x10
[  154.534418][ T7271]  ? security_capable+0x7e/0x2d0
[  154.539354][ T7271]  nfnetlink_rcv+0x297/0x2ab0
[  154.544036][ T7271]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  154.549758][ T7271]  ? __dev_queue_xmit+0x2da/0x3e80
[  154.554870][ T7271]  ? __dev_queue_xmit+0x1764/0x3e80
[  154.560057][ T7271]  ? kasan_save_track+0x51/0x80
[  154.564911][ T7271]  ? do_syscall_64+0xf3/0x230
[  154.569594][ T7271]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  154.574704][ T7271]  ? __dev_queue_xmit+0x2da/0x3e80
[  154.579807][ T7271]  ? __pfx___dev_queue_xmit+0x10/0x10
[  154.585186][ T7271]  ? ref_tracker_free+0x643/0x7e0
[  154.590215][ T7271]  ? __asan_memcpy+0x40/0x70
[  154.594821][ T7271]  ? __pfx_ref_tracker_free+0x10/0x10
[  154.600203][ T7271]  ? netlink_deliver_tap+0x2e/0x1b0
[  154.605410][ T7271]  ? skb_clone+0x240/0x390
[  154.609817][ T7271]  ? __pfx_lock_release+0x10/0x10
[  154.614845][ T7271]  ? __netlink_deliver_tap+0x77e/0x7c0
[  154.620306][ T7271]  ? netlink_deliver_tap+0x2e/0x1b0
[  154.625502][ T7271]  netlink_unicast+0x7f6/0x990
[  154.630268][ T7271]  ? __pfx_netlink_unicast+0x10/0x10
[  154.635546][ T7271]  ? __virt_addr_valid+0x183/0x530
[  154.640655][ T7271]  ? __check_object_size+0x49c/0x900
[  154.645946][ T7271]  netlink_sendmsg+0x8e4/0xcb0
[  154.650724][ T7271]  ? __pfx_netlink_sendmsg+0x10/0x10
[  154.656010][ T7271]  ? aa_sock_msg_perm+0x91/0x160
[  154.660947][ T7271]  ? __pfx_netlink_sendmsg+0x10/0x10
[  154.666225][ T7271]  __sock_sendmsg+0x221/0x270
[  154.670907][ T7271]  ____sys_sendmsg+0x52a/0x7e0
[  154.675667][ T7271]  ? __pfx_____sys_sendmsg+0x10/0x10
[  154.680956][ T7271]  __sys_sendmsg+0x2aa/0x390
[  154.685539][ T7271]  ? __pfx___sys_sendmsg+0x10/0x10
[  154.690645][ T7271]  ? vfs_write+0x7bf/0xc90
[  154.695095][ T7271]  ? __secure_computing+0x125/0x370
[  154.700299][ T7271]  do_syscall_64+0xf3/0x230
[  154.704802][ T7271]  ? clear_bhb_loop+0x35/0x90
[  154.709479][ T7271]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.715369][ T7271] RIP: 0033:0x7ff4a337def9
[  154.719775][ T7271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  154.739378][ T7271] RSP: 002b:00007ff4a417b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  154.747788][ T7271] RAX: ffffffffffffffda RBX: 00007ff4a3535f80 RCX: 00007ff4a337def9
[  154.755774][ T7271] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000006
[  154.763741][ T7271] RBP: 00007ff4a417b090 R08: 0000000000000000 R09: 0000000000000000
[  154.771708][ T7271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  154.779670][ T7271] R13: 0000000000000000 R14: 00007ff4a3535f80 R15: 00007ff4a365fa28
[  154.787650][ T7271]  </TASK>
[  154.803257][   T29] audit: type=1326 audit(1726835714.747:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7253 comm="syz.3.415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f821e97def9 code=0x7ffc0000
[  155.019522][ T7278] batadv0: entered promiscuous mode
[  155.035547][ T7278] : renamed from batadv0
[  155.095763][ T7278] 8021q: adding VLAN 0 to HW filter on device 
[  155.319304][ T5271] dvb-usb: found a 'AZUREWAVE DVB-S/S2 USB2.0 (AZ6027)' in cold state, will try to load a firmware
[  155.453503][ T7297] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  155.460912][ T7297] IPv6: NLM_F_CREATE should be set when creating new route
[  155.499207][ T7286] loop2: detected capacity change from 0 to 7
[  155.513980][ T7297] netlink: 'syz.0.423': attribute type 27 has an invalid length.
[  155.522115][ T7286] Dev loop2: unable to read RDB block 7
[  155.581543][ T7286]  loop2: unable to read partition table
[  155.597425][ T7286] loop2: partition table beyond EOD, truncated
[  155.649274][ T7286] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  155.859129][ T7297] bridge0: port 2(bridge_slave_1) entered disabled state
[  155.867773][ T7297] bridge0: port 1(bridge_slave_0) entered disabled state
[  156.092667][ T5273] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  156.180561][ T7297] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  156.222476][ T7297] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  156.264475][ T5273] usb 5-1: unable to get BOS descriptor or descriptor too short
[  156.274150][ T5273] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  156.393809][ T7297] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  156.408078][ T7297] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  156.428988][ T5273] usb 5-1: New USB device found, idVendor=0dfc, idProduct=010a, bcdDevice= 0.40
[  156.439662][ T5273] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.441367][ T7297] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  156.447744][ T5273] usb 5-1: Product: Д
[  156.447763][ T5273] usb 5-1: Manufacturer: 鞶蓁₏핂㭜㗏砧퐛ᓐ䷚ৈ㽖儋浭憀蚖퐔箠霙㇩ꙵ떮門䴽줾⤆⁖养䤛쩠놄ᕭ슻ꅾ딃燥Ɡ
[  156.447784][ T5273] usb 5-1: SerialNumber: ࡡ
[  156.511070][ T7297] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  156.636225][ T7302] netlink: 'syz.3.424': attribute type 9 has an invalid length.
[  156.741743][ T5273] usbhid 5-1:1.0: couldn't find an input interrupt endpoint
[  156.757515][ T5273] usb 5-1: USB disconnect, device number 21
[  157.143742][ T5221] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  157.325631][ T5221] usb 2-1: config 2 has an invalid interface number: 75 but max is 0
[  157.339915][ T5221] usb 2-1: config 2 has an invalid descriptor of length 239, skipping remainder of the config
[  157.371024][ T5221] usb 2-1: config 2 has no interface number 0
[  157.418719][ T5221] usb 2-1: config 2 interface 75 altsetting 2 endpoint 0x1 has invalid maxpacket 28689, setting to 1024
[  157.464636][ T5221] usb 2-1: config 2 interface 75 altsetting 2 bulk endpoint 0x1 has invalid maxpacket 1024
[  157.487796][ T5221] usb 2-1: config 2 interface 75 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 14
[  157.502900][ T5221] usb 2-1: config 2 interface 75 has no altsetting 0
[  157.518051][ T5221] usb 2-1: New USB device found, idVendor=13d3, idProduct=3275, bcdDevice= d.89
[  157.529014][ T5221] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.542381][ T5221] usb 2-1: Product: ࠊ
[  157.547208][ T5221] usb 2-1: Manufacturer: ௔問뇎ጥ乇潧⺓ᦈﺍ쩱䳐ꡬ㢟蛥๡쩓捐㉯ാ㡱ܞ뤧㠜뎒鹱뗃х讙艝틓ᶀ᷐䭴뀝⫦넉୾佾櫦ꮣၡ꘶ᖵ箐崼篜㿾ꈚ陻妃ﶚﳲ썚䑁爥륨嘝ꈕ聕㢠뒲ꡘ㉹伕㇪
[  157.569881][    C1] vkms_vblank_simulate: vblank timer overrun
[  157.604246][ T5221] usb 2-1: SerialNumber: ␉
[  157.627887][ T7358] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  158.092325][ T7358] loop2: detected capacity change from 0 to 7
[  158.104374][ T7358] Dev loop2: unable to read RDB block 7
[  158.110176][ T7358]  loop2: AHDI p1 p3 p4
[  158.115713][ T7358] loop2: partition table partially beyond EOD, truncated
[  158.123553][ T7358] loop2: p1 start 2048 is beyond EOD, truncated
[  158.135252][ T7358] loop2: p3 size 16779293 extends beyond EOD, truncated
[  158.875208][ T7397] xt_l2tp: v2 tid > 0xffff: 2013396992
[  159.072194][ T4679] Dev loop2: unable to read RDB block 7
[  159.084501][ T4679]  loop2: AHDI p1 p3 p4
[  159.089051][ T4679] loop2: partition table partially beyond EOD, truncated
[  159.111093][ T4679] loop2: p1 start 2048 is beyond EOD, truncated
[  159.119696][ T4679] loop2: p3 size 16779293 extends beyond EOD, truncated
[  159.207820][ T7402] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  159.292979][  T939] usb 5-1: new full-speed USB device number 22 using dummy_hcd
[  159.481796][  T939] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[  159.509639][  T939] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  159.548614][  T939] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  159.560291][  T939] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  159.580490][  T939] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  159.595164][  T939] usb 5-1: config 0 interface 0 has no altsetting 0
[  159.606645][  T939] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  159.619345][  T939] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  159.629152][  T939] usb 5-1: Product: syz
[  159.634416][  T939] usb 5-1: Manufacturer: syz
[  159.641562][  T939] usb 5-1: SerialNumber: syz
[  159.651208][  T939] usb 5-1: config 0 descriptor??
[  159.657193][ T7400] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[  159.666159][  T939] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  159.679504][  T939] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  159.834079][ T5221] dvb-usb: found a 'AZUREWAVE DVB-S/S2 USB2.0 (AZ6027)' in cold state, will try to load a firmware
[  160.130789][  T939] usb 5-1: USB disconnect, device number 22
[  160.143414][  T939] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  160.358079][   T29] kauditd_printk_skb: 28 callbacks suppressed
[  160.358111][   T29] audit: type=1326 audit(1726835721.247:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7427 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4a337def9 code=0x7ffc0000
[  160.396143][   T29] audit: type=1326 audit(1726835721.247:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7427 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff4a337def9 code=0x7ffc0000
[  160.418296][    C1] vkms_vblank_simulate: vblank timer overrun
[  160.426730][   T29] audit: type=1326 audit(1726835721.247:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7427 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4a337def9 code=0x7ffc0000
[  160.449024][    C1] vkms_vblank_simulate: vblank timer overrun
[  160.456678][   T29] audit: type=1326 audit(1726835721.247:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7427 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7ff4a337def9 code=0x7ffc0000
[  160.480459][   T29] audit: type=1326 audit(1726835721.247:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7427 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4a337def9 code=0x7ffc0000
[  160.502698][    C1] vkms_vblank_simulate: vblank timer overrun
[  160.510185][   T29] audit: type=1326 audit(1726835721.247:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7427 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff4a337def9 code=0x7ffc0000
[  160.532405][    C1] vkms_vblank_simulate: vblank timer overrun
[  160.540304][   T29] audit: type=1326 audit(1726835721.247:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7427 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4a337def9 code=0x7ffc0000
[  160.563967][   T29] audit: type=1326 audit(1726835721.277:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7427 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff4a337def9 code=0x7ffc0000
[  160.586902][   T29] audit: type=1326 audit(1726835721.277:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7427 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4a337def9 code=0x7ffc0000
[  160.610713][   T29] audit: type=1326 audit(1726835721.287:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7427 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4a337def9 code=0x7ffc0000
[  160.632937][    C1] vkms_vblank_simulate: vblank timer overrun
[  161.011371][ T7443] syz.1.457: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=
[  161.017302][ T7445] xt_l2tp: v2 tid > 0xffff: 2013396992
[  161.042264][ T7443] /,mems_allowed=0-1
[  161.043912][ T7443] CPU: 0 UID: 0 PID: 7443 Comm: syz.1.457 Not tainted 6.11.0-syzkaller-07337-g2004cef11ea0 #0
[  161.043938][ T7443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  161.043949][ T7443] Call Trace:
[  161.043956][ T7443]  <TASK>
[  161.043965][ T7443]  dump_stack_lvl+0x241/0x360
[  161.043997][ T7443]  ? __pfx_dump_stack_lvl+0x10/0x10
[  161.044023][ T7443]  ? __pfx__printk+0x10/0x10
[  161.044052][ T7443]  ? __rcu_read_unlock+0xa1/0x110
[  161.044077][ T7443]  warn_alloc+0x278/0x410
[  161.044099][ T7443]  ? stack_depot_save_flags+0x6f6/0x830
[  161.044119][ T7443]  ? __vmalloc_node_range_noprof+0x106/0x1400
[  161.044144][ T7443]  ? __pfx_warn_alloc+0x10/0x10
[  161.044167][ T7443]  ? kasan_save_track+0x3f/0x80
[  161.044187][ T7443]  ? __kasan_kmalloc+0x98/0xb0
[  161.044209][ T7443]  ? xsk_setsockopt+0x598/0x950
[  161.044230][ T7443]  ? do_sock_setsockopt+0x3af/0x720
[  161.044253][ T7443]  ? __sys_setsockopt+0x1a8/0x250
[  161.044275][ T7443]  ? __x64_sys_setsockopt+0xb5/0xd0
[  161.044297][ T7443]  ? do_syscall_64+0xf3/0x230
[  161.044328][ T7443]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.044360][ T7443]  __vmalloc_node_range_noprof+0x126/0x1400
[  161.044409][ T7443]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  161.044438][ T7443]  ? __kasan_kmalloc+0x98/0xb0
[  161.044459][ T7443]  ? xskq_create+0x54/0x170
[  161.044486][ T7443]  vmalloc_user_noprof+0x74/0x80
[  161.044509][ T7443]  ? xskq_create+0xb6/0x170
[  161.044531][ T7443]  xskq_create+0xb6/0x170
[  161.044555][ T7443]  xsk_init_queue+0xa1/0x100
[  161.044579][ T7443]  xsk_setsockopt+0x598/0x950
[  161.044606][ T7443]  ? __pfx_xsk_setsockopt+0x10/0x10
[  161.044629][ T7443]  ? __pfx_aa_sk_perm+0x10/0x10
[  161.044652][ T7443]  ? __pfx_lock_acquire+0x10/0x10
[  161.044678][ T7443]  ? __fget_files+0x29/0x470
[  161.044698][ T7443]  ? aa_sock_opt_perm+0x79/0x120
[  161.044727][ T7443]  ? __pfx_xsk_setsockopt+0x10/0x10
[  161.044748][ T7443]  do_sock_setsockopt+0x3af/0x720
[  161.044779][ T7443]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  161.044801][ T7443]  ? __fget_files+0x29/0x470
[  161.044825][ T7443]  ? __fget_files+0x3f3/0x470
[  161.044845][ T7443]  ? __fget_files+0x29/0x470
[  161.044876][ T7443]  __sys_setsockopt+0x1a8/0x250
[  161.044906][ T7443]  __x64_sys_setsockopt+0xb5/0xd0
[  161.044934][ T7443]  do_syscall_64+0xf3/0x230
[  161.044958][ T7443]  ? clear_bhb_loop+0x35/0x90
[  161.044984][ T7443]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.045007][ T7443] RIP: 0033:0x7ff4a337def9
[  161.045025][ T7443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  161.045042][ T7443] RSP: 002b:00007ff4a415a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  161.045065][ T7443] RAX: ffffffffffffffda RBX: 00007ff4a3536058 RCX: 00007ff4a337def9
[  161.045080][ T7443] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000006
[  161.045093][ T7443] RBP: 00007ff4a33f0b76 R08: 0000000000000020 R09: 0000000000000000
[  161.045107][ T7443] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000
[  161.045120][ T7443] R13: 0000000000000000 R14: 00007ff4a3536058 R15: 00007ff4a365fa28
[  161.045149][ T7443]  </TASK>
[  161.045676][ T7443] Mem-Info:
[  161.045691][ T7443] active_anon:5035 inactive_anon:0 isolated_anon:275
[  161.045691][ T7443]  active_file:1637 inactive_file:38283 isolated_file:0
[  161.045691][ T7443]  unevictable:768 dirty:111 writeback:0
[  161.045691][ T7443]  slab_reclaimable:9317 slab_unreclaimable:100311
[  161.045691][ T7443]  mapped:25393 shmem:1264 pagetables:1086
[  161.045691][ T7443]  sec_pagetables:0 bounce:0
[  161.045691][ T7443]  kernel_misc_reclaimable:0
[  161.045691][ T7443]  free:1342333 free_pcp:3620 free_cma:0
[  161.045751][ T7443] Node 0 active_anon:20076kB inactive_anon:0kB active_file:6536kB inactive_file:153052kB unevictable:1536kB isolated(anon):1100kB isolated(file):0kB mapped:101572kB dirty:444kB writeback:0kB shmem:3520kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10852kB pagetables:4344kB sec_pagetables:0kB all_unreclaimable? no
[  161.045801][ T7443] Node 1 active_anon:64kB inactive_anon:0kB active_file:12kB inactive_file:80kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  161.045842][ T7443] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  161.045896][ T7443] lowmem_reserve[]: 0 2467 2468 0 0
[  161.045939][ T7443] Node 0 DMA32 free:1440412kB boost:0kB min:34228kB low:42784kB high:51340kB reserved_highatomic:0KB active_anon:20036kB inactive_anon:0kB active_file:6536kB inactive_file:152248kB unevictable:1536kB writepending:440kB present:3129332kB managed:2554524kB mlocked:0kB bounce:0kB free_pcp:2900kB local_pcp:1572kB free_cma:0kB
[  161.045993][ T7443] lowmem_reserve[]: 0 0 0 0 0
[  161.046033][ T7443] Node 0 Normal free:8kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:804kB unevictable:0kB writepending:4kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:20kB local_pcp:12kB free_cma:0kB
[  161.046089][ T7443] lowmem_reserve[]: 0 0 0 0 0
[  161.046132][ T7443] Node 1 Normal free:3913552kB boost:0kB min:55660kB low:69572kB high:83484kB reserved_highatomic:0KB active_anon:64kB inactive_anon:0kB active_file:12kB inactive_file:80kB unevictable:1536kB writepending:0kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:11580kB local_pcp:2476kB free_cma:0kB
[  161.046188][ T7443] lowmem_reserve[]: 0 0 0 0 0
[  161.046231][ T7443] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  161.046460][ T7443] Node 0 DMA32: 39*4kB (UM) 218*8kB (UME) 172*16kB (ME) 115*32kB (UME) 82*64kB (UME) 51*128kB (ME) 14*256kB (M) 5*512kB (ME) 7*1024kB (UME) 3*2048kB (UM) 342*4096kB (UM) = 1440396kB
[  161.046651][ T7443] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[  161.046774][ T7443] Node 1 Normal: 184*4kB (UE) 48*8kB (UE) 41*16kB (UME) 155*32kB (UME) 74*64kB (UME) 29*128kB (UME) 6*256kB (UM) 5*512kB (UE) 5*1024kB (UME) 3*2048kB (UE) 948*4096kB (M) = 3913552kB
[  161.046960][ T7443] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  161.046978][ T7443] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  161.046994][ T7443] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  161.047010][ T7443] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  161.047026][ T7443] 41184 total pagecache pages
[  161.047034][ T7443] 0 pages in swap cache
[  161.047041][ T7443] Free swap  = 124680kB
[  161.047049][ T7443] Total swap = 124996kB
[  161.047057][ T7443] 2097051 pages RAM
[  161.047066][ T7443] 0 pages HighMem/MovableOnly
[  161.047074][ T7443] 427082 pages reserved
[  161.047081][ T7443] 0 pages cma reserved
[  161.931691][ T7459] loop2: detected capacity change from 0 to 7
[  161.938459][ T7459] Dev loop2: unable to read RDB block 7
[  161.938504][ T7459]  loop2: unable to read partition table
[  161.938645][ T7459] loop2: partition table beyond EOD, truncated
[  161.938666][ T7459] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  162.296965][ T7472] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  162.297028][ T7472] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  162.298878][ T7472] vhci_hcd vhci_hcd.0: Device attached
[  162.381765][ T7474] vhci_hcd: connection closed
[  162.383429][   T35] vhci_hcd: stop threads
[  162.383472][   T35] vhci_hcd: release socket
[  162.383491][   T35] vhci_hcd: disconnect device
[  162.722765][ T5273] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  162.894123][ T5273] usb 5-1: config 2 has an invalid interface number: 75 but max is 0
[  162.918069][ T5273] usb 5-1: config 2 has an invalid descriptor of length 239, skipping remainder of the config
[  162.973481][ T5273] usb 5-1: config 2 has no interface number 0
[  163.011883][ T5273] usb 5-1: config 2 interface 75 altsetting 2 endpoint 0x1 has invalid maxpacket 28689, setting to 1024
[  163.055556][ T7496] netlink: 132 bytes leftover after parsing attributes in process `syz.3.476'.
[  163.061576][ T5273] usb 5-1: config 2 interface 75 altsetting 2 bulk endpoint 0x1 has invalid maxpacket 1024
[  163.087101][ T5273] usb 5-1: config 2 interface 75 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 14
[  163.126015][ T5273] usb 5-1: config 2 interface 75 has no altsetting 0
[  163.126194][ T7498] netlink: 16 bytes leftover after parsing attributes in process `syz.0.477'.
[  163.189676][ T5273] usb 5-1: New USB device found, idVendor=13d3, idProduct=3275, bcdDevice= d.89
[  163.200447][ T5273] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  163.245171][ T5273] usb 5-1: Product: ࠊ
[  163.266575][ T5273] usb 5-1: Manufacturer: ௔問뇎ጥ乇潧⺓ᦈﺍ쩱䳐ꡬ㢟蛥๡쩓捐㉯ാ㡱ܞ뤧㠜뎒鹱뗃х讙艝틓ᶀ᷐䭴뀝⫦넉୾佾櫦ꮣၡ꘶ᖵ箐崼篜㿾ꈚ陻妃ﶚﳲ썚䑁爥륨嘝ꈕ聕㢠뒲ꡘ㉹伕㇪
[  163.329944][ T5273] usb 5-1: SerialNumber: ␉
[  163.368195][ T7479] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  163.829897][ T7479] loop2: detected capacity change from 0 to 7
[  163.838852][ T7479] Dev loop2: unable to read RDB block 7
[  163.845070][ T7479]  loop2: AHDI p1 p3 p4
[  163.849573][ T7479] loop2: partition table partially beyond EOD, truncated
[  163.857658][ T7479] loop2: p1 start 2048 is beyond EOD, truncated
[  163.864786][ T7479] loop2: p3 size 16779293 extends beyond EOD, truncated
[  165.449721][ T5273] dvb-usb: found a 'AZUREWAVE DVB-S/S2 USB2.0 (AZ6027)' in cold state, will try to load a firmware
[  166.171689][ T7530] loop2: detected capacity change from 0 to 7
[  166.179872][ T7530] Dev loop2: unable to read RDB block 7
[  166.186320][ T7530]  loop2: AHDI p1 p3 p4
[  166.190727][ T7530] loop2: partition table partially beyond EOD, truncated
[  166.198977][ T7530] loop2: p1 start 2048 is beyond EOD, truncated
[  166.205802][ T7530] loop2: p3 size 16779293 extends beyond EOD, truncated
[  167.851040][ T7547] netlink: 'syz.0.496': attribute type 1 has an invalid length.
[  167.865671][ T7547] bond1: entered promiscuous mode
[  167.876390][ T7547] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  167.885332][ T7547] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  167.894141][ T7547] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  167.903707][ T7547] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  167.915136][ T7547] bond1: (slave geneve0): making interface the new active one
[  167.922779][ T7547] geneve0: entered promiscuous mode
[  167.929799][ T7547] bond1: (slave geneve0): Enslaving as an active interface with an up link
[  168.450854][ T7558] netlink: 'syz.2.500': attribute type 1 has an invalid length.
[  168.471374][ T7558] bond1: entered promiscuous mode
[  168.484636][ T7558] bond1: (slave geneve0): making interface the new active one
[  168.492219][ T7558] geneve0: entered promiscuous mode
[  168.499772][ T7558] bond1: (slave geneve0): Enslaving as an active interface with an up link
[  171.500573][ T7586] fuse: Unknown parameter '0x0000000000000004'
[  171.935267][ T7609] netlink: 4 bytes leftover after parsing attributes in process `syz.2.519'.
[  171.956086][ T7609] netlink: 4 bytes leftover after parsing attributes in process `syz.2.519'.
[  172.126886][   T29] kauditd_printk_skb: 30 callbacks suppressed
[  172.126905][   T29] audit: type=1326 audit(1726835733.017:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7615 comm="syz.2.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe35897def9 code=0x7ffc0000
[  172.188104][   T29] audit: type=1326 audit(1726835733.047:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7615 comm="syz.2.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe35897def9 code=0x7ffc0000
[  172.188307][ T1837] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.217324][   T29] audit: type=1326 audit(1726835733.047:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7615 comm="syz.2.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe35897def9 code=0x7ffc0000
[  172.266503][   T29] audit: type=1326 audit(1726835733.047:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7615 comm="syz.2.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe35897def9 code=0x7ffc0000
[  172.361819][ T7619] netlink: 16 bytes leftover after parsing attributes in process `syz.2.525'.
[  172.374593][ T1837] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.405248][ T7621] Unknown options in mask 2474
[  172.428954][ T7621] netlink: 24 bytes leftover after parsing attributes in process `syz.1.524'.
[  172.452022][ T1837] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.591541][ T1837] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.681062][ T5234] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  172.696175][ T5234] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  172.723159][ T5234] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  172.736440][ T5234] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  172.747916][ T5234] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  172.755587][ T5234] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  172.958044][ T1837] bridge_slave_1: left allmulticast mode
[  172.975950][ T1837] bridge_slave_1: left promiscuous mode
[  172.981715][ T1837] bridge0: port 2(bridge_slave_1) entered disabled state
[  173.078895][ T1837] bridge_slave_0: left allmulticast mode
[  173.096176][ T1837] bridge_slave_0: left promiscuous mode
[  173.112951][ T1837] bridge0: port 1(bridge_slave_0) entered disabled state
[  173.668491][ T1837] bond1 (unregistering): (slave geneve0): Releasing active interface
[  173.678645][ T1837] geneve0 (unregistering): left promiscuous mode
[  173.729734][ T7670] netlink: 16 bytes leftover after parsing attributes in process `syz.4.535'.
[  173.807460][ T1837] team0: Port device bridge0 removed
[  173.971603][ T1837] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  173.985784][ T1837] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  173.997703][ T1837] bond0 (unregistering): Released all slaves
[  174.012449][ T1837] bond1 (unregistering): Released all slaves
[  174.030543][ T7670] netlink: 'syz.4.535': attribute type 5 has an invalid length.
[  174.373083][ T7634] chnl_net:caif_netlink_parms(): no params data found
[  174.442239][ T1837] hsr_slave_0: left promiscuous mode
[  174.463077][ T1837] hsr_slave_1: left promiscuous mode
[  174.492023][ T1837] batman_adv: batadv0: Removing interface: batadv_slave_0
[  174.508725][ T7691] loop2: detected capacity change from 0 to 7
[  174.518288][ T1837] batman_adv: batadv0: Removing interface: batadv_slave_1
[  174.543919][ T7691] Dev loop2: unable to read RDB block 7
[  174.558172][ T7691]  loop2: unable to read partition table
[  174.564240][ T7691] loop2: partition table beyond EOD, truncated
[  174.570756][ T7691] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  174.803231][ T4618] Bluetooth: hci0: command tx timeout
[  175.098667][ T1837] team0 (unregistering): Port device team_slave_1 removed
[  175.150669][ T1837] team0 (unregistering): Port device team_slave_0 removed
[  176.119575][ T7721] batadv0: entered promiscuous mode
[  176.125818][ T7634] bridge0: port 1(bridge_slave_0) entered blocking state
[  176.136843][ T7634] bridge0: port 1(bridge_slave_0) entered disabled state
[  176.144452][ T7634] bridge_slave_0: entered allmulticast mode
[  176.151112][ T7634] bridge_slave_0: entered promiscuous mode
[  176.160983][ T7721] netlink: 14 bytes leftover after parsing attributes in process `syz.4.547'.
[  176.184249][ T7721] 8021q: adding VLAN 0 to HW filter on device batadv0
[  176.199951][ T7634] bridge0: port 2(bridge_slave_1) entered blocking state
[  176.251723][ T7634] bridge0: port 2(bridge_slave_1) entered disabled state
[  176.294155][ T7634] bridge_slave_1: entered allmulticast mode
[  176.311264][ T7634] bridge_slave_1: entered promiscuous mode
[  176.374459][ T7634] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  176.388034][ T7634] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  176.475266][ T7634] team0: Port device team_slave_0 added
[  176.496356][ T7634] team0: Port device team_slave_1 added
[  176.584272][ T7634] batman_adv: batadv0: Adding interface: batadv_slave_0
[  176.591535][ T7634] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  176.618893][ T7634] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  176.639612][ T7634] batman_adv: batadv0: Adding interface: batadv_slave_1
[  176.651852][ T7634] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  176.698145][ T7733] xt_l2tp: v2 tid > 0xffff: 2013396992
[  176.749645][ T7634] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  176.855795][ T7634] hsr_slave_0: entered promiscuous mode
[  176.863857][ T7634] hsr_slave_1: entered promiscuous mode
[  176.883524][ T4618] Bluetooth: hci0: command tx timeout
[  177.129075][ T7752] pimreg: entered allmulticast mode
[  177.415191][ T7756] x_tables: eb_tables: snat.0 target: invalid size 16 (kernel) != (user) 0
[  177.777302][ T7634] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  177.813637][ T7634] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  177.836230][ T7634] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  177.855147][ T7634] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  177.880865][ T7778] netlink: 'syz.1.558': attribute type 4 has an invalid length.
[  177.945044][ T7778] netlink: 'syz.1.558': attribute type 4 has an invalid length.
[  177.986288][ T7778] netlink: 'syz.1.558': attribute type 1 has an invalid length.
[  178.024934][ T7634] 8021q: adding VLAN 0 to HW filter on device bond0
[  178.067234][ T7634] 8021q: adding VLAN 0 to HW filter on device team0
[  178.089968][ T6009] bridge0: port 1(bridge_slave_0) entered blocking state
[  178.097197][ T6009] bridge0: port 1(bridge_slave_0) entered forwarding state
[  178.140840][ T1837] bridge0: port 2(bridge_slave_1) entered blocking state
[  178.148077][ T1837] bridge0: port 2(bridge_slave_1) entered forwarding state
[  178.385652][ T7634] 8021q: adding VLAN 0 to HW filter on device batadv0
[  178.529343][ T7634] veth0_vlan: entered promiscuous mode
[  178.555627][ T7634] veth1_vlan: entered promiscuous mode
[  178.615802][ T7634] veth0_macvtap: entered promiscuous mode
[  178.649099][ T7634] veth1_macvtap: entered promiscuous mode
[  178.693874][ T7634] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  178.715634][ T7634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  178.745867][ T7634] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  178.762246][ T7634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  178.774639][ T7634] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  178.785209][ T7634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  178.796147][ T7634] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  178.807737][ T7634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  178.821431][ T7634] batman_adv: batadv0: Interface activated: batadv_slave_0
[  178.871319][ T7634] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  178.887399][ T7808] xt_l2tp: v2 tid > 0xffff: 2013396992
[  178.916241][ T7634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  178.938437][ T7634] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  178.949731][ T7634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  178.961272][ T7634] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  178.962774][ T4618] Bluetooth: hci0: command tx timeout
[  178.973111][ T7634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  178.997166][ T7634] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  179.048156][ T7634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.090462][ T7634] batman_adv: batadv0: Interface activated: batadv_slave_1
[  179.142961][ T7634] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  179.151880][ T7634] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  179.161694][ T7634] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  179.171660][ T7634] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  179.252240][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  179.260280][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  179.346990][  T746] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  179.363915][  T746] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  179.510704][ T7827] x_tables: duplicate underflow at hook 2
[  180.419698][ T7856] netlink: 8 bytes leftover after parsing attributes in process `syz.0.567'.
[  180.431915][ T7856] netlink: 4 bytes leftover after parsing attributes in process `syz.0.567'.
[  180.581195][ T7861] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  180.588531][ T7861] IPv6: NLM_F_CREATE should be set when creating new route
[  180.599270][ T7861] netlink: 'syz.0.569': attribute type 27 has an invalid length.
[  180.686896][ T7861] bridge0: port 2(bridge_slave_1) entered disabled state
[  180.694557][ T7861] bridge0: port 1(bridge_slave_0) entered disabled state
[  180.835681][ T7861] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  180.852464][ T7861] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  180.984579][ T7861] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  181.003700][ T7861] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  181.019832][ T7861] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  181.030556][ T7861] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  181.043194][ T4618] Bluetooth: hci0: command tx timeout
[  181.359285][ T7877] netlink: 60 bytes leftover after parsing attributes in process `syz.2.573'.
[  181.429818][ T7837] coredump: 102(syz.1.566): written to core: VMAs: 37, size 99430400; core: 62121070 bytes, pos 99438592
[  181.443652][ T7879] xt_l2tp: v2 tid > 0xffff: 2013396992
[  181.950372][ T7905] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  181.975468][ T7909] netlink: 4 bytes leftover after parsing attributes in process `syz.4.581'.
[  182.024171][ T7909] netlink: 4 bytes leftover after parsing attributes in process `syz.4.581'.
[  182.097682][ T7919] x_tables: duplicate underflow at hook 3
[  182.170474][   T29] audit: type=1326 audit(1726835743.057:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7914 comm="syz.2.583" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe35897def9 code=0x0
[  182.287211][ T7925] netlink: 16 bytes leftover after parsing attributes in process `syz.4.586'.
[  182.432028][ T7929] netlink: 11 bytes leftover after parsing attributes in process `syz.3.588'.
[  182.997121][ T7937] Invalid logical block size (1011)
[  185.149488][ T7958] FAULT_INJECTION: forcing a failure.
[  185.149488][ T7958] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  185.149534][ T7958] CPU: 0 UID: 0 PID: 7958 Comm: syz.0.597 Not tainted 6.11.0-syzkaller-07337-g2004cef11ea0 #0
[  185.149558][ T7958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  185.149570][ T7958] Call Trace:
[  185.149578][ T7958]  <TASK>
[  185.149587][ T7958]  dump_stack_lvl+0x241/0x360
[  185.149626][ T7958]  ? __pfx_dump_stack_lvl+0x10/0x10
[  185.149651][ T7958]  ? __pfx__printk+0x10/0x10
[  185.149677][ T7958]  ? __pfx_lock_release+0x10/0x10
[  185.149710][ T7958]  should_fail_ex+0x3b0/0x4e0
[  185.149735][ T7958]  _copy_from_iter+0x1ed/0x1d60
[  185.149767][ T7958]  ? __virt_addr_valid+0x183/0x530
[  185.149787][ T7958]  ? __pfx_lock_release+0x10/0x10
[  185.149817][ T7958]  ? __alloc_skb+0x28f/0x440
[  185.149842][ T7958]  ? __pfx__copy_from_iter+0x10/0x10
[  185.149868][ T7958]  ? __virt_addr_valid+0x183/0x530
[  185.149886][ T7958]  ? __virt_addr_valid+0x183/0x530
[  185.149903][ T7958]  ? __virt_addr_valid+0x45f/0x530
[  185.149924][ T7958]  ? __check_object_size+0x49c/0x900
[  185.149953][ T7958]  netlink_sendmsg+0x73d/0xcb0
[  185.149988][ T7958]  ? __pfx_netlink_sendmsg+0x10/0x10
[  185.150016][ T7958]  ? aa_sock_msg_perm+0x91/0x160
[  185.150046][ T7958]  ? __pfx_netlink_sendmsg+0x10/0x10
[  185.150068][ T7958]  __sock_sendmsg+0x221/0x270
[  185.150093][ T7958]  ____sys_sendmsg+0x52a/0x7e0
[  185.150123][ T7958]  ? __pfx_____sys_sendmsg+0x10/0x10
[  185.150157][ T7958]  __sys_sendmsg+0x2aa/0x390
[  185.150178][ T7958]  ? __pfx___sys_sendmsg+0x10/0x10
[  185.150195][ T7958]  ? vfs_write+0x7bf/0xc90
[  185.150252][ T7958]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  185.150277][ T7958]  ? do_syscall_64+0x100/0x230
[  185.150304][ T7958]  ? do_syscall_64+0xb6/0x230
[  185.150330][ T7958]  do_syscall_64+0xf3/0x230
[  185.150354][ T7958]  ? clear_bhb_loop+0x35/0x90
[  185.150381][ T7958]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  185.150404][ T7958] RIP: 0033:0x7f42fb97def9
[  185.150422][ T7958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  185.150439][ T7958] RSP: 002b:00007f42fc6a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  185.150462][ T7958] RAX: ffffffffffffffda RBX: 00007f42fbb35f80 RCX: 00007f42fb97def9
[  185.150478][ T7958] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
[  185.150491][ T7958] RBP: 00007f42fc6a1090 R08: 0000000000000000 R09: 0000000000000000
[  185.150504][ T7958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  185.150518][ T7958] R13: 0000000000000000 R14: 00007f42fbb35f80 R15: 00007f42fbc5fa28
[  185.150546][ T7958]  </TASK>
[  185.667357][   T29] audit: type=1326 audit(1726835746.557:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7965 comm="syz.3.601" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f821e97def9 code=0x0
[  185.713271][ T7968] xt_CT: You must specify a L4 protocol and not use inversions on it
[  185.851753][ T7979] FAULT_INJECTION: forcing a failure.
[  185.851753][ T7979] name failslab, interval 1, probability 0, space 0, times 0
[  185.875582][ T7979] CPU: 0 UID: 0 PID: 7979 Comm: syz.4.603 Not tainted 6.11.0-syzkaller-07337-g2004cef11ea0 #0
[  185.875612][ T7979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  185.875626][ T7979] Call Trace:
[  185.875634][ T7979]  <TASK>
[  185.875644][ T7979]  dump_stack_lvl+0x241/0x360
[  185.875677][ T7979]  ? __pfx_dump_stack_lvl+0x10/0x10
[  185.875709][ T7979]  ? __pfx__printk+0x10/0x10
[  185.875735][ T7979]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[  185.875757][ T7979]  ? __pfx___might_resched+0x10/0x10
[  185.875787][ T7979]  should_fail_ex+0x3b0/0x4e0
[  185.875813][ T7979]  should_failslab+0xac/0x100
[  185.875837][ T7979]  ? __alloc_skb+0x1c3/0x440
[  185.875862][ T7979]  kmem_cache_alloc_node_noprof+0x71/0x320
[  185.875887][ T7979]  __alloc_skb+0x1c3/0x440
[  185.875911][ T7979]  ? __pfx___mutex_lock+0x10/0x10
[  185.875934][ T7979]  ? kmem_cache_free+0x1a3/0x420
[  185.875957][ T7979]  ? __pfx___alloc_skb+0x10/0x10
[  185.875991][ T7979]  netlink_dump+0x2cd/0xd80
[  185.876027][ T7979]  ? __pfx_netlink_dump+0x10/0x10
[  185.876068][ T7979]  ? netlink_recvmsg+0x60a/0x11d0
[  185.876091][ T7979]  ? kmem_cache_free+0x1a3/0x420
[  185.876110][ T7979]  ? netlink_recvmsg+0x60a/0x11d0
[  185.876139][ T7979]  netlink_recvmsg+0x6bb/0x11d0
[  185.876172][ T7979]  ? __pfx_netlink_recvmsg+0x10/0x10
[  185.876203][ T7979]  ? __pfx_aa_sk_perm+0x10/0x10
[  185.876229][ T7979]  ? __pfx___might_resched+0x10/0x10
[  185.876250][ T7979]  ? iovec_from_user+0x61/0x240
[  185.876269][ T7979]  ? aa_sock_msg_perm+0x91/0x160
[  185.876295][ T7979]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[  185.876316][ T7979]  ? __pfx_netlink_recvmsg+0x10/0x10
[  185.876344][ T7979]  sock_recvmsg+0x22f/0x280
[  185.876371][ T7979]  ____sys_recvmsg+0x1c6/0x480
[  185.876400][ T7979]  ? __pfx_____sys_recvmsg+0x10/0x10
[  185.876440][ T7979]  __sys_recvmsg+0x2ea/0x3d0
[  185.876465][ T7979]  ? __pfx___sys_recvmsg+0x10/0x10
[  185.876505][ T7979]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  186.062790][ T7979]  ? do_syscall_64+0x100/0x230
[  186.062827][ T7979]  ? do_syscall_64+0xb6/0x230
[  186.062851][ T7979]  do_syscall_64+0xf3/0x230
[  186.062874][ T7979]  ? clear_bhb_loop+0x35/0x90
[  186.062901][ T7979]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.062923][ T7979] RIP: 0033:0x7f474277def9
[  186.062941][ T7979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  186.111394][ T7979] RSP: 002b:00007f4743547038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  186.111422][ T7979] RAX: ffffffffffffffda RBX: 00007f4742935f80 RCX: 00007f474277def9
[  186.111435][ T7979] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[  186.111447][ T7979] RBP: 00007f4743547090 R08: 0000000000000000 R09: 0000000000000000
[  186.111458][ T7979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  186.111469][ T7979] R13: 0000000000000000 R14: 00007f4742935f80 R15: 00007f4742a5fa28
[  186.111497][ T7979]  </TASK>
[  186.111518][    C0] vkms_vblank_simulate: vblank timer overrun
[  186.168939][    C0] vkms_vblank_simulate: vblank timer overrun
[  186.529880][ T7982] loop2: detected capacity change from 0 to 7
[  186.537773][ T7982] Dev loop2: unable to read RDB block 7
[  186.544854][ T7982]  loop2: AHDI p1 p3 p4
[  186.549457][ T7982] loop2: partition table partially beyond EOD, truncated
[  186.557322][ T7982] loop2: p1 start 2048 is beyond EOD, truncated
[  186.565329][ T7982] loop2: p3 size 16779293 extends beyond EOD, truncated
[  186.618302][ T5238] udevd[5238]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[  187.059865][   T51] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  187.135674][ T5234] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  187.149185][ T5234] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  187.163928][ T5234] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  187.173469][ T5234] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  187.181401][ T5234] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  187.189175][ T5234] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  187.311669][   T51] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  187.414979][   T51] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  187.600048][   T51] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  187.709012][ T7993] chnl_net:caif_netlink_parms(): no params data found
[  187.900024][ T8002] IPv6: NLM_F_REPLACE set, but no existing node found!
[  187.938910][   T51] bridge_slave_1: left allmulticast mode
[  187.971653][   T51] bridge_slave_1: left promiscuous mode
[  187.991711][   T51] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.019612][   T51] bridge_slave_0: left allmulticast mode
[  188.043240][   T51] bridge_slave_0: left promiscuous mode
[  188.056239][   T51] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.438378][   T51] bond1 (unregistering): (slave geneve0): Releasing active interface
[  188.450111][   T51] geneve0 (unregistering): left promiscuous mode
[  188.658732][   T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  188.676104][   T51] bond0 (unregistering): Released all slaves
[  188.697863][   T51] bond1 (unregistering): Released all slaves
[  188.718055][ T7993] bridge0: port 1(bridge_slave_0) entered blocking state
[  188.725630][ T7993] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.735678][ T7993] bridge_slave_0: entered allmulticast mode
[  188.743982][ T7993] bridge_slave_0: entered promiscuous mode
[  188.793685][ T7993] bridge0: port 2(bridge_slave_1) entered blocking state
[  188.823608][ T7993] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.842125][ T7993] bridge_slave_1: entered allmulticast mode
[  188.891752][ T7993] bridge_slave_1: entered promiscuous mode
[  189.083791][   T29] audit: type=1326 audit(1726835749.977:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8023 comm="syz.3.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f821e97def9 code=0x7ffc0000
[  189.138093][   T29] audit: type=1326 audit(1726835749.977:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8023 comm="syz.3.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f821e97def9 code=0x7ffc0000
[  189.181357][   T29] audit: type=1326 audit(1726835749.977:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8023 comm="syz.3.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f821e97def9 code=0x7ffc0000
[  189.218544][   T29] audit: type=1326 audit(1726835749.977:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8023 comm="syz.3.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f821e97def9 code=0x7ffc0000
[  189.268551][   T29] audit: type=1326 audit(1726835749.997:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8012 comm="syz.1.614" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff4a337def9 code=0x0
[  189.302984][ T5234] Bluetooth: hci5: command tx timeout
[  189.327166][ T8026] loop2: detected capacity change from 0 to 7
[  189.341539][ T8026] Dev loop2: unable to read RDB block 7
[  189.361828][ T8026]  loop2: AHDI p1 p3 p4
[  189.370952][ T7993] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  189.394584][ T8026] loop2: partition table partially beyond EOD, truncated
[  189.420266][ T7993] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  189.429795][ T8026] loop2: p1 start 2048 is beyond EOD, truncated
[  189.452078][ T8026] loop2: p3 size 16779293 extends beyond EOD, truncated
[  189.643046][ T7993] team0: Port device team_slave_0 added
[  189.674380][ T7993] team0: Port device team_slave_1 added
[  189.758803][   T51] hsr_slave_0: left promiscuous mode
[  189.823415][   T51] hsr_slave_1: left promiscuous mode
[  189.841245][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  189.867491][   T51] batman_adv: batadv0: Removing interface: batadv_slave_0
[  189.886916][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  189.906574][   T51] batman_adv: batadv0: Removing interface: batadv_slave_1
[  190.004525][   T51] veth1_macvtap: left promiscuous mode
[  190.042044][   T51] veth0_macvtap: left promiscuous mode
[  190.083763][   T51] veth1_vlan: left promiscuous mode
[  190.089042][   T51] veth0_vlan: left promiscuous mode
[  191.089520][   T51] team0 (unregistering): Port device team_slave_1 removed
[  191.156134][   T51] team0 (unregistering): Port device team_slave_0 removed
[  191.367072][ T5234] Bluetooth: hci5: command tx timeout
[  191.579439][   T29] audit: type=1326 audit(1726835752.467:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8052 comm="syz.0.623" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f42fb97def9 code=0x0
[  191.815438][ T7993] batman_adv: batadv0: Adding interface: batadv_slave_0
[  191.826771][ T7993] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  191.863775][ T7993] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  191.878323][ T8042] netlink: 'syz.3.620': attribute type 21 has an invalid length.
[  191.890450][ T8042] netlink: 128 bytes leftover after parsing attributes in process `syz.3.620'.
[  191.950837][ T7993] batman_adv: batadv0: Adding interface: batadv_slave_1
[  191.960295][ T7993] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  191.990734][ T7993] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  192.099085][ T7993] hsr_slave_0: entered promiscuous mode
[  192.117423][ T7993] hsr_slave_1: entered promiscuous mode
[  192.134573][ T7993] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  192.142329][ T7993] Cannot create hsr debugfs directory
[  192.677857][ T4618] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  192.688482][ T4618] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  192.697576][ T4618] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  192.707589][ T4618] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  192.716870][ T4618] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  192.726351][ T4618] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  192.935266][ T8083] veth0_vlan: left promiscuous mode
[  192.953466][ T8083] veth0_vlan: entered promiscuous mode
[  192.969610][ T8073] xt_l2tp: v2 tid > 0xffff: 2013396992
[  193.397821][ T8107] netlink: 4 bytes leftover after parsing attributes in process `syz.3.636'.
[  193.414676][ T8085] chnl_net:caif_netlink_parms(): no params data found
[  193.443128][ T5234] Bluetooth: hci5: command tx timeout
[  193.480395][ T7993] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  193.493207][ T8107] netlink: 4 bytes leftover after parsing attributes in process `syz.3.636'.
[  193.617838][   T51] bridge_slave_1: left allmulticast mode
[  193.623724][   T51] bridge_slave_1: left promiscuous mode
[  193.629671][   T51] bridge0: port 2(bridge_slave_1) entered disabled state
[  193.641708][   T51] bridge_slave_0: left allmulticast mode
[  193.648192][   T51] bridge_slave_0: left promiscuous mode
[  193.657630][   T51] bridge0: port 1(bridge_slave_0) entered disabled state
[  193.989487][   T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  194.003743][   T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  194.014236][   T51] bond0 (unregistering): Released all slaves
[  194.026881][ T7993] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  194.056167][ T7993] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  194.086930][ T7993] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  194.203491][ T8085] bridge0: port 1(bridge_slave_0) entered blocking state
[  194.234559][ T8085] bridge0: port 1(bridge_slave_0) entered disabled state
[  194.241833][ T8085] bridge_slave_0: entered allmulticast mode
[  194.257438][ T8085] bridge_slave_0: entered promiscuous mode
[  194.313929][ T8085] bridge0: port 2(bridge_slave_1) entered blocking state
[  194.338581][ T8085] bridge0: port 2(bridge_slave_1) entered disabled state
[  194.351582][ T8085] bridge_slave_1: entered allmulticast mode
[  194.360812][ T8085] bridge_slave_1: entered promiscuous mode
[  194.454707][ T8085] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  194.490945][ T1269] ieee802154 phy0 wpan0: encryption failed: -22
[  194.499964][ T1269] ieee802154 phy1 wpan1: encryption failed: -22
[  194.588681][   T51] hsr_slave_0: left promiscuous mode
[  194.603099][   T51] hsr_slave_1: left promiscuous mode
[  194.609544][   T51] batman_adv: batadv0: Removing interface: batadv_slave_0
[  194.649779][   T51] batman_adv: batadv0: Removing interface: batadv_slave_1
[  194.690317][   T51] veth0_vlan: left promiscuous mode
[  194.817825][ T5234] Bluetooth: hci1: command tx timeout
[  195.431584][   T51] team0 (unregistering): Port device team_slave_1 removed
[  195.524742][   T51] team0 (unregistering): Port device team_slave_0 removed
[  195.532709][ T5234] Bluetooth: hci5: command tx timeout
[  196.141846][ T8085] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  196.153015][ T8146] netlink: 32 bytes leftover after parsing attributes in process `syz.1.641'.
[  196.162452][ T8151] netlink: 'syz.1.641': attribute type 24 has an invalid length.
[  196.297381][ T8085] team0: Port device team_slave_0 added
[  196.336969][ T8085] team0: Port device team_slave_1 added
[  196.448106][ T8085] batman_adv: batadv0: Adding interface: batadv_slave_0
[  196.469083][ T8085] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  196.503373][ T8085] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  196.521018][ T8085] batman_adv: batadv0: Adding interface: batadv_slave_1
[  196.529161][ T8085] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  196.562432][ T8085] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  196.596235][ T7993] 8021q: adding VLAN 0 to HW filter on device bond0
[  196.681297][ T7993] 8021q: adding VLAN 0 to HW filter on device team0
[  196.711849][ T8085] hsr_slave_0: entered promiscuous mode
[  196.728779][ T8085] hsr_slave_1: entered promiscuous mode
[  196.738725][ T8085] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  196.749739][ T8085] Cannot create hsr debugfs directory
[  196.766799][  T746] bridge0: port 1(bridge_slave_0) entered blocking state
[  196.773984][  T746] bridge0: port 1(bridge_slave_0) entered forwarding state
[  196.812843][  T746] bridge0: port 2(bridge_slave_1) entered blocking state
[  196.820023][  T746] bridge0: port 2(bridge_slave_1) entered forwarding state
[  196.882680][ T5234] Bluetooth: hci1: command tx timeout
[  197.002014][ T7993] 8021q: adding VLAN 0 to HW filter on device batadv0
[  197.153865][ T7993] veth0_vlan: entered promiscuous mode
[  197.181255][ T7993] veth1_vlan: entered promiscuous mode
[  197.305660][ T7993] veth0_macvtap: entered promiscuous mode
[  197.332312][ T7993] veth1_macvtap: entered promiscuous mode
[  197.342051][ T8085] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  197.351756][ T8085] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  197.371148][ T8085] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  197.381025][ T8085] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  197.395177][ T7993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  197.407400][ T7993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  197.417562][ T7993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  197.428158][ T7993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  197.438053][ T7993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  197.448839][ T7993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  197.460137][ T7993] batman_adv: batadv0: Interface activated: batadv_slave_0
[  197.479643][ T7993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  197.496825][ T7993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  197.507596][ T7993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  197.521189][ T7993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  197.532277][ T7993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  197.546226][ T7993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  197.557776][ T7993] batman_adv: batadv0: Interface activated: batadv_slave_1
[  197.568459][ T7993] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  197.579712][ T7993] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  197.588582][ T7993] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  197.598080][ T7993] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  197.710769][ T1837] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  197.734236][ T1837] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  197.770610][   T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  197.797828][ T8085] 8021q: adding VLAN 0 to HW filter on device bond0
[  197.813332][   T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  197.841610][ T8085] 8021q: adding VLAN 0 to HW filter on device team0
[  197.877890][ T1837] bridge0: port 1(bridge_slave_0) entered blocking state
[  197.885081][ T1837] bridge0: port 1(bridge_slave_0) entered forwarding state
[  197.920360][ T1837] bridge0: port 2(bridge_slave_1) entered blocking state
[  197.927536][ T1837] bridge0: port 2(bridge_slave_1) entered forwarding state
[  198.096327][ T8085] 8021q: adding VLAN 0 to HW filter on device batadv0
[  198.143055][ T8231] input: syz0 as /devices/virtual/input/input10
[  198.264538][ T8085] veth0_vlan: entered promiscuous mode
[  198.312796][ T8085] veth1_vlan: entered promiscuous mode
[  198.368530][ T8238] veth1_to_hsr: entered promiscuous mode
[  198.389206][ T8238] batman_adv: batadv0: Adding interface: macvlan3
[  198.400375][ T8238] batman_adv: batadv0: The MTU of interface macvlan3 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  198.433792][ T8238] batman_adv: batadv0: Interface activated: macvlan3
[  198.550093][ T8085] veth0_macvtap: entered promiscuous mode
[  198.603560][ T8085] veth1_macvtap: entered promiscuous mode
[  198.726082][ T8085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  198.782643][ T8085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  198.829795][ T8085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  198.881308][ T8085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  198.928311][ T8085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  198.940035][ T8085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  198.962840][ T5234] Bluetooth: hci1: command tx timeout
[  198.982780][ T8085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  198.993975][ T8085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.038252][ T8085] batman_adv: batadv0: Interface activated: batadv_slave_0
[  199.096773][ T8085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  199.148260][ T8085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.180810][ T8085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  199.231889][ T8085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.255720][ T8085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  199.302954][ T8085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.324176][ T8261] loop2: detected capacity change from 0 to 7
[  199.336038][ T8085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  199.369012][ T8085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.381827][ T8261] Dev loop2: unable to read RDB block 7
[  199.401278][ T8085] batman_adv: batadv0: Interface activated: batadv_slave_1
[  199.412484][ T8261]  loop2: unable to read partition table
[  199.434289][ T8085] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  199.455074][ T8261] loop2: partition table beyond EOD, truncated
[  199.461709][ T8085] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  199.487726][ T8261] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  199.501485][ T8085] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  199.517699][ T8085] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  199.606097][ T5273] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -2). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  199.606659][   T25] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  199.636536][ T5271] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -2). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  199.651874][ T5221] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -2). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  199.667454][ T5276] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -2). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  199.694719][ T5271] dvb_usb_az6027 1-1:2.75: probe with driver dvb_usb_az6027 failed with error -2
[  199.727796][ T5221] dvb_usb_az6027 2-1:2.75: probe with driver dvb_usb_az6027 failed with error -2
[  199.738183][ T8271] veth0_vlan: left promiscuous mode
[  199.753095][ T5276] dvb_usb_az6027 3-1:2.75: probe with driver dvb_usb_az6027 failed with error -2
[  199.760931][ T5273] dvb_usb_az6027 5-1:2.75: probe with driver dvb_usb_az6027 failed with error -2
[  199.793587][ T8271] veth0_vlan: entered promiscuous mode
[  199.801414][ T5221] usb 2-1: USB disconnect, device number 20
[  199.822721][   T25] dvb_usb_az6027 4-1:2.75: probe with driver dvb_usb_az6027 failed with error -110
[  199.848428][ T5271] usb 1-1: USB disconnect, device number 9
[  199.895750][ T5276] usb 3-1: USB disconnect, device number 6
[  199.962445][   T25] usb 4-1: USB disconnect, device number 16
[  200.072881][ T5273] usb 5-1: USB disconnect, device number 23
[  200.141944][  T742] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  200.167114][  T742] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  200.285867][  T742] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  200.304093][ T5276] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  200.338417][  T742] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  200.481467][ T5276] usb 3-1: Using ep0 maxpacket: 8
[  200.509378][ T5276] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  200.539270][ T5276] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  200.561712][ T5276] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  200.597590][ T5276] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  200.649627][ T5276] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  200.712711][ T5276] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  200.732745][ T5276] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  200.886768][   T29] audit: type=1326 audit(1726835761.777:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8300 comm="syz.1.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4a337def9 code=0x7ffc0000
[  200.991445][   T29] audit: type=1326 audit(1726835761.777:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8300 comm="syz.1.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4a337def9 code=0x7ffc0000
[  201.014141][   T29] audit: type=1326 audit(1726835761.797:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8300 comm="syz.1.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff4a337def9 code=0x7ffc0000
[  201.037788][   T29] audit: type=1326 audit(1726835761.797:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8300 comm="syz.1.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4a337def9 code=0x7ffc0000
[  201.060511][   T29] audit: type=1326 audit(1726835761.797:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8300 comm="syz.1.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4a337def9 code=0x7ffc0000
[  201.095609][ T4618] Bluetooth: hci1: command tx timeout
[  201.582721][ T5271] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  201.742787][ T5271] usb 2-1: Using ep0 maxpacket: 8
[  201.754945][ T5271] usb 2-1: config 0 has an invalid interface number: 186 but max is 0
[  201.779584][ T5271] usb 2-1: config 0 has no interface number 0
[  201.797327][ T5271] usb 2-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  201.820847][ T5271] usb 2-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  201.852719][ T5271] usb 2-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 108, changing to 10
[  201.878096][ T5271] usb 2-1: config 0 interface 186 altsetting 0 endpoint 0x8A has invalid maxpacket 8949, setting to 1024
[  201.907231][ T5271] usb 2-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  201.936559][ T5271] usb 2-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  201.936581][ T5271] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  201.936593][ T5271] usb 2-1: Product: syz
[  201.936603][ T5271] usb 2-1: Manufacturer: syz
[  201.936618][ T5271] usb 2-1: SerialNumber: syz
[  201.938024][ T5271] usb 2-1: config 0 descriptor??
[  202.095227][ T5276] usb 3-1: usb_control_msg returned -71
[  202.095269][ T5276] usbtmc 3-1:16.0: can't read capabilities
[  202.119206][ T5276] usb 3-1: USB disconnect, device number 7
[  202.151672][ T5271] iowarrior 2-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior0
[  202.650697][ T5275] usb 2-1: USB disconnect, device number 21
[  202.713957][ T5275] iowarrior 2-1:0.186: I/O-Warror #0 now disconnected
[  202.861378][ T8262] coredump: 141(syz.3.651): written to core: VMAs: 36, size 97419264; core: 59954230 bytes, pos 97427456
[  202.947738][ T8330] netlink: 12 bytes leftover after parsing attributes in process `syz.1.672'.
[  203.000053][ T8333] vxcan0: tx drop: invalid sa for name 0x0000000000000001
[  203.008627][ T8333] sch_tbf: burst 0 is lower than device lo mtu (11337746) !
[  203.042100][ T8333] xt_NFQUEUE: number of total queues is 0
[  203.562702][ T5275] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  203.562737][   T79] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  203.732605][ T5275] usb 3-1: Using ep0 maxpacket: 8
[  203.750932][ T5275] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  203.771663][ T5275] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  203.796631][ T5275] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  203.798026][   T79] usb 5-1: config 2 has an invalid interface number: 75 but max is 0
[  203.819025][   T79] usb 5-1: config 2 has no interface number 0
[  203.832618][   T79] usb 5-1: config 2 interface 75 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 13
[  203.843330][ T5275] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  203.852940][   T79] usb 5-1: config 2 interface 75 has no altsetting 0
[  203.901778][   T79] usb 5-1: New USB device found, idVendor=13d3, idProduct=3275, bcdDevice= d.89
[  203.908383][ T5275] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  203.911039][   T79] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  203.935810][   T79] usb 5-1: Product: ࠊ
[  203.945554][   T79] usb 5-1: Manufacturer: ௔問뇎ጥ乇潧⺓ᦈﺍ쩱䳐ꡬ㢟蛥๡쩓捐㉯ാ㡱ܞ뤧㠜뎒鹱뗃х讙艝틓ᶀ᷐䭴뀝⫦넉୾佾櫦ꮣၡ꘶ᖵ箐崼篜㿾ꈚ陻妃ﶚﳲ썚䑁爥륨嘝ꈕ聕㢠뒲ꡘ㉹伕㇪
[  203.959263][ T5275] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.968324][    C1] vkms_vblank_simulate: vblank timer overrun
[  203.981347][   T79] usb 5-1: SerialNumber: ␉
[  204.142664][ T5273] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  204.245711][ T5275] usb 3-1: usb_control_msg returned -71
[  204.266493][ T5275] usbtmc 3-1:16.0: can't read capabilities
[  204.335518][ T5275] usb 3-1: USB disconnect, device number 8
[  204.353323][ T5273] usb 2-1: Using ep0 maxpacket: 32
[  204.379776][ T5273] usb 2-1: config 0 has an invalid interface number: 186 but max is 0
[  204.409285][ T8345] loop2: detected capacity change from 0 to 7
[  204.422091][ T8345] Dev loop2: unable to read RDB block 7
[  204.427805][ T5273] usb 2-1: config 0 has no interface number 0
[  204.427862][ T5273] usb 2-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  204.453859][ T8345]  loop2: AHDI p1 p3 p4
[  204.459604][ T8345] loop2: partition table partially beyond EOD, truncated
[  204.473263][ T8345] loop2: p1 start 2048 is beyond EOD, truncated
[  204.481754][ T8345] loop2: p3 size 16779293 extends beyond EOD, truncated
[  204.482262][ T5273] usb 2-1: New USB device found, idVendor=0856, idProduct=ac29, bcdDevice=a8.3c
[  204.577960][ T5273] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  204.608960][ T5273] usb 2-1: Product: syz
[  204.627281][ T5273] usb 2-1: Manufacturer: syz
[  204.644493][ T5273] usb 2-1: SerialNumber: syz
[  204.681612][ T5273] usb 2-1: config 0 descriptor??
[  204.688743][ T8350] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  205.753570][ T8359] netlink: 8 bytes leftover after parsing attributes in process `syz.0.681'.
[  205.857403][ T4679] Dev loop2: unable to read RDB block 7
[  205.910224][ T4679]  loop2: AHDI p1 p3 p4
[  205.928337][ T4679] loop2: partition table partially beyond EOD, truncated
[  205.978768][ T4679] loop2: p1 start 2048 is beyond EOD, truncated
[  206.028628][ T4679] loop2: p3 size 16779293 extends beyond EOD, truncated
[  206.324068][   T79] dvb-usb: found a 'AZUREWAVE DVB-S/S2 USB2.0 (AZ6027)' in cold state, will try to load a firmware
[  206.346551][   T79] usb 5-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2
[  206.380460][   T79] usb 5-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw
[  206.458584][ T8375] netlink: 'syz.4.687': attribute type 1 has an invalid length.
[  206.737218][ T5273] mos7840 2-1:0.186: required endpoints missing
[  206.762891][ T5273] usb 2-1: USB disconnect, device number 22
[  206.813398][   T25] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  206.993950][   T25] usb 1-1: Using ep0 maxpacket: 32
[  207.002276][ T8393] veth0_vlan: left promiscuous mode
[  207.025915][   T25] usb 1-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice= 2.d5
[  207.048313][ T8393] veth0_vlan: entered promiscuous mode
[  207.060120][   T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.075141][   T25] usb 1-1: Product: syz
[  207.080214][   T25] usb 1-1: Manufacturer: syz
[  207.085274][   T25] usb 1-1: SerialNumber: syz
[  207.092701][   T25] usb 1-1: rejected 1 configuration due to insufficient available bus power
[  207.101762][   T25] usb 1-1: no configuration chosen from 1 choice
[  207.392368][ T8403] fuse: Bad value for 'group_id'
[  207.401970][ T8403] fuse: Bad value for 'group_id'
[  208.022726][ T5271] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  208.148612][ T8423] netlink: 'syz.2.701': attribute type 13 has an invalid length.
[  208.157298][ T8423] veth0_macvtap: left promiscuous mode
[  208.167457][ T8423] macvtap0: entered allmulticast mode
[  208.175489][ T8423] macvtap0: refused to change device tx_queue_len
[  208.182638][ T5271] usb 4-1: Using ep0 maxpacket: 16
[  208.189470][ T5271] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  208.202069][ T5271] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  208.216335][ T5271] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  208.230906][ T5271] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  208.239954][ T5271] usb 4-1: Product: syz
[  208.246159][ T5271] usb 4-1: Manufacturer: syz
[  208.250989][ T5271] usb 4-1: SerialNumber: syz
[  208.265786][ T5271] usb 4-1: config 0 descriptor??
[  208.274360][ T5271] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  208.296335][ T5271] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  208.872694][ T5275] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  208.900106][ T5271] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  208.907043][ T5271] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[  209.024381][ T5275] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  209.033322][ T5275] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  209.043617][ T5275] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  209.052958][ T5275] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 62, changing to 9
[  209.065771][ T5275] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8883, setting to 1024
[  209.079210][ T5275] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  209.089397][ T5275] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  209.097497][ T5275] usb 3-1: Product: syz
[  209.101661][ T5275] usb 3-1: Manufacturer: syz
[  209.112292][ T5275] cdc_wdm 3-1:1.0: skipping garbage
[  209.117591][ T5275] cdc_wdm 3-1:1.0: skipping garbage
[  209.126259][ T5275] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  209.132186][ T5275] cdc_wdm 3-1:1.0: Unknown control protocol
[  209.315237][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  209.321986][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  209.328276][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  209.335145][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  209.341295][    C1] hrtimer: interrupt took 26223230 ns
[  209.346739][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  209.353349][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  209.359608][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  209.366204][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  209.372431][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  209.379040][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  209.385467][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  209.392090][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  209.398333][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  209.403073][ T5275] usb 3-1: USB disconnect, device number 9
[  209.404924][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  209.416947][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  209.542048][ T5271] em28xx 4-1:0.0: Unknown AC97 audio processor detected!
[  209.549885][ T5271] em28xx 4-1:0.0: couldn't setup AC97 register 2
[  209.553764][ T5285] usb 1-1: USB disconnect, device number 10
[  209.556979][ T5271] em28xx 4-1:0.0: couldn't setup AC97 register 4
[  209.583393][ T5271] em28xx 4-1:0.0: couldn't setup AC97 register 6
[  209.590667][ T5271] em28xx 4-1:0.0: couldn't setup AC97 register 54
[  209.597987][ T5271] em28xx 4-1:0.0: couldn't setup AC97 register 56
[  210.010155][ T8413] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  210.020645][ T8413] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  210.032291][ T5271] em28xx 4-1:0.0: couldn't setup AC97 register 2
[  210.039454][ T5271] em28xx 4-1:0.0: couldn't setup AC97 register 4
[  210.046326][ T5271] em28xx 4-1:0.0: couldn't setup AC97 register 6
[  210.052671][ T5285] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  210.060582][ T5271] em28xx 4-1:0.0: couldn't setup AC97 register 54
[  210.067368][ T5271] em28xx 4-1:0.0: couldn't setup AC97 register 56
[  210.078712][ T5271] usb 4-1: USB disconnect, device number 17
[  210.212634][ T5285] usb 1-1: Using ep0 maxpacket: 8
[  210.231792][ T5285] usb 1-1: config 150 has an invalid interface number: 204 but max is 1
[  210.240615][ T5285] usb 1-1: config 150 has no interface number 0
[  210.247118][ T5285] usb 1-1: config 150 interface 204 has no altsetting 0
[  210.254368][ T5285] usb 1-1: config 150 interface 1 has no altsetting 0
[  210.270961][ T5285] usb 1-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb
[  210.280139][ T5285] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.293201][ T5285] usb 1-1: Product: syz
[  210.297378][ T5285] usb 1-1: Manufacturer: syz
[  210.302022][ T5285] usb 1-1: SerialNumber: syz
[  210.360422][ T8444] Invalid logical block size (1011)
[  210.519554][ T5285] xr_serial 1-1:150.204: xr_serial converter detected
[  210.548036][ T8450] netlink: 4 bytes leftover after parsing attributes in process `syz.2.711'.
[  210.567948][ T8450] netlink: 4 bytes leftover after parsing attributes in process `syz.2.711'.
[  210.641441][ T8450] hsr_slave_0 (unregistering): left promiscuous mode
[  210.656877][ T8452] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  210.664190][ T8452] IPv6: NLM_F_CREATE should be set when creating new route
[  210.674215][ T8452] netlink: 'syz.3.712': attribute type 27 has an invalid length.
[  210.822660][ T8455] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  210.829243][ T8455] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  210.850517][ T8455] vhci_hcd vhci_hcd.0: Device attached
[  210.924268][ T8440] netlink: 28 bytes leftover after parsing attributes in process `syz.0.706'.
[  210.945613][ T8456] vhci_hcd: connection closed
[  210.946114][   T51] vhci_hcd: stop threads
[  210.955340][   T51] vhci_hcd: release socket
[  210.966301][   T51] vhci_hcd: disconnect device
[  210.977611][ T8452] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.986145][ T8452] bridge0: port 1(bridge_slave_0) entered disabled state
[  211.022813][ T7643] vhci_hcd: vhci_device speed not set
[  211.356249][ T8452] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  211.407391][ T8452] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  211.768615][ T8452] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  211.797456][ T8452] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  211.812876][ T8452] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  211.862807][ T8452] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  212.005856][ T8452] batman_adv: batadv0: Interface deactivated: macvlan3
[  212.196318][ T5285] xr_serial ttyUSB0: Failed to set reg 0x0c: -71
[  212.202941][ T5285] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71
[  212.222978][ T5285] usb 1-1: USB disconnect, device number 11
[  212.231233][ T5285] xr_serial 1-1:150.204: device disconnected
[  212.382734][ T5221] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  212.390404][ T8473] usb 2-1: new full-speed USB device number 23 using dummy_hcd
[  212.533342][ T5271] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[  212.546647][ T5221] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  212.555832][ T5221] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  212.556032][ T8473] usb 2-1: config 1 has an invalid descriptor of length 202, skipping remainder of the config
[  212.575747][ T5221] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  212.584611][ T8473] usb 2-1: config 1 has 0 interfaces, different from the descriptor's value: 3
[  212.594616][ T5221] usb 4-1: config 0 descriptor??
[  212.602116][ T8473] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  212.613103][ T8473] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  212.621132][ T8473] usb 2-1: Product: Э
[  212.625358][ T8473] usb 2-1: Manufacturer: ѕ
[  212.629877][ T8473] usb 2-1: SerialNumber: ч
[  212.642905][ T5285] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  212.694576][ T5271] usb 3-1: config index 0 descriptor too short (expected 156, got 27)
[  212.702927][ T5271] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  212.714198][ T5271] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  212.725611][ T5271] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  212.736936][ T5271] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  212.751091][ T5271] usb 3-1: config 0 interface 0 has no altsetting 0
[  212.760093][ T5271] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  212.769928][ T5271] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  212.778528][ T5271] usb 3-1: Product: syz
[  212.782815][ T5271] usb 3-1: Manufacturer: syz
[  212.787474][ T5271] usb 3-1: SerialNumber: syz
[  212.797977][ T5271] usb 3-1: config 0 descriptor??
[  212.805575][ T7643] usb 4-1: USB disconnect, device number 18
[  212.812746][ T5285] usb 1-1: Using ep0 maxpacket: 8
[  212.813155][ T8500] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  212.825829][ T5285] usb 1-1: New USB device found, idVendor=0bda, idProduct=0139, bcdDevice=b4.99
[  212.831170][ T5271] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  212.841488][ T5285] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  212.859755][ T8473] usb 2-1: USB disconnect, device number 23
[  212.867440][ T5285] usb 1-1: Product: syz
[  212.869988][ T5271] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  212.872779][ T5285] usb 1-1: Manufacturer: syz
[  212.898920][ T5285] usb 1-1: SerialNumber: syz
[  212.911934][ T5285] usb 1-1: config 0 descriptor??
[  213.036971][ T5285] rtsx_usb 1-1:0.0: probe with driver rtsx_usb failed with error -22
[  213.134963][ T8506] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  213.144110][ T8506] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  213.166321][ T8473] usb 1-1: USB disconnect, device number 12
[  213.268295][ T7643] usb 3-1: USB disconnect, device number 10
[  213.280909][ T7643] ldusb 3-1:0.0: LD USB Device #0 now disconnected
[  213.874813][ T8521] netlink: 'syz.2.729': attribute type 1 has an invalid length.
[  214.195176][ T8532] loop2: detected capacity change from 0 to 7
[  214.203266][ T8532] Dev loop2: unable to read RDB block 7
[  214.209123][ T8532]  loop2: unable to read partition table
[  214.215911][ T8532] loop2: partition table beyond EOD, truncated
[  214.222222][ T8532] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  214.323462][ T8482] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  214.501351][ T8543] binder: 8541:8543 ioctl c0306201 20000080 returned -14
[  214.526711][ T8482] usb 1-1: too many configurations: 9, using maximum allowed: 8
[  214.568459][ T8482] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  214.623318][ T8482] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  214.669201][ T8482] usb 1-1: config 0 interface 0 has no altsetting 0
[  214.704190][ T8482] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  214.760322][ T8482] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  214.777110][ T8482] usb 1-1: config 0 interface 0 has no altsetting 0
[  214.784865][ T8482] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  214.829232][ T8482] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  214.891858][ T8552] syz.4.741 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  214.904681][ T8482] usb 1-1: config 0 interface 0 has no altsetting 0
[  214.931908][ T8482] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  214.940926][ T8482] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  214.951870][ T8482] usb 1-1: config 0 interface 0 has no altsetting 0
[  214.973285][ T8482] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  214.982240][ T8482] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  214.993780][ T8482] usb 1-1: config 0 interface 0 has no altsetting 0
[  215.012267][ T8482] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  215.033796][ T8482] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  215.052704][ T8482] usb 1-1: config 0 interface 0 has no altsetting 0
[  215.077451][ T8482] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  215.088961][   T29] audit: type=1326 audit(1726835775.977:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8556 comm="syz.1.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4a337def9 code=0x7ffc0000
[  215.125575][ T8482] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  215.144226][ T8482] usb 1-1: config 0 interface 0 has no altsetting 0
[  215.157045][ T8482] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  215.166098][ T8482] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  215.169046][   T29] audit: type=1326 audit(1726835775.977:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8556 comm="syz.1.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4a337def9 code=0x7ffc0000
[  215.177218][ T8482] usb 1-1: config 0 interface 0 has no altsetting 0
[  215.224375][ T8482] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  215.246686][ T8482] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  215.270970][   T29] audit: type=1326 audit(1726835776.007:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8556 comm="syz.1.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff4a337def9 code=0x7ffc0000
[  215.310615][ T8482] usb 1-1: Product: syz
[  215.317929][ T8561] loop2: detected capacity change from 0 to 7
[  215.320852][ T8482] usb 1-1: Manufacturer: syz
[  215.332839][ T8473] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  215.341792][ T8561] Dev loop2: unable to read RDB block 7
[  215.363066][   T29] audit: type=1326 audit(1726835776.007:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8556 comm="syz.1.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4a337def9 code=0x7ffc0000
[  215.363102][ T8482] usb 1-1: SerialNumber: syz
[  215.385679][   T29] audit: type=1326 audit(1726835776.007:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8556 comm="syz.1.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4a337def9 code=0x7ffc0000
[  215.427675][ T8561]  loop2: unable to read partition table
[  215.433912][ T8561] loop2: partition table beyond EOD, truncated
[  215.456066][ T8482] usb 1-1: config 0 descriptor??
[  215.462307][ T8561] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  215.482917][ T8482] yurex 1-1:0.0: USB YUREX device now attached to Yurex #0
[  215.494258][ T8473] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[  215.506494][ T4679] Dev loop2: unable to read RDB block 7
[  215.513269][ T4679]  loop2: unable to read partition table
[  215.515657][ T8473] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  215.530145][ T4679] loop2: partition table beyond EOD, truncated
[  215.552711][ T8473] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  215.599786][ T8473] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[  215.640879][ T8473] usb 4-1: New USB device found, idVendor=044f, idProduct=b653, bcdDevice= 0.00
[  215.672156][ T8473] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  215.683957][ T8473] usb 4-1: config 0 descriptor??
[  215.784904][    C0] usb 1-1: yurex_control_callback - control failed: -71
[  215.785401][ T7643] usb 1-1: USB disconnect, device number 13
[  215.811792][ T7643] yurex 1-1:0.0: USB YUREX #0 now disconnected
[  216.092011][ T8473] usbhid 4-1:0.0: can't add hid device: -71
[  216.105920][ T8577] netlink: 4 bytes leftover after parsing attributes in process `syz.4.751'.
[  216.115010][ T8473] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  216.124923][ T8473] usb 4-1: USB disconnect, device number 19
[  216.846392][ T1837] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  217.173385][ T1837] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  217.271361][ T8594] syz_tun: entered promiscuous mode
[  217.324477][ T8594] batadv_slave_0: entered promiscuous mode
[  217.516667][ T1837] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  217.539469][ T5234] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  217.549741][ T5234] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  217.559506][ T5234] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  217.569026][ T5234] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  217.577894][ T5234] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  217.585921][ T5234] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  217.738163][ T1837] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  217.868627][ T8623] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  217.875956][ T8623] IPv6: NLM_F_CREATE should be set when creating new route
[  218.013576][  T942] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  218.203398][  T942] usb 2-1: config 2 has an invalid interface number: 75 but max is 0
[  218.274822][  T942] usb 2-1: config 2 has an invalid descriptor of length 239, skipping remainder of the config
[  218.313005][ T8634] netlink: 12 bytes leftover after parsing attributes in process `syz.2.768'.
[  218.362955][  T942] usb 2-1: config 2 has no interface number 0
[  218.401707][  T942] usb 2-1: config 2 interface 75 altsetting 2 endpoint 0x1 has invalid maxpacket 28689, setting to 1024
[  218.463774][ T1837] bridge_slave_1: left allmulticast mode
[  218.469457][ T1837] bridge_slave_1: left promiscuous mode
[  218.480510][  T942] usb 2-1: config 2 interface 75 altsetting 2 bulk endpoint 0x1 has invalid maxpacket 1024
[  218.512699][  T942] usb 2-1: config 2 interface 75 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 14
[  218.527090][ T1837] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.567431][  T942] usb 2-1: config 2 interface 75 has no altsetting 0
[  218.607713][ T1837] bridge_slave_0: left allmulticast mode
[  218.626728][ T1837] bridge_slave_0: left promiscuous mode
[  218.640830][  T942] usb 2-1: New USB device found, idVendor=13d3, idProduct=3275, bcdDevice= d.89
[  218.666194][ T1837] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.685830][  T942] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.696820][ T8533] coredump: 72(syz.2.734): written to core: VMAs: 35, size 97345536; core: 59945982 bytes, pos 97353728
[  218.718038][  T942] usb 2-1: Product: ࠊ
[  218.718063][  T942] usb 2-1: Manufacturer: ௔問뇎ጥ乇潧⺓ᦈﺍ쩱䳐ꡬ㢟蛥๡쩓捐㉯ാ㡱ܞ뤧㠜뎒鹱뗃х讙艝틓ᶀ᷐䭴뀝⫦넉୾佾櫦ꮣၡ꘶ᖵ箐崼篜㿾ꈚ陻妃ﶚﳲ썚䑁爥륨嘝ꈕ聕㢠뒲ꡘ㉹伕㇪
[  218.795714][  T942] usb 2-1: SerialNumber: ␉
[  218.803336][ T7643] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  218.807608][ T8621] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  219.023830][ T7643] usb 1-1: Using ep0 maxpacket: 8
[  219.035023][ T8482] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  219.060048][ T7643] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 7
[  219.093769][ T7643] usb 1-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  219.122992][ T7643] usb 1-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  219.145485][ T7643] usb 1-1: Product: syz
[  219.149718][ T7643] usb 1-1: Manufacturer: syz
[  219.182713][ T7643] usb 1-1: SerialNumber: syz
[  219.213694][ T8482] usb 4-1: Using ep0 maxpacket: 16
[  219.221542][ T8482] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  219.267548][ T8482] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  219.280366][ T8482] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  219.305883][ T8482] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  219.340217][ T8482] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  219.399963][ T7643] usb 1-1: Handspring Visor / Palm OS: No valid connect info available
[  219.422890][ T8482] usb 4-1: config 0 descriptor??
[  219.429217][ T7643] usb 1-1: Handspring Visor / Palm OS: port 0, is for Generic use
[  219.444011][ T8657] loop2: detected capacity change from 0 to 7
[  219.451065][ T8657] Dev loop2: unable to read RDB block 7
[  219.457145][ T8657]  loop2: AHDI p1 p3 p4
[  219.481244][ T7643] usb 1-1: Handspring Visor / Palm OS: port 0, is for Generic use
[  219.492178][ T8657] loop2: partition table partially beyond EOD, truncated
[  219.508451][ T8657] loop2: p1 start 2048 is beyond EOD, truncated
[  219.514997][ T7643] usb 1-1: Handspring Visor / Palm OS: Number of ports: 2
[  219.523459][ T8657] loop2: p3 size 16779293 extends beyond EOD, truncated
[  219.666600][ T7643] visor 1-1:1.0: Handspring Visor / Palm OS converter detected
[  219.682866][ T5234] Bluetooth: hci1: command tx timeout
[  219.701366][ T7643] usb 1-1: Handspring Visor / Palm OS converter now attached to ttyUSB0
[  219.739217][ T7643] usb 1-1: Handspring Visor / Palm OS converter now attached to ttyUSB1
[  219.910777][ T8562] coredump: 200(syz.1.745): written to core: VMAs: 36, size 97419264; core: 59954230 bytes, pos 97427456
[  220.136797][ T1837] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  220.186493][ T1837] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  220.209960][ T1837] bond0 (unregistering): Released all slaves
[  220.338289][ T8620] chnl_net:caif_netlink_parms(): no params data found
[  220.577459][ T4679] Dev loop2: unable to read RDB block 7
[  220.588374][ T4679]  loop2: AHDI p1 p3 p4
[  220.594963][ T4679] loop2: partition table partially beyond EOD, truncated
[  220.661443][ T4679] loop2: p1 start 2048 is beyond EOD, truncated
[  220.689820][ T4679] loop2: p3 size 16779293 extends beyond EOD, truncated
[  220.843208][ T7643] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  220.861481][  T942] dvb-usb: found a 'AZUREWAVE DVB-S/S2 USB2.0 (AZ6027)' in cold state, will try to load a firmware
[  220.864319][ T5955] udevd[5955]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[  221.002660][ T7643] usb 3-1: Using ep0 maxpacket: 32
[  221.011276][ T7643] usb 3-1: config 1 interface 0 altsetting 129 bulk endpoint 0x1 has invalid maxpacket 8
[  221.037106][ T7643] usb 3-1: config 1 interface 0 altsetting 129 bulk endpoint 0x82 has invalid maxpacket 1023
[  221.061306][ T7643] usb 3-1: config 1 interface 0 has no altsetting 0
[  221.074551][ T8620] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.082066][ T8620] bridge0: port 1(bridge_slave_0) entered disabled state
[  221.089561][ T8620] bridge_slave_0: entered allmulticast mode
[  221.091858][ T7643] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  221.098921][ T8620] bridge_slave_0: entered promiscuous mode
[  221.118549][ T7643] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  221.122636][ T8620] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.144458][ T8620] bridge0: port 2(bridge_slave_1) entered disabled state
[  221.150829][ T7643] usb 3-1: Product: 霵⫚戳䯟졙㝶ჼ쎅㮎泀醋ඡ㒔氉ꫪ㕮덌쇛ﭳ缤츸癓煣鋏῝嗷䐂問화蠎ꀛ鎥⺼ꂣ鄿㏈뤄࠻緬뫇⁕䱑㫭㷅牫ḍṻ锷垔偪좟鮊픲醧ᝅ쒑⨖ꛝ撚
[  221.155226][ T8620] bridge_slave_1: entered allmulticast mode
[  221.172898][    C1] vkms_vblank_simulate: vblank timer overrun
[  221.196369][ T7643] usb 3-1: Manufacturer: ࠒ
[  221.201019][ T7643] usb 3-1: SerialNumber: 䠊
[  221.219825][ T8620] bridge_slave_1: entered promiscuous mode
[  221.239526][ T8669] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[  221.247134][ T8669] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[  221.370169][ T1837] hsr_slave_0: left promiscuous mode
[  221.385583][ T1837] hsr_slave_1: left promiscuous mode
[  221.401925][ T1837] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  221.409912][ T1837] batman_adv: batadv0: Removing interface: batadv_slave_0
[  221.437871][ T1837] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  221.450983][ T5221] usb 1-1: USB disconnect, device number 14
[  221.461098][ T5221] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0
[  221.485160][ T7643] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 11 if 0 alt 129 proto 1 vid 0x0525 pid 0xA4A8
[  221.505508][ T1837] batman_adv: batadv0: Removing interface: batadv_slave_1
[  221.526449][ T7643] usb 3-1: USB disconnect, device number 11
[  221.545980][ T5221] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1
[  221.567371][ T7643] usblp0: removed
[  221.586396][ T5221] visor 1-1:1.0: device disconnected
[  221.603923][ T8690] binder: 8689:8690 ioctl c0306201 20000000 returned -14
[  221.636365][ T1837] veth1_macvtap: left promiscuous mode
[  221.641960][ T1837] veth0_macvtap: left promiscuous mode
[  221.648454][ T1837] veth1_vlan: left promiscuous mode
[  221.653922][ T1837] veth0_vlan: left promiscuous mode
[  221.683556][ T8691] binder_alloc: 8689: binder_alloc_buf size 144115188075855896 failed, no address space
[  221.694551][ T8691] binder_alloc: allocated: 8 (num: 1 largest: 8), free: 4088 (num: 1 largest: 4088)
[  221.740198][ T8482] usbhid 4-1:0.0: can't add hid device: -71
[  221.753091][ T8482] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  221.762753][ T5234] Bluetooth: hci1: command tx timeout
[  221.787012][ T8482] usb 4-1: USB disconnect, device number 20
[  222.389032][ T1837] team0 (unregistering): Port device team_slave_1 removed
[  222.455043][ T1837] team0 (unregistering): Port device team_slave_0 removed
[  223.321512][ T8693] tipc: Started in network mode
[  223.342668][ T8693] tipc: Node identity 000000000000fc000000000000000001, cluster identity 4711
[  223.361994][ T8693] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  223.373206][ T8620] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  223.419049][ T8620] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  223.545717][ T8724] Invalid logical block size (1011)
[  223.595289][ T8620] team0: Port device team_slave_0 added
[  223.607529][ T8620] team0: Port device team_slave_1 added
[  223.713033][ T5285] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  223.727981][ T8620] batman_adv: batadv0: Adding interface: batadv_slave_0
[  223.751482][ T8620] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  223.778985][ T8620] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  223.793043][ T8620] batman_adv: batadv0: Adding interface: batadv_slave_1
[  223.800020][ T8620] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  223.827173][ T8620] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  223.842662][ T5234] Bluetooth: hci1: command tx timeout
[  223.903757][ T8733] loop2: detected capacity change from 0 to 7
[  223.919967][ T5285] usb 4-1: Using ep0 maxpacket: 16
[  223.929351][ T5285] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  223.946309][ T8733] Dev loop2: unable to read RDB block 7
[  223.951952][ T8733]  loop2: unable to read partition table
[  223.975780][ T8620] hsr_slave_0: entered promiscuous mode
[  223.990457][ T5285] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  224.004329][ T8733] loop2: partition table beyond EOD, truncated
[  224.025849][ T8620] hsr_slave_1: entered promiscuous mode
[  224.036281][ T5285] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  224.052685][ T8620] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  224.063060][ T8733] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  224.067258][ T8620] Cannot create hsr debugfs directory
[  224.091624][ T5285] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  224.143905][ T8742] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  224.156224][ T5285] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  224.203529][ T5285] usb 4-1: config 0 descriptor??
[  224.851644][ T8762] FAULT_INJECTION: forcing a failure.
[  224.851644][ T8762] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  224.873404][ T8762] CPU: 0 UID: 0 PID: 8762 Comm: syz.2.791 Not tainted 6.11.0-syzkaller-07337-g2004cef11ea0 #0
[  224.884907][ T8762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  224.894984][ T8762] Call Trace:
[  224.898280][ T8762]  <TASK>
[  224.901314][ T8762]  dump_stack_lvl+0x241/0x360
[  224.906023][ T8762]  ? __pfx_dump_stack_lvl+0x10/0x10
[  224.911244][ T8762]  ? __pfx__printk+0x10/0x10
[  224.915858][ T8762]  ? __pfx_lock_release+0x10/0x10
[  224.920919][ T8762]  should_fail_ex+0x3b0/0x4e0
[  224.925624][ T8762]  _copy_from_user+0x2f/0xe0
[  224.930238][ T8762]  csum_and_copy_from_iter_full+0x215/0x23b0
[  224.936258][ T8762]  ? __pfx_csum_and_copy_from_iter_full+0x10/0x10
[  224.942731][ T8762]  ? trace_kmalloc+0x1f/0xd0
[  224.947340][ T8762]  ? __kmalloc_node_track_caller_noprof+0x242/0x440
[  224.953960][ T8762]  ? __build_skb_around+0x245/0x3d0
[  224.959187][ T8762]  ip_generic_getfrag+0x158/0x310
[  224.964238][ T8762]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  224.969808][ T8762]  ? raw_getfrag+0x104/0x350
[  224.974416][ T8762]  ? skb_put+0x114/0x1f0
[  224.978684][ T8762]  __ip_append_data+0x31f8/0x41d0
[  224.983756][ T8762]  ? __pfx_raw_getfrag+0x10/0x10
[  224.988728][ T8762]  ? __pfx___ip_append_data+0x10/0x10
[  224.993331][ T8473] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  224.994109][ T8762]  ? __pfx_ipv4_mtu+0x10/0x10
[  225.006348][ T8762]  ? ip_setup_cork+0x4ae/0x8b0
[  225.011135][ T8762]  ip_append_data+0x14c/0x190
[  225.015832][ T8762]  ? __pfx_raw_getfrag+0x10/0x10
[  225.020793][ T8762]  raw_sendmsg+0x1a53/0x2490
[  225.025427][ T8762]  ? __pfx_raw_sendmsg+0x10/0x10
[  225.030396][ T8762]  ? aa_sk_perm+0x96d/0xab0
[  225.034923][ T8762]  ? __pfx_aa_sk_perm+0x10/0x10
[  225.039887][ T8762]  ? inet_sendmsg+0x330/0x390
[  225.044591][ T8762]  __sock_sendmsg+0x1a6/0x270
[  225.049289][ T8762]  ____sys_sendmsg+0x52a/0x7e0
[  225.054075][ T8762]  ? __pfx_____sys_sendmsg+0x10/0x10
[  225.059389][ T8762]  __sys_sendmsg+0x2aa/0x390
[  225.063997][ T8762]  ? __pfx___sys_sendmsg+0x10/0x10
[  225.069132][ T8762]  ? vfs_write+0x7bf/0xc90
[  225.073608][ T8762]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  225.079966][ T8762]  ? do_syscall_64+0x100/0x230
[  225.084753][ T8762]  ? do_syscall_64+0xb6/0x230
[  225.089454][ T8762]  do_syscall_64+0xf3/0x230
[  225.093976][ T8762]  ? clear_bhb_loop+0x35/0x90
[  225.098759][ T8762]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.104671][ T8762] RIP: 0033:0x7f0b4b57def9
[  225.109095][ T8762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  225.128725][ T8762] RSP: 002b:00007f0b4afff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  225.137170][ T8762] RAX: ffffffffffffffda RBX: 00007f0b4b735f80 RCX: 00007f0b4b57def9
[  225.145169][ T8762] RDX: 0000000000000000 RSI: 0000000020000780 RDI: 0000000000000004
[  225.153160][ T8762] RBP: 00007f0b4afff090 R08: 0000000000000000 R09: 0000000000000000
[  225.161147][ T8762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  225.162855][ T8473] usb 1-1: Using ep0 maxpacket: 32
[  225.169115][ T8762] R13: 0000000000000000 R14: 00007f0b4b735f80 R15: 00007f0b4b85fa28
[  225.169149][ T8762]  </TASK>
[  225.544790][ T8473] usb 1-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  225.554626][ T8473] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.566430][ T8473] usb 1-1: config 0 descriptor??
[  225.629114][ T8473] gspca_main: sunplus-2.14.0 probing 041e:400b
[  225.869731][ T8620] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  225.897350][ T5234] Bluetooth: hci5: SCO packet for unknown connection handle 0
[  225.912107][ T8620] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  225.922644][ T5234] Bluetooth: hci1: command tx timeout
[  225.946850][ T8620] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  225.957979][ T8620] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  226.073795][ T8620] 8021q: adding VLAN 0 to HW filter on device bond0
[  226.115775][ T8620] 8021q: adding VLAN 0 to HW filter on device team0
[  226.133411][ T7643] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  226.158553][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  226.165816][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  226.243233][ T6009] bridge0: port 2(bridge_slave_1) entered blocking state
[  226.250404][ T6009] bridge0: port 2(bridge_slave_1) entered forwarding state
[  226.329838][ T7643] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=a1.c9
[  226.372951][ T7643] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  226.410954][ T7643] usb 3-1: Product: syz
[  226.435015][ T7643] usb 3-1: Manufacturer: syz
[  226.453679][ T7643] usb 3-1: SerialNumber: syz
[  226.473371][ T8620] 8021q: adding VLAN 0 to HW filter on device batadv0
[  226.485831][ T8473] gspca_sunplus: reg_r err -110
[  226.493312][ T8473] sunplus 1-1:0.0: probe with driver sunplus failed with error -110
[  226.505828][ T7643] usb 3-1: config 0 descriptor??
[  226.533812][ T7643] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  226.553078][ T8473] usb 1-1: USB disconnect, device number 15
[  226.624609][ T5285] usbhid 4-1:0.0: can't add hid device: -71
[  226.631189][ T5285] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  226.651071][ T8620] veth0_vlan: entered promiscuous mode
[  226.671000][ T5285] usb 4-1: USB disconnect, device number 21
[  226.695031][ T8620] veth1_vlan: entered promiscuous mode
[  226.806348][ T8620] veth0_macvtap: entered promiscuous mode
[  226.858152][ T8620] veth1_macvtap: entered promiscuous mode
[  226.918860][ T8620] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  226.958934][ T7643] gspca_vc032x: reg_r err -71
[  226.964614][ T8620] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  226.988302][ T7643] gspca_vc032x: I2c Bus Busy Wait 00
[  227.005302][ T7643] gspca_vc032x: I2c Bus Busy Wait 00
[  227.010703][ T8620] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  227.022442][ T7643] gspca_vc032x: I2c Bus Busy Wait 00
[  227.028417][ T7643] gspca_vc032x: I2c Bus Busy Wait 00
[  227.034740][ T8620] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  227.045815][ T7643] gspca_vc032x: I2c Bus Busy Wait 00
[  227.051140][ T7643] gspca_vc032x: I2c Bus Busy Wait 00
[  227.057104][ T8620] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  227.067960][ T7643] gspca_vc032x: I2c Bus Busy Wait 00
[  227.078959][ T7643] gspca_vc032x: I2c Bus Busy Wait 00
[  227.084901][ T8620] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  227.176528][ T7643] gspca_vc032x: I2c Bus Busy Wait 00
[  227.181873][ T7643] gspca_vc032x: I2c Bus Busy Wait 00
[  227.189633][ T7643] gspca_vc032x: I2c Bus Busy Wait 00
[  227.195388][ T7643] gspca_vc032x: I2c Bus Busy Wait 00
[  227.200804][ T7643] gspca_vc032x: I2c Bus Busy Wait 00
[  227.207109][ T7643] gspca_vc032x: I2c Bus Busy Wait 00
[  227.212871][ T7643] gspca_vc032x: I2c Bus Busy Wait 00
[  227.218192][ T7643] gspca_vc032x: I2c Bus Busy Wait 00
[  227.223776][ T7643] gspca_vc032x: I2c Bus Busy Wait 00
[  227.229154][ T7643] gspca_vc032x: I2c Bus Busy Wait 00
[  227.229503][ T8620] batman_adv: batadv0: Interface activated: batadv_slave_0
[  227.235306][ T7643] gspca_vc032x: Unknown sensor...
[  227.267162][ T8620] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  227.279607][ T7643] vc032x 3-1:0.0: probe with driver vc032x failed with error -22
[  227.340089][ T7643] usb 3-1: USB disconnect, device number 12
[  227.346415][ T8620] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  227.421981][ T8620] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  227.440111][ T8620] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  227.453078][ T8620] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  227.482845][ T8620] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  227.504055][ T8620] batman_adv: batadv0: Interface activated: batadv_slave_1
[  227.559831][ T8620] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  227.572104][ T8620] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  227.591649][ T8809] loop2: detected capacity change from 0 to 7
[  227.605662][ T8620] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  227.622037][ T8620] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  227.631959][ T8809] Dev loop2: unable to read RDB block 7
[  227.663567][ T5271] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  227.683977][ T8809]  loop2: unable to read partition table
[  227.690029][ T8809] loop2: partition table beyond EOD, truncated
[  227.721892][ T8809] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  227.820473][   T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  227.828606][   T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  227.836326][   T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  227.844459][   T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  227.865578][ T5271] usb 1-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30
[  227.877199][ T5271] usb 1-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0xD1, changing to 0x81
[  227.919146][ T5271] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  227.932463][ T5234] Bluetooth: hci5: command tx timeout
[  227.932712][ T5285] usb 4-1: new full-speed USB device number 22 using dummy_hcd
[  227.950729][ T5271] usb 1-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 101
[  227.972691][ T5271] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  227.981887][ T5271] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  228.114713][ T5285] usb 4-1: config index 0 descriptor too short (expected 156, got 27)
[  228.123446][ T5285] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  228.146741][ T8736] coredump: 108(syz.2.787): written to core: VMAs: 36, size 97419264; core: 59954230 bytes, pos 97427456
[  228.179117][ T5285] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  228.242709][ T5285] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  228.270568][ T5285] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  228.300742][ T5285] usb 4-1: config 0 interface 0 has no altsetting 0
[  228.310099][ T8834] trusted_key: encrypted_key: insufficient parameters specified
[  228.333674][ T5285] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  228.350850][ T5285] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  228.362974][ T8831] netlink: 3 bytes leftover after parsing attributes in process `syz.0.797'.
[  228.382212][ T5285] usb 4-1: Product: syz
[  228.388987][ T5285] usb 4-1: Manufacturer: syz
[  228.401371][ T5285] usb 4-1: SerialNumber: syz
[  228.426347][ T8831] macsec1: entered allmulticast mode
[  228.431680][ T8831] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[  228.456582][ T5285] usb 4-1: config 0 descriptor??
[  228.476390][ T8815] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  228.504422][ T5285] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  228.538922][ T8831] netdevsim netdevsim0 netdevsim0: left allmulticast mode
[  228.548625][ T5285] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  228.907880][ T8851] netlink: 8 bytes leftover after parsing attributes in process `syz.4.804'.
[  229.068602][ T8846] netlink: 20 bytes leftover after parsing attributes in process `syz.1.803'.
[  229.080263][ T5271] ath6kl: Failed to submit usb control message: -110
[  229.107777][ T8846] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  229.120084][ T5273] usb 4-1: USB disconnect, device number 22
[  229.126300][ T5271] ath6kl: unable to send the bmi data to the device: -110
[  229.144168][ T5273] ldusb 4-1:0.0: LD USB Device #0 now disconnected
[  229.155466][ T5271] ath6kl: Unable to send get target info: -110
[  229.168082][ T8846] netlink: 8 bytes leftover after parsing attributes in process `syz.1.803'.
[  229.184658][ T5271] ath6kl: Failed to init ath6kl core: -110
[  229.248469][ T5271] ath6kl_usb 1-1:4.0: probe with driver ath6kl_usb failed with error -110
[  229.367755][ T8860] veth0_vlan: left promiscuous mode
[  229.384498][ T8860] veth0_vlan: entered promiscuous mode
[  229.415313][ T8862] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  230.170438][ T8882] loop2: detected capacity change from 0 to 7
[  230.194466][ T8882] Dev loop2: unable to read RDB block 7
[  230.202670][ T8882]  loop2: AHDI p1 p3
[  230.212590][ T8882] loop2: partition table partially beyond EOD, truncated
[  230.225165][ T8882] loop2: p1 start 2048 is beyond EOD, truncated
[  230.361066][ T8887] netlink: 'syz.3.813': attribute type 27 has an invalid length.
[  230.652215][ T5221] usb 1-1: USB disconnect, device number 16
[  230.952479][   T35] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.091319][   T35] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.142727][ T5273] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  231.178067][ T4618] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  231.189700][ T4618] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  231.198210][ T4618] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  231.208687][ T4618] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  231.219107][ T4618] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  231.229302][ T4618] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  231.314109][ T5273] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  231.332700][ T5273] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  231.360809][ T5273] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  231.396060][ T5273] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  231.449192][   T35] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.456318][ T5273] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  231.482704][ T5273] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  231.522919][ T5273] usb 1-1: Manufacturer: syz
[  231.543883][ T5273] usb 1-1: config 0 descriptor??
[  231.648867][   T35] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.782679][ T5276] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  231.940879][ T5276] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  231.984414][ T5273] appleir 0003:05AC:8243.0009: unknown main item tag 0x0
[  231.996743][ T5273] appleir 0003:05AC:8243.0009: No inputs registered, leaving
[  232.034832][ T5276] usb 3-1: config 1 has no interface number 0
[  232.040995][ T5276] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  232.070076][ T8908] delete_channel: no stack
[  232.086560][   T35] bridge_slave_1: left allmulticast mode
[  232.095649][ T5276] usb 3-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  232.099357][ T5273] appleir 0003:05AC:8243.0009: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0
[  232.113447][   T35] bridge_slave_1: left promiscuous mode
[  232.130066][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  232.152944][ T5276] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  232.231021][ T5276] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  232.250543][   T35] bridge_slave_0: left allmulticast mode
[  232.267756][ T5276] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  232.276556][   T35] bridge_slave_0: left promiscuous mode
[  232.283945][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  232.302970][ T5276] usb 3-1: Product: syz
[  232.307185][ T5276] usb 3-1: Manufacturer: syz
[  232.308511][ T5273] usb 1-1: USB disconnect, device number 17
[  232.312161][ T5276] usb 3-1: SerialNumber: syz
[  232.488381][ T8811] coredump: 122(syz.2.798): written to core: VMAs: 36, size 97419264; core: 59954230 bytes, pos 97427456
[  233.065438][ T5276] cdc_ncm 3-1:1.1: bind() failure
[  233.202769][ T7643] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  233.282730][ T5234] Bluetooth: hci2: command tx timeout
[  233.324764][ T8916] netlink: 'syz.2.819': attribute type 1 has an invalid length.
[  233.343260][ T8929] loop2: detected capacity change from 0 to 7
[  233.344816][ T8883] coredump: 242(syz.3.810): written to core: VMAs: 36, size 97419264; core: 59970614 bytes, pos 97427456
[  233.361278][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  233.369212][ T7643] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  233.371403][ T8929] Dev loop2: unable to read RDB block 7
[  233.381799][ T7643] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  233.401055][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  233.404216][ T7643] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  233.419546][ T7643] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  233.430182][ T8929]  loop2: AHDI p1 p3
[  233.443068][ T7643] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  233.443949][   T35] bond0 (unregistering): Released all slaves
[  233.452937][ T7643] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  233.473896][ T7643] usb 1-1: Manufacturer: syz
[  233.482695][ T8929] loop2: partition table partially beyond EOD, truncated
[  233.495687][ T7643] usb 1-1: config 0 descriptor??
[  233.501504][ T8911] chnl_net:caif_netlink_parms(): no params data found
[  233.508142][ T8929] loop2: p1 start 2048 is beyond EOD, truncated
[  233.901210][ T8911] bridge0: port 1(bridge_slave_0) entered blocking state
[  233.932787][ T8911] bridge0: port 1(bridge_slave_0) entered disabled state
[  233.940141][ T8911] bridge_slave_0: entered allmulticast mode
[  233.973794][ T7643] usbhid 1-1:0.0: can't add hid device: -71
[  233.979835][ T7643] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  233.988967][ T8911] bridge_slave_0: entered promiscuous mode
[  234.004518][ T7643] usb 1-1: USB disconnect, device number 18
[  234.162429][ T8911] bridge0: port 2(bridge_slave_1) entered blocking state
[  234.180180][ T8911] bridge0: port 2(bridge_slave_1) entered disabled state
[  234.216746][ T8911] bridge_slave_1: entered allmulticast mode
[  234.248000][ T8911] bridge_slave_1: entered promiscuous mode
[  234.351085][ T8942] netlink: 32 bytes leftover after parsing attributes in process `syz.3.824'.
[  234.516304][   T35] hsr_slave_0: left promiscuous mode
[  234.522304][   T35] hsr_slave_1: left promiscuous mode
[  234.552795][   T35] batman_adv: : Interface deactivated: batadv_slave_0
[  234.572800][   T35] batman_adv: : Removing interface: batadv_slave_0
[  234.592493][   T35] batman_adv: : Interface deactivated: batadv_slave_1
[  234.608645][   T35] batman_adv: : Removing interface: batadv_slave_1
[  234.656105][   T35] veth1_macvtap: left promiscuous mode
[  234.670806][   T35] veth0_macvtap: left promiscuous mode
[  234.680257][   T35] veth1_vlan: left promiscuous mode
[  234.696195][   T35] veth0_vlan: left promiscuous mode
[  234.744210][ T8482] usb 3-1: USB disconnect, device number 13
[  234.803347][   T30] INFO: task iou-wrk-5577:5581 blocked for more than 143 seconds.
[  234.840553][   T30]       Not tainted 6.11.0-syzkaller-07337-g2004cef11ea0 #0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  234.863795][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  234.901791][   T30] task:iou-wrk-5577    state:D stack:27664 pid:5581  tgid:5576  ppid:5237   flags:0x00004006
[  234.929179][   T30] Call Trace:
[  234.934144][   T30]  <TASK>
[  234.937111][   T30]  __schedule+0x1893/0x4b50
[  234.941750][   T30]  ? __pfx___schedule+0x10/0x10
[  234.961983][   T30]  ? __pfx_lock_release+0x10/0x10
[  234.977115][   T30]  ? do_raw_spin_unlock+0x13c/0x8b0
[  235.012769][   T30]  ? io_queue_worker_create+0x3ca/0x430
[  235.018389][   T30]  ? __pfx_create_worker_cb+0x10/0x10
[  235.027265][   T30]  ? schedule+0x90/0x320
[  235.031559][   T30]  schedule+0x14b/0x320
[  235.046169][   T30]  schedule_timeout+0xb0/0x310
[  235.053041][   T30]  ? __pfx_schedule_timeout+0x10/0x10
[  235.062597][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  235.073046][   T30]  ? wait_for_completion+0x2fe/0x620
[  235.078386][   T30]  ? wait_for_completion+0x2fe/0x620
[  235.100237][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  235.105868][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  235.133566][   T30]  ? wait_for_completion+0x2fe/0x620
[  235.138944][   T30]  wait_for_completion+0x355/0x620
[  235.195847][   T30]  ? __pfx_wait_for_completion+0x10/0x10
[  235.201560][   T30]  ? do_raw_spin_unlock+0x13c/0x8b0
[  235.213577][   T30]  io_wq_worker+0xaf6/0xed0
[  235.218161][   T30]  ? io_wq_worker+0x3e5/0xed0
[  235.232659][   T30]  ? __pfx_io_wq_worker+0x10/0x10
[  235.237759][   T30]  ? __pfx_io_wq_worker+0x10/0x10
[  235.243347][   T30]  ? __pfx_io_wq_worker+0x10/0x10
[  235.248402][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  235.254700][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  235.259945][   T30]  ? __pfx_io_wq_worker+0x10/0x10
[  235.265357][   T30]  ret_from_fork+0x4b/0x80
[  235.269781][   T30]  ? __pfx_io_wq_worker+0x10/0x10
[  235.287930][   T30]  ret_from_fork_asm+0x1a/0x30
[  235.298026][   T30]  </TASK>
[  235.306137][   T30] INFO: task syz.2.70:5583 blocked for more than 143 seconds.
[  235.332782][   T30]       Not tainted 6.11.0-syzkaller-07337-g2004cef11ea0 #0
[  235.335208][ T8930] coredump: 258(syz.3.823): interrupted: fatal signal pending
[  235.340093][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  235.340114][   T30] task:syz.2.70        state:D stack:27360 pid:5583  tgid:5576  ppid:5237   flags:0x00004006
[  235.372602][ T5234] Bluetooth: hci2: command tx timeout
[  235.402766][ T8930] coredump: 258(syz.3.823): written to core: VMAs: 36, size 97419264; core: 37782582 bytes, pos 75239424
[  235.432599][   T30] Call Trace:
[  235.435931][   T30]  <TASK>
[  235.438882][   T30]  __schedule+0x1893/0x4b50
[  235.465626][   T30]  ? __pfx___schedule+0x10/0x10
[  235.470549][   T30]  ? __pfx_lock_release+0x10/0x10
[  235.510126][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  235.516605][   T30]  ? schedule+0x90/0x320
[  235.520889][   T30]  schedule+0x14b/0x320
[  235.525674][   T30]  schedule_timeout+0xb0/0x310
[  235.530501][   T30]  ? __pfx_schedule_timeout+0x10/0x10
[  235.536019][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  235.541625][   T30]  __wait_for_common+0x3ed/0x6e0
[  235.546702][   T30]  ? __pfx_schedule_timeout+0x10/0x10
[  235.552258][   T30]  ? __pfx___wait_for_common+0x10/0x10
[  235.557959][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  235.563195][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  235.568562][   T30]  wait_for_completion_state+0x1c/0x40
[  235.575870][   T30]  do_coredump+0xa90/0x3470
[  235.580406][   T30]  ? stack_depot_save_flags+0x6e4/0x830
[  235.586530][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  235.592470][   T30]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  235.599193][   T30]  ? stack_trace_save+0x118/0x1d0
[  235.604636][   T30]  ? __pfx_do_coredump+0x10/0x10
[  235.609625][   T30]  ? kasan_save_track+0x3f/0x80
[  235.614615][   T30]  ? kasan_save_free_info+0x40/0x50
[  235.620125][   T30]  ? proc_coredump_connector+0x1e8/0x750
[  235.625889][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  235.632044][   T30]  ? __pfx_proc_coredump_connector+0x10/0x10
[  235.638453][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  235.643933][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  235.649174][   T30]  get_signal+0x140e/0x1810
[  235.654224][   T30]  ? __pfx_get_signal+0x10/0x10
[  235.659100][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  235.664772][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  235.670710][   T30]  arch_do_signal_or_restart+0x96/0x860
[  235.676791][   T30]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  235.684107][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  235.690669][   T30]  ? syscall_exit_to_user_mode+0xa3/0x370
[  235.707304][   T30]  syscall_exit_to_user_mode+0xc9/0x370
[  235.721029][   T30]  do_syscall_64+0x100/0x230
[  235.725948][   T30]  ? clear_bhb_loop+0x35/0x90
[  235.730658][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  235.737246][   T30] RIP: 0033:0x7f1c2837def9
[  235.741687][   T30] RSP: 002b:00007f1c291bd0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  235.750176][   T30] RAX: 00000000000000ca RBX: 00007f1c28536060 RCX: 00007f1c2837def9
[  235.758281][   T30] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1c28536064
[  235.766495][   T30] RBP: 00007f1c28536058 R08: 7fffffffffffffff R09: 0000000000000000
[  235.774553][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1c28536064
[  235.782643][   T30] R13: 0000000000000000 R14: 00007f1c2865f940 R15: 00007f1c2865fa28
[  235.790935][   T30]  </TASK>
[  235.794179][   T30] 
[  235.794179][   T30] Showing all locks held in the system:
[  235.801975][   T30] 3 locks held by kworker/u8:1/12:
[  235.807312][   T30]  #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  235.826398][   T30]  #1: ffffc90000117d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  235.841022][   T30]  #2: ffffffff8fcc9b08 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[  235.858969][   T30] 1 lock held by khungtaskd/30:
[  235.864235][   T30]  #0: ffffffff8e9389e0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[  235.882089][   T30] 4 locks held by kworker/u8:2/35:
[  235.887604][   T30]  #0: ffff88801baed948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  235.907999][   T30]  #1: ffffc90000ab7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  235.920854][   T30]  #2: ffffffff8fcbd010 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[  235.930459][   T30]  #3: ffffffff8fcc9b08 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xaa0
[  235.940748][   T30] 6 locks held by kworker/1:1/79:
[  235.945829][   T30]  #0: ffff888140ecc948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  235.957246][   T30]  #1: ffffc900020cfd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  235.969148][   T30]  #2: ffff88814431d190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150
[  235.978123][   T30]  #3: ffff888060bf6190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520
[  235.987426][   T30]  #4: ffff888060bf4160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520
[  235.997806][   T30]  #5: ffffffff8e7e1c30 (umhelper_sem){++++}-{3:3}, at: usermodehelper_read_trylock+0x140/0x300
[  236.008369][   T30] 5 locks held by kworker/0:2/942:
[  236.013579][   T30]  #0: ffff888140ecc948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  236.026167][   T30]  #1: ffffc90003d3fd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  236.038113][   T30]  #2: ffff888144318190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150
[  236.047048][   T30]  #3: ffff888060882190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520
[  236.056375][   T30]  #4: ffff888066ca9160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520
[  236.065706][   T30] 1 lock held by dhcpcd/4893:
[  236.070383][   T30]  #0: ffffffff8fcc9b08 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x2ce/0x1aa0
[  236.079631][   T30] 2 locks held by getty/4981:
[  236.084667][   T30]  #0: ffff88803235a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  236.094602][   T30]  #1: ffffc9000311b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00
[  236.105568][   T30] 4 locks held by udevd/5215:
[  236.110270][   T30]  #0: ffff88805b5231c8 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb4/0xd70
[  236.119172][   T30]  #1: ffff88802fea2488 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_seq_start+0x53/0x3b0
[  236.128667][   T30]  #2: ffff8880260ee5a8 (kn->active#25){.+.+}-{0:0}, at: kernfs_seq_start+0x72/0x3b0
[  236.139666][   T30]  #3: ffff888060bf6190 (&dev->mutex){....}-{3:3}, at: manufacturer_show+0x26/0xa0
[  236.149170][   T30] 3 locks held by kworker/1:3/5221:
[  236.154483][   T30]  #0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  236.165888][   T30]  #1: ffffc90003627d00 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  236.176323][   T30]  #2: ffffffff8e93df78 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830
[  236.187538][   T30] 4 locks held by udevd/5409:
[  236.192196][   T30]  #0: ffff888059f40b08 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb4/0xd70
[  236.201494][   T30]  #1: ffff888055cf7488 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_seq_start+0x53/0x3b0
[  236.211175][   T30]  #2: ffff888030d5b0f8 (kn->active#25){.+.+}-{0:0}, at: kernfs_seq_start+0x72/0x3b0
[  236.221106][   T30]  #3: ffff888060882190 (&dev->mutex){....}-{3:3}, at: manufacturer_show+0x26/0xa0
[  236.230535][   T30] 3 locks held by syz-executor/7993:
[  236.235877][   T30]  #0: ffff88806c494d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510
[  236.245876][   T30]  #1: ffff88806c494078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x572/0x11a0
[  236.255747][   T30]  #2: ffffffff8fe362a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240
[  236.266007][   T30] 1 lock held by syz-executor/8911:
[  236.271219][   T30]  #0: ffffffff8fcc9b08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  236.280896][   T30] 3 locks held by syz.3.823/8930:
[  236.286008][   T30]  #0: ffff888055eb4d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510
[  236.296048][   T30]  #1: ffff888055eb4078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x572/0x11a0
[  236.306212][   T30]  #2: ffffffff8fe362a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240
[  236.316349][   T30] 1 lock held by syz.0.825/8943:
[  236.321304][   T30]  #0: ffffffff8fcc9b08 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_add_ifaddr+0x1fc/0x340
[  236.331450][   T30] 3 locks held by syz.4.826/8952:
[  236.336554][   T30]  #0: ffff888078e94d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510
[  236.346571][   T30]  #1: ffff888078e94078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x572/0x11a0
[  236.356465][   T30]  #2: ffffffff8e93df78 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830
[  236.367468][   T30] 
[  236.371888][   T35] pimreg (unregistering): left allmulticast mode
[  236.376727][   T30] =============================================
[  236.376727][   T30] 
[  236.387543][   T30] NMI backtrace for cpu 1
[  236.391908][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-07337-g2004cef11ea0 #0
[  236.402087][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  236.412159][   T30] Call Trace:
[  236.415432][   T30]  <TASK>
[  236.418350][   T30]  dump_stack_lvl+0x241/0x360
[  236.423022][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  236.428206][   T30]  ? __pfx__printk+0x10/0x10
[  236.432789][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[  236.437717][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  236.443165][   T30]  ? _printk+0xd5/0x120
[  236.447318][   T30]  ? __pfx__printk+0x10/0x10
[  236.451913][   T30]  ? __wake_up_klogd+0xcc/0x110
[  236.456767][   T30]  ? __pfx__printk+0x10/0x10
[  236.461376][   T30]  ? __rcu_read_unlock+0xa1/0x110
[  236.466413][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  236.472403][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[  236.478400][   T30]  watchdog+0xff4/0x1040
[  236.482653][   T30]  ? watchdog+0x1ea/0x1040
[  236.487089][   T30]  ? __pfx_watchdog+0x10/0x10
[  236.491765][   T30]  kthread+0x2f0/0x390
[  236.495834][   T30]  ? __pfx_watchdog+0x10/0x10
[  236.500512][   T30]  ? __pfx_kthread+0x10/0x10
[  236.505095][   T30]  ret_from_fork+0x4b/0x80
[  236.509514][   T30]  ? __pfx_kthread+0x10/0x10
[  236.514104][   T30]  ret_from_fork_asm+0x1a/0x30
[  236.518910][   T30]  </TASK>
[  236.522899][   T30] Sending NMI from CPU 1 to CPUs 0:
[  236.528247][    C0] NMI backtrace for cpu 0
[  236.528261][    C0] CPU: 0 UID: 0 PID: 6009 Comm: kworker/u8:9 Not tainted 6.11.0-syzkaller-07337-g2004cef11ea0 #0
[  236.528281][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  236.528293][    C0] Workqueue: bat_events batadv_nc_worker
[  236.528318][    C0] RIP: 0010:__local_bh_disable_ip+0xbb/0x220
[  236.528342][    C0] Code: 0f 85 5e 01 00 00 4c 89 f3 48 c1 eb 03 42 80 3c 23 00 74 08 4c 89 f7 e8 d3 e3 a4 00 48 c7 44 24 60 00 00 00 00 9c 8f 44 24 60 <42> 80 3c 23 00 74 08 4c 89 f7 e8 c6 e2 a4 00 48 8d 7c 24 40 4c 8b
[  236.528357][    C0] RSP: 0018:ffffc900031a79c0 EFLAGS: 00000246
[  236.528370][    C0] RAX: 0000000080000000 RBX: 1ffff92000634f44 RCX: 000000000000003d
[  236.528382][    C0] RDX: 1ffff110052d7c89 RSI: 0000000000000201 RDI: ffffffff8b899548
[  236.528394][    C0] RBP: ffffc900031a7a98 R08: ffffffff9424f85f R09: 1ffffffff2849f0b
[  236.528407][    C0] R10: dffffc0000000000 R11: fffffbfff2849f0c R12: dffffc0000000000
[  236.528420][    C0] R13: 1ffff92000634f3c R14: ffffc900031a7a20 R15: 0000000000000201
[  236.528432][    C0] FS:  0000000000000000(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000
[  236.528447][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  236.528459][    C0] CR2: 000055e7a5f3af20 CR3: 000000000e734000 CR4: 00000000003506f0
[  236.528473][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  236.528483][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  236.528495][    C0] Call Trace:
[  236.528502][    C0]  <NMI>
[  236.528509][    C0]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[  236.528528][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  236.528552][    C0]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  236.528568][    C0]  ? nmi_handle+0x2a/0x5a0
[  236.528591][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  236.528612][    C0]  ? nmi_handle+0x14f/0x5a0
[  236.528628][    C0]  ? nmi_handle+0x2a/0x5a0
[  236.528644][    C0]  ? __local_bh_disable_ip+0xbb/0x220
[  236.528664][    C0]  ? default_do_nmi+0x63/0x160
[  236.528683][    C0]  ? exc_nmi+0x123/0x1f0
[  236.528700][    C0]  ? end_repeat_nmi+0xf/0x53
[  236.528726][    C0]  ? batadv_nc_purge_paths+0xe8/0x3b0
[  236.528745][    C0]  ? __local_bh_disable_ip+0xbb/0x220
[  236.528771][    C0]  ? __local_bh_disable_ip+0xbb/0x220
[  236.528792][    C0]  ? __local_bh_disable_ip+0xbb/0x220
[  236.528813][    C0]  </NMI>
[  236.528819][    C0]  <TASK>
[  236.528824][    C0]  ? __local_bh_enable_ip+0x168/0x200
[  236.528844][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[  236.528864][    C0]  ? batadv_nc_purge_paths+0xe8/0x3b0
[  236.528884][    C0]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  236.528904][    C0]  ? __local_bh_enable_ip+0x168/0x200
[  236.528925][    C0]  ? batadv_nc_purge_paths+0x312/0x3b0
[  236.528945][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  236.528967][    C0]  ? batadv_nc_purge_paths+0xe8/0x3b0
[  236.528986][    C0]  ? batadv_nc_purge_paths+0xe8/0x3b0
[  236.529007][    C0]  _raw_spin_lock_bh+0x1c/0x50
[  236.529028][    C0]  ? __pfx_batadv_nc_to_purge_nc_path_decoding+0x10/0x10
[  236.529049][    C0]  batadv_nc_purge_paths+0xe8/0x3b0
[  236.529075][    C0]  batadv_nc_worker+0x365/0x610
[  236.529096][    C0]  ? process_scheduled_works+0x976/0x1850
[  236.529117][    C0]  process_scheduled_works+0xa63/0x1850
[  236.529151][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  236.529176][    C0]  ? assign_work+0x364/0x3d0
[  236.529198][    C0]  worker_thread+0x870/0xd30
[  236.529223][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  236.529246][    C0]  ? __kthread_parkme+0x169/0x1d0
[  236.529269][    C0]  ? __pfx_worker_thread+0x10/0x10
[  236.529290][    C0]  kthread+0x2f0/0x390
[  236.529306][    C0]  ? __pfx_worker_thread+0x10/0x10
[  236.529327][    C0]  ? __pfx_kthread+0x10/0x10
[  236.529342][    C0]  ret_from_fork+0x4b/0x80
[  236.529364][    C0]  ? __pfx_kthread+0x10/0x10
[  236.529380][    C0]  ret_from_fork_asm+0x1a/0x30
[  236.529409][    C0]  </TASK>
[  236.534207][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  236.534223][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-07337-g2004cef11ea0 #0
[  236.534244][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  236.534255][   T30] Call Trace:
[  236.534262][   T30]  <TASK>
[  236.534270][   T30]  dump_stack_lvl+0x241/0x360
[  236.534299][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  236.534322][   T30]  ? __pfx__printk+0x10/0x10
[  236.534342][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  236.534370][   T30]  ? vscnprintf+0x5d/0x90
[  236.534389][   T30]  panic+0x349/0x880
[  236.534411][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  236.534431][   T30]  ? __pfx_panic+0x10/0x10
[  236.534449][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[  236.534467][   T30]  ? __irq_work_queue_local+0x137/0x410
[  236.534489][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  236.534507][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  236.534534][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[  236.534554][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[  236.534574][   T30]  watchdog+0x1033/0x1040
[  236.534596][   T30]  ? watchdog+0x1ea/0x1040
[  236.534620][   T30]  ? __pfx_watchdog+0x10/0x10
[  236.534640][   T30]  kthread+0x2f0/0x390
[  236.534657][   T30]  ? __pfx_watchdog+0x10/0x10
[  236.534676][   T30]  ? __pfx_kthread+0x10/0x10
[  236.534693][   T30]  ret_from_fork+0x4b/0x80
[  236.534714][   T30]  ? __pfx_kthread+0x10/0x10
[  236.534730][   T30]  ret_from_fork_asm+0x1a/0x30
[  236.534762][   T30]  </TASK>
[  237.053053][   T30] Kernel Offset: disabled
[  237.057365][   T30] Rebooting in 86400 seconds..