last executing test programs:

26.444084773s ago: executing program 3 (id=1631):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000200)={0xaa, 0x251})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
r3 = dup3(0xffffffffffffffff, r2, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x2)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000780)={0x14, 0x0, &(0x7f0000000440)=[@enter_looper, @request_death], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000000)={0x4}, 0x10)
write(r4, &(0x7f0000000080)="240000001a007f0214f9f4070009040803000000000000", 0x17)
getsockopt$IP_VS_SO_GET_TIMEOUT(r4, 0x0, 0x486, &(0x7f0000000100), 0x0)

22.796328436s ago: executing program 3 (id=1634):
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
utime(0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0)
add_key(&(0x7f0000000240)='asymmetric\x00', 0x0, &(0x7f0000000400)="4e35c482bd7573cb9189c0416d2dd856212ef6ba67fc1070db37d9a570c3365417df364beac48027bf7ff56c6150b84afa3acf3a0e360025db40da074973", 0x3e, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="611570000000000061136c0000000000bf3000000000000007000000ee0016055e03010000000000160500000000000069163e0000000000bf07000000000000260507000fff07206706000020000000140600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23480b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2334ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83db12460a0768fd4b62be6c41eed307048bac8d1f7f164574241e06027654b248dcc38749eee0c1ee7c61b3f6411a559c3d45637b11e440ed5a99109b8e71d28c3d677af5f0499c6d3fc6a129775056958c9df824ebe5fa9fb306b24a8a8334910627d03efe69d4b61c4345f048c5da8aca16cea848fa77d2507c920a6bd654b00e07789382ed902c80deeff2fd5c78f42e4353e5360c3e55962efd1331e6736eaf4ee27736fa54803ee8ec1a15266ffcd8b30368740b584c2559e691e542cab3d49db327db62328f159d1e0900b3e23e84dedcd1377aa15dbeab7db181bd66980c3557c7d9f7377fcb6023accb5c368a121acf70e5f4c3f2a0ea07011c7149ea979cab2ee65cf7ffa29152b7a8fed89575e6e6fd77d4d9463d21775abac886ee6a1f2d7d8523840438a73d6307a87e2f525867fc3af7ab74520a773ae26bae74cdd405a211e8833e1ba523cde51d04a7ca6732"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x2)
seccomp$SECCOMP_SET_MODE_FILTER(0x3f, 0x1, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x2800, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'macvlan0\x00'})
socket$phonet_pipe(0x23, 0x5, 0x2)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB, @ANYBLOB="08000200", @ANYRES32=r2], 0x50}}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000480)={0x2, &(0x7f0000000340)=[{0x3, 0xff, 0x9, 0xfffffffb}, {0x7f, 0x10, 0x1, 0x80000000}]})

14.444317455s ago: executing program 2 (id=1655):
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmsg$alg(r2, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched_retired(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0)
recvmmsg(r2, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f00000025c0)=""/4114, 0x1012}], 0x1}}, {{0x0, 0x0, &(0x7f0000001ec0)=[{&(0x7f0000004c00)=""/4105, 0x1009}], 0x1}}], 0x2, 0x0, 0x0)

13.995064241s ago: executing program 2 (id=1657):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
syz_io_uring_setup(0x2c89, 0x0, 0x0, &(0x7f0000000140))
fsopen(&(0x7f0000000200)='mqueue\x00', 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x5, &(0x7f0000000080)=0x7, 0x4)

13.816117173s ago: executing program 2 (id=1658):
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip6_mr_vif\x00')
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r0])
r1 = syz_io_uring_setup(0x2e3b, &(0x7f0000000240)={0x0, 0x482b, 0x10100, 0x1}, &(0x7f00000003c0)=<r2=>0x0, &(0x7f0000000300)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xb7a, &(0x7f0000000080)=[{&(0x7f00000005c0)=""/148, 0x94}], 0x1})
io_uring_enter(r1, 0x567, 0xa1ff, 0x0, 0x0, 0x0)

13.737723575s ago: executing program 2 (id=1660):
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x103000, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = eventfd2(0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
ioctl$KVM_CREATE_PIT2(r5, 0x4040ae77, &(0x7f0000000180))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x12, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0xa, 0x8000, 0x40, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x3, 0x0, 0x0, 0x7fffffff, 0x1, 0x0, 0x7fffffff], 0xeeee0000, 0x800})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8f}, 0x0)
r7 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1b, 0x0}}], 0x17fd147c801ae9af, 0xff00)
r8 = syz_pidfd_open(r7, 0x0)
ioctl$FS_IOC_GETVERSION(r8, 0xc040ff0b, &(0x7f0000000180))
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r9 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r9, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_HYPERV_EVENTFD(r2, 0x4018aebd, &(0x7f0000000280)={0x3ffc, r3})
close(r2)
r10 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000080)={'veth0_macvtap\x00', <r11=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x200, {0x0, 0x0, 0x0, r11, {0x0, 0x7}, {}, {0x8, 0x10}}}, 0x24}}, 0x0)
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01005759ab9ad3347ec64d4466723660b7000008", @ANYRES32=r0, @ANYBLOB='\x00'/20, @ANYRES32=r11, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018110000", @ANYRES32=r12, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000725e850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

8.485156169s ago: executing program 1 (id=1667):
r0 = epoll_create1(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
epoll_create1(0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r2 = socket$pppoe(0x18, 0x1, 0x0)
fsopen(0x0, 0x1)
connect$pppoe(r2, &(0x7f0000000040)={0x18, 0x0, {0x3, @random="bb7fb37b9489", 'bond0\x00'}}, 0x1e)
sendmmsg(r2, &(0x7f0000002340)=[{{0x0, 0x0, 0x0}}], 0x3e8, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r4, &(0x7f0000000100)={0x20000014})
pselect6(0x40, &(0x7f0000000040)={0x9, 0x9, 0x0, 0x8cce, 0x22, 0x4, 0x3, 0x1000}, &(0x7f00000000c0)={0xe66, 0x0, 0x6323, 0x2, 0xc, 0xd, 0x1, 0x2}, &(0x7f0000000140)={0x7fffffffffffffff, 0x7, 0x1, 0x6, 0x2, 0xfff, 0x3, 0x9}, &(0x7f0000000200)={0x0, 0x989680}, &(0x7f0000000280)={&(0x7f0000000240)={[0x8]}, 0x8})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f0000000780)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
r6 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0xc0686611, &(0x7f0000000180)={0x900, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r0, &(0x7f0000000000)={0xa0000001})
epoll_wait(r5, &(0x7f0000000340)=[{}], 0x1, 0x1000)

8.342167441s ago: executing program 3 (id=1668):
syz_io_uring_setup(0x3b, &(0x7f00000001c0)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f0000000100))
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000480))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000140)=@newqdisc={0x24, 0x24, 0x3fe3aa0262d8c59b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x6, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x24000000}, 0x40004)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r7 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29"], 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_CONNECT(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x6c}}, 0x0)

7.783939299s ago: executing program 0 (id=1669):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20, @local}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x6, 0x3, &(0x7f00000039c0)=ANY=[@ANYBLOB="180000000300000000000000a012544f95002b000000000093adffa82255f674412d020000000000005ab527ee3697f1ed4436dd1164b1b3f427f6ba6b34f98125f30e631d273683626e00dc254d570d4a6b78a5833488cfe410090000004aa900003d3cd62f00158e6eee8501000000520a0000151d016e6cafbe9309aba218812868a51d129e78f6ae170bf5a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b000024b9dd1145d03ff45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e8b701d2d17ebc406e89dcbb7677e6528b0856e31eb9474c0106fc48e1f8c1a5f6945ac24cf609068f6ff21e88b3cfc22df01d51e242443618c02e0a428da651366e4bac9d97328fa2a82b5e8741e02056d933bedf59ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e148bf56497e5d56d06c7551b870b2851c3f0a1aab7158edeeccd92e3a88dc0f432187ce92d7b17a21c8f1b3369ebfcb4cb2946601b0f04edb256c604f068773f6db9d661bd7f0e2536f00000000000000005521458b7d1e341c6f864f983d745f5865aad41d29158ae7602a2d6cd415e8351ebc283df54d6bec664709ff03f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121a96eb373845255012e028cb2654d493afb4b35faae176f99b745eda2967199cc93685bb444f9bc50713061385537e8e4871d4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d0007ae4e1e347c0cff28235a6bb7aa3804b907a8f2880c5cb1cb385e6add14652003c7cdd3324f07d1ff07000000000000000009dd872ec64fa6c718bbd1aa591140cff0be4c6f8df084c5e9734ae30aa9afdc7125f01ab03a9b1074407136b4506000f0916aada035df2e0452a9b39e73aeeb6eaf14652dda689e2051d9b7eb85f3f2d5ab2c51944da8d7391d5b6b97419a3b76600cd1aa0afe5f8f46df4c5124ca425d374b371867a79b31f3f514573f1e30d1fd2d763f3ee9210b15c1d60be2168fffcd599a2cb77f124e22f87673675805494db821f39b50d5fd8c6b2a3a324c257bc97def5f07f2b77f05a4f81a9cf8110971b749ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c4407eca22debc99335583b00013c3130978fa069af8223b38ced735c2d90c6d84c30a0d87d42647489b39601be5c27696cf2f16625c0c102000000000000009ef52134842e64171f3963841086e3797a4825d081f240080000534187738655d7a6240412c8f283cc0c1eba2866dc9580000000000000007fffffffff554b82d9c162f3556076b80552d961ca74d1ffdaccf0ea5f02e0163a9ccb9087e6c3b3917bb74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb01f7ada800e50000000000fdaf2f7b3b79a433e08074ea2462974ab2cbd2190780fa39c43ea647eb1cfa2638f56daee57ed14bc74de0fd87a9ce638190f3570e0b4c80ef682df22237270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433d866665b98ca2002c836e89feef904c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc8d0834fb8d124638fec58faeb4c16abb440df2a694f4cdcaa4f65c22f000000000000000000000000000d503d79906958102000000000000000000001ffff0ef89b2a68d2bb2dd163e863314e8449801b52bb93f6c9084659ce777dda8563c859656a357770289a61faa95a82bf1cfb7f2f97252e9322abe282c3344fc6738b4467893b9bf0000000000000001062a35376413c29f7c6f7bde29b9f4bddd5e328661f4615e627a6f608ad53a4168fe8e5d7d934aa289b4bd2b870000000000000000000000000000fc4b4ff50000009b777883a02ffd92dfc4cb4114b9f9cf4ad155110cd3ace2b322ae31bfa27847c799c8869a1ea5018e525e6383ad7fd9795170e7b11e247603000000001459c7f606d721d3979676bffb3049166ab84ac1061991bd57c2566c10c296352a5105b6164e3f2491e4793e2b70590dcc71f110da96366c40dd44a2c9882d3aa0f8a797b8fea6efcfb5276b7679f15559cdaabf5fc14add71d0bca37405ded69b77ab4a3d7487fd50c5002adef9546abb7a2d9c085b189b5ff30e4e0c13f60870fde1f88d830b11002135e8e7262f29b6d7923bfbe0bd2a8be179e56b41ff3792cee2fc37eee739c3008ce740d8804f8e705f0dc59d000021363e8df94ff175b48dc8c12def681a11647946595445bf1cb7d2778cd27a6b3b2966b08be600000020a8a711d193bae0ab2db9ed9c6cb3c3de42ab89524414cae922141f7baf17ebb790ad60bd0387837e63f9880fd70259e35590afb4843cd4e9989398eaa89cefb3aa13cab8d015cbaf1561d95362decd73b8f8cbf8269cac091cfaaa3c7e46d6e79145fc0f1d1b383752ccb40515a772356d746914540216adf4c0f44f1cff3760afa252720ec6dad3a98671ecdaff46cddffb1f05a0c0976070d603a442d014822369fa3eacbb69bd1b0a074357acd5d02161fed146ad3aa15d2b8101b7bd1e091ada78ecd50181f4b35cae1b29aff91494c916323b61f815c4e0701657087ad11eef97952921365bc898ba2c76a9b6e0052f43b1ad2dfdf3f958fc1d32e692bc8846c78a956ada453c67c1c2cdc4f8b1c94e9adc106e85b31e030d955c5578e107a6e8ca0d4dd05344c3e2af25d9a3b0f7805624016aeab271a75f0bacb101a156ef8948064569154a7de08f80e4df4c339b69431b0a5671097d89212b465b0b32275deae10a77e334c9fc074d181bdeb5be80a6249d472e78e6be57a5ccd354cf181e099605a644ecade221a2be926210b2690d09e4b7a3dea25403397439979c27d5613262de10bacecfff2d58437f012df4252c018795310c25e8fce18ed366ac2caade564ca869727a7d63c26271e17d7aba48971835530311545273d3caadeb5d2017dc816126b6f2068f68a4111ddd587b5df4b5d8f1ce00231a2092eb2e797c491a1e66f73606fd95bb01b53a2d862b6262f0259da51ff7517ace7361460a4669a97f7d0bf095c2787f00bdbfee19670d1e0ec5e6c3cb09972fa4d94986157b96d6695177c99d83716651129320924352cda7b8ead91c3301af620c1e8d7004d29ad77f54836779600bb0b247139d429df96362db3ecfbd36fa8164fabdcf2e58b720e8e1c03a74daf593f92a8ecc03f8c8e3af9ae07dc03780cc0d69da9e3528c1693fb51998731992ceb27dcc0be5be4decefe41b78bc1847bf54b087e095172f06cfa6d4bf958b1d4544947ff1230655199db4f475006047fe83caca97758dffa53cee764f85932eb20d54241b2d515c0826dfe1f0f40ae920455a4548fb35e2a345c05b1c252b7877bb3d834b0b3579a36249146f832ef258df5127318c7017ac1a996c4f902f82deb60fd113ccf812d55ffd625057bd4ff3960992b85bc8d32edfca386be16b1c549aec52e31e1405f86c7760282901750b732ec06b0db735222a56f3ebb16fad3e9269495230cd88b0ea2e3affa196a2f0adf733bc6afd37a659ecc933d636c1b27d3a16c5ea25301f9b5789e4aa8e7228e3002f146aa5e575bb74b1ebb82147edf8161d362704377058e887c608be8719ea1b6c490f79e0832e2ddd7e217c7adddd4731e032d7eb35bdc38160c676d840e2e8be9033a686cf7061f5f55e2851736aa8c2f3bad8ac05c048e20d8c03b68008a70b8f80c93ebd2ababb5c65fe9abc4642d7b58d8c93efd7b6b39c68a16d75a7852dfc37a6a50cb28a9b6f685a465d08fc603d81d8ddd5296fae97be1401a8be7748a71fcdc85ba2049e96c4e6dce59b88cd5472726bc237fbcf3ffcbf32e2aac9b2f9d6013b59780ded723b08c767fa091e2fa4d51863500fcd5041bcc98a685504835743194113ea0b97b4f9ddc395b9ac4defefadd37a8871fd91f31a56eb96ecf90000000000000000000000000000000000000000000c447ea475c236c3b7f24079fe375f3f861fc54d9d8a04a6cb8c0dbf9e9cc53a84a5795ae5ebcbd825e3572df16fbdcd395e995fa4fcbbf31583d9e1d3ff537f401a3139200a8bd2122157887199cd54075a4d5b29935dda5c6aa0f3ac6895eb73c7abbd4603abdaa8629dedb2cab0fa80f9514ad310491a9a300015c18cdfd9342cff50d849d7516134d45d1a8cf157abe0c79de543993cf689f8a7113508fbf8a610417045e6c38a5d4ff4656dbd9656ad6ce625e1674ab57944ebb834743a248a2be304ba1e037cb63a169d340be8befc1b238aa26e24"], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0xb7, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0xfffffffe, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240), 0xaaa43, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
setrlimit(0x1, 0x0)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet(0xa, 0x801, 0x84)
ioctl$DRM_IOCTL_MODE_SETPLANE(0xffffffffffffffff, 0xc03064b7, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0})
r2 = socket(0x2b, 0x80801, 0x1)
symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
setxattr$incfs_size(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000200), 0x0, 0x0, 0x3)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x1a, 0x0, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r2)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan0\x00'})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r2, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000580)=ANY=[@ANYRES16=r3, @ANYBLOB="340af72170007cdbdf2581efffff0900060008021100000000000600660015000000339d1e1218c10328279b1392816182d4a0ebe58f2665d5f1e84b1c087b07eff24a6a55d3579b14f9ef96b509cde8224b010d35a77cc2ffe860055b15323885d486d716c315608ab7a4611788523f2d537ec4d7137ef8839cf754354f1fbe3a4f11d4d5f7a50345fc345fae9a4ab6c2c785320e0ed9ca9822cbdbea20a18abef58fcbec63b84471c4c739f4ae0b8faa8012f48c57156a037512c2b5e63addc19f7e61b4b337e8ace243ce4953f1dd4a6cf4ee0073fa8f3906eba9450a2c69bad12641249fa9b37061c632a91d13bf21743abde7d55f"], 0x28}, 0x1, 0x0, 0x0, 0x4080}, 0x8014)
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000000)='minix\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

7.082390209s ago: executing program 0 (id=1670):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20, @local}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x6, 0x3, &(0x7f00000039c0)=ANY=[@ANYBLOB="180000000300000000000000a012544f95002b000000000093adffa82255f674412d020000000000005ab527ee3697f1ed4436dd1164b1b3f427f6ba6b34f98125f30e631d273683626e00dc254d570d4a6b78a5833488cfe410090000004aa900003d3cd62f00158e6eee8501000000520a0000151d016e6cafbe9309aba218812868a51d129e78f6ae170bf5a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b000024b9dd1145d03ff45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e8b701d2d17ebc406e89dcbb7677e6528b0856e31eb9474c0106fc48e1f8c1a5f6945ac24cf609068f6ff21e88b3cfc22df01d51e242443618c02e0a428da651366e4bac9d97328fa2a82b5e8741e02056d933bedf59ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e148bf56497e5d56d06c7551b870b2851c3f0a1aab7158edeeccd92e3a88dc0f432187ce92d7b17a21c8f1b3369ebfcb4cb2946601b0f04edb256c604f068773f6db9d661bd7f0e2536f00000000000000005521458b7d1e341c6f864f983d745f5865aad41d29158ae7602a2d6cd415e8351ebc283df54d6bec664709ff03f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121a96eb373845255012e028cb2654d493afb4b35faae176f99b745eda2967199cc93685bb444f9bc50713061385537e8e4871d4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d0007ae4e1e347c0cff28235a6bb7aa3804b907a8f2880c5cb1cb385e6add14652003c7cdd3324f07d1ff07000000000000000009dd872ec64fa6c718bbd1aa591140cff0be4c6f8df084c5e9734ae30aa9afdc7125f01ab03a9b1074407136b4506000f0916aada035df2e0452a9b39e73aeeb6eaf14652dda689e2051d9b7eb85f3f2d5ab2c51944da8d7391d5b6b97419a3b76600cd1aa0afe5f8f46df4c5124ca425d374b371867a79b31f3f514573f1e30d1fd2d763f3ee9210b15c1d60be2168fffcd599a2cb77f124e22f87673675805494db821f39b50d5fd8c6b2a3a324c257bc97def5f07f2b77f05a4f81a9cf8110971b749ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c4407eca22debc99335583b00013c3130978fa069af8223b38ced735c2d90c6d84c30a0d87d42647489b39601be5c27696cf2f16625c0c102000000000000009ef52134842e64171f3963841086e3797a4825d081f240080000534187738655d7a6240412c8f283cc0c1eba2866dc9580000000000000007fffffffff554b82d9c162f3556076b80552d961ca74d1ffdaccf0ea5f02e0163a9ccb9087e6c3b3917bb74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb01f7ada800e50000000000fdaf2f7b3b79a433e08074ea2462974ab2cbd2190780fa39c43ea647eb1cfa2638f56daee57ed14bc74de0fd87a9ce638190f3570e0b4c80ef682df22237270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433d866665b98ca2002c836e89feef904c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc8d0834fb8d124638fec58faeb4c16abb440df2a694f4cdcaa4f65c22f000000000000000000000000000d503d79906958102000000000000000000001ffff0ef89b2a68d2bb2dd163e863314e8449801b52bb93f6c9084659ce777dda8563c859656a357770289a61faa95a82bf1cfb7f2f97252e9322abe282c3344fc6738b4467893b9bf0000000000000001062a35376413c29f7c6f7bde29b9f4bddd5e328661f4615e627a6f608ad53a4168fe8e5d7d934aa289b4bd2b870000000000000000000000000000fc4b4ff50000009b777883a02ffd92dfc4cb4114b9f9cf4ad155110cd3ace2b322ae31bfa27847c799c8869a1ea5018e525e6383ad7fd9795170e7b11e247603000000001459c7f606d721d3979676bffb3049166ab84ac1061991bd57c2566c10c296352a5105b6164e3f2491e4793e2b70590dcc71f110da96366c40dd44a2c9882d3aa0f8a797b8fea6efcfb5276b7679f15559cdaabf5fc14add71d0bca37405ded69b77ab4a3d7487fd50c5002adef9546abb7a2d9c085b189b5ff30e4e0c13f60870fde1f88d830b11002135e8e7262f29b6d7923bfbe0bd2a8be179e56b41ff3792cee2fc37eee739c3008ce740d8804f8e705f0dc59d000021363e8df94ff175b48dc8c12def681a11647946595445bf1cb7d2778cd27a6b3b2966b08be600000020a8a711d193bae0ab2db9ed9c6cb3c3de42ab89524414cae922141f7baf17ebb790ad60bd0387837e63f9880fd70259e35590afb4843cd4e9989398eaa89cefb3aa13cab8d015cbaf1561d95362decd73b8f8cbf8269cac091cfaaa3c7e46d6e79145fc0f1d1b383752ccb40515a772356d746914540216adf4c0f44f1cff3760afa252720ec6dad3a98671ecdaff46cddffb1f05a0c0976070d603a442d014822369fa3eacbb69bd1b0a074357acd5d02161fed146ad3aa15d2b8101b7bd1e091ada78ecd50181f4b35cae1b29aff91494c916323b61f815c4e0701657087ad11eef97952921365bc898ba2c76a9b6e0052f43b1ad2dfdf3f958fc1d32e692bc8846c78a956ada453c67c1c2cdc4f8b1c94e9adc106e85b31e030d955c5578e107a6e8ca0d4dd05344c3e2af25d9a3b0f7805624016aeab271a75f0bacb101a156ef8948064569154a7de08f80e4df4c339b69431b0a5671097d89212b465b0b32275deae10a77e334c9fc074d181bdeb5be80a6249d472e78e6be57a5ccd354cf181e099605a644ecade221a2be926210b2690d09e4b7a3dea25403397439979c27d5613262de10bacecfff2d58437f012df4252c018795310c25e8fce18ed366ac2caade564ca869727a7d63c26271e17d7aba48971835530311545273d3caadeb5d2017dc816126b6f2068f68a4111ddd587b5df4b5d8f1ce00231a2092eb2e797c491a1e66f73606fd95bb01b53a2d862b6262f0259da51ff7517ace7361460a4669a97f7d0bf095c2787f00bdbfee19670d1e0ec5e6c3cb09972fa4d94986157b96d6695177c99d83716651129320924352cda7b8ead91c3301af620c1e8d7004d29ad77f54836779600bb0b247139d429df96362db3ecfbd36fa8164fabdcf2e58b720e8e1c03a74daf593f92a8ecc03f8c8e3af9ae07dc03780cc0d69da9e3528c1693fb51998731992ceb27dcc0be5be4decefe41b78bc1847bf54b087e095172f06cfa6d4bf958b1d4544947ff1230655199db4f475006047fe83caca97758dffa53cee764f85932eb20d54241b2d515c0826dfe1f0f40ae920455a4548fb35e2a345c05b1c252b7877bb3d834b0b3579a36249146f832ef258df5127318c7017ac1a996c4f902f82deb60fd113ccf812d55ffd625057bd4ff3960992b85bc8d32edfca386be16b1c549aec52e31e1405f86c7760282901750b732ec06b0db735222a56f3ebb16fad3e9269495230cd88b0ea2e3affa196a2f0adf733bc6afd37a659ecc933d636c1b27d3a16c5ea25301f9b5789e4aa8e7228e3002f146aa5e575bb74b1ebb82147edf8161d362704377058e887c608be8719ea1b6c490f79e0832e2ddd7e217c7adddd4731e032d7eb35bdc38160c676d840e2e8be9033a686cf7061f5f55e2851736aa8c2f3bad8ac05c048e20d8c03b68008a70b8f80c93ebd2ababb5c65fe9abc4642d7b58d8c93efd7b6b39c68a16d75a7852dfc37a6a50cb28a9b6f685a465d08fc603d81d8ddd5296fae97be1401a8be7748a71fcdc85ba2049e96c4e6dce59b88cd5472726bc237fbcf3ffcbf32e2aac9b2f9d6013b59780ded723b08c767fa091e2fa4d51863500fcd5041bcc98a685504835743194113ea0b97b4f9ddc395b9ac4defefadd37a8871fd91f31a56eb96ecf90000000000000000000000000000000000000000000c447ea475c236c3b7f24079fe375f3f861fc54d9d8a04a6cb8c0dbf9e9cc53a84a5795ae5ebcbd825e3572df16fbdcd395e995fa4fcbbf31583d9e1d3ff537f401a3139200a8bd2122157887199cd54075a4d5b29935dda5c6aa0f3ac6895eb73c7abbd4603abdaa8629dedb2cab0fa80f9514ad310491a9a300015c18cdfd9342cff50d849d7516134d45d1a8cf157abe0c79de543993cf689f8a7113508fbf8a610417045e6c38a5d4ff4656dbd9656ad6ce625e1674ab57944ebb834743a248a2be304ba1e037cb63a169d340be8befc1b238aa26e24"], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0xb7, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0xfffffffe, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$kcm(0x29, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240), 0xaaa43, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
setrlimit(0x1, 0x0)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet(0xa, 0x801, 0x84)
ioctl$DRM_IOCTL_MODE_SETPLANE(0xffffffffffffffff, 0xc03064b7, 0x0)
r2 = syz_open_dev$dri(0x0, 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0})
r3 = socket(0x2b, 0x80801, 0x1)
symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
setxattr$incfs_size(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000200), 0x0, 0x0, 0x3)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r3, 0x0, 0x1a, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00'})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r3, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000580)=ANY=[@ANYRES16, @ANYBLOB="340af72170007cdbdf2581efffff0900060008021100000000000600660015000000339d1e1218c10328279b1392816182d4a0ebe58f2665d5f1e84b1c087b07eff24a6a55d3579b14f9ef96b509cde8224b010d35a77cc2ffe860055b15323885d486d716c315608ab7a4611788523f2d537ec4d7137ef8839cf754354f1fbe3a4f11d4d5f7a50345fc345fae9a4ab6c2c785320e0ed9ca9822cbdbea20a18abef58fcbec63b84471c4c739f4ae0b8faa8012f48c57156a037512c2b5e63addc19f7e61b4b337e8ace243ce4953f1dd4a6cf4ee0073fa8f3906eba9450a2c69bad12641249fa9b37061c632a91d13bf21743abde7d55f"], 0x28}, 0x1, 0x0, 0x0, 0x4080}, 0x8014)
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000000)='minix\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

5.965208125s ago: executing program 0 (id=1672):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r3, &(0x7f0000000140), 0x10)
sendmsg$can_bcm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r5=>0x0})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x3, 0x261, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000540)={r6, &(0x7f0000000400)="c7", &(0x7f0000000380)=@tcp6}, 0x20)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000340)={{r6}, &(0x7f0000000d00), &(0x7f00000003c0)='%pS    \x00'}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f00000000c0)={r6, &(0x7f00000001c0), 0x0}, 0x20)
sendmsg$can_bcm(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="0600"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x2004c800)

5.105247987s ago: executing program 3 (id=1673):
socket$nl_xfrm(0x10, 0x3, 0x6)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80, @void, @value}, 0x94)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000440), 0x2)
r4 = memfd_create(&(0x7f00000009c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x3)
ftruncate(r4, 0xffff)
fcntl$addseals(r4, 0x409, 0x7)
r5 = ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f0000000100)={r4, 0x0, 0x0, 0x1000})
ioctl$DMA_BUF_IOCTL_SYNC(r5, 0x40086200, &(0x7f0000000080)=0x2)
ioctl$DMA_BUF_IOCTL_SYNC(r5, 0x40086200, &(0x7f00000000c0)=0x5)

5.045123068s ago: executing program 1 (id=1674):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0x10, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500a51cec5e2d137c85000005000000bf91000000000000b702"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x5384b9927ce1a186, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ff"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

4.996452929s ago: executing program 0 (id=1675):
socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x14, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$unix(0x1, 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/unix\x00')
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x8002)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
pread64(r0, &(0x7f0000000480)=""/177, 0xb1, 0xe0)
fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)

4.939702079s ago: executing program 2 (id=1676):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000200)={0xaa, 0x251})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
r3 = dup3(0xffffffffffffffff, r2, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x2)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000780)={0x14, 0x0, &(0x7f0000000440)=[@enter_looper, @request_death], 0x0, 0x0, 0x0})

4.89473617s ago: executing program 1 (id=1677):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x5f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_open_procfs(0x0, 0x0)
getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, 0x0, 0x0)
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000})
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
shutdown(r1, 0x0)
recvmmsg(r1, &(0x7f00000004c0), 0xf02, 0xf0, 0x0)

3.824365485s ago: executing program 0 (id=1678):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x23, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil)
r4 = syz_open_procfs(0x0, &(0x7f0000000440)='net/route\x00')
preadv(r4, &(0x7f00000001c0)=[{&(0x7f0000002380)=""/169, 0xa9}], 0x1, 0x0, 0x0)

3.789733346s ago: executing program 4 (id=1679):
syz_open_dev$tty1(0xc, 0x4, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x2180, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB, @ANYRESDEC=r0, @ANYBLOB="0100020000000000080004000a0000001c001a8018000a801400"], 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x10)
r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x18}, 0xc)
r3 = syz_open_procfs(0x0, &(0x7f0000000280)='io\x00')
preadv(r3, &(0x7f00000001c0)=[{&(0x7f0000000340)=""/230, 0xe6}], 0x1, 0x2000401, 0x9)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r5 = dup(r4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x0, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB], 0x0, 0x2, 0x98, &(0x7f0000000140)=""/152, 0x41000, 0x41, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f0000000280)={0x1, 0xe, 0x5200000}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000440)=[r5, 0xffffffffffffffff, r3, 0xffffffffffffffff], &(0x7f0000000480)=[{0x3, 0x1, 0x2, 0x5}], 0x10, 0x9, @void, @value}, 0x94)
setrlimit(0xe, &(0x7f0000000040)={0x6, 0x8001})
socket$inet(0x2, 0x3, 0x8d)
syz_open_dev$loop(0x0, 0x81, 0x2a82)

3.762634016s ago: executing program 2 (id=1680):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20, @local}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x6, 0x3, &(0x7f00000039c0)=ANY=[@ANYBLOB="180000000300000000000000a012544f95002b000000000093adffa82255f674412d020000000000005ab527ee3697f1ed4436dd1164b1b3f427f6ba6b34f98125f30e631d273683626e00dc254d570d4a6b78a5833488cfe410090000004aa900003d3cd62f00158e6eee8501000000520a0000151d016e6cafbe9309aba218812868a51d129e78f6ae170bf5a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b000024b9dd1145d03ff45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e8b701d2d17ebc406e89dcbb7677e6528b0856e31eb9474c0106fc48e1f8c1a5f6945ac24cf609068f6ff21e88b3cfc22df01d51e242443618c02e0a428da651366e4bac9d97328fa2a82b5e8741e02056d933bedf59ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e148bf56497e5d56d06c7551b870b2851c3f0a1aab7158edeeccd92e3a88dc0f432187ce92d7b17a21c8f1b3369ebfcb4cb2946601b0f04edb256c604f068773f6db9d661bd7f0e2536f00000000000000005521458b7d1e341c6f864f983d745f5865aad41d29158ae7602a2d6cd415e8351ebc283df54d6bec664709ff03f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121a96eb373845255012e028cb2654d493afb4b35faae176f99b745eda2967199cc93685bb444f9bc50713061385537e8e4871d4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d0007ae4e1e347c0cff28235a6bb7aa3804b907a8f2880c5cb1cb385e6add14652003c7cdd3324f07d1ff07000000000000000009dd872ec64fa6c718bbd1aa591140cff0be4c6f8df084c5e9734ae30aa9afdc7125f01ab03a9b1074407136b4506000f0916aada035df2e0452a9b39e73aeeb6eaf14652dda689e2051d9b7eb85f3f2d5ab2c51944da8d7391d5b6b97419a3b76600cd1aa0afe5f8f46df4c5124ca425d374b371867a79b31f3f514573f1e30d1fd2d763f3ee9210b15c1d60be2168fffcd599a2cb77f124e22f87673675805494db821f39b50d5fd8c6b2a3a324c257bc97def5f07f2b77f05a4f81a9cf8110971b749ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c4407eca22debc99335583b00013c3130978fa069af8223b38ced735c2d90c6d84c30a0d87d42647489b39601be5c27696cf2f16625c0c102000000000000009ef52134842e64171f3963841086e3797a4825d081f240080000534187738655d7a6240412c8f283cc0c1eba2866dc9580000000000000007fffffffff554b82d9c162f3556076b80552d961ca74d1ffdaccf0ea5f02e0163a9ccb9087e6c3b3917bb74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb01f7ada800e50000000000fdaf2f7b3b79a433e08074ea2462974ab2cbd2190780fa39c43ea647eb1cfa2638f56daee57ed14bc74de0fd87a9ce638190f3570e0b4c80ef682df22237270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433d866665b98ca2002c836e89feef904c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc8d0834fb8d124638fec58faeb4c16abb440df2a694f4cdcaa4f65c22f000000000000000000000000000d503d79906958102000000000000000000001ffff0ef89b2a68d2bb2dd163e863314e8449801b52bb93f6c9084659ce777dda8563c859656a357770289a61faa95a82bf1cfb7f2f97252e9322abe282c3344fc6738b4467893b9bf0000000000000001062a35376413c29f7c6f7bde29b9f4bddd5e328661f4615e627a6f608ad53a4168fe8e5d7d934aa289b4bd2b870000000000000000000000000000fc4b4ff50000009b777883a02ffd92dfc4cb4114b9f9cf4ad155110cd3ace2b322ae31bfa27847c799c8869a1ea5018e525e6383ad7fd9795170e7b11e247603000000001459c7f606d721d3979676bffb3049166ab84ac1061991bd57c2566c10c296352a5105b6164e3f2491e4793e2b70590dcc71f110da96366c40dd44a2c9882d3aa0f8a797b8fea6efcfb5276b7679f15559cdaabf5fc14add71d0bca37405ded69b77ab4a3d7487fd50c5002adef9546abb7a2d9c085b189b5ff30e4e0c13f60870fde1f88d830b11002135e8e7262f29b6d7923bfbe0bd2a8be179e56b41ff3792cee2fc37eee739c3008ce740d8804f8e705f0dc59d000021363e8df94ff175b48dc8c12def681a11647946595445bf1cb7d2778cd27a6b3b2966b08be600000020a8a711d193bae0ab2db9ed9c6cb3c3de42ab89524414cae922141f7baf17ebb790ad60bd0387837e63f9880fd70259e35590afb4843cd4e9989398eaa89cefb3aa13cab8d015cbaf1561d95362decd73b8f8cbf8269cac091cfaaa3c7e46d6e79145fc0f1d1b383752ccb40515a772356d746914540216adf4c0f44f1cff3760afa252720ec6dad3a98671ecdaff46cddffb1f05a0c0976070d603a442d014822369fa3eacbb69bd1b0a074357acd5d02161fed146ad3aa15d2b8101b7bd1e091ada78ecd50181f4b35cae1b29aff91494c916323b61f815c4e0701657087ad11eef97952921365bc898ba2c76a9b6e0052f43b1ad2dfdf3f958fc1d32e692bc8846c78a956ada453c67c1c2cdc4f8b1c94e9adc106e85b31e030d955c5578e107a6e8ca0d4dd05344c3e2af25d9a3b0f7805624016aeab271a75f0bacb101a156ef8948064569154a7de08f80e4df4c339b69431b0a5671097d89212b465b0b32275deae10a77e334c9fc074d181bdeb5be80a6249d472e78e6be57a5ccd354cf181e099605a644ecade221a2be926210b2690d09e4b7a3dea25403397439979c27d5613262de10bacecfff2d58437f012df4252c018795310c25e8fce18ed366ac2caade564ca869727a7d63c26271e17d7aba48971835530311545273d3caadeb5d2017dc816126b6f2068f68a4111ddd587b5df4b5d8f1ce00231a2092eb2e797c491a1e66f73606fd95bb01b53a2d862b6262f0259da51ff7517ace7361460a4669a97f7d0bf095c2787f00bdbfee19670d1e0ec5e6c3cb09972fa4d94986157b96d6695177c99d83716651129320924352cda7b8ead91c3301af620c1e8d7004d29ad77f54836779600bb0b247139d429df96362db3ecfbd36fa8164fabdcf2e58b720e8e1c03a74daf593f92a8ecc03f8c8e3af9ae07dc03780cc0d69da9e3528c1693fb51998731992ceb27dcc0be5be4decefe41b78bc1847bf54b087e095172f06cfa6d4bf958b1d4544947ff1230655199db4f475006047fe83caca97758dffa53cee764f85932eb20d54241b2d515c0826dfe1f0f40ae920455a4548fb35e2a345c05b1c252b7877bb3d834b0b3579a36249146f832ef258df5127318c7017ac1a996c4f902f82deb60fd113ccf812d55ffd625057bd4ff3960992b85bc8d32edfca386be16b1c549aec52e31e1405f86c7760282901750b732ec06b0db735222a56f3ebb16fad3e9269495230cd88b0ea2e3affa196a2f0adf733bc6afd37a659ecc933d636c1b27d3a16c5ea25301f9b5789e4aa8e7228e3002f146aa5e575bb74b1ebb82147edf8161d362704377058e887c608be8719ea1b6c490f79e0832e2ddd7e217c7adddd4731e032d7eb35bdc38160c676d840e2e8be9033a686cf7061f5f55e2851736aa8c2f3bad8ac05c048e20d8c03b68008a70b8f80c93ebd2ababb5c65fe9abc4642d7b58d8c93efd7b6b39c68a16d75a7852dfc37a6a50cb28a9b6f685a465d08fc603d81d8ddd5296fae97be1401a8be7748a71fcdc85ba2049e96c4e6dce59b88cd5472726bc237fbcf3ffcbf32e2aac9b2f9d6013b59780ded723b08c767fa091e2fa4d51863500fcd5041bcc98a685504835743194113ea0b97b4f9ddc395b9ac4defefadd37a8871fd91f31a56eb96ecf90000000000000000000000000000000000000000000c447ea475c236c3b7f24079fe375f3f861fc54d9d8a04a6cb8c0dbf9e9cc53a84a5795ae5ebcbd825e3572df16fbdcd395e995fa4fcbbf31583d9e1d3ff537f401a3139200a8bd2122157887199cd54075a4d5b29935dda5c6aa0f3ac6895eb73c7abbd4603abdaa8629dedb2cab0fa80f9514ad310491a9a300015c18cdfd9342cff50d849d7516134d45d1a8cf157abe0c79de543993cf689f8a7113508fbf8a610417045e6c38a5d4ff4656dbd9656ad6ce625e1674ab57944ebb834743a248a2be304ba1e037cb63a169d340be8befc1b238aa26e24"], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0xb7, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0xfffffffe, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240), 0xaaa43, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
setrlimit(0x1, 0x0)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet(0xa, 0x801, 0x84)
ioctl$DRM_IOCTL_MODE_SETPLANE(0xffffffffffffffff, 0xc03064b7, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0})
r2 = socket(0x2b, 0x80801, 0x1)
symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
setxattr$incfs_size(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000200), 0x0, 0x0, 0x3)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x1a, 0x0, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r2)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan0\x00'})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r2, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000580)=ANY=[@ANYRES16=r3, @ANYBLOB="340af72170007cdbdf2581efffff0900060008021100000000000600660015000000339d1e1218c10328279b1392816182d4a0ebe58f2665d5f1e84b1c087b07eff24a6a55d3579b14f9ef96b509cde8224b010d35a77cc2ffe860055b15323885d486d716c315608ab7a4611788523f2d537ec4d7137ef8839cf754354f1fbe3a4f11d4d5f7a50345fc345fae9a4ab6c2c785320e0ed9ca9822cbdbea20a18abef58fcbec63b84471c4c739f4ae0b8faa8012f48c57156a037512c2b5e63addc19f7e61b4b337e8ace243ce4953f1dd4a6cf4ee0073fa8f3906eba9450a2c69bad12641249fa9b37061c632a91d13bf21743abde7d55f"], 0x28}, 0x1, 0x0, 0x0, 0x4080}, 0x8014)
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000000)='minix\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

3.531518619s ago: executing program 1 (id=1681):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x23, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket(0x10, 0x3, 0x0)
write(r4, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d)
recvmmsg(r4, &(0x7f00000021c0), 0x5b, 0x40, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3d, 0x0, &(0x7f0000000480))
r5 = syz_open_dev$media(&(0x7f0000000280), 0xd6e, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r5, 0x80047c05, &(0x7f0000000940))

3.52191194s ago: executing program 3 (id=1682):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB="d0000000", @ANYRES16=r1, @ANYBLOB="010000000000000000000100000008000100000000000400048008000c8004000b800800020001000000a00008801c000780080077144ebb0000080006000000000008000500000003002400078008000500000000ff"], 0xd0}}, 0x0)

2.751968561s ago: executing program 0 (id=1683):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x181200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$evdev(0x0, 0x0, 0x60000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$OSF_MSG_ADD(r1, 0x0, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000140), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0xfc, 0x2, 0x4})
ioctl$vim2m_VIDIOC_EXPBUF(r2, 0xc0405668, &(0x7f0000000100)={0x0, 0x20, 0x2})
writev(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(r3, &(0x7f0000000240)={0x0, 0xa7, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000000900000030000380140002007369743000000000000000000000000006000400ffe300000800030000000000080001"], 0x44}}, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
socketpair(0x11, 0x2, 0x6, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
io_submit(0x0, 0x0, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

2.751155041s ago: executing program 4 (id=1684):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001700)=ANY=[@ANYBLOB="160000000000000061b1000002"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r2}, 0x0, &(0x7f0000000040)}, 0x20)
syz_emit_ethernet(0x0, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x3, 0x0)
socket(0xa, 0x2, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f00000002c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r3, 0x0, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x4000800)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)=@delchain={0x2c, 0x64, 0xf31, 0xfffffff8, 0x0, {0x0, 0x0, 0x0, r5, {0xf, 0xfff1}, {0xfff3, 0xffff}, {0x9, 0x1b}}, [@TCA_CHAIN={0x8, 0xb, 0xfffffe46}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x80)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, 0x0, &(0x7f00000007c0))
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r4, 0x84, 0x75, &(0x7f0000001b40)={0x0, 0x4}, &(0x7f0000001b80)=0x8)
r7 = socket$inet_sctp(0x2, 0x5, 0x84)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb010018"], 0x0, 0x18, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r8=>0x0}, &(0x7f0000000300)=0x8)
setsockopt$inet_sctp_SCTP_RESET_STREAMS(r7, 0x84, 0x77, &(0x7f0000000080)={r8}, 0x8)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8b30, &(0x7f0000000040)={'wlan0\x00'})

1.710635395s ago: executing program 1 (id=1685):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$vim2m_VIDIOC_G_FMT(r1, 0xc0d05604, &(0x7f00000000c0)={0x0, @pix_mp={0x6, 0x7, 0x20363159, 0x3, 0x6, [{0x301ba16e, 0x10001}, {0x2f03, 0x7}, {0x1ff, 0x7}, {0x0, 0xfffffff9}, {0x3, 0x1}, {0x7, 0xffffffff}, {0xfffffffc, 0x7}, {0x8, 0x8000}], 0xc8, 0x7, 0x2, 0x3, 0x4}})
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0)
r7 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close_range(r7, 0xffffffffffffffff, 0x0)
r8 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, &(0x7f0000000280)={0x0, &(0x7f0000000040)=[<r9=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r8, 0xc06864a1, &(0x7f0000000540)={0x0, 0x0, r9, <r10=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r8, 0xc06864ce, &(0x7f0000000400)={r10, 0x0, 0x0, 0x0, 0x0, [<r11=>0x0], [0x0, 0x0, 0xf], [0x1000], [0x0, 0x0, 0x0, 0xffffffffffffffff]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r7, 0xc00c642d, &(0x7f0000000100)={r11, 0x0, <r12=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r6, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r12})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300))

1.331586041s ago: executing program 3 (id=1686):
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0xcc)
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, 0x0, 0x0)
socket$kcm(0x10, 0x7, 0x0)
socket$kcm(0x29, 0x5, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
memfd_secret(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, 0x0, &(0x7f0000000180))
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e23, @multicast1}}, 0x0, 0x2, 0x40020002, 0x0, 0xa17433da3c5d69ad, 0x2, 0x7f}, 0x9c)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mknodat(0xffffffffffffffff, &(0x7f0000000280)='./file1/file0\x00', 0xc000, 0xfffffffd)
r3 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1ff, 0x1, 0x1}, 0x1c)
recvmsg$unix(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20)
sendmmsg(r3, 0x0, 0x0, 0x9200000000000000)
r4 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c)
r5 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x1, 0x81, 0x8, 0x40, 0x1}, 0x1c)
socket$kcm(0x10, 0x7, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
bind$ax25(r0, &(0x7f0000000f00)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x2}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48)

1.216066523s ago: executing program 4 (id=1687):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000001e80), r0)
sendmsg$NFC_CMD_START_POLL(r0, &(0x7f0000001fc0)={0x0, 0x0, &(0x7f0000001f80)={&(0x7f0000001f00)={0x14, r1, 0x231, 0x70bd2b, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x80)

678.97607ms ago: executing program 4 (id=1688):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0x10, &(0x7f0000000240)=ANY=[@ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500a51cec5e2d137c85000005000000bf91000000000000b702e300000000008500000084000000b70000000001000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x5384b9927ce1a186, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f0000000140)='tlb_flush\x00', r0}, 0x18)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000000400000008"], 0x48)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00', @ANYBLOB="0100000000000000000044000000080003", @ANYRES32], 0x4c}}, 0x4000804)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b", 0x44}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

678.62517ms ago: executing program 4 (id=1689):
socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x14, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$unix(0x1, 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/unix\x00')
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x8002)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
pread64(r0, &(0x7f0000000480)=""/177, 0xb1, 0xe0)
fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)

529.880082ms ago: executing program 1 (id=1690):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1a, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b400000000000000791000000000001ac300e4ff500000007a312b2e00008d431c670000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc9, &(0x7f0000000300)=""/201, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_usb_connect(0x0, 0x6b, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\n!\x00'], 0x28}}, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x60200, 0x0)
connect$pppoe(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
read$msr(0xffffffffffffffff, &(0x7f0000032680)=""/102400, 0x19000)
r1 = creat(0x0, 0x22)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x22301, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000080)=0x100)
write$binfmt_script(r2, &(0x7f0000000480)={'#! ', './file0'}, 0xb)
ioctl$SNDCTL_DSP_SYNC(r2, 0x5001, 0x0)
r3 = syz_init_net_socket$ax25(0x3, 0x3, 0x1)
ioctl$SIOCAX25DELUID(r3, 0x89e2, &(0x7f0000000080)={0x3, @bcast, 0xee00})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[], 0x0, 0x4e, 0x0, 0x4, 0xb287, 0x0, @void, @value}, 0x28)
syz_genetlink_get_family_id$nl80211(0x0, r1)
close(r1)
r4 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_UPGRADEABLE_SERVICE(r4, 0x110, 0x5, 0x0, 0x0)
rseq(0x0, 0x0, 0x0, 0x0)

0s ago: executing program 4 (id=1691):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x5f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_open_procfs(0x0, 0x0)
getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, 0x0, 0x0)
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000})
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
shutdown(r1, 0x0)
recvmmsg(r1, &(0x7f00000004c0), 0xf02, 0xf0, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.171' (ED25519) to the list of known hosts.
syzkaller login: [   58.371948][ T4158] cgroup: Unknown subsys name 'net'
[   58.532069][ T4158] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   60.016466][ T4158] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   61.521709][ T4168] chnl_net:caif_netlink_parms(): no params data found
[   61.602036][ T4172] chnl_net:caif_netlink_parms(): no params data found
[   61.622082][ T4177] chnl_net:caif_netlink_parms(): no params data found
[   61.683484][ T4175] chnl_net:caif_netlink_parms(): no params data found
[   61.692510][ T4174] chnl_net:caif_netlink_parms(): no params data found
[   61.797989][ T4177] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.805790][ T4177] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.813860][ T4177] device bridge_slave_0 entered promiscuous mode
[   61.822580][ T4168] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.829938][ T4168] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.837898][ T4168] device bridge_slave_0 entered promiscuous mode
[   61.862401][ T4177] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.869690][ T4177] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.877748][ T4177] device bridge_slave_1 entered promiscuous mode
[   61.885155][ T4168] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.892447][ T4168] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.900296][ T4168] device bridge_slave_1 entered promiscuous mode
[   61.913801][ T4172] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.921458][ T4172] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.929602][ T4172] device bridge_slave_0 entered promiscuous mode
[   61.963744][ T4172] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.970981][ T4172] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.978901][ T4172] device bridge_slave_1 entered promiscuous mode
[   62.026921][ T4177] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   62.037977][ T4168] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   62.053640][ T4175] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.061228][ T4175] bridge0: port 1(bridge_slave_0) entered disabled state
[   62.069264][ T4175] device bridge_slave_0 entered promiscuous mode
[   62.086619][ T4177] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   62.097445][ T4168] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   62.107348][ T4174] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.114665][ T4174] bridge0: port 1(bridge_slave_0) entered disabled state
[   62.123185][ T4174] device bridge_slave_0 entered promiscuous mode
[   62.131825][ T4174] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.139140][ T4174] bridge0: port 2(bridge_slave_1) entered disabled state
[   62.147814][ T4174] device bridge_slave_1 entered promiscuous mode
[   62.155676][ T4175] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.162715][ T4175] bridge0: port 2(bridge_slave_1) entered disabled state
[   62.171482][ T4175] device bridge_slave_1 entered promiscuous mode
[   62.180554][ T4172] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   62.222161][ T4172] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   62.272973][ T4177] team0: Port device team_slave_0 added
[   62.282174][ T4168] team0: Port device team_slave_0 added
[   62.290113][ T4174] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   62.301600][ T4174] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   62.312901][ T4175] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   62.324581][ T4175] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   62.343471][ T4177] team0: Port device team_slave_1 added
[   62.351372][ T4168] team0: Port device team_slave_1 added
[   62.373880][ T4172] team0: Port device team_slave_0 added
[   62.382478][ T4172] team0: Port device team_slave_1 added
[   62.451181][ T4174] team0: Port device team_slave_0 added
[   62.460299][ T4175] team0: Port device team_slave_0 added
[   62.467298][ T4172] batman_adv: batadv0: Adding interface: batadv_slave_0
[   62.474256][ T4172] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.500393][ T4172] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   62.512685][ T4177] batman_adv: batadv0: Adding interface: batadv_slave_0
[   62.520136][ T4177] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.546210][ T4177] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   62.558198][ T4168] batman_adv: batadv0: Adding interface: batadv_slave_0
[   62.565159][ T4168] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.591803][ T4168] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   62.610768][ T4174] team0: Port device team_slave_1 added
[   62.618271][ T4175] team0: Port device team_slave_1 added
[   62.631674][ T4172] batman_adv: batadv0: Adding interface: batadv_slave_1
[   62.638820][ T4172] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.664967][ T4172] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   62.681574][ T4177] batman_adv: batadv0: Adding interface: batadv_slave_1
[   62.688684][ T4177] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.714717][ T4177] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   62.726717][ T4168] batman_adv: batadv0: Adding interface: batadv_slave_1
[   62.733766][ T4168] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.760063][ T4168] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   62.789438][ T4174] batman_adv: batadv0: Adding interface: batadv_slave_0
[   62.796513][ T4174] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.822831][ T4174] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   62.874970][ T4174] batman_adv: batadv0: Adding interface: batadv_slave_1
[   62.882225][ T4174] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.908721][ T4174] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   62.931414][ T4175] batman_adv: batadv0: Adding interface: batadv_slave_0
[   62.938496][ T4175] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.965646][ T4175] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   62.980991][ T4177] device hsr_slave_0 entered promiscuous mode
[   62.988114][ T4177] device hsr_slave_1 entered promiscuous mode
[   63.008296][ T4172] device hsr_slave_0 entered promiscuous mode
[   63.015104][ T4172] device hsr_slave_1 entered promiscuous mode
[   63.022156][ T4172] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   63.030374][ T4172] Cannot create hsr debugfs directory
[   63.037220][ T4175] batman_adv: batadv0: Adding interface: batadv_slave_1
[   63.044177][ T4175] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.070407][ T4175] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   63.096050][ T1110] Bluetooth: hci0: command 0x0409 tx timeout
[   63.118254][ T4174] device hsr_slave_0 entered promiscuous mode
[   63.125111][ T4174] device hsr_slave_1 entered promiscuous mode
[   63.132184][ T4174] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   63.139853][ T4174] Cannot create hsr debugfs directory
[   63.156441][ T4168] device hsr_slave_0 entered promiscuous mode
[   63.163106][ T4168] device hsr_slave_1 entered promiscuous mode
[   63.169792][ T4168] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   63.175605][   T13] Bluetooth: hci2: command 0x0409 tx timeout
[   63.177514][ T4168] Cannot create hsr debugfs directory
[   63.183377][   T13] Bluetooth: hci1: command 0x0409 tx timeout
[   63.255800][ T1110] Bluetooth: hci3: command 0x0409 tx timeout
[   63.266489][ T1108] Bluetooth: hci4: command 0x0409 tx timeout
[   63.296527][ T4175] device hsr_slave_0 entered promiscuous mode
[   63.303469][ T4175] device hsr_slave_1 entered promiscuous mode
[   63.310282][ T4175] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   63.318018][ T4175] Cannot create hsr debugfs directory
[   63.570709][ T4172] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   63.585544][ T4172] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   63.595981][ T4172] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   63.605708][ T4172] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   63.670129][ T4174] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   63.680508][ T4174] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   63.702085][ T4174] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   63.714799][ T4174] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   63.780869][ T4177] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   63.791449][ T4177] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   63.807739][ T4177] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   63.823848][ T4177] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   63.867872][ T4175] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   63.889323][ T4172] 8021q: adding VLAN 0 to HW filter on device bond0
[   63.907394][ T4175] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   63.922002][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   63.931758][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   63.946004][ T4172] 8021q: adding VLAN 0 to HW filter on device team0
[   63.954632][ T4175] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   63.964541][ T4175] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   64.000361][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   64.010200][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   64.019922][ T1272] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.027191][ T1272] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.037091][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   64.046002][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   64.054484][ T1272] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.061678][ T1272] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.069825][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   64.078954][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   64.122135][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   64.138271][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   64.148675][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   64.158030][ T4168] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   64.167404][ T4168] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   64.177322][ T4168] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   64.187947][ T4168] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   64.208265][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   64.217117][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   64.226331][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   64.234822][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   64.244620][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   64.280155][ T4172] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   64.291487][ T4172] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   64.319633][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   64.328872][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   64.360148][ T4177] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.374651][ T4174] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.419418][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   64.427677][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   64.439419][ T4177] 8021q: adding VLAN 0 to HW filter on device team0
[   64.454851][ T4174] 8021q: adding VLAN 0 to HW filter on device team0
[   64.462086][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   64.472413][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   64.501962][ T4168] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.519670][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   64.528910][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   64.541498][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.548633][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.564822][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   64.573813][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   64.582849][  T144] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.589941][  T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.597800][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   64.615884][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   64.623950][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   64.632883][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   64.643737][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.650860][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.659428][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   64.670374][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   64.679616][  T144] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.686709][  T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.724407][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   64.732815][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   64.743089][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   64.755044][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   64.763899][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   64.774306][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   64.784379][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   64.793488][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   64.802715][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   64.811910][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   64.820794][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   64.830111][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   64.840158][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   64.850047][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   64.860000][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   64.869239][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   64.887514][ T4168] 8021q: adding VLAN 0 to HW filter on device team0
[   64.898130][ T4177] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   64.910737][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   64.919625][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   64.927549][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   64.936294][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   64.951313][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   64.958979][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   64.969890][ T4175] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.979204][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   64.988573][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   64.997688][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.004772][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.018783][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   65.027929][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   65.037064][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   65.045759][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   65.054190][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   65.069520][ T4172] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.097838][ T4174] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   65.118044][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   65.126288][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   65.134525][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   65.143951][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   65.154204][  T388] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.161421][  T388] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.175818][ T4209] Bluetooth: hci0: command 0x041b tx timeout
[   65.185764][ T4175] 8021q: adding VLAN 0 to HW filter on device team0
[   65.217203][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   65.238744][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   65.247933][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   65.257958][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   65.266065][ T4209] Bluetooth: hci1: command 0x041b tx timeout
[   65.266113][ T4209] Bluetooth: hci2: command 0x041b tx timeout
[   65.281815][  T388] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.288949][  T388] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.303613][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   65.313387][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   65.322830][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   65.331376][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   65.335861][ T4217] Bluetooth: hci4: command 0x041b tx timeout
[   65.347965][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   65.356334][ T4217] Bluetooth: hci3: command 0x041b tx timeout
[   65.361335][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   65.371240][  T154] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.378726][  T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.402992][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   65.412055][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   65.421657][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   65.431161][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   65.441087][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   65.449896][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   65.458599][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   65.467446][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   65.484551][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   65.496231][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   65.518603][ T4168] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   65.528649][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   65.554271][ T4177] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.571961][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   65.622511][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   65.631404][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   65.653294][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   65.673101][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   65.682084][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   65.692590][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   65.701248][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   65.709402][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   65.717261][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   65.726138][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   65.736565][ T4172] device veth0_vlan entered promiscuous mode
[   65.749161][ T4174] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.760912][ T4175] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   65.772431][ T4175] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   65.786689][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   65.801529][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   65.809842][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   65.835037][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   65.853125][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   65.875267][ T4172] device veth1_vlan entered promiscuous mode
[   65.943525][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   65.954366][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   65.977142][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   65.984627][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   66.037252][ T4168] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.049878][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   66.060437][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   66.079822][ T4172] device veth0_macvtap entered promiscuous mode
[   66.097094][ T4174] device veth0_vlan entered promiscuous mode
[   66.118287][ T4174] device veth1_vlan entered promiscuous mode
[   66.132656][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   66.142065][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   66.151365][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   66.160944][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   66.169194][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   66.180313][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   66.202919][ T4172] device veth1_macvtap entered promiscuous mode
[   66.215044][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   66.224232][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   66.234339][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   66.243680][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   66.257179][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   66.266619][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   66.310579][ T4172] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.320768][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   66.329843][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   66.338484][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   66.348448][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   66.357466][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   66.365249][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   66.389362][ T4175] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.398157][ T4172] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.408048][ T4177] device veth0_vlan entered promiscuous mode
[   66.417949][ T4172] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.428256][ T4172] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.437183][ T4172] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.446378][ T4172] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.456972][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   66.464478][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   66.472316][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   66.481728][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   66.510849][ T4177] device veth1_vlan entered promiscuous mode
[   66.519822][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   66.531577][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   66.542294][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   66.560367][ T4168] device veth0_vlan entered promiscuous mode
[   66.579941][ T4174] device veth0_macvtap entered promiscuous mode
[   66.591004][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   66.601190][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   66.610093][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   66.619247][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   66.632389][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   66.641080][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   66.663093][ T4174] device veth1_macvtap entered promiscuous mode
[   66.674222][ T4168] device veth1_vlan entered promiscuous mode
[   66.693206][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   66.703443][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   66.714107][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   66.723184][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   66.742140][ T4174] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   66.753286][ T4174] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   66.767798][ T4174] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.832034][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   66.840929][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   66.850123][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   66.866808][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   66.875152][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   66.884908][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   66.893281][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   66.904936][ T4174] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   66.916404][ T4174] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   66.928156][ T4174] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.957608][ T4175] device veth0_vlan entered promiscuous mode
[   66.964865][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   66.974061][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   66.987794][ T4174] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.997263][ T4174] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.006571][ T4174] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.015278][ T4174] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.048842][ T4177] device veth0_macvtap entered promiscuous mode
[   67.057888][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   67.067749][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   67.077104][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   67.087950][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   67.097019][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   67.129030][ T4175] device veth1_vlan entered promiscuous mode
[   67.149306][ T4168] device veth0_macvtap entered promiscuous mode
[   67.161478][ T4168] device veth1_macvtap entered promiscuous mode
[   67.173722][ T4177] device veth1_macvtap entered promiscuous mode
[   67.180769][ T1272] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.190520][ T1272] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.229701][ T4222] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.229765][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   67.245415][ T4222] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.247538][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   67.260889][ T4217] Bluetooth: hci0: command 0x040f tx timeout
[   67.262273][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   67.275854][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   67.283673][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   67.328747][ T4168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.341269][    T7] Bluetooth: hci1: command 0x040f tx timeout
[   67.345228][ T4168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.357719][ T4208] Bluetooth: hci2: command 0x040f tx timeout
[   67.357954][ T4168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.375471][ T4168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.388727][ T4168] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.411311][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   67.420331][ T4212] Bluetooth: hci3: command 0x040f tx timeout
[   67.426064][ T4209] Bluetooth: hci4: command 0x040f tx timeout
[   67.433921][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   67.444533][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   67.454000][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   67.468347][ T4177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.483227][ T4177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.493910][ T4177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.506879][ T4177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.517027][ T4177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.528118][ T4177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.539850][ T4177] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.549613][ T4168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.560564][ T4168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.570850][ T4168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.581827][ T4168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.593487][ T4168] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.604584][ T4168] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.620187][ T4168] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.632798][ T4168] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.650442][ T4168] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.665065][ T4175] device veth0_macvtap entered promiscuous mode
[   67.682421][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   67.690898][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   67.701918][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   67.712533][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   67.723428][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   67.742616][ T4175] device veth1_macvtap entered promiscuous mode
[   67.765135][ T4177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.784509][ T4177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.801834][ T4177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.813080][ T4177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.845988][ T4177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.865596][ T4177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.872760][ T4255] Zero length message leads to an empty skb
[   67.878356][ T4177] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.907712][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.914790][ T4175] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.927149][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.939132][ T4175] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.950167][ T4175] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.961075][ T4175] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.971804][ T4175] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.982779][ T4175] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.997050][ T4175] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   68.007541][ T4175] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.023003][ T4175] batman_adv: batadv0: Interface activated: batadv_slave_0
[   68.031667][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   68.040296][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   68.050353][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   68.062093][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   68.070745][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   68.080300][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   68.098984][ T4177] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.109476][ T4177] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.118761][ T4177] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.127741][ T4177] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.141647][ T4175] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.152471][ T4175] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.162502][ T4175] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.173240][ T4175] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.183135][ T4175] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.193815][ T4175] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.203874][ T4175] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.214337][ T4175] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.226680][ T4175] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.245788][ T4209] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[   68.264264][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   68.270765][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.276047][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   68.292193][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.298231][ T4175] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.311822][ T4175] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.321134][ T4175] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.330715][ T4175] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.352598][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   68.485226][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.510863][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.577153][  T388] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.585159][  T388] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.596731][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.604751][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.648540][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   68.675980][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   68.684073][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   68.720638][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.745562][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.247228][ T4209] usb 1-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=c2.09
[   69.461783][ T4217] Bluetooth: hci0: command 0x0419 tx timeout
[   69.468267][ T4217] Bluetooth: hci1: command 0x0419 tx timeout
[   69.516167][ T4209] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   69.524713][ T4209] usb 1-1: Product: syz
[   69.528982][ T4209] usb 1-1: Manufacturer: syz
[   69.533607][ T4209] usb 1-1: SerialNumber: syz
[   69.542011][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   69.543262][   T23] Bluetooth: hci2: command 0x0419 tx timeout
[   69.564280][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.589075][ T4209] usb 1-1: config 0 descriptor??
[   69.615838][  T388] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.641597][  T388] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.686822][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.698630][ T4211] Bluetooth: hci3: command 0x0419 tx timeout
[   69.705579][ T4211] Bluetooth: hci4: command 0x0419 tx timeout
[   69.742364][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   69.756254][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   69.771648][ T4270] 9p: Unknown Cache mode readahead
[   71.270878][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[   71.280168][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[   71.738712][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!!
[   71.945571][ T1326] usb 1-1: USB disconnect, device number 2
[   72.615698][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!!
[   72.776061][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!!
[   72.930842][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #140!!!
[   73.033341][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!!
[   73.312874][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!!
[   73.322064][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!!
[   73.331730][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!!
[   73.340706][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #10a!!!
[   73.349828][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #10a!!!
[   75.015647][   T13] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   76.444201][ T4316] process 'syz.4.15' launched './file0' with NULL argv: empty string added
[   76.596787][   T13] usb 4-1: New USB device found, idVendor=093a, idProduct=050f, bcdDevice=c2.b7
[   76.697778][   T13] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   77.242069][ T4324] device bond0 entered promiscuous mode
[   77.249014][ T4324] device bond_slave_0 entered promiscuous mode
[   77.256416][ T4324] device bond_slave_1 entered promiscuous mode
[   77.369175][   T13] gspca_main: mars-2.14.0 probing 093a:050f
[   78.763338][ T4206] usb 4-1: USB disconnect, device number 2
[   79.201729][ T4352] netlink: 28 bytes leftover after parsing attributes in process `syz.1.27'.
[   79.463072][ T4352] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[   81.025104][ T4371] capability: warning: `syz.0.32' uses deprecated v2 capabilities in a way that may be insecure
[   81.499777][   T21] cfg80211: failed to load regulatory.db
[   83.224726][ T4399] netlink: 28 bytes leftover after parsing attributes in process `syz.0.41'.
[   83.282770][ T4401] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[   84.831429][   T21] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   84.943353][ T4429] sd 0:0:1:0: device reset
[   85.796936][ T4430] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[   86.375474][   T21] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[   86.384586][   T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   86.410765][ T4440] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   86.454668][   T21] usb 1-1: config 0 descriptor??
[   86.755760][   T21] [drm] vendor descriptor length:6 data:06 5f 00 00 00 00 00 00 00 00 00
[   86.770211][   T21] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[   87.707575][   T21] [drm] Initialized udl 0.0.1 20120220 for 1-1:0.0 on minor 2
[   87.776591][   T21] [drm] Initialized udl on minor 2
[   87.794402][ T4457] netlink: 28 bytes leftover after parsing attributes in process `syz.4.58'.
[   87.944283][ T4456] device syzkaller0 entered promiscuous mode
[   88.035551][   T21] [drm:udl_get_edid_block] *ERROR* Read EDID byte 1 failed err ffffffb9
[   88.058089][   T21] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[   88.153658][   T21] usb 1-1: USB disconnect, device number 3
[   88.320246][ T4457] syz.4.58 (4457) used greatest stack depth: 21056 bytes left
[   88.769647][ T4466] loop4: detected capacity change from 0 to 128
[   90.210136][ T4474] netlink: 'syz.4.62': attribute type 4 has an invalid length.
[   94.841095][   T26] audit: type=1326 audit(1749300483.468:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4515 comm="syz.1.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b0090d929 code=0x7ffc0000
[   95.465703][   T26] audit: type=1326 audit(1749300483.918:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4515 comm="syz.1.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=172 compat=0 ip=0x7f7b0090d929 code=0x7ffc0000
[   95.651724][   T26] audit: type=1326 audit(1749300483.918:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4515 comm="syz.1.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b0090d929 code=0x7ffc0000
[   95.676834][   T26] audit: type=1326 audit(1749300483.918:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4515 comm="syz.1.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b0090d929 code=0x7ffc0000
[   95.698857][    C0] vkms_vblank_simulate: vblank timer overrun
[   98.345225][ T4169] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[   98.356090][ T4169] CPU: 0 PID: 4169 Comm: kworker/u5:1 Not tainted 5.15.185-syzkaller #0
[   98.364448][ T4169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   98.374508][ T4169] Workqueue: hci3 hci_rx_work
[   98.379205][ T4169] Call Trace:
[   98.382502][ T4169]  <TASK>
[   98.385434][ T4169]  dump_stack_lvl+0x168/0x230
[   98.390117][ T4169]  ? show_regs_print_info+0x20/0x20
[   98.395317][ T4169]  ? load_image+0x3b0/0x3b0
[   98.399852][ T4169]  sysfs_create_dir_ns+0x252/0x280
[   98.405075][ T4169]  ? __lock_acquire+0x7c60/0x7c60
[   98.410109][ T4169]  ? sysfs_warn_dup+0xa0/0xa0
[   98.414796][ T4169]  ? le_conn_complete_evt+0xcbc/0x1590
[   98.420266][ T4169]  ? hci_event_packet+0xe05/0x12f0
[   98.425469][ T4169]  ? process_one_work+0x863/0x1000
[   98.430585][ T4169]  ? do_raw_spin_unlock+0x11d/0x230
[   98.435793][ T4169]  kobject_add_internal+0x662/0xd00
[   98.441012][ T4169]  kobject_add+0x152/0x210
[   98.445443][ T4169]  ? kobject_init+0x1d0/0x1d0
[   98.450131][ T4169]  ? klist_children_get+0x50/0x50
[   98.455176][ T4169]  ? get_device_parent+0x121/0x3f0
[   98.460387][ T4169]  device_add+0x483/0xfb0
[   98.464868][ T4169]  hci_conn_add_sysfs+0xd1/0x1e0
[   98.469823][ T4169]  le_conn_complete_evt+0xcbc/0x1590
[   98.475129][ T4169]  ? cs_le_create_conn+0x5e0/0x5e0
[   98.480270][ T4169]  ? __mutex_trylock_common+0x14f/0x250
[   98.485915][ T4169]  hci_le_meta_evt+0x289/0x3b80
[   98.490767][ T4169]  ? hci_event_packet+0x36d/0x12f0
[   98.495887][ T4169]  ? hci_event_packet+0x2e2/0x12f0
[   98.500995][ T4169]  ? __lock_acquire+0x7c60/0x7c60
[   98.506015][ T4169]  ? hci_remote_host_features_evt+0x280/0x280
[   98.512184][ T4169]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[   98.517826][ T4169]  ? mark_lock+0x94/0x320
[   98.522177][ T4169]  ? mutex_unlock+0x10/0x10
[   98.526675][ T4169]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[   98.532651][ T4169]  ? lock_chain_count+0x20/0x20
[   98.537501][ T4169]  ? __rwlock_init+0x140/0x140
[   98.542286][ T4169]  hci_event_packet+0xe05/0x12f0
[   98.547234][ T4169]  ? lockdep_hardirqs_on+0x94/0x140
[   98.552435][ T4169]  ? rcu_lock_release+0x20/0x20
[   98.557288][ T4169]  ? hci_send_to_monitor+0x9c/0x4a0
[   98.562488][ T4169]  hci_rx_work+0x255/0xa10
[   98.566924][ T4169]  process_one_work+0x863/0x1000
[   98.571888][ T4169]  ? worker_detach_from_pool+0x240/0x240
[   98.577513][ T4169]  ? lockdep_hardirqs_off+0x70/0x100
[   98.582791][ T4169]  ? _raw_spin_lock_irq+0xab/0xe0
[   98.587805][ T4169]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[   98.593168][ T4169]  ? wq_worker_running+0x97/0x170
[   98.598181][ T4169]  worker_thread+0xaa8/0x12a0
[   98.602870][ T4169]  kthread+0x436/0x520
[   98.606927][ T4169]  ? rcu_lock_release+0x20/0x20
[   98.611854][ T4169]  ? kthread_blkcg+0xd0/0xd0
[   98.616436][ T4169]  ret_from_fork+0x1f/0x30
[   98.620856][ T4169]  </TASK>
[   98.623874][    C0] vkms_vblank_simulate: vblank timer overrun
[   98.636387][ T4169] kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[   98.649733][ T4169] Bluetooth: hci3: failed to register connection device
[   99.864514][ T4575] syz.2.95 sent an empty control message without MSG_MORE.
[  101.198165][ T4580] loop1: detected capacity change from 0 to 2048
[  101.445339][ T4586] netlink: 'syz.3.97': attribute type 10 has an invalid length.
[  101.481928][ T4586] batman_adv: batadv0: Adding interface: wlan0
[  101.488398][ T4586] batman_adv: batadv0: The MTU of interface wlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.513609][    C0] vkms_vblank_simulate: vblank timer overrun
[  101.519938][ T4586] batman_adv: batadv0: Interface activated: wlan0
[  101.669180][ T4580] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  103.022082][ T4600] netlink: 28 bytes leftover after parsing attributes in process `syz.3.102'.
[  103.084278][ T4603] netlink: 8 bytes leftover after parsing attributes in process `syz.3.102'.
[  103.576269][ T4611] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  103.594988][    C0] vkms_vblank_simulate: vblank timer overrun
[  104.431261][ T4614] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  106.092990][ T4629] loop2: detected capacity change from 0 to 256
[  106.820531][ T4629] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d)
[  107.274442][ T4639] netlink: 28 bytes leftover after parsing attributes in process `syz.4.115'.
[  107.325193][ T4639] netlink: 8 bytes leftover after parsing attributes in process `syz.4.115'.
[  107.505390][ T4289] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  108.655646][ T4289] usb 4-1: Using ep0 maxpacket: 16
[  109.495814][ T4289] usb 4-1: config 0 has an invalid interface number: 180 but max is 0
[  109.506797][ T4289] usb 4-1: config 0 has no interface number 0
[  109.643534][ T4289] usb 4-1: config 0 interface 180 has no altsetting 0
[  110.142346][ T4289] usb 4-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=e8.1f
[  110.307000][ T4672] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.126'.
[  110.717359][ T4289] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  110.765473][ T4289] usb 4-1: Product: syz
[  110.786176][ T4289] usb 4-1: Manufacturer: syz
[  110.808328][ T4289] usb 4-1: SerialNumber: syz
[  110.852486][ T4289] usb 4-1: config 0 descriptor??
[  110.857467][ T4678] netlink: 28 bytes leftover after parsing attributes in process `syz.0.129'.
[  110.902101][ T4289] usb 4-1: can't set config #0, error -71
[  110.913177][ T4289] usb 4-1: USB disconnect, device number 3
[  111.067463][ T4682] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  117.579978][ T4746] netlink: 4 bytes leftover after parsing attributes in process `syz.4.147'.
[  117.618022][ T4746] device bridge0 entered promiscuous mode
[  117.629994][ T4746] bridge0: port 3(macsec1) entered blocking state
[  117.636702][ T4746] bridge0: port 3(macsec1) entered disabled state
[  117.957475][ T4746] device bridge0 left promiscuous mode
[  120.236885][ T4784] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5
[  121.442380][ T4796] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  122.661988][ T4819] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input6
[  124.120566][ T4833] netlink: 12 bytes leftover after parsing attributes in process `syz.0.176'.
[  124.133982][ T4833] device vlan2 entered promiscuous mode
[  124.139786][ T4833] device veth0_virt_wifi entered promiscuous mode
[  124.384576][ T4840] netlink: 164 bytes leftover after parsing attributes in process `syz.4.180'.
[  125.426117][ T4862] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[  125.447252][ T4862] netlink: 'syz.4.187': attribute type 10 has an invalid length.
[  125.520236][ T4862] device wlan1 entered promiscuous mode
[  125.552196][ T4862] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  125.566506][ T4864] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input7
[  125.583453][ T4867] loop2: detected capacity change from 0 to 128
[  125.887218][ T4873] netlink: 'syz.2.189': attribute type 4 has an invalid length.
[  126.025834][ T4882] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  126.212130][ T4882] netlink: 164 bytes leftover after parsing attributes in process `syz.1.193'.
[  127.009064][ T4897] loop4: detected capacity change from 0 to 256
[  127.118238][ T4897] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  128.238293][ T4911] netlink: 12 bytes leftover after parsing attributes in process `syz.2.201'.
[  128.251176][ T4911] device vlan2 entered promiscuous mode
[  128.256853][ T4911] device veth0_virt_wifi entered promiscuous mode
[  129.547616][ T4922] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input8
[  129.570608][ T4923] loop2: detected capacity change from 0 to 128
[  129.729253][ T4928] netlink: 4 bytes leftover after parsing attributes in process `syz.0.207'.
[  129.829518][ T4928] device bridge_slave_1 left promiscuous mode
[  129.838326][ T4928] bridge0: port 2(bridge_slave_1) entered disabled state
[  129.863589][ T4928] device bridge_slave_0 left promiscuous mode
[  129.881064][ T4928] bridge0: port 1(bridge_slave_0) entered disabled state
[  130.072654][ T4935] netlink: 'syz.2.206': attribute type 4 has an invalid length.
[  130.086124][ T4940] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  130.108946][ T4940] netlink: 164 bytes leftover after parsing attributes in process `syz.3.209'.
[  131.445126][ T4958] loop4: detected capacity change from 0 to 256
[  131.926966][ T4958] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  132.700475][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[  132.706841][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  132.796869][ T4968] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input9
[  133.610025][ T4976] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  134.036588][ T4976] netlink: 164 bytes leftover after parsing attributes in process `syz.0.220'.
[  135.465285][    C0] sched: RT throttling activated
[  135.711428][ T5007] device syzkaller0 entered promiscuous mode
[  136.112031][ T5019] netlink: 12 bytes leftover after parsing attributes in process `syz.4.231'.
[  136.125087][ T5019] device vlan2 entered promiscuous mode
[  136.130700][ T5019] device veth0_virt_wifi entered promiscuous mode
[  137.258257][ T5027] loop4: detected capacity change from 0 to 2048
[  137.521150][ T5027] =======================================================
[  137.521150][ T5027] WARNING: The mand mount option has been deprecated and
[  137.521150][ T5027]          and is ignored by this kernel. Remove the mand
[  137.521150][ T5027]          option from the mount to silence this warning.
[  137.521150][ T5027] =======================================================
[  137.866152][ T5032] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  137.874017][ T5027] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  138.041149][ T5035] netlink: 12 bytes leftover after parsing attributes in process `syz.4.234'.
[  138.625772][ T5031] netlink: 164 bytes leftover after parsing attributes in process `syz.3.236'.
[  138.697635][ T5043] netlink: 28 bytes leftover after parsing attributes in process `syz.3.238'.
[  138.716531][ T5043] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  140.124613][ T5068] netlink: 12 bytes leftover after parsing attributes in process `syz.1.245'.
[  140.138083][ T5068] device vlan2 entered promiscuous mode
[  140.143662][ T5068] device veth0_virt_wifi entered promiscuous mode
[  141.030914][ T5085] loop3: detected capacity change from 0 to 2048
[  141.206898][ T5090] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  141.221727][ T5085] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  141.731616][ T5094] netlink: 12 bytes leftover after parsing attributes in process `syz.3.253'.
[  143.444954][ T5108] xt_CT: You must specify a L4 protocol and not use inversions on it
[  144.920720][ T5125] netlink: 12 bytes leftover after parsing attributes in process `syz.4.263'.
[  144.991794][ T5125] device vlan2 entered promiscuous mode
[  145.974416][ T5139] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  147.324222][ T5149] loop1: detected capacity change from 0 to 2048
[  147.918844][ T5155] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  147.930216][ T5155] netlink: 164 bytes leftover after parsing attributes in process `syz.3.271'.
[  147.977843][ T5149] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  148.150799][ T5161] netlink: 12 bytes leftover after parsing attributes in process `syz.1.270'.
[  148.448931][ T5167] netlink: 'syz.3.275': attribute type 10 has an invalid length.
[  148.605795][ T5167] team0: Device hsr_slave_0 failed to register rx_handler
[  148.993845][ T5168] netlink: 8 bytes leftover after parsing attributes in process `syz.2.276'.
[  149.643228][ T5188] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  150.378800][ T5167] syz.3.275 (5167) used greatest stack depth: 20576 bytes left
[  150.698563][ T5193] netlink: 12 bytes leftover after parsing attributes in process `syz.1.283'.
[  150.711640][ T5193] device vlan2 entered promiscuous mode
[  151.939212][ T5213] netlink: 164 bytes leftover after parsing attributes in process `syz.4.287'.
[  152.410618][ T5221] netlink: 8 bytes leftover after parsing attributes in process `syz.0.290'.
[  152.434659][ T5219] loop1: detected capacity change from 0 to 2048
[  152.545867][ T5219] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  152.991426][ T5228] netlink: 12 bytes leftover after parsing attributes in process `syz.1.289'.
[  153.812156][ T5241] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  154.692959][ T5248] netlink: 'syz.4.299': attribute type 1 has an invalid length.
[  154.755433][ T5248] netlink: 168864 bytes leftover after parsing attributes in process `syz.4.299'.
[  156.416749][ T5278] netlink: 8 bytes leftover after parsing attributes in process `syz.4.306'.
[  157.576722][ T5294] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  158.128306][ T5313] netlink: 4 bytes leftover after parsing attributes in process `syz.3.313'.
[  158.160400][ T5313] device bridge0 entered promiscuous mode
[  158.170892][ T5313] bridge0: port 3(macsec1) entered blocking state
[  158.177611][ T5313] bridge0: port 3(macsec1) entered disabled state
[  158.516423][ T5313] device bridge0 left promiscuous mode
[  159.255730][ T5324] netlink: 8 bytes leftover after parsing attributes in process `syz.2.321'.
[  160.229350][ T4212] Bluetooth: hci0: command 0x0401 tx timeout
[  160.268254][ T5334] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  161.508159][ T5355] netlink: 4 bytes leftover after parsing attributes in process `syz.4.329'.
[  161.541211][ T5355] device bridge0 entered promiscuous mode
[  161.551887][ T5355] bridge0: port 3(macsec1) entered blocking state
[  161.558572][ T5355] bridge0: port 3(macsec1) entered disabled state
[  161.942159][ T5355] device bridge0 left promiscuous mode
[  164.474456][ T5385] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  165.933708][ T5401] netlink: 4 bytes leftover after parsing attributes in process `syz.1.342'.
[  165.946262][ T5401] device bridge0 entered promiscuous mode
[  165.953162][ T5401] bridge0: port 3(macsec1) entered blocking state
[  165.959929][ T5401] bridge0: port 3(macsec1) entered disabled state
[  166.942869][ T5401] device bridge0 left promiscuous mode
[  169.397724][ T5450] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  169.583681][ T5443] netlink: 4 bytes leftover after parsing attributes in process `syz.3.356'.
[  169.597112][ T5443] device bridge0 entered promiscuous mode
[  169.604035][ T5443] bridge0: port 3(macsec1) entered blocking state
[  169.610665][ T5443] bridge0: port 3(macsec1) entered disabled state
[  169.646007][ T5443] device bridge0 left promiscuous mode
[  170.235492][ T4207] Bluetooth: hci0: command 0x0401 tx timeout
[  171.286221][ T5480] netlink: 12 bytes leftover after parsing attributes in process `syz.3.366'.
[  171.299216][ T5480] device vlan2 entered promiscuous mode
[  171.304788][ T5480] device veth0_virt_wifi entered promiscuous mode
[  172.679451][ T5492] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  174.496589][ T5499] netlink: 4 bytes leftover after parsing attributes in process `syz.3.370'.
[  174.509372][ T5499] device bridge0 entered promiscuous mode
[  174.517356][ T5499] bridge0: port 3(macsec1) entered blocking state
[  174.523846][ T5499] bridge0: port 3(macsec1) entered disabled state
[  174.560887][ T5499] device bridge0 left promiscuous mode
[  176.999331][ T5534] netlink: 164 bytes leftover after parsing attributes in process `syz.2.382'.
[  177.435980][ T5547] netlink: 4 bytes leftover after parsing attributes in process `syz.4.384'.
[  177.466122][ T5547] device bridge0 entered promiscuous mode
[  177.476429][ T5547] bridge0: port 3(macsec1) entered blocking state
[  177.483746][ T5547] bridge0: port 3(macsec1) entered disabled state
[  177.749100][ T5547] device bridge0 left promiscuous mode
[  177.854034][ T1110] Bluetooth: hci0: command 0x0401 tx timeout
[  180.485872][ T5580] netlink: 8 bytes leftover after parsing attributes in process `syz.2.396'.
[  181.034782][ T5584] netlink: 164 bytes leftover after parsing attributes in process `syz.2.397'.
[  181.636885][ T5594] netlink: 4 bytes leftover after parsing attributes in process `syz.4.399'.
[  181.668989][ T5594] device bridge0 entered promiscuous mode
[  181.680249][ T5594] bridge0: port 3(macsec1) entered blocking state
[  181.687017][ T5594] bridge0: port 3(macsec1) entered disabled state
[  181.849379][ T5594] device bridge0 left promiscuous mode
[  182.736203][ T1110] Bluetooth: hci0: command 0x0401 tx timeout
[  185.479438][ T1110] Bluetooth: hci0: command 0x0401 tx timeout
[  185.665098][ T5639] netlink: 4 bytes leftover after parsing attributes in process `syz.4.412'.
[  185.676948][ T5639] device bridge0 entered promiscuous mode
[  185.683688][ T5639] bridge0: port 3(macsec1) entered blocking state
[  185.690179][ T5639] bridge0: port 3(macsec1) entered disabled state
[  185.758218][ T5639] device bridge0 left promiscuous mode
[  185.800470][ T5647] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  185.812997][ T5643] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  185.826982][ T5643] netlink: 164 bytes leftover after parsing attributes in process `syz.0.414'.
[  185.976680][ T4212] Bluetooth: hci1: command 0x0406 tx timeout
[  185.985039][ T4212] Bluetooth: hci2: command 0x0406 tx timeout
[  186.005438][ T4289] usb 5-1: new low-speed USB device number 2 using dummy_hcd
[  186.154546][ T4212] Bluetooth: hci3: command 0x0406 tx timeout
[  186.446641][ T4289] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  186.632025][ T4289] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  186.642627][ T4289] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  186.652098][ T4289] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  186.667135][ T4289] usb 5-1: config 0 descriptor??
[  187.023518][ T5667] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  187.068445][ T5667] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  187.096693][ T5667] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  187.336582][ T5667] bond0: (slave bond_slave_0): Releasing backup interface
[  187.374674][ T5667] bond0: (slave bond_slave_1): Releasing backup interface
[  187.470638][ T5667] team0: Port device team_slave_0 removed
[  187.494369][ T5667] team0: Port device team_slave_1 removed
[  187.508506][ T5667] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  187.519652][ T5667] batman_adv: batadv0: Removing interface: batadv_slave_0
[  187.530596][ T5667] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  187.549852][ T5667] batman_adv: batadv0: Removing interface: batadv_slave_1
[  187.575520][ T4289] Bluetooth: hci0: command 0x0406 tx timeout
[  188.384984][ T4208] usb 5-1: USB disconnect, device number 2
[  189.098374][ T5692] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  189.853304][ T4207] Bluetooth: hci0: command 0x0401 tx timeout
[  190.835963][ T5725] netlink: 4 bytes leftover after parsing attributes in process `syz.2.438'.
[  190.880693][ T5725] device bridge0 entered promiscuous mode
[  190.896438][ T5725] bridge0: port 3(macsec1) entered blocking state
[  190.903141][ T5725] bridge0: port 3(macsec1) entered disabled state
[  191.358471][ T5725] device bridge0 left promiscuous mode
[  192.179708][ T5740] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  195.445621][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[  195.451999][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  197.017619][ T5785] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  199.355595][ T4212] Bluetooth: hci0: command 0x0401 tx timeout
[  200.971639][ T5837] ax25_connect(): syz.3.472 uses autobind, please contact jreuter@yaina.de
[  204.749792][ T5889] loop3: detected capacity change from 0 to 128
[  205.057684][ T5891] netlink: 'syz.3.487': attribute type 4 has an invalid length.
[  206.034277][ T4289] Bluetooth: hci0: command 0x0401 tx timeout
[  206.500486][ T5919] loop3: detected capacity change from 0 to 2048
[  206.611947][ T5919] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  206.777721][ T5926] netlink: 12 bytes leftover after parsing attributes in process `syz.3.498'.
[  208.847844][ T5954] netlink: 8 bytes leftover after parsing attributes in process `syz.3.508'.
[  209.385509][ T4207] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[  210.805606][ T4207] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  210.825260][ T4207] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.833288][ T4207] usb 2-1: Product: syz
[  210.844536][ T4207] usb 2-1: Manufacturer: syz
[  210.859590][ T4207] usb 2-1: SerialNumber: syz
[  210.887971][ T4207] usb 2-1: config 0 descriptor??
[  211.131192][ T5986] netlink: 12 bytes leftover after parsing attributes in process `syz.3.517'.
[  211.255650][ T4212] Bluetooth: hci0: command 0x0401 tx timeout
[  211.396930][ T4207] airspy 2-1:0.0: Board ID: 00
[  211.402162][ T4207] airspy 2-1:0.0: Firmware version: 
[  211.605952][ T4207] airspy 2-1:0.0: usb_control_msg() failed -71 request 11
[  211.722995][ T4207] airspy 2-1:0.0: Registered as swradio24
[  211.817029][ T4207] airspy 2-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  211.856059][ T5986] device vlan2 entered promiscuous mode
[  211.878065][ T4207] usb 2-1: USB disconnect, device number 2
[  214.255348][ T4209] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  214.626977][ T4209] usb 1-1: Using ep0 maxpacket: 8
[  214.851097][ T4209] usb 1-1: config 10 has an invalid interface number: 193 but max is 0
[  214.869330][ T4209] usb 1-1: config 10 has no interface number 0
[  215.101257][ T4209] usb 1-1: New USB device found, idVendor=0bda, idProduct=0129, bcdDevice=be.93
[  215.124627][ T4209] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  215.147700][ T4209] usb 1-1: Product: syz
[  215.156651][ T4209] usb 1-1: Manufacturer: syz
[  215.170566][ T4209] usb 1-1: SerialNumber: syz
[  216.775609][ T4209] rtsx_usb: probe of 1-1:10.193 failed with error -22
[  217.474309][ T4289] Bluetooth: hci0: command 0x0401 tx timeout
[  217.706097][ T4209] usb 1-1: USB disconnect, device number 4
[  219.677290][ T6066] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input10
[  219.691059][ T6068] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  219.974735][ T6077] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  221.495101][ T6085] loop1: detected capacity change from 0 to 2048
[  221.773417][ T6091] device syzkaller0 entered promiscuous mode
[  221.867490][ T6085] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  222.030995][ T4283] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  225.437293][ T6115] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input11
[  227.166389][ T6142] loop1: detected capacity change from 0 to 2048
[  227.194376][ T6144] device syzkaller0 entered promiscuous mode
[  227.233317][ T6142] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  227.882521][ T4210] Bluetooth: hci0: command 0x0401 tx timeout
[  229.722853][ T6185] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  229.932569][ T6189] netlink: 164 bytes leftover after parsing attributes in process `syz.3.573'.
[  230.102666][ T6192] loop2: detected capacity change from 0 to 2048
[  230.425523][ T6192] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  230.779467][ T6199] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  234.321357][ T6246] loop3: detected capacity change from 0 to 2048
[  234.583086][ T6246] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  234.625369][ T4210] Bluetooth: hci0: command 0x0401 tx timeout
[  235.521612][ T6262] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  235.948380][ T4207] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  236.475591][ T4207] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  236.516324][ T4207] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  237.475420][ T4207] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  237.484501][ T4207] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  237.507396][ T4207] usb 4-1: config 0 descriptor??
[  237.627666][ T4207] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  237.653475][ T4207] dvb-usb: bulk message failed: -22 (3/0)
[  237.744433][ T4207] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  237.825911][ T4207] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  237.833291][ T4207] usb 4-1: media controller created
[  237.867385][ T6263] syz.3.595 uses obsolete (PF_INET,SOCK_PACKET)
[  237.937214][ T4207] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  238.379102][ T4207] dvb-usb: bulk message failed: -22 (6/0)
[  238.520749][ T4207] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  238.637528][ T4207] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input12
[  238.731078][ T4207] dvb-usb: schedule remote query interval to 150 msecs.
[  238.775435][ T4207] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  239.945967][ T1110] dvb-usb: bulk message failed: -22 (1/0)
[  239.952049][ T1110] dvb-usb: error while querying for an remote control event.
[  240.009966][ T4289] usb 4-1: USB disconnect, device number 4
[  240.861766][ T4289] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  241.735499][ T6337] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  242.945342][ T4210] Bluetooth: hci0: command 0x0401 tx timeout
[  245.316624][ T6381] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  250.098767][ T6436] netlink: 8 bytes leftover after parsing attributes in process `syz.2.648'.
[  250.946062][ T4207] Bluetooth: hci0: command 0x0401 tx timeout
[  253.904976][ T6472] device syzkaller0 entered promiscuous mode
[  253.995553][ T6478] netlink: 8 bytes leftover after parsing attributes in process `syz.4.661'.
[  254.848886][ T6490] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  255.605743][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[  255.662944][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  256.691304][ T6510] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  256.742268][ T6510] netlink: 164 bytes leftover after parsing attributes in process `syz.0.669'.
[  258.139328][ T6523] netlink: 8 bytes leftover after parsing attributes in process `syz.4.676'.
[  258.997492][ T6543] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  260.968420][ T1108] usb 3-1: new low-speed USB device number 2 using dummy_hcd
[  261.406141][ T1108] usb 3-1: config index 0 descriptor too short (expected 6427, got 27)
[  261.415409][ T1108] usb 3-1: config 0 has an invalid interface number: 21 but max is 0
[  261.423677][ T1108] usb 3-1: config 0 has no interface number 0
[  261.431493][ T1108] usb 3-1: config 0 interface 21 altsetting 0 has an invalid endpoint with address 0x61, skipping
[  261.443364][ T1108] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  262.505445][ T1108] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  262.626262][ T1108] usb 3-1: config 0 descriptor??
[  262.662530][ T6553] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  263.172104][ T6578] netlink: 8 bytes leftover after parsing attributes in process `syz.0.690'.
[  263.193865][   T13] usb 3-1: USB disconnect, device number 2
[  263.440929][ T6558] netlink: 164 bytes leftover after parsing attributes in process `syz.3.686'.
[  263.745181][ T6570] netlink: 164 bytes leftover after parsing attributes in process `syz.4.689'.
[  263.868934][ T6589] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  264.617064][ T6596] loop4: detected capacity change from 0 to 2048
[  264.717705][ T6596] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  265.072441][ T6605] device syzkaller0 entered promiscuous mode
[  265.493513][ T6614] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  265.932730][ T6616] netlink: 12 bytes leftover after parsing attributes in process `syz.0.703'.
[  266.017467][ T6616] netlink: 8 bytes leftover after parsing attributes in process `syz.0.703'.
[  266.265327][ T4210] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  266.735506][ T4210] usb 5-1: Using ep0 maxpacket: 8
[  266.855754][ T4210] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  267.086835][ T4210] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  267.555923][ T4210] usb 5-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  267.566005][ T4210] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.574262][ T4210] usb 5-1: Product: syz
[  267.579320][ T4210] usb 5-1: Manufacturer: syz
[  267.584136][ T4210] usb 5-1: SerialNumber: syz
[  267.619047][ T4210] usb 5-1: config 0 descriptor??
[  267.777651][ T4212] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  267.820006][ T6625] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  267.831835][ T6625] netlink: 164 bytes leftover after parsing attributes in process `syz.0.705'.
[  267.974573][ T6632] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  268.858412][ T1108] usb 5-1: USB disconnect, device number 3
[  269.003787][ T6639] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  269.026858][ T6639] netlink: 164 bytes leftover after parsing attributes in process `syz.0.708'.
[  269.645463][ T4212] usb 4-1: unable to read config index 0 descriptor/all
[  269.652528][ T4212] usb 4-1: can't read configurations, error -71
[  269.703461][ T6646] loop3: detected capacity change from 0 to 2048
[  269.823451][ T6646] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  269.831806][ T6652] netlink: 12 bytes leftover after parsing attributes in process `syz.2.716'.
[  271.215478][ T6664] netlink: 8 bytes leftover after parsing attributes in process `syz.2.716'.
[  271.516611][ T6657] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  275.234357][ T6692] xt_TPROXY: Can be used only with -p tcp or -p udp
[  275.268534][ T6692] blk_update_request: I/O error, dev loop3, sector 128 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0
[  275.280784][ T6692] gfs2: error 10 reading superblock
[  277.288728][ T6720] netlink: 12 bytes leftover after parsing attributes in process `syz.2.732'.
[  277.298103][ T6720] netlink: 12 bytes leftover after parsing attributes in process `syz.2.732'.
[  278.215958][ T6720] sctp: failed to load transform for md5: -4
[  279.956931][ T6749] lo speed is unknown, defaulting to 1000
[  279.962922][ T6749] lo speed is unknown, defaulting to 1000
[  279.970498][ T6749] lo speed is unknown, defaulting to 1000
[  279.979621][ T6749] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  279.991256][ T6749] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  280.129708][ T6749] lo speed is unknown, defaulting to 1000
[  280.136422][ T6749] lo speed is unknown, defaulting to 1000
[  280.142793][ T6749] lo speed is unknown, defaulting to 1000
[  280.149339][ T6749] lo speed is unknown, defaulting to 1000
[  280.156034][ T6749] lo speed is unknown, defaulting to 1000
[  281.480683][ T6764] netlink: 164 bytes leftover after parsing attributes in process `syz.4.745'.
[  282.100094][ T6789] netlink: 12 bytes leftover after parsing attributes in process `syz.1.754'.
[  282.166632][ T6789] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  285.129059][ T6834] netlink: 12 bytes leftover after parsing attributes in process `syz.1.769'.
[  285.193839][ T6834] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  285.657771][ T6846] netlink: 'syz.0.771': attribute type 4 has an invalid length.
[  286.768125][ T6867] netlink: 12 bytes leftover after parsing attributes in process `syz.3.779'.
[  286.797900][ T6867] device vlan2 entered promiscuous mode
[  287.402760][ T4289] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  287.705319][ T4289] usb 2-1: Using ep0 maxpacket: 32
[  287.976295][ T4289] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  288.255279][ T4289] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  288.278764][ T4289] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  288.301039][ T4289] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  288.360518][ T4289] usb 2-1: config 0 interface 0 has no altsetting 0
[  288.575674][ T4289] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  288.605125][ T4289] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  288.655325][ T4289] usb 2-1: Product: syz
[  288.659537][ T4289] usb 2-1: Manufacturer: syz
[  288.694767][ T4289] usb 2-1: SerialNumber: syz
[  288.781488][ T4289] usb 2-1: config 0 descriptor??
[  288.837245][ T4289] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  288.934404][ T4289] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  289.221675][ T4212] usb 2-1: USB disconnect, device number 3
[  289.231533][ T4212] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[  290.496006][ T6887] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  292.210278][ T6922] hub 8-0:1.0: USB hub found
[  292.218583][ T6922] hub 8-0:1.0: 1 port detected
[  292.850497][ T6930] netlink: 4 bytes leftover after parsing attributes in process `syz.4.799'.
[  292.980300][ T6930] device bridge_slave_1 left promiscuous mode
[  293.117464][ T6930] bridge0: port 2(bridge_slave_1) entered disabled state
[  293.763886][ T6930] device bridge_slave_0 left promiscuous mode
[  294.223116][ T6930] bridge0: port 1(bridge_slave_0) entered disabled state
[  294.915518][   T13] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  296.685602][   T13] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  296.702976][   T13] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  296.735296][   T13] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00
[  296.775564][   T13] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  296.790280][   T13] usb 1-1: config 0 descriptor??
[  297.380100][   T13] usbhid 1-1:0.0: can't add hid device: -71
[  297.387369][   T13] usbhid: probe of 1-1:0.0 failed with error -71
[  297.412211][   T13] usb 1-1: USB disconnect, device number 5
[  297.526311][ T6972] 9pnet: Insufficient options for proto=fd
[  300.412815][ T6993] device syzkaller0 entered promiscuous mode
[  301.632359][ T7005] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  301.986002][ T7010] lo speed is unknown, defaulting to 1000
[  302.451587][   T26] audit: type=1326 audit(1749300945.074:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7018 comm="syz.1.827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b0090d929 code=0x7ffc0000
[  303.457140][   T26] audit: type=1326 audit(1749300945.104:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7018 comm="syz.1.827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f7b0090d929 code=0x7ffc0000
[  303.535267][   T26] audit: type=1326 audit(1749300945.104:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7018 comm="syz.1.827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b0090d929 code=0x7ffc0000
[  303.594605][   T26] audit: type=1326 audit(1749300945.104:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7018 comm="syz.1.827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f7b0090d929 code=0x7ffc0000
[  303.629359][   T26] audit: type=1326 audit(1749300945.104:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7018 comm="syz.1.827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b0090d929 code=0x7ffc0000
[  303.992150][   T26] audit: type=1326 audit(1749300945.104:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7018 comm="syz.1.827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=50 compat=0 ip=0x7f7b0090d929 code=0x7ffc0000
[  304.505480][   T26] audit: type=1326 audit(1749300945.104:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7018 comm="syz.1.827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b0090d929 code=0x7ffc0000
[  304.607963][   T26] audit: type=1326 audit(1749300945.104:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7018 comm="syz.1.827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7b0090d929 code=0x7ffc0000
[  304.642447][   T26] audit: type=1326 audit(1749300945.104:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7018 comm="syz.1.827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b0090d929 code=0x7ffc0000
[  304.699978][   T26] audit: type=1326 audit(1749300945.114:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7018 comm="syz.1.827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f7b0090d929 code=0x7ffc0000
[  305.086566][ T1108] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  305.405620][ T1108] usb 1-1: Using ep0 maxpacket: 8
[  305.526432][ T1108] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  305.697533][ T1108] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  305.786663][ T1108] usb 1-1: config 0 descriptor??
[  306.212213][ T1108] asix 1-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  306.707709][ T4212] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  308.092645][ T4212] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  308.124750][ T7080] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  308.259333][ T4212] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  308.436227][ T4212] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  308.656102][ T1108] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  308.660740][ T4212] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  308.740473][ T1108] asix: probe of 1-1:0.0 failed with error -71
[  308.758716][ T1108] usb 1-1: USB disconnect, device number 6
[  308.831087][ T4212] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  308.898333][ T7084] loop1: detected capacity change from 0 to 2048
[  308.912303][ T4212] usb 5-1: config 0 descriptor??
[  308.952914][ T7084] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  309.019061][ T7084] netlink: 12 bytes leftover after parsing attributes in process `syz.1.846'.
[  309.098749][ T4212] usbhid 5-1:0.0: can't add hid device: -71
[  309.115870][ T4212] usbhid: probe of 5-1:0.0 failed with error -71
[  309.151875][ T4212] usb 5-1: USB disconnect, device number 4
[  311.458964][   T26] kauditd_printk_skb: 12 callbacks suppressed
[  311.458979][   T26] audit: type=1326 audit(1749300954.084:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7106 comm="syz.2.853" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa537acb929 code=0x0
[  313.795403][ T1108] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  314.685482][ T1108] usb 3-1: device descriptor read/64, error -71
[  314.832355][ T4209] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  314.996331][ T1108] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  315.546185][ T7140] device syzkaller0 entered promiscuous mode
[  315.738690][ T4209] usb 5-1: unable to get BOS descriptor or descriptor too short
[  315.855659][ T4209] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  315.907509][ T4209] usb 5-1: config 1 has no interface number 1
[  316.019242][ T4209] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  316.205581][ T4209] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  316.225011][ T4209] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  316.244619][ T4209] usb 5-1: Product: syz
[  316.259503][ T4209] usb 5-1: Manufacturer: syz
[  316.269451][ T4209] usb 5-1: SerialNumber: syz
[  316.276892][ T7156] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  317.044008][ T7162] netlink: 8 bytes leftover after parsing attributes in process `syz.2.871'.
[  317.331092][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[  317.337442][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  317.581145][ T4209] usb 5-1: found format II with max.bitrate = 26774, frame size=2
[  318.437617][ T4209] usb 5-1: found format II with max.bitrate = 26774, frame size=2
[  318.642997][ T7176] netlink: 164 bytes leftover after parsing attributes in process `syz.0.875'.
[  318.746338][ T4209] usb 5-1: 2:1: cannot set freq 13251989 to ep 0x82
[  319.194281][ T7181] device syzkaller0 entered promiscuous mode
[  319.341150][ T4209] usb 5-1: USB disconnect, device number 5
[  320.373217][ T4362] udevd[4362]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  320.638411][ T7199] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  324.636767][ T7235] netlink: 164 bytes leftover after parsing attributes in process `syz.1.892'.
[  325.479083][   T26] audit: type=1326 audit(1749300967.894:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7238 comm="syz.3.894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9a5aff929 code=0x7fc00000
[  329.215407][ T4210] usb 2-1: new low-speed USB device number 4 using dummy_hcd
[  331.471616][ T7273] netlink: 8 bytes leftover after parsing attributes in process `syz.4.904'.
[  331.515601][ T7273] netlink: set zone limit has 8 unknown bytes
[  331.720098][ T7277] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  332.565096][ T7279] device syzkaller0 entered promiscuous mode
[  332.844214][ T7288] autofs4:pid:7288:autofs_fill_super: called with bogus options
[  332.942080][ T7285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  332.961032][ T7285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  333.515426][ T7285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  333.635272][ T7285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  333.675327][ T7285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  333.695284][ T7285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  333.718925][ T7285] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  334.576713][ T7285] device batadv_slave_0 entered promiscuous mode
[  336.029917][ T7309] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  337.687019][ T7324] netlink: 164 bytes leftover after parsing attributes in process `syz.3.918'.
[  338.145118][ T7327] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  339.524222][ T7339] autofs4:pid:7339:autofs_fill_super: called with bogus options
[  340.600291][ T7353] loop3: detected capacity change from 0 to 128
[  342.306027][ T7349] device syzkaller0 entered promiscuous mode
[  342.528241][ T7359] netlink: 'syz.3.928': attribute type 4 has an invalid length.
[  344.000849][ T7377] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  344.141317][ T7379] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  345.785765][ T4209] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  346.353844][ T4209] usb 5-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=7d.08
[  346.445413][ T4209] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.447695][ T7405] netlink: 164 bytes leftover after parsing attributes in process `syz.1.939'.
[  346.462811][ T4209] usb 5-1: Product: syz
[  346.462899][ T4209] usb 5-1: Manufacturer: syz
[  346.462980][ T4209] usb 5-1: SerialNumber: syz
[  346.574942][ T4209] usb 5-1: config 0 descriptor??
[  346.684612][ T4209] gm12u320 5-1:0.0: [drm:gm12u320_set_ecomode] *ERROR* Misc. req. error -22
[  346.694975][ T4209] gm12u320: probe of 5-1:0.0 failed with error -5
[  346.971855][ T4209] usb-storage 5-1:0.0: USB Mass Storage device detected
[  347.032710][ T7407] udc-core: couldn't find an available UDC or it's busy
[  347.040700][ T7407] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  347.185878][ T4209] usb-storage 5-1:0.0: device ignored
[  348.753060][ T7416] loop1: detected capacity change from 0 to 128
[  349.459343][   T13] usb 3-1: new low-speed USB device number 5 using dummy_hcd
[  349.464488][ T7425] device syzkaller0 entered promiscuous mode
[  349.984169][ T7416] netlink: 'syz.1.942': attribute type 4 has an invalid length.
[  350.183508][ T1108] usb 5-1: USB disconnect, device number 6
[  350.228166][ T7434] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  350.296067][   T13] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  350.899625][ T7437] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  351.120538][   T13] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  351.129639][   T13] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  351.138743][   T13] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  351.148721][   T13] usb 3-1: config 0 descriptor??
[  351.738259][   T13] usb 3-1: can't set config #0, error -71
[  351.745110][   T13] usb 3-1: USB disconnect, device number 5
[  356.355305][   T13] usb 4-1: new low-speed USB device number 7 using dummy_hcd
[  356.845348][ T7498] 9pnet: Could not find request transport: fd0x00000000000000040x0000000000000006
[  357.815650][   T13] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  357.988309][   T13] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  357.997669][   T13] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  358.006847][   T13] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  358.018105][   T13] usb 4-1: config 0 descriptor??
[  358.060655][   T13] usb 4-1: can't set config #0, error -71
[  358.904570][   T13] usb 4-1: USB disconnect, device number 7
[  359.471716][ T7533] netlink: 164 bytes leftover after parsing attributes in process `syz.1.973'.
[  360.981299][ T7547] device syzkaller0 entered promiscuous mode
[  361.266722][ T4289] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  362.407038][ T7556] netlink: 4 bytes leftover after parsing attributes in process `syz.1.980'.
[  362.420380][ T7556] device bridge0 entered promiscuous mode
[  362.427481][ T7556] bridge0: port 3(macsec1) entered blocking state
[  362.433954][ T7556] bridge0: port 3(macsec1) entered disabled state
[  362.443042][ T7556] device bridge0 left promiscuous mode
[  362.520588][ T7563] xt_l2tp: invalid flags combination: 0
[  362.635326][ T4289] usb 5-1: Using ep0 maxpacket: 8
[  362.769852][ T4289] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  362.868424][ T4289] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF9, skipping
[  362.880185][ T4289] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  362.994179][ T4289] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  363.015418][ T4289] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  363.225423][ T4289] usb 5-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[  363.256837][ T4289] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  363.264878][ T4289] usb 5-1: Product: syz
[  363.269183][ T4289] usb 5-1: Manufacturer: syz
[  363.273782][ T4289] usb 5-1: SerialNumber: syz
[  363.280516][ T4289] usb 5-1: config 0 descriptor??
[  363.900002][ T7551] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  364.884024][ T7571] overlayfs: missing 'lowerdir'
[  365.025557][ T4289] usb 5-1: can't set config #0, error -71
[  365.057267][ T4289] usb 5-1: USB disconnect, device number 7
[  367.795897][ T7604] fuse: Unknown parameter '000000000000000000000040x0000000000000004'
[  369.045763][ T7618] netlink: 4 bytes leftover after parsing attributes in process `syz.0.995'.
[  369.082712][ T7618] bridge0: port 1(macsec1) entered blocking state
[  369.089458][ T7618] bridge0: port 1(macsec1) entered disabled state
[  369.667566][ T7621] device syzkaller0 entered promiscuous mode
[  369.797139][ T7631] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1000'.
[  371.133497][ T7653] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1006'.
[  374.408993][ T7681] loop4: detected capacity change from 0 to 128
[  374.758532][ T7684] netlink: 'syz.4.1014': attribute type 4 has an invalid length.
[  378.062581][ T7720] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1024'.
[  378.093319][ T7720] device bridge0 entered promiscuous mode
[  378.104159][ T7720] bridge0: port 3(macsec1) entered blocking state
[  378.110834][ T7720] bridge0: port 3(macsec1) entered disabled state
[  378.469136][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[  378.475737][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  378.694741][ T7720] device bridge0 left promiscuous mode
[  379.797132][ T7740] device syzkaller0 entered promiscuous mode
[  382.279595][ T7777] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1038'.
[  382.586117][ T7777] device veth1_macvtap left promiscuous mode
[  383.233738][ T7790] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1041'.
[  384.343704][ T7801] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  385.122742][ T7797] device syzkaller0 entered promiscuous mode
[  385.665414][ T4209] usb 2-1: new full-speed USB device number 5 using dummy_hcd
[  386.505617][ T4209] usb 2-1: config 0 has an invalid interface number: 251 but max is 0
[  386.630730][ T4209] usb 2-1: config 0 has no interface number 0
[  386.805598][ T4209] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  386.829902][ T4209] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  386.853253][ T4209] usb 2-1: Product: syz
[  386.859661][ T4209] usb 2-1: Manufacturer: syz
[  386.864467][ T4209] usb 2-1: SerialNumber: syz
[  386.921731][ T4209] usb 2-1: config 0 descriptor??
[  387.028093][ T7831] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1054'.
[  387.345613][ T4209] asix: probe of 2-1:0.251 failed with error -71
[  387.391162][ T4209] usb 2-1: USB disconnect, device number 5
[  387.959234][ T7846] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  388.666995][ T7851] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  390.991892][ T7879] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1070'.
[  391.415380][ T4209] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  391.558935][ T7892] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  391.776115][ T4209] usb 4-1: New USB device found, idVendor=093a, idProduct=050f, bcdDevice=c2.b7
[  392.550975][ T4209] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  392.960165][ T4209] gspca_main: mars-2.14.0 probing 093a:050f
[  394.315729][ T7908] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1072'.
[  396.017696][ T7916] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1081'.
[  396.164502][ T4209] usb 4-1: USB disconnect, device number 8
[  396.323313][ T7927] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  396.422074][ T7929] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1086'.
[  396.645027][ T7934] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  398.725644][ T7938] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  398.965677][ T4289] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  399.645364][ T4289] usb 2-1: Using ep0 maxpacket: 8
[  399.665681][ T7965] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1101'.
[  399.674851][ T7965] device bridge_slave_1 left promiscuous mode
[  399.687558][ T7965] bridge0: port 2(bridge_slave_1) entered disabled state
[  399.697594][ T7965] device bridge_slave_0 left promiscuous mode
[  399.703961][ T7965] bridge0: port 1(bridge_slave_0) entered disabled state
[  399.765463][ T4979] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  399.801525][ T4289] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  399.801552][ T4289] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  399.801606][ T4289] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  399.801634][ T4289] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  399.801673][ T4289] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  399.801696][ T4289] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  399.847809][ T4289] hub 2-1:1.0: bad descriptor, ignoring hub
[  399.847865][ T4289] hub: probe of 2-1:1.0 failed with error -5
[  399.848327][ T4289] cdc_wdm 2-1:1.0: skipping garbage
[  399.848343][ T4289] cdc_wdm 2-1:1.0: skipping garbage
[  399.852890][ T4289] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  399.852921][ T4289] cdc_wdm 2-1:1.0: Unknown control protocol
[  400.193430][ T7973] udc-core: couldn't find an available UDC or it's busy
[  400.223099][ T7973] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  400.410225][ T4979] usb 3-1: Using ep0 maxpacket: 8
[  400.628150][ T4979] usb 3-1: unable to get BOS descriptor or descriptor too short
[  400.636580][ T7978] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  401.156108][ T4289] usb 2-1: USB disconnect, device number 6
[  401.164010][ T7948] cdc_wdm 2-1:1.0: Error autopm - -16
[  401.515431][ T4979] usb 3-1: config 8 has an invalid interface number: 255 but max is 0
[  401.524573][ T4979] usb 3-1: config 8 has no interface number 0
[  401.530787][ T4979] usb 3-1: config 8 interface 255 has no altsetting 0
[  401.835546][ T4979] usb 3-1: string descriptor 0 read error: -22
[  401.949782][ T4979] usb 3-1: New USB device found, idVendor=0423, idProduct=000c, bcdDevice=2e.bf
[  401.983128][ T4979] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  403.031404][ T4289] hid-generic 0000:FFFFFFFD:0000.0001: item fetching failed at offset 0/2
[  403.069585][ T4289] hid-generic: probe of 0000:FFFFFFFD:0000.0001 failed with error -22
[  403.132512][ T8016] netlink: 988 bytes leftover after parsing attributes in process `syz.3.1116'.
[  403.251214][ T8018] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  403.455687][ T4979] eth%d: CATC EL1210A NetMate USB Ethernet at usb-dummy_hcd.2-1, 00:00:00:00:00:00.
[  404.103874][ T4979] usb 3-1: USB disconnect, device number 6
[  404.140509][ T8023] netlink: 164 bytes leftover after parsing attributes in process `syz.4.1120'.
[  405.516949][ T8060] netlink: 988 bytes leftover after parsing attributes in process `syz.4.1129'.
[  406.305805][ T8072] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1131'.
[  407.429696][ T8081] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1134'.
[  407.462702][ T8082] UBIFS error (pid: 8082): cannot open "/dev/sg0", error -22
[  408.207433][ T8086] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  408.735278][ T4212] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  408.879520][ T8098] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  409.126556][ T8102] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1141'.
[  409.145577][ T4212] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  409.165377][ T4212] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  409.776004][ T8102] device vlan2 entered promiscuous mode
[  409.798907][ T4212] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  409.815379][ T4212] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  409.895694][ T8087] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  409.971679][ T8110] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1143'.
[  410.156802][ T4212] usb 3-1: USB disconnect, device number 7
[  410.945723][ T8122] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1147'.
[  410.997665][ T8124] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  411.153564][ T7197] udevd[7197]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  411.463416][ T8137] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  412.551424][ T8145] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1157'.
[  414.481322][ T8166] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1162'.
[  415.384214][ T8180] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  416.270923][ T8184] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1168'.
[  418.087736][ T8214] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1178'.
[  419.004729][ T8225] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  419.928559][ T8229] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1181'.
[  422.764987][ T8270] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1187'.
[  422.836954][ T8270] device vlan2 entered promiscuous mode
[  424.165984][ T8284] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1197'.
[  424.198202][ T8284] device bridge0 entered promiscuous mode
[  424.208621][ T8284] bridge0: port 3(macsec1) entered blocking state
[  424.215219][ T8284] bridge0: port 3(macsec1) entered disabled state
[  424.391701][ T8284] device bridge0 left promiscuous mode
[  426.766965][ T8317] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1209'.
[  426.798990][ T8317] device bridge0 entered promiscuous mode
[  426.810055][ T8317] bridge0: port 3(macsec1) entered blocking state
[  426.816877][ T8317] bridge0: port 3(macsec1) entered disabled state
[  427.029130][ T8317] device bridge0 left promiscuous mode
[  428.531147][ T8347] netlink: 164 bytes leftover after parsing attributes in process `syz.4.1218'.
[  428.653203][ T8350] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  429.181198][ T8362] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1222'.
[  429.218024][ T8362] bridge0: port 1(macsec1) entered blocking state
[  429.224766][ T8362] bridge0: port 1(macsec1) entered disabled state
[  429.580124][ T8364] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1214'.
[  429.745065][ T8364] device vlan2 entered promiscuous mode
[  431.028345][ T8385] loop4: detected capacity change from 0 to 128
[  431.430409][ T8391] netlink: 'syz.4.1229': attribute type 4 has an invalid length.
[  431.471486][ T8393] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  432.017922][ T8403] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1235'.
[  432.055239][ T8403] bridge0: port 1(macsec1) entered blocking state
[  432.061929][ T8403] bridge0: port 1(macsec1) entered disabled state
[  432.589818][ T8407] overlayfs: missing 'lowerdir'
[  433.498505][ T8426] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1245'.
[  433.520811][ T8430] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  433.737943][ T8433] loop3: detected capacity change from 0 to 128
[  433.812458][ T8435] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  434.044106][ T8437] netlink: 'syz.3.1247': attribute type 4 has an invalid length.
[  435.710742][ T8468] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1256'.
[  436.180191][ T8467] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1258'.
[  436.270302][ T8474] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1259'.
[  436.619989][ T8482] overlayfs: missing 'lowerdir'
[  436.938172][ T8485] loop2: detected capacity change from 0 to 128
[  437.282035][ T8487] netlink: 'syz.2.1262': attribute type 4 has an invalid length.
[  437.540168][ T8490] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1263'.
[  437.567413][ T8490] device bridge0 entered promiscuous mode
[  437.577956][ T8490] bridge0: port 3(macsec1) entered blocking state
[  437.584799][ T8490] bridge0: port 3(macsec1) entered disabled state
[  437.969867][ T8490] device bridge0 left promiscuous mode
[  438.511141][ T8507] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  439.490313][ T8511] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1271'.
[  439.943511][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[  439.949886][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  440.337335][ T8522] overlayfs: missing 'lowerdir'
[  440.744058][ T8527] loop1: detected capacity change from 0 to 128
[  441.092062][ T8529] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1276'.
[  441.144672][ T8531] netlink: 'syz.1.1275': attribute type 4 has an invalid length.
[  441.482540][ T8542] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1278'.
[  443.649216][ T8565] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1285'.
[  443.863704][ T8568] loop1: detected capacity change from 0 to 2048
[  443.958831][ T8571] overlayfs: missing 'lowerdir'
[  444.432091][ T8576] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1290'.
[  444.492860][ T8568] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  444.789348][ T8568] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1288'.
[  447.653161][ T8609] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1301'.
[  447.708731][ T8616] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1300'.
[  447.864470][ T8618] netlink: 164 bytes leftover after parsing attributes in process `syz.4.1303'.
[  447.974368][ T8623] overlayfs: missing 'lowerdir'
[  448.634961][ T8632] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1306'.
[  448.689587][ T8634] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  449.764907][ T8644] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  449.966719][ T8656] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1315'.
[  451.041905][ T8659] overlayfs: missing 'lowerdir'
[  451.815370][ T8679] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1321'.
[  451.887656][ T8681] loop4: detected capacity change from 0 to 128
[  452.228989][ T8687] netlink: 'syz.4.1322': attribute type 4 has an invalid length.
[  452.939342][ T8691] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  453.217074][ T8700] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1326'.
[  453.529071][ T8705] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1329'.
[  453.606157][ T8709] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  453.615253][ T8709] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  455.860147][ T8735] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  455.868176][ T8730] loop3: detected capacity change from 0 to 128
[  456.198725][ T8741] netlink: 'syz.3.1337': attribute type 4 has an invalid length.
[  456.358182][ T8746] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  456.367422][ T8746] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  457.497816][ T8758] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1344'.
[  458.854408][ T8790] loop1: detected capacity change from 0 to 128
[  459.813761][ T8795] netlink: 'syz.1.1356': attribute type 4 has an invalid length.
[  460.298547][ T8806] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  460.307689][ T8806] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  460.896894][ T8810] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1361'.
[  461.010537][ T8816] netlink: 164 bytes leftover after parsing attributes in process `syz.4.1363'.
[  463.133813][ T8841] loop0: detected capacity change from 0 to 128
[  463.468700][ T8850] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  463.787013][ T8852] netlink: 'syz.0.1369': attribute type 4 has an invalid length.
[  464.744916][ T8867] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1377'.
[  467.535530][ T8894] loop2: detected capacity change from 0 to 128
[  468.264603][ T8907] overlayfs: missing 'lowerdir'
[  468.827912][ T8915] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1390'.
[  469.298420][ T8922] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  471.449378][ T8955] overlayfs: missing 'lowerdir'
[  471.858955][ T8952] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1400'.
[  472.227600][ T8964] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1405'.
[  472.746794][ T8974] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  474.741658][ T8983] overlayfs: missing 'workdir'
[  474.808093][ T8992] netlink: 164 bytes leftover after parsing attributes in process `syz.4.1415'.
[  474.968338][ T9003] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1417'.
[  478.288744][ T9026] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1425'.
[  478.320033][ T9037] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1428'.
[  478.599699][ T9048] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1433'.
[  479.572898][ T9056] overlayfs: missing 'workdir'
[  482.773385][ T9072] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1440'.
[  482.802055][ T9087] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1444'.
[  484.059699][ T9098] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  484.145171][ T9106] overlayfs: missing 'workdir'
[  486.220416][ T9134] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1457'.
[  486.774418][ T9137] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1459'.
[  488.910395][ T9160] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  489.589500][ T9176] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1471'.
[  490.082205][ T9178] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1472'.
[  491.193657][ T9184] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  491.469446][ T9196] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  493.017027][ T9217] netlink: 164 bytes leftover after parsing attributes in process `syz.4.1484'.
[  493.863189][ T9227] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1486'.
[  495.324592][ T9243] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  496.094171][ T9254] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1497'.
[  496.257058][ T9254] device bridge_slave_1 left promiscuous mode
[  496.315519][ T9254] bridge0: port 2(bridge_slave_1) entered disabled state
[  496.373036][ T9254] device bridge_slave_0 left promiscuous mode
[  496.415386][ T9254] bridge0: port 1(bridge_slave_0) entered disabled state
[  497.199634][ T9265] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1499'.
[  497.774397][ T9269] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1502'.
[  502.440178][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[  502.461010][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  503.301330][ T9305] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1511'.
[  507.304283][ T9341] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  507.877485][ T9354] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1528'.
[  508.103991][ T9359] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  508.315514][ T9363] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1527'.
[  508.347158][ T9363] device vlan2 entered promiscuous mode
[  512.886258][ T9403] netlink: 164 bytes leftover after parsing attributes in process `syz.4.1539'.
[  513.436808][ T9418] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  516.020803][ T9456] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1556'.
[  517.391575][ T9475] netlink: zone id is out of range
[  519.461928][ T9484] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  521.310029][ T9478] syz.4.1560 (9478) used greatest stack depth: 18272 bytes left
[  527.181156][ T9554] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1584'.
[  528.632970][ T9577] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1593'.
[  528.683913][ T9577] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1593'.
[  534.191966][ T9628] loop3: detected capacity change from 0 to 128
[  536.616325][ T9663] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1620'.
[  539.304924][ T4209] Bluetooth: hci0: command 0x0401 tx timeout
[  539.920075][ T9682] loop4: detected capacity change from 0 to 128
[  539.970307][ T9687] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1628'.
[  540.176322][ T9687] device bridge_slave_1 left promiscuous mode
[  540.547438][ T9687] bridge0: port 2(bridge_slave_1) entered disabled state
[  540.600247][ T9687] device bridge_slave_0 left promiscuous mode
[  540.674397][ T9687] bridge0: port 1(bridge_slave_0) entered disabled state
[  545.941126][ T9719] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  546.850394][ T9736] netlink: 164 bytes leftover after parsing attributes in process `syz.4.1639'.
[  549.770041][ T9759] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1646'.
[  549.835478][ T4209] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  549.911380][ T9759] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1646'.
[  550.706074][ T4209] usb 2-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  551.096087][ T4209] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  551.153605][ T9770] netlink: 'syz.2.1649': attribute type 10 has an invalid length.
[  551.155908][ T4209] usb 2-1: config 0 descriptor??
[  551.183671][ T9769] binder: 9768:9769 ioctl c0306201 0 returned -14
[  551.250577][ T9770] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  551.267211][ T4209] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  551.291329][ T9769] binder: 9768:9769 ioctl 400c620e 200000000040 returned -22
[  551.293113][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  551.495415][ T4209] gp8psk: usb in 128 operation failed.
[  551.880025][ T9781] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1652'.
[  551.965366][ T4209] gp8psk: usb in 137 operation failed.
[  551.974062][ T4209] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  552.865819][ T4209] dvbdev: DVB: registering new adapter (Genpix SkyWalker-1 DVB-S receiver)
[  552.921366][ T4209] usb 2-1: media controller created
[  553.183272][ T4209] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  553.213696][ T9793] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  553.570734][ T4209] gp8psk_fe: Frontend attached
[  553.583255][ T9802] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  553.615893][ T4209] usb 2-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[  553.625056][ T4209] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  554.584155][ T9814] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1660'.
[  557.205652][ T4209] gp8psk: usb in 138 operation failed.
[  557.216414][ T4209] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully initialized and connected.
[  557.748317][ T4209] gp8psk: found Genpix USB device pID = 203 (hex)
[  557.771701][ T4209] usb 2-1: USB disconnect, device number 7
[  558.167682][ T9828] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  558.212385][ T9828] sg_write: data in/out 209152/1 bytes for SCSI command 0xf2-- guessing data in;
[  558.212385][ T9828]    program syz.0.1666 not setting count and/or reply_len properly
[  558.848682][ T4209] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully deinitialized and disconnected.
[  560.006319][ T9839] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  560.410090][ T9845] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  561.280175][ T9830] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  561.329189][ T9830] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  561.373188][ T9830] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  561.549908][ T9830] bond0: (slave bond_slave_0): Releasing backup interface
[  561.923032][ T9830] bond0: (slave bond_slave_1): Releasing backup interface
[  562.007512][ T9830] team0: Port device team_slave_0 removed
[  562.037986][ T9830] team0: Port device team_slave_1 removed
[  562.044607][ T9830] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  562.052566][ T9830] batman_adv: batadv0: Removing interface: batadv_slave_0
[  562.061778][ T9830] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  562.070204][ T9830] batman_adv: batadv0: Removing interface: batadv_slave_1
[  562.779589][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[  562.788953][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  564.541810][ T9878] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1682'.
[  564.561706][ T9878] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1682'.
[  566.801876][ T9879] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  567.587434][ T9909] ==================================================================
[  567.596000][ T9909] BUG: KASAN: use-after-free in ax25_addr_ax25dev+0x55/0x160
[  567.603437][ T9909] Read of size 8 at addr ffff8880295c4f08 by task syz.3.1686/9909
[  567.611234][ T9909] 
[  567.613562][ T9909] CPU: 0 PID: 9909 Comm: syz.3.1686 Not tainted 5.15.185-syzkaller #0
[  567.621712][ T9909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  567.631864][ T9909] Call Trace:
[  567.635140][ T9909]  <TASK>
[  567.638072][ T9909]  dump_stack_lvl+0x168/0x230
[  567.642775][ T9909]  ? show_regs_print_info+0x20/0x20
[  567.647991][ T9909]  ? _printk+0xcc/0x110
[  567.652196][ T9909]  ? ax25_addr_ax25dev+0x55/0x160
[  567.657219][ T9909]  ? load_image+0x3b0/0x3b0
[  567.661714][ T9909]  ? _raw_spin_lock_irqsave+0xb0/0xf0
[  567.667089][ T9909]  print_address_description+0x60/0x2d0
[  567.672644][ T9909]  ? ax25_addr_ax25dev+0x55/0x160
[  567.677667][ T9909]  kasan_report+0xdf/0x130
[  567.682078][ T9909]  ? ax25_addr_ax25dev+0x55/0x160
[  567.687097][ T9909]  ax25_addr_ax25dev+0x55/0x160
[  567.691950][ T9909]  ax25_bind+0x4ea/0xb60
[  567.696214][ T9909]  __sys_bind+0x2f4/0x3f0
[  567.700566][ T9909]  ? __lock_acquire+0x7c60/0x7c60
[  567.705614][ T9909]  ? __ia32_sys_socketpair+0xb0/0xb0
[  567.710937][ T9909]  ? vtime_user_exit+0x2dc/0x400
[  567.715878][ T9909]  __x64_sys_bind+0x76/0x80
[  567.720383][ T9909]  do_syscall_64+0x4c/0xa0
[  567.724802][ T9909]  ? clear_bhb_loop+0x30/0x80
[  567.729475][ T9909]  ? clear_bhb_loop+0x30/0x80
[  567.734147][ T9909]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  567.740049][ T9909] RIP: 0033:0x7fe9a5aff929
[  567.744467][ T9909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  567.764067][ T9909] RSP: 002b:00007fe9a3925038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  567.772497][ T9909] RAX: ffffffffffffffda RBX: 00007fe9a5d27160 RCX: 00007fe9a5aff929
[  567.780589][ T9909] RDX: 0000000000000048 RSI: 0000200000000f00 RDI: 0000000000000004
[  567.788590][ T9909] RBP: 00007fe9a5b81b39 R08: 0000000000000000 R09: 0000000000000000
[  567.796587][ T9909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  567.804570][ T9909] R13: 0000000000000000 R14: 00007fe9a5d27160 R15: 00007ffc8ac830f8
[  567.812565][ T9909]  </TASK>
[  567.815604][ T9909] 
[  567.817938][ T9909] Allocated by task 9819:
[  567.822274][ T9909]  __kasan_kmalloc+0xb5/0xf0
[  567.826915][ T9909]  snd_virmidi_input_open+0xad/0x3d0
[  567.832226][ T9909]  open_substream+0x347/0x6c0
[  567.836989][ T9909]  rawmidi_open_priv+0x94/0x660
[  567.841875][ T9909]  snd_rawmidi_open+0x455/0xac0
[  567.846747][ T9909]  chrdev_open+0x597/0x670
[  567.851185][ T9909]  do_dentry_open+0x7ff/0xf80
[  567.855873][ T9909]  path_openat+0x2682/0x2f30
[  567.860502][ T9909]  do_filp_open+0x1b3/0x3e0
[  567.865024][ T9909]  do_sys_openat2+0x142/0x4a0
[  567.869703][ T9909]  __x64_sys_openat+0x135/0x160
[  567.874552][ T9909]  do_syscall_64+0x4c/0xa0
[  567.878960][ T9909]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  567.884854][ T9909] 
[  567.887167][ T9909] Freed by task 9819:
[  567.891132][ T9909]  kasan_set_track+0x4b/0x70
[  567.895721][ T9909]  kasan_set_free_info+0x1f/0x40
[  567.900668][ T9909]  ____kasan_slab_free+0xd5/0x110
[  567.905705][ T9909]  slab_free_freelist_hook+0xea/0x170
[  567.911085][ T9909]  kfree+0xef/0x2a0
[  567.914884][ T9909]  snd_virmidi_input_close+0x201/0x220
[  567.920335][ T9909]  close_substream+0x2bc/0x5a0
[  567.925096][ T9909]  rawmidi_release_priv+0x80/0x170
[  567.930297][ T9909]  snd_rawmidi_release+0x5a/0xc0
[  567.935233][ T9909]  __fput+0x234/0x930
[  567.939230][ T9909]  task_work_run+0x125/0x1a0
[  567.943836][ T9909]  exit_to_user_mode_loop+0x10f/0x130
[  567.949225][ T9909]  exit_to_user_mode_prepare+0xb1/0x140
[  567.954794][ T9909]  syscall_exit_to_user_mode+0x16/0x40
[  567.960256][ T9909]  do_syscall_64+0x58/0xa0
[  567.964679][ T9909]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  567.970570][ T9909] 
[  567.972882][ T9909] Last potentially related work creation:
[  567.978580][ T9909]  kasan_save_stack+0x35/0x60
[  567.983249][ T9909]  kasan_record_aux_stack+0xb8/0x100
[  567.988528][ T9909]  insert_work+0x54/0x3d0
[  567.992850][ T9909]  __queue_work+0x9c5/0xd50
[  567.997360][ T9909]  queue_work_on+0x11d/0x1d0
[  568.001967][ T9909]  netdevice_event+0x803/0x900
[  568.006749][ T9909]  raw_notifier_call_chain+0xcb/0x160
[  568.012114][ T9909]  __netdev_upper_dev_link+0x3c0/0x580
[  568.017573][ T9909]  netdev_upper_dev_link+0x9a/0xe0
[  568.022707][ T9909]  register_vlan_dev+0x3ee/0x7f0
[  568.027663][ T9909]  vlan_newlink+0x44c/0x610
[  568.032177][ T9909]  rtnl_newlink+0x114c/0x17d0
[  568.036887][ T9909]  rtnetlink_rcv_msg+0x9b9/0xe60
[  568.041849][ T9909]  netlink_rcv_skb+0x1e0/0x430
[  568.046640][ T9909]  netlink_unicast+0x77c/0x920
[  568.051422][ T9909]  netlink_sendmsg+0x8ab/0xbc0
[  568.056200][ T9909]  ____sys_sendmsg+0x5a2/0x8c0
[  568.060980][ T9909]  ___sys_sendmsg+0x1f0/0x260
[  568.065682][ T9909]  __se_sys_sendmsg+0x190/0x250
[  568.070635][ T9909]  do_syscall_64+0x4c/0xa0
[  568.075064][ T9909]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  568.080981][ T9909] 
[  568.083313][ T9909] Second to last potentially related work creation:
[  568.089898][ T9909]  kasan_save_stack+0x35/0x60
[  568.094594][ T9909]  kasan_record_aux_stack+0xb8/0x100
[  568.099892][ T9909]  insert_work+0x54/0x3d0
[  568.104234][ T9909]  __queue_work+0x9c5/0xd50
[  568.108750][ T9909]  queue_work_on+0x11d/0x1d0
[  568.113348][ T9909]  inet6addr_event+0x9c/0xc0
[  568.117957][ T9909]  atomic_notifier_call_chain+0x15d/0x280
[  568.123704][ T9909]  ipv6_add_addr+0xb30/0xde0
[  568.128324][ T9909]  inet6_addr_add+0x43a/0x9c0
[  568.133010][ T9909]  inet6_rtm_newaddr+0x5d7/0x840
[  568.137961][ T9909]  rtnetlink_rcv_msg+0x9b9/0xe60
[  568.142909][ T9909]  netlink_rcv_skb+0x1e0/0x430
[  568.147683][ T9909]  netlink_unicast+0x77c/0x920
[  568.152455][ T9909]  netlink_sendmsg+0x8ab/0xbc0
[  568.157227][ T9909]  __sys_sendto+0x423/0x580
[  568.161748][ T9909]  __x64_sys_sendto+0xda/0xf0
[  568.166433][ T9909]  do_syscall_64+0x4c/0xa0
[  568.170858][ T9909]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  568.176765][ T9909] 
[  568.179527][ T9909] The buggy address belongs to the object at ffff8880295c4f00
[  568.179527][ T9909]  which belongs to the cache kmalloc-192 of size 192
[  568.193589][ T9909] The buggy address is located 8 bytes inside of
[  568.193589][ T9909]  192-byte region [ffff8880295c4f00, ffff8880295c4fc0)
[  568.206699][ T9909] The buggy address belongs to the page:
[  568.212339][ T9909] page:ffffea0000a57100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x295c4
[  568.222500][ T9909] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[  568.230084][ T9909] raw: 00fff00000000200 0000000000000000 0000000200000001 ffff888016841a00
[  568.238686][ T9909] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[  568.247271][ T9909] page dumped because: kasan: bad access detected
[  568.253681][ T9909] page_owner tracks the page as allocated
[  568.259382][ T9909] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 14844830305, free_ts 0
[  568.274304][ T9909]  get_page_from_freelist+0x1b77/0x1c60
[  568.279847][ T9909]  __alloc_pages+0x1e1/0x470
[  568.284448][ T9909]  alloc_page_interleave+0x24/0x1e0
[  568.289634][ T9909]  new_slab+0xc0/0x4b0
[  568.293690][ T9909]  ___slab_alloc+0x81e/0xdf0
[  568.298269][ T9909]  kmem_cache_alloc_trace+0x1a5/0x2a0
[  568.303633][ T9909]  call_usermodehelper_setup+0x8a/0x260
[  568.309183][ T9909]  kobject_uevent_env+0x65e/0x890
[  568.314196][ T9909]  device_add+0x91c/0xfb0
[  568.318535][ T9909]  __video_register_device+0x3843/0x4670
[  568.324167][ T9909]  vivid_create_devnodes+0x1397/0x2cd0
[  568.329613][ T9909]  vivid_probe+0x50a1/0x6950
[  568.334191][ T9909]  platform_probe+0x137/0x1c0
[  568.338856][ T9909]  really_probe+0x284/0xc80
[  568.343357][ T9909]  __driver_probe_device+0x18c/0x330
[  568.348637][ T9909]  driver_probe_device+0x4f/0x420
[  568.353652][ T9909] page_owner free stack trace missing
[  568.359005][ T9909] 
[  568.361315][ T9909] Memory state around the buggy address:
[  568.366927][ T9909]  ffff8880295c4e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  568.374981][ T9909]  ffff8880295c4e80: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[  568.383044][ T9909] >ffff8880295c4f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  568.391094][ T9909]                       ^
[  568.395429][ T9909]  ffff8880295c4f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  568.403608][ T9909]  ffff8880295c5000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  568.412225][ T9909] ==================================================================
[  568.420280][ T9909] Disabling lock debugging due to kernel taint
[  568.426611][ T9909] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  568.433819][ T9909] CPU: 0 PID: 9909 Comm: syz.3.1686 Tainted: G    B             5.15.185-syzkaller #0
[  568.443351][ T9909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  568.453402][ T9909] Call Trace:
[  568.456671][ T9909]  <TASK>
[  568.459590][ T9909]  dump_stack_lvl+0x168/0x230
[  568.464261][ T9909]  ? show_regs_print_info+0x20/0x20
[  568.469482][ T9909]  ? load_image+0x3b0/0x3b0
[  568.473978][ T9909]  panic+0x2c9/0x7f0
[  568.477873][ T9909]  ? bpf_jit_dump+0xd0/0xd0
[  568.482393][ T9909]  ? asm_sysvec_call_function_single+0x16/0x20
[  568.488548][ T9909]  ? check_panic_on_warn+0x6c/0xa0
[  568.493654][ T9909]  ? ax25_addr_ax25dev+0x55/0x160
[  568.498665][ T9909]  check_panic_on_warn+0x80/0xa0
[  568.503593][ T9909]  ? ax25_addr_ax25dev+0x55/0x160
[  568.508611][ T9909]  end_report+0x6d/0xf0
[  568.512762][ T9909]  kasan_report+0x102/0x130
[  568.517354][ T9909]  ? ax25_addr_ax25dev+0x55/0x160
[  568.522383][ T9909]  ax25_addr_ax25dev+0x55/0x160
[  568.527235][ T9909]  ax25_bind+0x4ea/0xb60
[  568.531485][ T9909]  __sys_bind+0x2f4/0x3f0
[  568.535815][ T9909]  ? __lock_acquire+0x7c60/0x7c60
[  568.540843][ T9909]  ? __ia32_sys_socketpair+0xb0/0xb0
[  568.546131][ T9909]  ? vtime_user_exit+0x2dc/0x400
[  568.551161][ T9909]  __x64_sys_bind+0x76/0x80
[  568.555666][ T9909]  do_syscall_64+0x4c/0xa0
[  568.560076][ T9909]  ? clear_bhb_loop+0x30/0x80
[  568.564783][ T9909]  ? clear_bhb_loop+0x30/0x80
[  568.569460][ T9909]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  568.575355][ T9909] RIP: 0033:0x7fe9a5aff929
[  568.579796][ T9909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  568.599486][ T9909] RSP: 002b:00007fe9a3925038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  568.607903][ T9909] RAX: ffffffffffffffda RBX: 00007fe9a5d27160 RCX: 00007fe9a5aff929
[  568.615868][ T9909] RDX: 0000000000000048 RSI: 0000200000000f00 RDI: 0000000000000004
[  568.623833][ T9909] RBP: 00007fe9a5b81b39 R08: 0000000000000000 R09: 0000000000000000
[  568.631798][ T9909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  568.639759][ T9909] R13: 0000000000000000 R14: 00007fe9a5d27160 R15: 00007ffc8ac830f8
[  568.647732][ T9909]  </TASK>
[  568.651048][ T9909] Kernel Offset: disabled
[  568.662987][ T9909] Rebooting in 86400 seconds..