last executing test programs:

11.47185459s ago: executing program 3 (id=844):
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
unshare(0x62040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000020000000900010073797a300000000048000000030a01010000000000000000020000000900010073797a30000000000900030073797a3200000000080007006e617400140004800800014000000000080002"], 0xa4}}, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCPKT(r1, 0x5420, &(0x7f0000000180))
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "df3f0400000000000000000000000609000040"})
r2 = syz_open_pts(r1, 0x0)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000080))
ioctl$TCFLSH(r2, 0x540b, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x7, 0x8, 0x22}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000400)={@map=0x1, 0xffffffffffffffff, 0x5, 0x20, 0x0, @link_id}, 0x20)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00'}, 0x10)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1a41, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xd132})
r6 = socket(0x11, 0x800000003, 0x0)
r7 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000600)={'team0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000d40)=@newqdisc={0x90, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x60, 0x2, {{0x2, [], 0x0, [0x4, 0x2], [0x9]}, [@TCA_MQPRIO_MODE={0x6, 0x4}]}}}]}, 0x90}}, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000300)=ANY=[], 0x6e8a)
r9 = socket(0x1, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r9)
gettid()

9.559897744s ago: executing program 2 (id=854):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x6}]}], {0x14, 0x10}}, 0x84}}, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r1, 0x5421, &(0x7f00000000c0)=0x10000)
connect$inet(r1, &(0x7f0000001fc0)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_int(r1, 0x6, 0x9, &(0x7f0000000040)=0x1, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$tipc(0x1e, 0x0, 0x0)
bind$tipc(r3, 0x0, 0x0)
r4 = socket$tipc(0x1e, 0x2, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00'})
r6 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r5, &(0x7f0000000140)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x97ff}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x8016, 0x0, 0x0, 0x0, 0x1, 0x0, @private, @local}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @loopback}}}}, 0xfdef)
r7 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x800c60e, 0x0, 0x0, 0x40400000, 0x0, r2}, &(0x7f0000000240)=<r8=>0x0, &(0x7f0000000100)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r7, 0x47f5, 0x0, 0x0, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f00000000c0)={0x41}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000080)={0x41}, 0x10)
sendmsg$tipc(r4, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r11=>0x0})
lsetxattr(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)=@known='security.selinux\x00', &(0x7f00000004c0)='\x00', 0x1, 0x1)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_GATEWAYS(r12, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000740)={0x1c, r13, 0x73bf44d8d76863a9, 0x0, 0x0, {0x6}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x1c, r10, 0x5, 0x0, 0x0, {{0x26}, {@val={0x8, 0x3, r11}, @void}}}, 0x1c}}, 0x0)

9.376214414s ago: executing program 3 (id=856):
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1)
r0 = memfd_create(&(0x7f0000000c00)='\x01\fD\xd1\x1e\x803\x00\x00\xbf\xecs \xc5\xb55nVg\x1b\xa3\x8a\xcc\xf2!PmENs\xe5\x83rz\xc0\x03\x00\x00\x00\xd1\x8e\x81\n\xc0\xb3Ac\xfe(\x00\x13\xaeZ\x8bp\x1e\xdc\x18\xddfR) \xa9P9(\xe1-q \xb3\x80\xb9\xdfj\xed\xb9_o\xa6\x04\xf5\x9f\x04\xf1\xd5\xe3\xfa\xfd\x161\x13rCc\x84\xa6y\xb7\xbe\xf5\xcc\a\fM\xa9\xcbX\x891\xed\a\xf9\xa6\xd8\xd0\x03\x00\x00\x00\x00\x00\x00\x00\']\by\xb5\xbcI\xbf\xac*\xb4\xed\xf0^=\xc7\x82;\xb32;\xc5\xa3\xc8\xb9\xf2\xe5\xf4\x93[\x91F\x83?\xfe\xd9\x7ffvQ\xff\xc0\x8f\xe4\xb8\xa3\xbf\xceAT\x17\xc6\x81\xc0m}O\xfd\xe0\x05$\xcd\xfdkMu\x9bQ\xd8z\xe0\xd6\xe2\xbe\xf4\xd5\x16\x94\xe0\xbf0\xde\xcaS/\xf7\xeb\x89bmX0\x94T\x10\x9dx@\xce:]\xb68\xa2W\xcb\x86\b#s\xb4q6\xe88\x19\x1a\x14Z\xf3\xc5\x92\xe4bT\xc1.\xfc\xd4\xcay)$\n\x05\xd1\xc5V\x91\xe3W\x10r\x9b~n`z\x8c\x16c\xa1d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\x9c\x00\x00\x00', 0x0)
writev(r0, &(0x7f0000000ec0)=[{&(0x7f0000000100)='\x00', 0x1}], 0x1)
r1 = dup(r0)
sendfile(r0, r1, &(0x7f0000000080), 0x20000080000001)
r2 = socket$inet(0x2, 0x2, 0x0)
getsockopt$ARPT_SO_GET_ENTRIES(r2, 0x0, 0x50, 0x0, &(0x7f0000000000)=0x600)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
syz_clone(0x80028040, &(0x7f00000002c0)="64001876a6a200f040192eea6af7b4d19798b4f6dc3ce2d6f5a1e53b7bd035fc6038432af0e122b8375d8236346031050260a57d9c98c10b0491f34e9086314919cb0de2f3cf4995fcab8cebf0eed5d8651482445387beb59bbee9b9e685d2b51fc99284726c8cf621455d250f590a0e4ea46a2ffdd96cec8d31d5514e6ba28452e88ed846cccc89670951e3fda77e5de5ae5e888be429b40ab2e2bd296dbd380333d763f0c3524c5ccf686401151bb6df9163ee677542644bf75e70b401b9faa3fe0a3132b0560e6d17dee1fd0da080d85531271944", 0xd6, &(0x7f0000000040), &(0x7f00000001c0), &(0x7f00000003c0)="304f9a1863083af9ac41af1cd90d918fd5eda976e104b4df2eaa8d483102f0e9d2b3c1fbf3e44eee74c040ddd7594f8f3c7a8af9e5336c9c7aa39f7e510b7475e6fcf34b75da694e7bf048bba8c6c8525319f1869bd1c32837e3c32eb839f3b42524b3e11dab6bbe362c1084d1")
r4 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$inet_udp_int(r4, 0x11, 0x65, &(0x7f0000000240), &(0x7f0000000440)=0x4)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'team_slave_0\x00', 0x20})
socket$kcm(0x2, 0x0, 0x2)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
write$tun(r3, &(0x7f0000001240)={@val={0xc}, @val={0x0, 0x4}, @mpls={[{}], @ipv4=@generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr, @multicast2}}}}, 0x26)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x109143, 0x0)
r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='c:::/', 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
r6 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r6, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c)
sendmmsg$inet(r6, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000800)="2fae1baf930b4569b9ddef9797ffd935c7d80e6466b3e4e62dc9603583f5d4b61fbc65b6ac744d7319535e75bf552062e4cfde1ba7ce29263322e18ea9740aa82ca692f123993e57cda00d2b1f4e799bd41e3f76258180fa91a42aaa8b1ebc4e0ea8fb12f2c71e6e5bc57a8e91f254005514721d93c13c5606ae1fea7f31f558d562bd5a8dfb0b9fed873efa221fccffa847cd374c92e6cbb03e6a9de890ce323f000000abcc6c01326d588495b7c1a7db31ec4129e6336f26bb9e0b7552af3cd2d5dda1632799bbc98425c433384d8a8e4071ff39a36dfdfdf05af35a4ddd340cfecd7ec935f4ce7d3e851583ba1cf53a90a7f7bce5703de57ce93ddef7849b30a01de0637e6d5e507b801d32e582e0c2d564539ebfc84c098a23e765552767b122885fb1629e9c180be47da7931bd125b80de15aab0c56a2edf2e0483b87f5ab299dc046076203dea10ccbfc631d5bf4a87ce67004519f248f086346ce6a8a9d181789a59f81d9b7f6781daac3e229914b8b8998c15c3b6302a519331cb05995bc60b7cb872dd3b5b43331c77c5d72e21f7bd2b1a915ff3204e3f20d3a20b22d6a58155b5a4ebf6d1d1cd90c656ecada531c07ff91deb3efa91762cdecfbcc43553750f22ac5c18cc5e8b6f790c2f4e6373af9f98d10e6df49ff8e5cbcbd68e11ed0b967add11410dc2e34f08dbfaf8eb95d4d1153b4c6093192a340eb30fcc71619888c6486746a049585d249efb96b9cace83320b8f96b40ebe3a9a788d05a053380d1026b9434df87a3a387549bcabe88684c4dbf0da9a5212f3dbc8d1dff240856691243b203d7edd4d3cc89a38a6c80fdb1229a01044af7aaecb20d5570ebf24b30bbc6dfc3f70d85cd9f0d60ebd8fedd161d199d9997a0e2d18d1c99bc7158564e0ddb4673055de196535d706d142e1dc7d404583923cb1b286cfc5418884ac7e605d93652dc48ff690894405a0b6abc3c4d0f6a16c0a95c0508bd7eeffcd1da0b17f7701448658864b429e9472edfeffbf34d6e7c78f4aa73c0", 0x2de}, {&(0x7f0000000bc0)="ab29d92826349952eb8f7a2a74f535bc9739c1df57144c51a3391625b8b5354134b06ef1355506aeae96e3f097503998f375a054cf3d7de4fe53ea51518955349cdbadca60e1c65cc18dbe99369be03e492fb55fc9067bb6f7f7c3ee1720000000054a63ac58225ed0502f5ac8999e0c74a5dbb320bd54ec813e8bee6bfa5cbfb0726ac1b6ad97d802d5fae186f0769421fb965c7396854e2a3ac844a3769f8449901ba5e2b2da1ff6119aeb26ac204cfc6b54be73b6f195491ae2c0cb26b0cba61dae7a17740e8112ff188919c6e2e31a2a074863edba4a0e58b61faec4a42c29d7f9e48a43b8cb7d3c5a1e5aa67f87538140f8d633a54bceb8b1dda2397ea147d3b26e903f608b6ab1844ea7cf630d828118bba0f0f85e2e6316ae1ed9a2a7d08a05c170cb76bf111930df0cf760f7768571afdefe82a95296cee7c010f748a97046efcc774e7d85edbd5058104fef4942fb4430da89f67d1fea33bf2acfb793a610b3738b393eed8633fc8e8f630932206960e9076c7d7fc99fce018701c50d39b811a7427a7a9fcb340c2755541f228462010ec40ba945a0febd460dad5d548f1be090f5dbaa8ae8835dc47ed2537681827f6129759272574cf58f2f33e47a0e416573cfdcfb44ed9dd4ce41af4de9c471c49f12f090934c3b32f2f4777c65b1574826727f5f62", 0x1e9}, {&(0x7f00000000c0)="05437c98b91b1455046f57b5fc913814bde2bbeac2104eaea9c9d01a7838d859207067c10aa7352abbdf98e9bf033a3184a11e84639d3b9164d9c5d729f3dd409d39ff6d5cf367cd939f790732e8d2310e876fcb299cd44b72bda697035b7b475bc35afbb483db39ac864dbee0c9760c22a1d32d83588afd7c994652413b22db76874ca052ef20", 0x87}, {&(0x7f0000000200)="f610e61fc81cc3edc86f0500194d27a5a443f15fab0dfd1ecda0fd0ed9a444b7fbb161860c18ff851923b530208f", 0x2e}], 0x4, 0x0, 0x0, 0x900}}], 0x1, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x15, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0)
syz_usb_connect(0x0, 0x3f, &(0x7f0000000200)={{0x12, 0x1, 0x0, 0xd5, 0xb6, 0xc1, 0x8, 0x1870, 0x1, 0xe67f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0xa, 0x0, 0x0, 0x0, [], [{{0x9, 0x5, 0x8d}}, {{0x9, 0x5, 0x3}}, {{0x9, 0x5, 0xb}}]}}]}}]}}, 0x0)

8.293522805s ago: executing program 2 (id=862):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0x8)
r1 = socket(0x10, 0x2, 0x4)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000001900)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @dev}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}, @private0}})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000001440)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000240)="a7", 0x1}], 0x1}, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000340)={0x0, 0x1}, 0x8)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000040), &(0x7f0000000080)=0x8)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x14)
ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000000100)=0x100000001)
syz_emit_ethernet(0x81, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$netlink(0x10, 0x3, 0x0)
getsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, 0x0, &(0x7f00000001c0))
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000000)=0x1, 0x4)
close(0xffffffffffffffff)

8.076008162s ago: executing program 4 (id=863):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="4dc07f947163300c", 0x8)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f00000002c0)="a7f5", 0x2}], 0x1, 0x0, 0xff8d}}], 0x1, 0x0)

7.751578481s ago: executing program 4 (id=865):
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
unshare(0x62040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000020000000900010073797a300000000048000000030a01010000000000000000020000000900010073797a30000000000900030073797a3200000000080007006e617400140004800800014000000000080002"], 0xa4}}, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCPKT(r1, 0x5420, &(0x7f0000000180))
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "df3f0400000000000000000000000609000040"})
r2 = syz_open_pts(r1, 0x0)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000080))
ioctl$TCFLSH(r2, 0x540b, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x7, 0x8, 0x22}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000400)={@map=0x1, 0xffffffffffffffff, 0x5, 0x20, 0x0, @link_id}, 0x20)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00'}, 0x10)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1a41, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xd132})
r6 = socket(0x11, 0x800000003, 0x0)
r7 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000600)={'team0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000d40)=@newqdisc={0x90, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x60, 0x2, {{0x2, [], 0x0, [0x4, 0x2], [0x9]}, [@TCA_MQPRIO_MODE={0x6, 0x4}]}}}]}, 0x90}}, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000300)=ANY=[], 0x6e8a)
r9 = socket(0x1, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800"/12], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r9)
gettid()

7.740385412s ago: executing program 2 (id=866):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xca, 0x95, 0xff, 0x20, 0x4fc, 0x235, 0x7033, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x2, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x48, 0xbe, 0x8d}}]}}]}}, 0x0)
io_uring_setup(0x5237, &(0x7f00000004c0))
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045009, &(0x7f0000000040))
close_range(r0, 0xffffffffffffffff, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

6.121038333s ago: executing program 1 (id=870):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x1, 0x0)
open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0)
vmsplice(r1, &(0x7f0000000400)=[{&(0x7f00000012c0)="15", 0x1}], 0x1, 0x0)
r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
tee(r0, r2, 0x3, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x80152, r3, 0x0)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x34, 0x9, 0x6, 0x804, 0x0, 0x0, {0xb, 0x0, 0xa}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0xc580}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}]}]}, 0x34}}, 0x800)
keyctl$reject(0x14, 0x0, 0x1ffffffd, 0x8000000000000002, 0x0)

6.037687379s ago: executing program 3 (id=872):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x6}]}], {0x14, 0x10}}, 0x84}}, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r1, 0x5421, &(0x7f00000000c0)=0x10000)
connect$inet(r1, &(0x7f0000001fc0)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_int(r1, 0x6, 0x9, &(0x7f0000000040)=0x1, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$tipc(0x1e, 0x0, 0x0)
bind$tipc(r3, 0x0, 0x0)
r4 = socket$tipc(0x1e, 0x2, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00'})
r6 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r5, &(0x7f0000000140)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x97ff}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x8016, 0x0, 0x0, 0x0, 0x1, 0x0, @private, @local}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @loopback}}}}, 0xfdef)
r7 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x800c60e, 0x0, 0x0, 0x40400000, 0x0, r2}, &(0x7f0000000240)=<r8=>0x0, &(0x7f0000000100)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r7, 0x47f5, 0x0, 0x0, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f00000000c0)={0x41}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000080)={0x41}, 0x10)
sendmsg$tipc(r4, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r11=>0x0})
lsetxattr(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)=@known='security.selinux\x00', &(0x7f00000004c0)='\x00', 0x1, 0x1)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_GATEWAYS(r12, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000740)={0x1c, r13, 0x73bf44d8d76863a9, 0x0, 0x0, {0x6}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x1c, r10, 0x5, 0x0, 0x0, {{0x26}, {@val={0x8, 0x3, r11}, @void}}}, 0x1c}}, 0x0)

5.852997982s ago: executing program 4 (id=873):
syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_dev$video(0x0, 0x0, 0x0)
ioctl$VIDIOC_S_PARM(r1, 0xc0cc5616, &(0x7f0000000440)={0x2})
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_io_uring_setup(0x110, &(0x7f0000000980)={0x0, 0x5}, &(0x7f0000000240)=<r2=>0x0, &(0x7f00000001c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, 0x0, &(0x7f00000004c0)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x50, 0x0, 0xfffffc00})
unshare(0x2c020400)
msgget$private(0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x28, 0x3a, 0xb, 0x0, 0x0, {0x2}, [@typed={0x14, 0x0, 0x0, 0x0, @ipv6=@private2}]}, 0x28}}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x8)
setsockopt$inet6_int(r4, 0x29, 0x17, &(0x7f0000000400)=0x2, 0xffffffffffffff93)
recvmmsg(r4, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
sendmmsg$inet6(r4, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x3, 0x0, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="2400000000000000290000003200000000000000000000000000ff"], 0x28}}], 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r6=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r5, 0xc02064b6, &(0x7f00000001c0)={r6, <r7=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r5, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000300)=[0x0], &(0x7f0000001a80), 0x1, r7, 0xbbbbbbbb})
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0)

5.671952161s ago: executing program 1 (id=874):
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x0, @private1}, 0x1c)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f00000001c0)=ANY=[], 0x118)
r1 = socket$igmp6(0xa, 0x3, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ff9000/0x2000)=nil, 0x2000, &(0x7f0000000140)=',,\x00')
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000c00000/0x400000)=nil, 0x400000, &(0x7f0000000380)='cache=mmap')
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'wlan1\x00', &(0x7f0000001780)=@ethtool_coalesce={0xe}})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = dup(r5)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
close(0x3)
ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f00000000c0)=0xe2b5)
pipe2$watch_queue(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x80)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r7, 0x84, 0x17, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYBLOB="00005500bbadba5929fb762f9bd3aadb7184a0e108de090c16b94b52430c6fae1641d970d164d5578aba9bf94431da37112fc383689c16dbfe6eb512d0cf13b51c176806cc6f4b4d65dcd6094c8d91"], 0x5d)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f00000001c0)=ANY=[])
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x20101, 0x0)

5.325486379s ago: executing program 3 (id=875):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, 0x0)
write$sndseq(r0, &(0x7f00000001c0)=[{0x0, 0xe1, 0x0, 0x0, @time={0x0, 0x100001}, {}, {}, @result}], 0x1c)
r1 = userfaultfd(0x80001)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
userfaultfd(0x80001)
mlock(&(0x7f0000541000/0x3000)=nil, 0x3000)
openat$dir(0xffffffffffffff9c, &(0x7f0000002a00)='./file0\x00', 0x40, 0x0)
r2 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r2, &(0x7f0000000180)={0x1, 0x15}, 0x2)
write$USERIO_CMD_REGISTER(r2, &(0x7f00000001c0), 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(r2, &(0x7f0000001700), 0x2)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x42, 0x0)
fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000))
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
fcntl$lock(r3, 0x7, &(0x7f00000003c0)={0x1, 0x0, 0x0, 0x5})
fcntl$lock(r3, 0x26, &(0x7f0000000000)={0x1, 0x0, 0x9})
openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/locks\x00', 0x0, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r4, 0xffffffffffffffff, 0x4000)

4.969733827s ago: executing program 0 (id=877):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000580)=ANY=[@ANYBLOB="4800000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800b0001006272696467650000180002800a001400aaaaaaaaaabb0000080009"], 0x48}}, 0x0) (fail_nth: 11)

4.365616943s ago: executing program 4 (id=878):
syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0x10, 0xffffffffffffffff, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x5, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000007940)=[{{0x0, 0x0, &(0x7f0000000900)=[{0x0}], 0x1}}], 0x1, 0x4048841)
socket$inet(0x2, 0x0, 0x0)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f00000002c0)={0x8, {"eb710a8f7c99b13f9d5269ba638cec06c2f59c58d78c3cd035ba824aab12a6415f16f5f723351ebd8edfa76d74d1a7b73395c633ab0ef754179008edfc5252905e6b9c6ce27efcefc2be2d17a62caed0a1ac6146261606dd18d668fe8aa050957bd83ca983f5bf3b01bbcf22321f23b50c1cb55811ecd932cf1df7772a89499661161ae87fc594bc3789cf163ee9d70116d97c88d60b34f891b0975aba74e6ad0c8fab2103490b7c478b8dcbaffcde075ddb102071f81b41e6542e335aa029d944680d88d275175f272c327bd0f62e9227f4122b756759a279cd2387e9427590a620ddafc3e968f8bc3497255bcee5b6061e673118a2afadbb1817a8e908cd9185417c245c8a9733f66051b1b51c021cdf5c7131c47b08eb4fcd2d04f30ee0975ed4b193dd5e161d7a640f3b337a1056b23406e1bd8879c236fc92e013a738313ad031ef0d0ba23d4f19ba6c9fcecef2274742d86658edc613bab640bee1c31cfe51742a070af21dc77fea960796993ad910ab9378b4856a1c7fbfc739605df914e462fcae390d489a63cc4df1e9e6294e28b53799c4847aad38c851d302e207bd4d515ca6767f69f627e4aef4e664c6a5a4afdbb034ec7337c463d4a7ee67a47d9d6ce7ae5b7151808697aa07d386340ce80bd0a411ab0753095989bc795800c8279dfab7402b0e8a43c84eadc066674d165b8776e46fa239b5ebfb30ce664a3929360b208da8f7e879ac0d917aa69012394105180a0a3b8ff8928c932facb87f6f555ea54c24beccf0e7e134e92963e5c599d46529c04d2359a0778b509c380ddec914da3962db5e69c9fe5596b2820ef585f2314c6b99cad79968516eadba6432d7be7118978a197c7519ccaae785129baa4cb743db28d749ca96a9add8f951ce08cfc89671134ac4ed3398e117918fda180e0ba58d24d8a250c99f447a4494ea9497b696b34738da506e7e81d383b41e947873ac5397405e256f4e457bdf9fe24d33d16f70ee2f06e796f4cba473c032f57ed3888e406f77fec234516ae84b26d18b9638cde39122209773947b6eda45af7305eb39bdbe229d82c3946d73f7f9385fd18160b72dc7809af80ed6c426494aa7033bcf8f4c17ad07adba54eaf820c1137b2f693268c2746383c1c2d3ad929acac6feef9e8bef78d123aa7acf83c2745dbece217d81bb7efb467106a257740fe2b78ae61df37512b206222738c38b1ae17cc97f61f91c884f85538a8c16d6639c3a7a03e75846816828ad424659c32e88aace60558de785fe10ba038a2d57b0c5574159a80fdca501dbd1135261c0c92519ade3dd3e920fef976e37a18cd7c2faf0a35cc702ef1b0e4f419dd1d529499b8266ca1b172af52d06e87f55f04b75c6e756d98d6eeece21f652c5b858232fa4b7e1d028a43bc4efac1a7ab810005e6a501bb27a1c5973f399559b38bb2ca156e984552fe5a3d09168275a1317a6d4e893bdf5977b909c28895fb253619331f802758c4f16e4c1b4da34ef60d304f065242737bc3bc14c31dddbc18bfb4b8c520bf20c79e1533e26918a11c7e6df4aea412d705b326db6afcaacbb40cc8d7f30705f81cf97a082a32dadb23a71059032ec86050f5a8ca91b7f310c0afc6b3408e95f38cfd84028b5525210270cf39894b16b1b84ae2d5f114eacf21169f76c8bffba1db712d8dbfa988e532247e6b2fb728547adb4d8fb605e45289cd364963412872e75447708e8b937c6af6d7f7500df5e8fa265e1c09edbdee2d024f81a3e5d596a24525c2267020ee3549371323a4a4506a9caf4046334265f0fa2a59814010462eb556cc7f2746dd9505750a415033d1c958e0a121fd7e407faf565daa65704ac249e622690f32dd273865711058191b6fbc614a6f506441c3a87a490879ef20ac8df5b58bfc558499cd0aabe923d44b0cb9b7ed602bafffe09c01e3e1b6ca2e59e22b308aebda170e18a1635836b3feecee645a7305e8298ab5a32180c6255b86dd2cfef2cdd4104ba9c9736fb07d8fec3bf50114b5fcc2293ea80505662d3e89d3f2d29a682554f4a8579da2315e5d8112d248be21cc0c617ad61c82fc4f1e640ca3d2780b4e9d13f723700d1ae166f86bcc5e03195fb7d20739b0720cf3fb31c8aeae0d159df680f28d5be7280b6017901f75dfe38166044155d964be82d22443cdae49cd26bc7ebe765a088b85ecc65da717b1633123fae79a0eb277bce5834c0843818085739f8456b2cc1fc31921a136d841de2b8e62b96b5fbc9e652b95a378b04531080fc2d3ae50fe0a2506d2722534ff215619005c87201a8179374956e6c103f2a151215b09507d2d96139602ebedb920e70f4d275bb0f38f8f88f04b2a7f981654ee36baf4b983d349912f42e1f00cc079fccff0529e942ee1452df16fd76a3d671930873346b9284d32f1a0af6dcf4523e951bd805a94a8397b570b1afc8b98fcffa371c3e94b4b6ca0141cd7358a6b2c0f3ceaba73fe930e6e548c6e47b3284a5238a130b30b98beac4624aeafb2e7d4cf0d1079560be2c9d6e1352dcf1f68d8c38a82bc85908d02fdbd61c373a43e1fa079b4f7d99b310e7d410dce359344efac2ac2eefa1ca850a70bd16812213f7ea285df160a9891a6656e47636d4872bc50d7a9cc8f0450eecfb844f3bef38796f909fd2d2fa10e5053cc393e945c360efb1e8556c8704e5332802a0818ce724320f077b8a3c5ed68586d8c3554fcfbfe1e47b2986c090c9aef45519599d00c681886a0f3fd336303f62f15087dec525503b9daac3bc27869edfed5eed0031a3d47b5427b150d734697152cd13a59a95c32020320d89148a72669bb559e0273b287a556a354af60a6e37d410bc9f36e7b77a9065e1a246c12eaaa498d830dbfea6390d0a6462938c7387039074907d84cd96764ae1b976a304af9b38debe0eb653a3e60af4f71dfab770a51344b8ef2cb3397ad2504e48c97f6d90d6bd15ee30cc1a3548350f700a3827fba8f6527cf25ffa5033afd22a401ce057dcd4340c9d8c0a23d73314d8733131375e34d8c1a3415b7704725ab26eb16a17340f0078d59f9d2b89419303d23e68e986d89a953e5d2a5473a74c3990699f994547733188a60c7b312550a7e283092be11dacad80c3afc24f1e2076879e6685449f7af326b5550310ac6bd3bafa344e5a6e2c2a46b5ea2cea2e8329396ecaa011a9a5b30b8a9595db4145810d19771843afdb45751e932aa102737f901c6366f31089a6d5b4b680ba4e23915a130ec1a20f7c074c92afac4275f6e767bc8e92fa6c69e2bc1ae96e7cf32c3c0e5974604b00974edeb18ac0249ea8ade7fcf83d186cea6bb01f81e42112397f2faec8347551ef999354562e4178ef9b5bce9b72e5a324d0c8e23101e6946dffc8af303334cecac198d63535eb303ce5084e074e6f9977b9bbabddabf59d256a9942c147fa8e444e73974bcc1a2a0b180e43fc7e6aa9eb917f66bb1bb51d3166a0e74e16cf1ace9ef69520a843216a5e94dd085867d055261d11628294492f057bc361f96e8962dae3d79eab7097b05107e2fdd5d0e756505c56bd65b6278d5aaebf468ef660786594ef05bf1c9cd10f30016f9071e1afa1c7fd88a36a7438a3bef30eb3eed1d5aef7115261437675aa2f3a016caea2401fdbc8e7d65d924d2a50d80e5ca59f07ffa6dc3a1b7c0508b6ae74f42aba2c27d2765907f5f66f94b31c1fd008fab8a3d2222ab0e6c6c458fbaed953600ca62ced40cc626092a40c7c0fe2d22be77521a99d5f587ce39f0a1104774b6811f3dc81153cbc3f29e34e369d79f41b922889a36cf526affb44e6efea07d39704107c741b8dcd93022a9b1651363ea474bd26def17ab7eecb87477183813f2aea04266c2b01b9f8db58fade90c515678c3f91f967788866f5effc9db7e6db96086f02387a800327ec049b838f6fcc84ad6a7c95ae87aa300c02601ec44e598cd56991000ca06a36e46c43b4933a2d50ad1e8e306476bfd8c18beabf422478525269c5fb644d15620daf4a2fa564885cdbdbcd86d4c6f4d205e1bc86981b791f054a5212893c71165cc28716d0258d38d995719cf00a84a8f769ee25cf8085c319845f7887d9ab6a35ea55b30fbd9af67088ad7980f079a4d6888b73389d74cc985058ddc386cdd4700fdb196b79d89668a841bb32a0fde1ddd291363395b70d887d9339c3eed947c135c4159eb33b48e9f4a910c971bb0f0cf1c5f7e5eca82447998deec0237c9e8339870f21b3b473f8b4c6bf436036a429173e032d9713850103f94ca545247d041b5a96e0792ed5254cbe75d0c54d1d52f81ca9c78bee372e99fcfbfc6aa3604e3d690005126428a6a40888952d49ae584fcbd7929b9395210344ac41c6f95421f0916683a31ee6dcb544a8d302f885fabe005112a3395943312c2adc922babf9923c6b46dfa96f7f7db0e7028ffb8db22ed1b81740b5fe198837389a79adee1d2f0dac18de337495ee33578ad93aefe0ab9485ed102a4999b0a8884267c7d63724b2dc4c46f9196c9f4fffb9fda149da79c68a8e5fa392c3907bb7143995f3507285ad55039eb2c52b50b66473d59f0c1a3073eff11448ee16e2eadd2bd14db3186dd5d9b7188f9968422b4d199f5f3d8d4b8c866c1bc666d536dbfbff9f6088774edb7c21b3a6ae8aa76641cbf41fc2ea0a459db31133e6a2c1d9039e584f48ed0e6edf052f62f45477ee76b4596ee895afec81443c4e2dcd1133894e252406532d5b9da80220d4b2fdac25c92cee441e8e484c5e3a2656dfeebe29d629e589954290c1df27e6c4bfc6dbb187c338ae59b000b99f6b7fd8107dbc886cc6e0f9f6e264f24590631da8b89baf5a516f7a07ef4fd1903086dd5aea97a49f3b489e2adb3ae9766d052567377d4e3639ccb8f3aa4af7c565fe64bfb2d93b2b13fe0b618f96af1b987d28342d6cc198e28c5d3f97552ddbc7b73625a4d78f0fdd0b8a61cd3f308ae884d19c8f62da56cfa8d53f8ba5724d84b0e0f24605b21bee106e19a7b6065f03846ea790687bf8e17d3219ae8270332e3b2342c36a541b13b6548600a8f8d9fcfa2790b38a4abfad64400ee5f35a882977fb81423811f252dca86fa5d19f36b73503f38c5494c0f34e3c44565bf3b12d0324cdffa2f14947310a9eb46fc17b3460731555be8376f47bdda63f091baf165680c0bbc24654e71176175ab5121ec81224e09913e9d11a1e2fc5ce750086dab1676154f962a9af73600b6d73f3ef770d3b2103bd9a9d2535079f7ceedd22cfb0365291140f7ae2335ef45ef12aa034e57c15a6b46837b8c62ddd19a7d6651ab1065f6dc7e56f87ffbc6aecaf3361505ca5697c2eb1cafebeb61ee7bb505ad382357925d1caa12d07cc881bd7ec6c67f05030f1ff025465c88935a33516a9f1c614ea5fa5a211eb31f0b8c704850fe5f46773f827dd29bb1fd185f9ef9a0c21eb10097a90b61c0d617daee3beab7218c3e03ead9052b152906af3fc2b3dbbfc1e0a39cf885434207bc68b20d37ca657dc8ecb33416ee669091b14e45123d3ae1b0235ee595ddcc63d69eb141f0f4b110aaaf8ae3276a0c3cfa62604dcfa4f6cf5e0351422620ff621715d206b1d02a6af64650d79c38f98f391ee53bad22e16cded2adf2c94c482aecb4a303dcd05099370fd2d429cd2b3908d0ef51890951f0df6f9d22e212e17b2bc0f420cec67c93759befb1d2137de0106acbabd3f64e72db78f0120cded129de99158d031bd60f9e96cf67308046de6fa77d3139d516bccaf02092d2a165271", 0x1000}}, 0x1006)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, &(0x7f00000004c0), 0x4)
syz_emit_ethernet(0x46, &(0x7f0000000480)=ANY=[@ANYRES32], 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c1000003e0007012ebd700004101c000100000004000002041001"], 0x101c}}, 0x0)

4.258449576s ago: executing program 0 (id=879):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
eventfd2(0x8, 0x0)
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000005, 0x32, 0xffffffffffffffff, 0x0)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)
r1 = userfaultfd(0x0)
lseek(0xffffffffffffffff, 0x7, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00'})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040))
sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f00000021c0)=ANY=[@ANYRES16=0x0, @ANYBLOB="200029bd7000fddbdf2501000000ec00088038000080200004000a004e2100000000fc000000000000000000000000000001010000001400040002004e23ac1414aa0000000000000000b000008008000a0001000000240001000000000000000000000000000000000000000000000000000000000000000000200004000a004e2100000009fe880000000000000000000000000001a000000008000a000100000024000100000000000000000000000000000000000000000000000000000000000000000024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b08000a000100000006000500190f00007c0a088014000080080003000500000008000300060000005407008006000500030000001400040002004e24ac1414bb0000000000000000a4000980a0000080060001000a00000014000200fc0000000000000000000000000000010500030000000000060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000a0000001400020000000000000000000000ffff000000000500030002000000060001000200000008000200ac14144305000300000000000600010002000000080002000a0101020500030003000000200004000a004e22000000062001000000000000000000000000000200000000240002000c7881c25944250cf1e0500c732ab9978063f4624529848cfa907db0f1cd90bf28040980a0000080060001000a00000014000200fe8800000000000000000000000000010500030000000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000200000008000200ac1414bb0500030001000000060001000200000008000200e00000010500030000000000060001000a0000001400020000000000000000000000ffffac1e00010500030000000000a0000080060001000200000008000200ac1414aa0500030001000000060001000200000008000200ac1414bb05000300010000000600010002000000080002000a0101010500030000000000060001000200000008000200ac1414250500030002000000060001000a00000014000200ff0100000000000000000000000000010500030001000000060001000200000008000200e00000010500030003000000d0000080060001000200000008000200ac1414aa05000300000000000600010002000000080002007f0000010500030000000000060001000a00000014000200200100000000000000000000000000020500030003000000060001000200000008000200e00000020500030003000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000a00000014000200ff0200000000000000000000000000010500030003000000060001000200000008000200e00000010500030003000000a0000080060001000a00000014000200200100000000000000000000000000000500030000000000060001000a00000014000200fc0100000000000000000000000000000500030001000000060001000200000008000200ac14142f0500030001000000060001000a00000014000200ff0100000000000000000000000000010500030000000000060001000200000008000200e0000002050003000000000064000080060001000200000008000200ac1414aa0500030003000000060001000a00000014000200fc0200000000000000000000000000010500030002000000060001000a00000014000200fe88000000000000000000000000000105000300020000004c0000800600010002000000080002000a0101020500030000000000060001000200000008000200ac1414bb0500030002000000060001000200000008000200ac1414380500030000000000c4000080060001000200000008000200ac1414130500030001000000060001000200000008000200e00000010500030003000000060001000200000008000200e00000010500030001000000060001000200000008000200e000000205000300010000000600010002000000080002007f0000010500030000000000060001000200000008000200e00000020500030000000000060001000200000008000200ac1e00010500030003000000060001000200000008000200e000000205000300030000002400010000000000000000000000000000000000000000000000000000000000000000000600050001000000240002003b436aade14146e52b8260dea6633f6f3bfebf31a7362aa69d6152d896f0a96bd401098028000080060001000a00000014000200fe80000000000000000000000000002e050003000300000094000080060001000200000008000200ffffffff0500030000000000060001000200000008000200e00000010500030002000000060001000a00000014000200fc0000000000000000000000000000010500030002000000060001000200000008000200ac1414aa0500030000000000060001000a00000014000200fc00000000000000000000000000000005000300000000004c000080060001000a00000014000200fe8000000000000000000000000000aa0500030001000000060001000a000000140002000000000000000000000000000000000105000300000000007c000080060001000200000008000200e00000020500030001000000060001000200000008000200ac1e00010500030000000000060001000200000008000200ffffffff0500030001000000060001000200000008000200ffffffff0500030000000000060001000200000008000200e000000205000300010000004c000080060001000200000008000200ffffffff0500030002000000060001000200000008000200ffffffff0500030000000000060001000200000008000200e000000105000300030000006c000080240002009f551df5f04917071017d0f80fc92402843ae0ef835f874eef7c0ab940b8e72b24000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691c200004000a004e2300000004fe80000000000000000000000000003d08000000980200800800030005000000200004000a004e2000000009fe8000000000000000000000000000aa0600000024000200cb93eeb2b1486c0b3d25d3be05c061d8b8b4cb4852d5124eab2eebfcd2859c041400040002004e20ac1414aa00000000000000001400040002000000e000000100000000000000001400040002004e21e00000010000000000000000200004000a0000000000000500000000000000000000ffff0a01010001000000ec01098048010080060001000a00000014000200000000000000000000000000000000010500030001000000060001000a00000014000200200100000000000000000000000000010500030000000000060001000a00000014000200fc0200000000000000000000000000000500030003000000060001000200000008000200ac1414aa0500030000000000060001000a00000014000200fc0100000000000000000000000000000500030003000000060001000a00000014000200ff0100000000000000000000000000010500030000000000060001000200000008000200ac1414440500030001000000060001000200000008000200ffffffff0500030001000000060001000a00000014000200fc0000000000000000000000000000010500030002000000060001000a00000014000200000000000000000000000000000000010500030001000000a0000080060001000200000008000200ffffffff0500030003000000060001000200000008000200e00000020500030001000000060001000200000008000200ac1e01010500030001000000060001000200000008000200640101010500030002000000060001000200000008000200e00000010500030000000000060001000a00000014000200ff02000000000000000000000000000105000300020000000c00008006000500c9000000"], 0xb7c}, 0x1, 0x0, 0x0, 0x20008000}, 0x8000)
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
r4 = userfaultfd(0x801)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000100))
sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x28, 0x140e, 0x4, 0x70bd25, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000)
r5 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000600)={'team0\x00', <r6=>0x0})
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x4], 0x0, [0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8caa], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x200}]}]}, @TCA_TAPRIO_ATTR_TXTIME_DELAY={0x8, 0xb, 0x75e88fe9}]}}]}, 0xa4}}, 0x0)
ioctl$UFFDIO_ZEROPAGE(r4, 0xc020aa04, &(0x7f00000000c0)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}})

4.206792684s ago: executing program 2 (id=880):
sched_setaffinity(0x0, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x26, 0x4, 0x0, 0x0, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, @dev={0xac, 0x14, 0x14, 0x16}, @remote, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x401, 0x1000, 0x5, 0x0, 0x5, 0x0]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@multicast2}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast}, {@empty}, {@multicast1, 0xffd200}, {@private=0xfffffffd, 0x7}]}, @timestamp_prespec={0x44, 0x24, 0x0, 0x3, 0x0, [{@dev}, {@multicast2}, {@private=0xa010101}, {}]}, @noop, @noop, @lsrr={0x83, 0xb, 0x0, [@private, @rand_addr]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x7fff7ff9}]})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
execve(0x0, 0x0, &(0x7f0000000080)=[&(0x7f0000000d00)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!3\xf2\x84\xa9H\x92\x1e4\"u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6 \x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJ9\x13V\x1e\b\x16\xf6/\xc3{h\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\x8aO\x9d\x94\x8d\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\x1f\x02)sP%Z\xad\x83\xda\xbe2r\xb0\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xafd\x01\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\xfd\x05\xee\xa0L\xe4C\"\xba\xd5\x91_]\xb26\xbf\x9cA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xcc\a\x10`xb\xc2\x13m[P\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb5\\\xf5\x05\xec\xa3\x98\f1\x8b\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0\xd8k\xb7vo?1H\x86\x032\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\x9f\xa1\xda@\xc7-\x93\xbc4\xc0\xfe\xf6\xf6\xc4\xc3ZT>R\x11\xba\xf9\x17\xf2\a\x00\x00\x00\x00\x00\x00\x00\x00\x13\x9eX$\xe1\x00\x00\x00\x00\x00\x00\x003\xe0\xe3\x0e\xaa\x8e\x9a\x1f\x12\fRw\x11B\x17xO<x6tw\x18\xc4\xf1%\xd8S\xdd\"6\xa3s\x99O\xb0\xf2/0\x1d\x04\xcc\xadVr\x9bP\xd0Z3\xa7\xdd@\xf9a\xe6\xa1\x9c#\xb9\xb8\xb0\xc6r\"\xdd\xc4\xe5\xf8\xb5\xacF\x9aP\xbd\xf0\x94\x99;\x18\xd4\x9d\xf2f\x93\v\xe0\x8c\x91\x87\xd3\xc57\xe2\x11r\xea(\xb7\xd1\xba\x00C\x00(?\xeb34\xea\x865lD\xd4\xc7\x91*\x8e\x0f\xf6Zl^\xe1\x9b\xab}\xe7;\xd3h\xda4\xb5r\xe9l\xd1F\xdepA\x02\x90X\xed\x10\x98\xa2\xfb=\xdb\xba7\xf0Y\xafUt\x12\xe7\x87wbd\x86R\x02\xa7\xa3F\a\x83\x19;\xeb\xba\bm\x84\xba\x90\xd8\x9f\xc2\xb3V\xd0\xd8M\x1eM\x8d\x1a.\xea\xea:A$:/\x96\xf1\xb8\xdd\xa3\b?\x8b%\xce\x8a]\xb4!n \xcd\xdc\xc0\xca$\x8dA\xce\xd4\xab\x1at\x1b\x87\xc1W\xff\x91%6]1\xfb \xc9\xa7\xff\x92I\x91\xed\xed-\x89J7\\\x82\xbe\x8e~$\xafbl/\xf4\xad\xc6\x04\x0fZH\x97C^Y\x12\xcd\xab\x9eS\xdb\xfe\x83\xc3\xbb5,hS\x82\xefR.]\xa9\b\xd4o\x92\xf7\x99\xd2\x0e\xef \x83\xb4\xe7\xb6j\xa4\xe3m\xa4\xd7\xaa\x97\xe3\xc9\xcfP\x9e\xb0vU{\x8b3R\x1a\x06\xc3\ts\x8e\x1f\x8b\xc7\xe3\xbe\xc3j\xb6\x83\x0e\xe9*\xc2r7\x92\x8b\xf2\x02\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\xa2\xf7\xafPK8\x0e1\xcez\x00\x00'])

3.957334721s ago: executing program 4 (id=881):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYRES64=r1, @ANYRESOCT=r1], 0x34}}, 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="600000000206010100000000000000000000000014000780080011400000000005001500faffffff050005000a000000050001000700000005000400002000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x60}}, 0x0)
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000080)={0x2, "d2c4924d5e89213dc64c3b6e6ff82a75e5318fca4288c2ffbdbec772020acd2c"})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000200)={0x2, "922b7c4fdd843872cf88917a25c59ba5abfc28fb45ae37ad0f852a7690507f6d"})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz'], 0x2a, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = syz_usb_connect$hid(0x4, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000f8000902240f5f9c778b3baf4dba000921401ba8c125f190c569b54170f47fc0c1852a1ec0d320f61f561dc9c957fa47c2c8df0f356e5bd6c87fdeaaa1070fa4d81571164ffcf0a9324c7ec2df8b7e79ef6a", @ANYRES16=r1], 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r4 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r4, 0x501c4814, &(0x7f00000000c0)={0x2, 0x100})
r5 = socket$packet(0x11, 0x3, 0x300)
socket$alg(0x26, 0x5, 0x0)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x0, 0x0)
r7 = epoll_create1(0x0)
r8 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x20002)
write$sndseq(r8, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r8, &(0x7f0000000080))
epoll_ctl$EPOLL_CTL_MOD(r7, 0x3, r8, &(0x7f0000000100)={0xa000001e})
r9 = openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000000)=0xe)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), r9)
ioctl$TCFLSH(r6, 0x540b, 0x0)
ioctl$TIOCSSOFTCAR(r6, 0x541a, &(0x7f0000000080))
setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r5, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6}]}, 0x10)
syz_emit_ethernet(0x1f0, &(0x7f0000000640)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa0086dd6600000001ba2f01ff01000000000000000000000000000100000000000000000000ffff640101012f02"], 0x0)

3.847789375s ago: executing program 1 (id=882):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40004)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, &(0x7f0000000140)={{0x1, 0x1, 0x18, <r2=>r0}, './file0\x00'})
r3 = add_key(&(0x7f0000000300)='asymmetric\x00', &(0x7f0000000340)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
add_key$user(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, &(0x7f0000000200)="31702e6b7c6a7d54f6d9220e35e3354717d23823d19a26f8140e85c14589f4a8ec6172250d7a8a1170d3ff146ab3552dd93511251deb855e8089e0f7d5d9f1272cec53ad3a89c9f5b1dcd62e82673531f6cf89f3c5a60dfcddea033e53e01e656cee87dc0abcaf6773310bdea3df7c8df173e01bab0269bef1f25f89c98f041c9797111c24792c7ac59d90de611762fe50319b87347b30fc84c8ab7207fd91c1c54332ff3b0fa03f92e00b6ed7a37d5c13a831b8d58a78131f20c6213a4af9bf2516673f610de21a", 0xc8, r3)
r4 = add_key(&(0x7f0000000380)='encrypted\x00', &(0x7f00000003c0)={'syz', 0x2}, &(0x7f0000000400)="4815bf61c79ffa2ce2d96b0dea98a0b7c87ec41fb0d870db4e6e0a2ff640f73898ec2e4d4a01169863f23e6c032cb5eef3d555e7d2d727b454d3ac731304408870b33e9db9729b4cacb786a18550705cf36f6461a5b30abdbefb1994c8f506d5e218493bccac20da2d97371074aa1783005401709a7c1c57d480a7ad13d9028dd9dc57469af39534440c434e266a844698cc3475ce2f9c86aa13854848b77419ee737b6829348c782f7afb6c89d913b4444cc9b15ab1d33e5b3229ab7b678d18b2ce857b701807944657018256d4a2bc2203c84f358c1875e2", 0xd9, r3)
bind$pptp(r2, &(0x7f0000000500)={0x18, 0x2, {0x3, @empty}}, 0x1e)
setsockopt$MRT_ADD_MFC(r2, 0x0, 0xcc, &(0x7f0000000540)={@local, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, "f5b42853a0ac73e2317625c249172f7bc930b833ac50b4db157810e58430be4d", 0x401, 0xfffffff8, 0x3, 0xf5b3}, 0x3c)
r5 = socket$pptp(0x18, 0x1, 0x2)
connect$pptp(r5, &(0x7f0000000580)={0x18, 0x2, {0x1, @multicast2}}, 0x1e)
openat$dma_heap(0xffffffffffffff9c, &(0x7f00000005c0), 0x200000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000000600)={{0x1, 0x1, 0x18, <r6=>0xffffffffffffffff, {0xee00, 0xee00}}, './file1\x00'})
ioctl$SG_IO(r6, 0x2285, &(0x7f0000000780)={0x0, 0xfffffffffffffffe, 0x40, 0x4, @buffer={0x0, 0xa, &(0x7f0000000640)=""/10}, &(0x7f0000000680)="5411c44c6c905521df266903c4623ab5eae2c6b3ffe251805c3220d937a85952905605aea4e0dc068f715014b1eaca06ae9ac5e245dd27fff9918d58cc79b979", &(0x7f00000006c0)=""/77, 0x10000, 0x2, 0x2, &(0x7f0000000740)})
ioctl$SNDCTL_SEQ_NRMIDIS(r6, 0x8004510b, &(0x7f0000000800))
keyctl$link(0x8, r3, r4)
ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000840))
ioctl$TIOCSISO7816(r6, 0xc0285443, &(0x7f0000000880)={0x9, 0x4, 0x4, 0x3, 0xfffffffd})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000940)={'syztnl2\x00', &(0x7f00000008c0)={'sit0\x00', <r7=>0x0, 0x20, 0x80, 0x7fffffff, 0x4, {{0x10, 0x4, 0x3, 0x5, 0x40, 0x64, 0x0, 0x4, 0x29, 0x0, @private=0xa010100, @private=0xa010101, {[@timestamp={0x44, 0x2c, 0x1e, 0x0, 0x8, [0x1c, 0xd, 0x8001, 0x3, 0x2, 0x9, 0x7f, 0x9, 0x8, 0x1]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000a00)={'ip6tnl0\x00', &(0x7f0000000980)={'syztnl2\x00', <r8=>r7, 0x4, 0x5, 0x4, 0x7, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}, @private1, 0x7, 0x7, 0xc, 0x6}})
ioctl$IOMMU_VFIO_CHECK_EXTENSION(r6, 0x3b65, 0x0)
r9 = syz_genetlink_get_family_id$gtp(&(0x7f0000000a80), r0)
sendmsg$GTP_CMD_ECHOREQ(r6, &(0x7f0000000b80)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000b40)={&(0x7f0000000ac0)={0x78, r9, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@GTPA_TID={0xc}, @GTPA_PEER_ADDR6={0x14, 0xb, @mcast2}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_I_TEI={0x8}, @GTPA_LINK={0x8, 0x1, r8}, @GTPA_I_TEI={0x8, 0x8, 0x4}, @GTPA_MS_ADDRESS={0x8, 0x5, @multicast1}, @GTPA_NET_NS_FD={0x8, 0x7, r6}, @GTPA_LINK={0x8, 0x1, r8}, @GTPA_I_TEI={0x8, 0x8, 0x1}]}, 0x78}, 0x1, 0x0, 0x0, 0x10008800}, 0x4048010)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r6, 0x541c, &(0x7f0000000bc0))
ioctl$VIDIOC_QUERYMENU(r6, 0xc02c5625, &(0x7f0000000c00)={0x7330, 0x3, @value=0x229e})
setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000c40)={0x2, 0x2}, 0x4)
utimensat(r6, &(0x7f0000000c80)='./file1\x00', &(0x7f0000000cc0)={{0x77359400}, {0x0, 0xea60}}, 0x100)
ioctl$LOOP_GET_STATUS64(r2, 0x4c05, &(0x7f0000000d00))
ioctl$F2FS_IOC_START_ATOMIC_WRITE(0xffffffffffffffff, 0xf501, 0x0)

3.717868291s ago: executing program 0 (id=883):
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
unshare(0x62040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000020000000900010073797a300000000048000000030a01010000000000000000020000000900010073797a30000000000900030073797a3200000000080007006e617400140004800800014000000000080002"], 0xa4}}, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCPKT(r1, 0x5420, &(0x7f0000000180))
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "df3f0400000000000000000000000609000040"})
r2 = syz_open_pts(r1, 0x0)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000080))
ioctl$TCFLSH(r2, 0x540b, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x7, 0x8, 0x22}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000400)={@map=0x1, 0xffffffffffffffff, 0x5, 0x20, 0x0, @link_id}, 0x20)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00'}, 0x10)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1a41, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xd132})
r6 = socket(0x11, 0x800000003, 0x0)
r7 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000600)={'team0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000d40)=@newqdisc={0x90, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x60, 0x2, {{0x2, [], 0x0, [0x4, 0x2], [0x9]}, [@TCA_MQPRIO_MODE={0x6, 0x4}]}}}]}, 0x90}}, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000300)=ANY=[], 0x6e8a)
r9 = socket(0x1, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800"/12], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r9)
gettid()

3.622179691s ago: executing program 1 (id=884):
socket$packet(0x11, 0x3, 0x300)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000080)=0x14)
sendto$packet(r0, &(0x7f0000000180)="49af2c2cc80509a0e11bc960e563c355d5f7", 0x12, 0x0, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14)

3.342333423s ago: executing program 1 (id=885):
syz_usb_connect$uac1(0x0, 0xb6, 0x0, &(0x7f00000038c0)={0xa, &(0x7f00000034c0)={0xa, 0x6, 0x0, 0x0, 0xb7, 0x2, 0x0, 0x9}, 0x0, 0x0, 0x2, [{0x0, 0x0}, {0x0, 0x0}]})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000180))
syz_io_uring_setup(0x0, 0x0, &(0x7f0000000100), 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_open_dev$dri(0x0, 0x0, 0x0)
syz_open_dev$rtc(0xfffffffffffffffc, 0x0, 0x0)
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0xc008ae88, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000000e497f36c"])
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000640)={0x2, 0x0, @remote}, 0x10)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x4008af04, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000300)={'geneve1\x00', <r5=>0x0})
sendto$packet(r4, &(0x7f0000000180)="0b050600f4ff020006004788aa96a13bb1000011000086dd1a00", 0x1001a, 0x0, &(0x7f0000000140)={0x11, 0x0, r5}, 0x14)
socket$netlink(0x10, 0x3, 0x0)

3.019934112s ago: executing program 4 (id=886):
syz_usb_connect$uac1(0x0, 0xb6, 0x0, &(0x7f00000038c0)={0xa, &(0x7f00000034c0)={0xa, 0x6, 0x0, 0x0, 0xb7, 0x2, 0x0, 0x9}, 0x0, 0x0, 0x2, [{0x0, 0x0}, {0x0, 0x0}]})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000180))
syz_io_uring_setup(0x0, 0x0, &(0x7f0000000100), 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_open_dev$dri(0x0, 0x0, 0x0)
syz_open_dev$rtc(0xfffffffffffffffc, 0x0, 0x0)
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0xc008ae88, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000000e497f36c"])
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000640)={0x2, 0x0, @remote}, 0x10)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x4008af04, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000300)={'geneve1\x00', <r5=>0x0})
sendto$packet(r4, &(0x7f0000000180)="0b050600f4ff020006004788aa96a13bb1000011000086dd1a00", 0x1001a, 0x0, &(0x7f0000000140)={0x11, 0x0, r5}, 0x14)
socket$netlink(0x10, 0x3, 0x0)

2.953384079s ago: executing program 2 (id=887):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r1, 0x0)
socket(0x0, 0x0, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4)
bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @loopback}, 0x10)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600), 0x4)
sendto$inet(r2, &(0x7f00000012c0), 0x0, 0x40000, 0x0, 0x0)
recvmsg(r2, &(0x7f0000001500)={0x0, 0xa, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x16fb}], 0x1, 0x0, 0x46, 0x407006}, 0x104)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

1.992853676s ago: executing program 3 (id=888):
r0 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
preadv(r0, 0x0, 0x0, 0x0, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000540)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/138, 0x0})
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000740)=r2)
r3 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x213)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(0xffffffffffffffff, 0xc1004111, &(0x7f0000000440)={0x0, [0x5, 0xa3, 0x8], [{0x78, 0x9, 0x1, 0x1, 0x1, 0x1}, {0xa0, 0x2e, 0x1, 0x0, 0x1, 0x1}, {0x5, 0xf85, 0x0, 0x1}, {0x8, 0x3a0}, {0x4000000, 0x10001, 0x1, 0x0, 0x1, 0x1}, {0x7, 0x7fff, 0x1, 0x1}, {0x101, 0xa4d, 0x1, 0x1, 0x0, 0x1}, {0x6, 0xa6df, 0x0, 0x1, 0x0, 0x1}, {0xc9, 0x5, 0x0, 0x1, 0x0, 0x1}, {0x26, 0xfffffffb, 0x1}, {0x5, 0x7, 0x0, 0x1, 0x1}, {0x1f, 0x9, 0x1, 0x1, 0x1, 0x1}]})
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000100), 0x4)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
mmap(&(0x7f000085e000/0x2000)=nil, 0x2000, 0xb635773f06ebbeee, 0x4010, r3, 0xee560000)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=ANY=[@ANYBLOB="6800000002060500000000000000000000000000140007800800124000009a7808000b4000000005050001000700000016000300686173683a6e65742c706f72742c6e657400000054fe020073797a31000000000900020073797a310000000045000500070000002504c1217bd453e0f85424670379ded843560a9bb5a9433777b04c310dcdce5ec924704c73aa4a", @ANYRES64=r1, @ANYBLOB="ad71a15ecaa859536bc7507474e981ec1db51478b498395c06907b2412d3235bca8269e2e12406c83529341b431d26b271f6829cff427e9149aeb9b04ec0fc4eb5d2a405fa228f6c9f027d860e468c62aae5a2f38300b4c5cf8be98faba49dfd9a8aa7795b53142addf4defb3f3f32717531bb5e45f447ea0d4e8fbe530d664621fbf59c"], 0x68}, 0x1, 0x0, 0x0, 0x48083}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xcfbffa9083d62ca3, 0xc, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x1b, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x90)
syz_usb_connect(0x1, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000000009040000030b08000009058d67c8002a00000905050200000000000905"], 0x0)
r7 = fcntl$dupfd(r6, 0x406, r4)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r7, 0x10e, 0x2, &(0x7f0000000080)=0x17, 0x4)
sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=ANY=[], 0x1c}}, 0xd0)
socket$alg(0x26, 0x5, 0x0)
r8 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x7a05, 0x1700)
getsockopt(0xffffffffffffffff, 0x0, 0x6, &(0x7f0000001680)=""/59, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
ioctl$SNDCTL_TMR_TEMPO(r8, 0xc0045405, &(0x7f0000000140))
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, &(0x7f0000001200), 0x18)

1.579796025s ago: executing program 2 (id=889):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r1 = syz_io_uring_setup(0x4172, &(0x7f0000000780)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000040))
io_uring_enter(r1, 0x567, 0x0, 0x0, 0x0, 0x0)
shutdown(r0, 0x0)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000000)={0x7f}, 0x10)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c0000004a00390200000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x1c}}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4}, 0x48)
close(r3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x4, 0x5}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
semget$private(0x0, 0x0, 0x0)
semctl$IPC_INFO(0x0, 0x0, 0x3, 0x0)
semget(0x1, 0x0, 0x0)
mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ip_mr_cache\x00')
mmap$snddsp_control(&(0x7f0000ffa000/0x4000)=nil, 0x1000, 0x1, 0x80010, r4, 0x83000000)
r5 = socket$kcm(0xa, 0x3, 0x3a)
sendmsg$kcm(r5, &(0x7f0000000440)={&(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @dev, 0x7}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="a090", 0x2}], 0x1}, 0xd0a0)
sendmsg$kcm(r5, &(0x7f00000005c0)={&(0x7f0000000380)=@l2tp6={0xa, 0x0, 0x0, @dev}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000400)="ba7f", 0x2}], 0x1}, 0x0)
rt_sigqueueinfo(0x0, 0x0, &(0x7f0000000fc0)={0x0, 0x0, 0x200})
semctl$GETPID(0x0, 0x0, 0xb, &(0x7f0000001180)=""/80)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
sched_setaffinity(0x0, 0x7, &(0x7f0000000180)=0x5)
r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r7, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r8 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r8, r6, &(0x7f00000000c0)=0x58, 0x5)

1.397538864s ago: executing program 0 (id=890):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f00000001c0)={0x48, 0x2, r1})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000380)={0x28, 0x0, r1, 0x0, &(0x7f0000ff9000/0x4000)=nil, 0x4000})
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r3, &(0x7f0000000140)={0x28, 0x0, 0x0, @hyper}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000040)='virtio_transport_alloc_pkt\x00', r2}, 0x10)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r3, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112)
syz_emit_vhci(&(0x7f00000007c0)=ANY=[@ANYBLOB="040e06006220"], 0x9)
socket$inet(0x2, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000280)={@loopback, 0x6, 0x0, 0x102, 0x3, 0xd9}, 0x20)
r5 = fsopen(&(0x7f0000000000)='tmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x1b)
quotactl_fd$Q_QUOTAOFF(r6, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x6, 0x803, 0x0)
bind$can_raw(r7, &(0x7f00000000c0), 0x10)
socket$packet(0x11, 0x2, 0x300)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
socket$l2tp6(0xa, 0x2, 0x73)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socket(0x1d, 0x2, 0x6)

777.338889ms ago: executing program 0 (id=891):
syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0x10, 0xffffffffffffffff, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x5, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000007940)=[{{0x0, 0x0, &(0x7f0000000900)=[{0x0}], 0x1}}], 0x1, 0x4048841)
socket$inet(0x2, 0x0, 0x0)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f00000002c0)={0x8, {"eb710a8f7c99b13f9d5269ba638cec06c2f59c58d78c3cd035ba824aab12a6415f16f5f723351ebd8edfa76d74d1a7b73395c633ab0ef754179008edfc5252905e6b9c6ce27efcefc2be2d17a62caed0a1ac6146261606dd18d668fe8aa050957bd83ca983f5bf3b01bbcf22321f23b50c1cb55811ecd932cf1df7772a89499661161ae87fc594bc3789cf163ee9d70116d97c88d60b34f891b0975aba74e6ad0c8fab2103490b7c478b8dcbaffcde075ddb102071f81b41e6542e335aa029d944680d88d275175f272c327bd0f62e9227f4122b756759a279cd2387e9427590a620ddafc3e968f8bc3497255bcee5b6061e673118a2afadbb1817a8e908cd9185417c245c8a9733f66051b1b51c021cdf5c7131c47b08eb4fcd2d04f30ee0975ed4b193dd5e161d7a640f3b337a1056b23406e1bd8879c236fc92e013a738313ad031ef0d0ba23d4f19ba6c9fcecef2274742d86658edc613bab640bee1c31cfe51742a070af21dc77fea960796993ad910ab9378b4856a1c7fbfc739605df914e462fcae390d489a63cc4df1e9e6294e28b53799c4847aad38c851d302e207bd4d515ca6767f69f627e4aef4e664c6a5a4afdbb034ec7337c463d4a7ee67a47d9d6ce7ae5b7151808697aa07d386340ce80bd0a411ab0753095989bc795800c8279dfab7402b0e8a43c84eadc066674d165b8776e46fa239b5ebfb30ce664a3929360b208da8f7e879ac0d917aa69012394105180a0a3b8ff8928c932facb87f6f555ea54c24beccf0e7e134e92963e5c599d46529c04d2359a0778b509c380ddec914da3962db5e69c9fe5596b2820ef585f2314c6b99cad79968516eadba6432d7be7118978a197c7519ccaae785129baa4cb743db28d749ca96a9add8f951ce08cfc89671134ac4ed3398e117918fda180e0ba58d24d8a250c99f447a4494ea9497b696b34738da506e7e81d383b41e947873ac5397405e256f4e457bdf9fe24d33d16f70ee2f06e796f4cba473c032f57ed3888e406f77fec234516ae84b26d18b9638cde39122209773947b6eda45af7305eb39bdbe229d82c3946d73f7f9385fd18160b72dc7809af80ed6c426494aa7033bcf8f4c17ad07adba54eaf820c1137b2f693268c2746383c1c2d3ad929acac6feef9e8bef78d123aa7acf83c2745dbece217d81bb7efb467106a257740fe2b78ae61df37512b206222738c38b1ae17cc97f61f91c884f85538a8c16d6639c3a7a03e75846816828ad424659c32e88aace60558de785fe10ba038a2d57b0c5574159a80fdca501dbd1135261c0c92519ade3dd3e920fef976e37a18cd7c2faf0a35cc702ef1b0e4f419dd1d529499b8266ca1b172af52d06e87f55f04b75c6e756d98d6eeece21f652c5b858232fa4b7e1d028a43bc4efac1a7ab810005e6a501bb27a1c5973f399559b38bb2ca156e984552fe5a3d09168275a1317a6d4e893bdf5977b909c28895fb253619331f802758c4f16e4c1b4da34ef60d304f065242737bc3bc14c31dddbc18bfb4b8c520bf20c79e1533e26918a11c7e6df4aea412d705b326db6afcaacbb40cc8d7f30705f81cf97a082a32dadb23a71059032ec86050f5a8ca91b7f310c0afc6b3408e95f38cfd84028b5525210270cf39894b16b1b84ae2d5f114eacf21169f76c8bffba1db712d8dbfa988e532247e6b2fb728547adb4d8fb605e45289cd364963412872e75447708e8b937c6af6d7f7500df5e8fa265e1c09edbdee2d024f81a3e5d596a24525c2267020ee3549371323a4a4506a9caf4046334265f0fa2a59814010462eb556cc7f2746dd9505750a415033d1c958e0a121fd7e407faf565daa65704ac249e622690f32dd273865711058191b6fbc614a6f506441c3a87a490879ef20ac8df5b58bfc558499cd0aabe923d44b0cb9b7ed602bafffe09c01e3e1b6ca2e59e22b308aebda170e18a1635836b3feecee645a7305e8298ab5a32180c6255b86dd2cfef2cdd4104ba9c9736fb07d8fec3bf50114b5fcc2293ea80505662d3e89d3f2d29a682554f4a8579da2315e5d8112d248be21cc0c617ad61c82fc4f1e640ca3d2780b4e9d13f723700d1ae166f86bcc5e03195fb7d20739b0720cf3fb31c8aeae0d159df680f28d5be7280b6017901f75dfe38166044155d964be82d22443cdae49cd26bc7ebe765a088b85ecc65da717b1633123fae79a0eb277bce5834c0843818085739f8456b2cc1fc31921a136d841de2b8e62b96b5fbc9e652b95a378b04531080fc2d3ae50fe0a2506d2722534ff215619005c87201a8179374956e6c103f2a151215b09507d2d96139602ebedb920e70f4d275bb0f38f8f88f04b2a7f981654ee36baf4b983d349912f42e1f00cc079fccff0529e942ee1452df16fd76a3d671930873346b9284d32f1a0af6dcf4523e951bd805a94a8397b570b1afc8b98fcffa371c3e94b4b6ca0141cd7358a6b2c0f3ceaba73fe930e6e548c6e47b3284a5238a130b30b98beac4624aeafb2e7d4cf0d1079560be2c9d6e1352dcf1f68d8c38a82bc85908d02fdbd61c373a43e1fa079b4f7d99b310e7d410dce359344efac2ac2eefa1ca850a70bd16812213f7ea285df160a9891a6656e47636d4872bc50d7a9cc8f0450eecfb844f3bef38796f909fd2d2fa10e5053cc393e945c360efb1e8556c8704e5332802a0818ce724320f077b8a3c5ed68586d8c3554fcfbfe1e47b2986c090c9aef45519599d00c681886a0f3fd336303f62f15087dec525503b9daac3bc27869edfed5eed0031a3d47b5427b150d734697152cd13a59a95c32020320d89148a72669bb559e0273b287a556a354af60a6e37d410bc9f36e7b77a9065e1a246c12eaaa498d830dbfea6390d0a6462938c7387039074907d84cd96764ae1b976a304af9b38debe0eb653a3e60af4f71dfab770a51344b8ef2cb3397ad2504e48c97f6d90d6bd15ee30cc1a3548350f700a3827fba8f6527cf25ffa5033afd22a401ce057dcd4340c9d8c0a23d73314d8733131375e34d8c1a3415b7704725ab26eb16a17340f0078d59f9d2b89419303d23e68e986d89a953e5d2a5473a74c3990699f994547733188a60c7b312550a7e283092be11dacad80c3afc24f1e2076879e6685449f7af326b5550310ac6bd3bafa344e5a6e2c2a46b5ea2cea2e8329396ecaa011a9a5b30b8a9595db4145810d19771843afdb45751e932aa102737f901c6366f31089a6d5b4b680ba4e23915a130ec1a20f7c074c92afac4275f6e767bc8e92fa6c69e2bc1ae96e7cf32c3c0e5974604b00974edeb18ac0249ea8ade7fcf83d186cea6bb01f81e42112397f2faec8347551ef999354562e4178ef9b5bce9b72e5a324d0c8e23101e6946dffc8af303334cecac198d63535eb303ce5084e074e6f9977b9bbabddabf59d256a9942c147fa8e444e73974bcc1a2a0b180e43fc7e6aa9eb917f66bb1bb51d3166a0e74e16cf1ace9ef69520a843216a5e94dd085867d055261d11628294492f057bc361f96e8962dae3d79eab7097b05107e2fdd5d0e756505c56bd65b6278d5aaebf468ef660786594ef05bf1c9cd10f30016f9071e1afa1c7fd88a36a7438a3bef30eb3eed1d5aef7115261437675aa2f3a016caea2401fdbc8e7d65d924d2a50d80e5ca59f07ffa6dc3a1b7c0508b6ae74f42aba2c27d2765907f5f66f94b31c1fd008fab8a3d2222ab0e6c6c458fbaed953600ca62ced40cc626092a40c7c0fe2d22be77521a99d5f587ce39f0a1104774b6811f3dc81153cbc3f29e34e369d79f41b922889a36cf526affb44e6efea07d39704107c741b8dcd93022a9b1651363ea474bd26def17ab7eecb87477183813f2aea04266c2b01b9f8db58fade90c515678c3f91f967788866f5effc9db7e6db96086f02387a800327ec049b838f6fcc84ad6a7c95ae87aa300c02601ec44e598cd56991000ca06a36e46c43b4933a2d50ad1e8e306476bfd8c18beabf422478525269c5fb644d15620daf4a2fa564885cdbdbcd86d4c6f4d205e1bc86981b791f054a5212893c71165cc28716d0258d38d995719cf00a84a8f769ee25cf8085c319845f7887d9ab6a35ea55b30fbd9af67088ad7980f079a4d6888b73389d74cc985058ddc386cdd4700fdb196b79d89668a841bb32a0fde1ddd291363395b70d887d9339c3eed947c135c4159eb33b48e9f4a910c971bb0f0cf1c5f7e5eca82447998deec0237c9e8339870f21b3b473f8b4c6bf436036a429173e032d9713850103f94ca545247d041b5a96e0792ed5254cbe75d0c54d1d52f81ca9c78bee372e99fcfbfc6aa3604e3d690005126428a6a40888952d49ae584fcbd7929b9395210344ac41c6f95421f0916683a31ee6dcb544a8d302f885fabe005112a3395943312c2adc922babf9923c6b46dfa96f7f7db0e7028ffb8db22ed1b81740b5fe198837389a79adee1d2f0dac18de337495ee33578ad93aefe0ab9485ed102a4999b0a8884267c7d63724b2dc4c46f9196c9f4fffb9fda149da79c68a8e5fa392c3907bb7143995f3507285ad55039eb2c52b50b66473d59f0c1a3073eff11448ee16e2eadd2bd14db3186dd5d9b7188f9968422b4d199f5f3d8d4b8c866c1bc666d536dbfbff9f6088774edb7c21b3a6ae8aa76641cbf41fc2ea0a459db31133e6a2c1d9039e584f48ed0e6edf052f62f45477ee76b4596ee895afec81443c4e2dcd1133894e252406532d5b9da80220d4b2fdac25c92cee441e8e484c5e3a2656dfeebe29d629e589954290c1df27e6c4bfc6dbb187c338ae59b000b99f6b7fd8107dbc886cc6e0f9f6e264f24590631da8b89baf5a516f7a07ef4fd1903086dd5aea97a49f3b489e2adb3ae9766d052567377d4e3639ccb8f3aa4af7c565fe64bfb2d93b2b13fe0b618f96af1b987d28342d6cc198e28c5d3f97552ddbc7b73625a4d78f0fdd0b8a61cd3f308ae884d19c8f62da56cfa8d53f8ba5724d84b0e0f24605b21bee106e19a7b6065f03846ea790687bf8e17d3219ae8270332e3b2342c36a541b13b6548600a8f8d9fcfa2790b38a4abfad64400ee5f35a882977fb81423811f252dca86fa5d19f36b73503f38c5494c0f34e3c44565bf3b12d0324cdffa2f14947310a9eb46fc17b3460731555be8376f47bdda63f091baf165680c0bbc24654e71176175ab5121ec81224e09913e9d11a1e2fc5ce750086dab1676154f962a9af73600b6d73f3ef770d3b2103bd9a9d2535079f7ceedd22cfb0365291140f7ae2335ef45ef12aa034e57c15a6b46837b8c62ddd19a7d6651ab1065f6dc7e56f87ffbc6aecaf3361505ca5697c2eb1cafebeb61ee7bb505ad382357925d1caa12d07cc881bd7ec6c67f05030f1ff025465c88935a33516a9f1c614ea5fa5a211eb31f0b8c704850fe5f46773f827dd29bb1fd185f9ef9a0c21eb10097a90b61c0d617daee3beab7218c3e03ead9052b152906af3fc2b3dbbfc1e0a39cf885434207bc68b20d37ca657dc8ecb33416ee669091b14e45123d3ae1b0235ee595ddcc63d69eb141f0f4b110aaaf8ae3276a0c3cfa62604dcfa4f6cf5e0351422620ff621715d206b1d02a6af64650d79c38f98f391ee53bad22e16cded2adf2c94c482aecb4a303dcd05099370fd2d429cd2b3908d0ef51890951f0df6f9d22e212e17b2bc0f420cec67c93759befb1d2137de0106acbabd3f64e72db78f0120cded129de99158d031bd60f9e96cf67308046de6fa77d3139d516bccaf02092d2a165271", 0x1000}}, 0x1006)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, &(0x7f00000004c0), 0x4)
syz_emit_ethernet(0x46, &(0x7f0000000480)=ANY=[@ANYRES32], 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c1000003e0007012ebd700004101c000100000004000002041001"], 0x101c}}, 0x0)

238.076182ms ago: executing program 0 (id=892):
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'ip6_vti0\x00', &(0x7f0000000140)={'syztnl1\x00', <r0=>0x0, 0x2f, 0x9, 0x9c, 0x400, 0x20, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x7, 0x8000, 0x80000000, 0x10001}})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000001c0)={0x101, <r1=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1a, 0x8, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', r0, 0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r1}, 0x90)
socket$netlink(0x10, 0x3, 0x0)
r2 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f0000000100))
socket$inet6(0xa, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
r4 = syz_io_uring_setup(0x15e7, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0x0, 0x0, r3}, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_WRITEV={0x2, 0x50, 0x0, @fd_index=0xfffffffc, 0x0, 0x0})
r7 = memfd_create(&(0x7f0000000900)='prodM\xb0\xea\a\x06\xbe\xaen/\xce4\xb7\xc1\xef\xba!\x9d\rSt\xa24\t\x00\xae\x00\x00\x00\x00\x00\xff\xff\x10\x04\x00\x00\x1dz\xd05\xe2e,\xb1\x84\xea\x91^%\xb0#R\x04\x06\xae\xebA;Y\xeb\x8f\xec\xb4\xf9\x17\xb7\x04\xc2\xc0\xc6\xb4\v\xff\xfc\x88\x90\xabC\x02\x00\xf04\x03\x88\xae9\'>R^P{Vr!\xe2W\xc72\xea\xb7Wp\xc36\x96\xffZ\\A@\x00\x00\x00\xc9\xf3Y\xb8\x89#\xa1\xb1)Dk\xeb\xa1\t\x00{u[\xbd\x9d\xf4\xbf\\\xce\x02P\xf2MY\x05^\xffj\x9c\x14\xb7\xb6v\x1d*1>\x00 \x00\x00\x00\x00\x14C?]\x8c\xb4Y\xcf\x80\x85\xd6\x036\xc8~\xa8\f\x00\x00:s>\xd7s\xef\xb3\x9f#\x15)\xf9\xe10\xc7\xb262<k\xa8\x88\x01\x00fhD\xe7\xb6\x17\x80\x95\xa8\x1e\t\xb01KB\xcb\x00\x1e\x7fE\x7f\x02\x00\x00\x00y<nGR\x94\x99\xb8\x89\x9b\x8f\xd5\xe6\x02\xb5C\xad\"u\xf4>-\x00\x00\x00\x00\xc8X\xdaNz\x0eu\x8f\x01\x00\xdd\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc3\xa7/\x88\x9b`\xa5\x98\x81a\xeev\x00\x00\x00\x00\a\x00\x00m2\xf2\xd8,\x17\xf8\x8e\xae\xc8\xad\xed<\"\x8e\n\x9d\xb13\x8d\xef\x96\xd2I\"8=tg\xdfU\xd0q\x95/f\xec\xdc\xa3\xe1[\xc0\xaa\xefz\xc9\xf4[R\xc36b\xf0~\xd9>\x13\xc0\x83E\xd27)\xd5yQ\xff}5\x94\x88\xa1\xdc\xa1g\xe0q\xc5:\xe4\xdf\x80\xb3,\xb9\xb2\xdc\x81\x9f6\x0f\x84WY\xbfSY`\xb8\a\x19\xb1\x058\xa4\xc3\xbb\xf8aB:\x84\x02?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3o-GU\xb0\x00F\xb3o(aI[\xd6\x9fG\xaeI\x83\x93\x8cC\xc0#\xe0q\xd0Ex|\xdb\xa8\x16\xfe>:\t0\xfd\x8a\xc7\x84\xb5\xc7M-0A\xf0\x94\xf3\xcc\x8d\xbb3\\\"\x882\xb3\xa84\xac\x00\xdd}Ft\xc6\xcc\f}!X#\xe4\xe1\x94i\xce\xa1\xff\x95\x80\xb4T\x9c\x01\xf3\x1cLB\x94m(m\f\xbc\xebY\xa0\xf7\xf0\x9d\x10\xbd\x86\x1by\xe6\xdf\xc0\xc5\xb9\xb9\xbf\xdf~9\nC\xe9\xc5\x0e\xda\x9c(\x9b\"\xc7\x97\xfc\b\xd9\xc2T\xa7*}]\xc8\xb3 .\x9b\x89\x0f\xf8$\xdd>lU\x13EG\xbb1] \xda\x19\xc5\x9b\x15\x95\xc4\xfcw\xbb\x92\x91\xc4\xa6\x907XK\xfc\x17]\xfa\xff\'\xef\x92\x1c\xb8\x1fK\xb2o \xd1\xbd\xb2\x11+\xa3R\xefQ\xc2\xbdW\x05\xec\xb3=@\x03\xc6^\xa2\x15D\xb0\'D#\xb6Q\x8f\x82?S>\x00P\x9cE\x92{d\xe6\x9cj1\x87\xb3\x01\xde\xe8\x89\xc4s\xb7\x14~}\xaa\x8c\xc3\x95BAE\xf2.\x8fC\x91W\xadi\x00\xf2k\xd5v\xd3\x84d\xf4\x134\xa6XI\xe5h\xaa\x15\x9a\xf7Z\xe3%\x88\x7f\x90\xbb\x9dt\xa3\xe1\r\x8d\x94\"\x19\x8b\x17)\xea\xd5\x17\xeb\xe4\x1b\x0fBZ1\xbe\xee\xfa\x1c\xf9\xa6\x11\x94\x1a\\P:\xaf\xcex\xc2\x82\x9a\x16\xfc\xa1\xf9\xbba\b\xbb\xed\xb2\xd1W\xe2\x8b\x8d8}\xf0V\xbd\xa60A\xc3\x03\xfa\x890\x86#\bQ\xcb)\xf6]\x9e\x14\xd2\xea\x82\xa8\xb7ZG\x15r\xf1n 1\x8d \xc1\xaf\x19\\\x91\x13\x1b8\xe1\xc3\xa4\v\x94\xbfJ\xb5\xde\x95\x82\x00]B|\xe2[%\xe3\xf0\x04\xba\xed\xdb\xf5\x7f\x9d\xfe>\xf6m$M&\x7fq]\xe4\xf6\x82\xc3\x00\xb1zg}\x99E\xa4\x19\xe9\x1a4a\xd75D-k\x84\xa6\x12+\xebk\xa1\xfek\x89\xef\x18\xc1)6\xa65\xe2D\xbe\xe1\xdfq\xdd68\xf37g\xab9m\xe7\xddO\v?\xe0\xbe}\xa9U\xc7{\xd3\x16W\xbb\xe5\xd2\x93\xfe\xa4\x9d\r$\xe91c8`\x86\xbc)\xe29\xc3}\xb9P\xbbF\xc6\x12\x8c_x\xa8\xf2\xb5K\x03\x85\x92k\xe1\x8e\x1f)\".\xcc\'\v\xa6\x1bj\\\n\xe98\x1eG\x11:\x85\x80\xc4\xcbo\x99\x99\xeb)r\x1a\xce\x18(\x185LL\xbcOeO\'\xe2\x86&\xe4\xe2\xe7~\x92\xa2\xb2\x1b\xc3\x00\x85\xce\xad7\x87\xa0\xfcc\xf5\xf8\xaf\v,q\xd4\x18\xbdM\x1a\xde\xba*L\x05m6\xecH\xd0T\xb8m\xdb\b\xa6\x02\xfb\x13\xac\x91\x8a\x8d\x94\x93\x8d=\xb1\x84\x9c\x9b\xe5\xc7\xa6\xc9Q\xc1eUc\xcc\x180^\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00KT2\x1b\x16=\x10\xd3\x9a\xf0\xb7\x00\x00\x00\x00\x00\x00\x00\xc3k\xc2\xb6\x06+s^\xe3\xbf\x89\xe1\xbd\"\x81\x9f\xd4\xb1\x1b\xf4\n\x87\xf8\xc3(*\xc8\xcd\x13)\xdd$<\xeb\x8c\xa0\x88\xe6MT\x86\xaaA\xcd\x1c\xad\x8fTZ\xa8_\xda\xf9\x8b\x90\x0f\xe1\r\x1b_\"9m\xe2]B\x8exQ\x92w$\x12a\x85\x92\x82_]\xaf\t\xdc\xd8\xa5&\xd4\xd0\x98\x98\xeb\x00\x00i\x00\x00\x00\x00\x00\x00\x00^\xaeLz\xe9\xc6\f\x12\x17C\xe9\x03JmJ\xa5\x9f\x8ea=P\xdb\xa1u\x9d\xa7e\xaed=B\x8b\x8f\x92-\x93~\a\x1d\xb5y\x8b\xea\xa3\xf1\x06\x8c\xda\x01vC\xf8#\x9c\x9a\"%n\xc29\x00\xca>\b\xf1M\xe3\x14\xf7v\xe8\xf8\xc4\x85\xdaz=\x03\xc4d8\x11~\"|\xf1\xaf>\x9b\xabNR\xc5R\xa6\x91\x9d\xc6\xe1\x94\x93\x0e\xed~\x1c\xd9}\xbf\nD\xe9pf}\x15\xae\x11u(\x94x\x00}\x1dS\xb9I\x17m~\x16\x85\xc7\x87#e\x97\x86\x84\"\xa5\xd9\x12\x15\x95\xe4\xbc\x9a\xb6\xdd\x89.f\r\x85h,-\x94?\xc8\xb7h<f\x95\xcd\xc8\xb0\xa9\x94FMC\"H\xaeWq\xf4@\xfd\t\xf4\x92fY4\x8a\xda\x97\x1a\xfb/\xec\x1eg\xa1\xa1\xf9\x1c\xffF\xdf&\xc1\xf5*@q&q\xb9\x14\x9e[\xf7yW\x10g\xf2\x91\xf1\xa9z\xbf\xde\xa0\xde\x1f\xe3Y\xf1\xa4\x1b\xe5\xd4-\x97\xe3', 0x7)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800004, 0x0, 0x12, r7, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000001, 0xc3072, 0xffffffffffffffff, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = io_uring_setup(0x177f, &(0x7f0000000140))
r10 = socket(0x2b, 0x1, 0x1)
setsockopt$inet6_IPV6_RTHDR(r10, 0x29, 0x39, &(0x7f0000000080)={0x0, 0x2, 0x2, 0x1, 0x0, [@mcast2]}, 0x18)
connect$inet6(r10, &(0x7f0000000040)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c)
ioctl$sock_inet6_tcp_SIOCOUTQ(r10, 0x5411, &(0x7f0000000000))
close_range(r9, 0xffffffffffffffff, 0x0)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, 0x0, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0x1000}]}, 0xfffffffffffffea4}}, 0x0)
sendmsg$NL80211_CMD_SET_COALESCE(r8, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0xa3d, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x22202000, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_GETODELAY(0xffffffffffffffff, 0x80045017, 0x0)
syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0x0)

139.000667ms ago: executing program 1 (id=893):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
eventfd2(0x8, 0x0)
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000005, 0x32, 0xffffffffffffffff, 0x0)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)
r1 = userfaultfd(0x0)
lseek(0xffffffffffffffff, 0x7, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00'})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040))
sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f00000021c0)=ANY=[@ANYRES16=0x0, @ANYBLOB="200029bd7000fddbdf2501000000ec00088038000080200004000a004e2100000000fc000000000000000000000000000001010000001400040002004e23ac1414aa0000000000000000b000008008000a0001000000240001000000000000000000000000000000000000000000000000000000000000000000200004000a004e2100000009fe880000000000000000000000000001a000000008000a000100000024000100000000000000000000000000000000000000000000000000000000000000000024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b08000a000100000006000500190f00007c0a088014000080080003000500000008000300060000005407008006000500030000001400040002004e24ac1414bb0000000000000000a4000980a0000080060001000a00000014000200fc0000000000000000000000000000010500030000000000060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000a0000001400020000000000000000000000ffff000000000500030002000000060001000200000008000200ac14144305000300000000000600010002000000080002000a0101020500030003000000200004000a004e22000000062001000000000000000000000000000200000000240002000c7881c25944250cf1e0500c732ab9978063f4624529848cfa907db0f1cd90bf28040980a0000080060001000a00000014000200fe8800000000000000000000000000010500030000000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000200000008000200ac1414bb0500030001000000060001000200000008000200e00000010500030000000000060001000a0000001400020000000000000000000000ffffac1e00010500030000000000a0000080060001000200000008000200ac1414aa0500030001000000060001000200000008000200ac1414bb05000300010000000600010002000000080002000a0101010500030000000000060001000200000008000200ac1414250500030002000000060001000a00000014000200ff0100000000000000000000000000010500030001000000060001000200000008000200e00000010500030003000000d0000080060001000200000008000200ac1414aa05000300000000000600010002000000080002007f0000010500030000000000060001000a00000014000200200100000000000000000000000000020500030003000000060001000200000008000200e00000020500030003000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000a00000014000200ff0200000000000000000000000000010500030003000000060001000200000008000200e00000010500030003000000a0000080060001000a00000014000200200100000000000000000000000000000500030000000000060001000a00000014000200fc0100000000000000000000000000000500030001000000060001000200000008000200ac14142f0500030001000000060001000a00000014000200ff0100000000000000000000000000010500030000000000060001000200000008000200e0000002050003000000000064000080060001000200000008000200ac1414aa0500030003000000060001000a00000014000200fc0200000000000000000000000000010500030002000000060001000a00000014000200fe88000000000000000000000000000105000300020000004c0000800600010002000000080002000a0101020500030000000000060001000200000008000200ac1414bb0500030002000000060001000200000008000200ac1414380500030000000000c4000080060001000200000008000200ac1414130500030001000000060001000200000008000200e00000010500030003000000060001000200000008000200e00000010500030001000000060001000200000008000200e000000205000300010000000600010002000000080002007f0000010500030000000000060001000200000008000200e00000020500030000000000060001000200000008000200ac1e00010500030003000000060001000200000008000200e000000205000300030000002400010000000000000000000000000000000000000000000000000000000000000000000600050001000000240002003b436aade14146e52b8260dea6633f6f3bfebf31a7362aa69d6152d896f0a96bd401098028000080060001000a00000014000200fe80000000000000000000000000002e050003000300000094000080060001000200000008000200ffffffff0500030000000000060001000200000008000200e00000010500030002000000060001000a00000014000200fc0000000000000000000000000000010500030002000000060001000200000008000200ac1414aa0500030000000000060001000a00000014000200fc00000000000000000000000000000005000300000000004c000080060001000a00000014000200fe8000000000000000000000000000aa0500030001000000060001000a000000140002000000000000000000000000000000000105000300000000007c000080060001000200000008000200e00000020500030001000000060001000200000008000200ac1e00010500030000000000060001000200000008000200ffffffff0500030001000000060001000200000008000200ffffffff0500030000000000060001000200000008000200e000000205000300010000004c000080060001000200000008000200ffffffff0500030002000000060001000200000008000200ffffffff0500030000000000060001000200000008000200e000000105000300030000006c000080240002009f551df5f04917071017d0f80fc92402843ae0ef835f874eef7c0ab940b8e72b24000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691c200004000a004e2300000004fe80000000000000000000000000003d08000000980200800800030005000000200004000a004e2000000009fe8000000000000000000000000000aa0600000024000200cb93eeb2b1486c0b3d25d3be05c061d8b8b4cb4852d5124eab2eebfcd2859c041400040002004e20ac1414aa00000000000000001400040002000000e000000100000000000000001400040002004e21e00000010000000000000000200004000a0000000000000500000000000000000000ffff0a01010001000000ec01098048010080060001000a00000014000200000000000000000000000000000000010500030001000000060001000a00000014000200200100000000000000000000000000010500030000000000060001000a00000014000200fc0200000000000000000000000000000500030003000000060001000200000008000200ac1414aa0500030000000000060001000a00000014000200fc0100000000000000000000000000000500030003000000060001000a00000014000200ff0100000000000000000000000000010500030000000000060001000200000008000200ac1414440500030001000000060001000200000008000200ffffffff0500030001000000060001000a00000014000200fc0000000000000000000000000000010500030002000000060001000a00000014000200000000000000000000000000000000010500030001000000a0000080060001000200000008000200ffffffff0500030003000000060001000200000008000200e00000020500030001000000060001000200000008000200ac1e01010500030001000000060001000200000008000200640101010500030002000000060001000200000008000200e00000010500030000000000060001000a00000014000200ff02000000000000000000000000000105000300020000000c00008006000500c9000000"], 0xb7c}, 0x1, 0x0, 0x0, 0x20008000}, 0x8000)
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
r4 = userfaultfd(0x801)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000100))
sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x30, 0x140e, 0x4, 0x70bd25, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000)
r5 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000600)={'team0\x00', <r6=>0x0})
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x4], 0x0, [0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8caa], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x200}]}]}, @TCA_TAPRIO_ATTR_TXTIME_DELAY={0x8, 0xb, 0x75e88fe9}]}}]}, 0xa4}}, 0x0)
ioctl$UFFDIO_ZEROPAGE(r4, 0xc020aa04, &(0x7f00000000c0)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}})

0s ago: executing program 3 (id=894):
bind$alg(0xffffffffffffffff, &(0x7f00000003c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000380), 0xffffffffffffffff)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0))
socket$nl_generic(0x10, 0x3, 0x10)
socket$alg(0x26, 0x5, 0x0)
socket$unix(0x1, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x1, 0x803, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x5, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x88adf5b9}}, 0xffffffffffffff70}}, 0x0)

kernel console output (not intermixed with test programs):

84890][   T29] audit: type=1326 audit(1722313120.983:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7279 comm="syz.3.509" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fce42777299 code=0x0
[  202.748326][    T9] usb 3-1: new full-speed USB device number 24 using dummy_hcd
[  202.952118][    T9] usb 3-1: config 0 has no interfaces?
[  202.983709][    T9] usb 3-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00
[  203.015552][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.049939][    T9] usb 3-1: config 0 descriptor??
[  203.496762][ T7280] usb usb9: usbfs: interface 0 claimed by hub while 'syz.2.508' sets config #0
[  203.546102][    T9] usb 3-1: string descriptor 0 read error: -71
[  203.592320][    T9] usb 3-1: USB disconnect, device number 24
[  203.743519][ T5277] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  203.800277][ T7309] netlink: 'syz.4.513': attribute type 21 has an invalid length.
[  203.827758][ T7309] netlink: 132 bytes leftover after parsing attributes in process `syz.4.513'.
[  203.948451][ T5277] usb 2-1: Using ep0 maxpacket: 8
[  203.957307][ T5277] usb 2-1: config 0 has an invalid interface number: 52 but max is 0
[  203.976097][ T5277] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  204.006185][ T5277] usb 2-1: config 0 has no interface number 0
[  204.026565][ T5277] usb 2-1: config 0 interface 52 has no altsetting 0
[  204.041108][ T5277] usb 2-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  204.058160][ T5277] usb 2-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35
[  204.068002][ T5277] usb 2-1: Product: syz
[  204.075894][ T5277] usb 2-1: Manufacturer: syz
[  204.087635][ T5277] usb 2-1: SerialNumber: syz
[  204.099677][ T5277] usb 2-1: config 0 descriptor??
[  204.158745][ T5278] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  204.368392][ T5278] usb 4-1: Using ep0 maxpacket: 8
[  204.378867][ T5278] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  204.435526][ T5278] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  204.466002][ T5278] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  204.496993][ T5278] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  204.524602][ T5278] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  204.554992][ T5278] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  204.840591][ T5277] usb 2-1: Can not set alternate setting to 1, error: -71
[  204.858217][ T5278] usb 4-1: GET_CAPABILITIES returned 0
[  204.868039][ T5277] synaptics_usb 2-1:0.52: probe with driver synaptics_usb failed with error -71
[  204.892966][ T5278] usbtmc 4-1:16.0: can't read capabilities
[  204.944038][ T5277] usb 2-1: USB disconnect, device number 24
[  205.067848][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  205.076980][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  205.086085][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  205.095186][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  205.104282][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  205.114973][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  205.124078][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  205.137146][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  205.146231][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  205.155295][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  205.168263][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  205.177348][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  205.188875][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  205.197978][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  205.229927][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  205.239156][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  205.884285][   T29] audit: type=1326 audit(1722313124.283:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7343 comm="syz.2.526" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3d22977299 code=0x0
[  205.891355][ T7351] ALSA: seq fatal error: cannot create timer (-22)
[  206.659967][ T7356] netlink: 12 bytes leftover after parsing attributes in process `syz.4.528'.
[  206.725194][ T5273] usb 4-1: USB disconnect, device number 28
[  206.978364][    T9] usb 5-1: new full-speed USB device number 24 using dummy_hcd
[  207.199131][    T9] usb 5-1: config 0 has no interfaces?
[  207.204772][    T9] usb 5-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00
[  207.235383][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.283343][    T9] usb 5-1: config 0 descriptor??
[  207.658945][ T7358] usb usb9: usbfs: interface 0 claimed by hub while 'syz.4.528' sets config #0
[  207.678950][ T5277] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  207.702002][    T9] usb 5-1: string descriptor 0 read error: -71
[  207.734948][    T9] usb 5-1: USB disconnect, device number 24
[  207.878356][ T5277] usb 3-1: Using ep0 maxpacket: 8
[  207.886354][ T5277] usb 3-1: config 0 has an invalid interface number: 52 but max is 0
[  207.900722][ T5277] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  207.916543][ T5277] usb 3-1: config 0 has no interface number 0
[  207.924808][ T5277] usb 3-1: config 0 interface 52 has no altsetting 0
[  207.949202][ T5277] usb 3-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  207.971896][ T5277] usb 3-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35
[  207.998683][ T5277] usb 3-1: Product: syz
[  208.002914][ T5277] usb 3-1: Manufacturer: syz
[  208.007536][ T5277] usb 3-1: SerialNumber: syz
[  208.021220][ T5277] usb 3-1: config 0 descriptor??
[  208.618058][    T9] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  208.778679][ T5277] usb 3-1: Can not set alternate setting to 1, error: -71
[  208.804710][ T5277] synaptics_usb 3-1:0.52: probe with driver synaptics_usb failed with error -71
[  208.818015][    T9] usb 4-1: Using ep0 maxpacket: 32
[  208.849986][    T9] usb 4-1: config 0 has an invalid interface number: 206 but max is 1
[  208.866285][ T5277] usb 3-1: USB disconnect, device number 25
[  208.887618][    T9] usb 4-1: config 0 has no interface number 1
[  208.917239][    T9] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  208.946639][   T29] audit: type=1326 audit(1722313127.343:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7398 comm="syz.2.540" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3d22977299 code=0x0
[  208.968973][    T9] usb 4-1: config 0 interface 206 has no altsetting 0
[  208.996877][    T9] usb 4-1: New USB device found, idVendor=13d3, idProduct=3393, bcdDevice=6b.ed
[  209.027770][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  209.051518][    T9] usb 4-1: Product: syz
[  209.057179][    T9] usb 4-1: Manufacturer: syz
[  209.062762][    T9] usb 4-1: SerialNumber: syz
[  209.079019][    T9] usb 4-1: config 0 descriptor??
[  209.178334][ T5297] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  209.238050][ T5275] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  209.354573][    T9] usb 4-1: USB disconnect, device number 29
[  209.372280][ T5297] usb 2-1: Using ep0 maxpacket: 8
[  209.410202][ T5297] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  209.428477][ T5275] usb 1-1: Using ep0 maxpacket: 16
[  209.445250][ T5275] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE5, changing to 0x85
[  209.445602][ T5297] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  209.468993][ T5275] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  209.496012][ T5275] usb 1-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice=3d.25
[  209.510134][ T5275] usb 1-1: New USB device strings: Mfr=4, Product=106, SerialNumber=3
[  209.517947][ T5297] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  209.533217][ T5275] usb 1-1: Product: syz
[  209.539375][ T5275] usb 1-1: Manufacturer: syz
[  209.546580][ T5275] usb 1-1: SerialNumber: syz
[  209.574295][ T5297] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  209.589927][ T5297] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  209.612801][ T5297] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  209.616381][ T5275] usb 1-1: config 0 descriptor??
[  209.665056][ T5275] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input18
[  209.889585][ T5297] usb 2-1: GET_CAPABILITIES returned 0
[  209.901230][ T5297] usbtmc 2-1:16.0: can't read capabilities
[  209.925756][ T5275] usb 1-1: USB disconnect, device number 23
[  209.968728][   T29] audit: type=1326 audit(1722313128.363:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7402 comm="syz.4.541" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8fc8d77299 code=0x0
[  209.987944][ T7410] net_ratelimit: 276 callbacks suppressed
[  209.987970][ T7410] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app
[  210.124580][ T7408] capability: warning: `syz.2.542' uses deprecated v2 capabilities in a way that may be insecure
[  210.149433][    C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  210.170945][    C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  210.180068][    C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  210.189971][    C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  210.223789][    C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  210.232875][    C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  210.243207][    C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  210.252279][    C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  210.261327][    C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  210.299794][    C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  210.308927][    C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  210.351463][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  210.360546][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  210.369592][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  210.550236][    C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  210.559372][    C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  211.683942][ T7433] netlink: 12 bytes leftover after parsing attributes in process `syz.0.548'.
[  211.831765][ T5275] usb 2-1: USB disconnect, device number 25
[  212.038354][ T5273] usb 1-1: new full-speed USB device number 24 using dummy_hcd
[  212.128469][ T5274] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  212.240778][ T5273] usb 1-1: config 0 has no interfaces?
[  212.246336][ T5273] usb 1-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00
[  212.258298][ T5273] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  212.300235][ T5273] usb 1-1: config 0 descriptor??
[  212.339735][ T5274] usb 4-1: Using ep0 maxpacket: 8
[  212.355916][ T5274] usb 4-1: config 0 has an invalid interface number: 52 but max is 0
[  212.376250][ T5274] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  212.388132][ T5274] usb 4-1: config 0 has no interface number 0
[  212.394328][ T5274] usb 4-1: config 0 interface 52 has no altsetting 0
[  212.431502][ T5274] usb 4-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  212.449817][ T5274] usb 4-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35
[  212.465845][ T5274] usb 4-1: Product: syz
[  212.471077][ T5274] usb 4-1: Manufacturer: syz
[  212.475756][ T5274] usb 4-1: SerialNumber: syz
[  212.495629][ T5274] usb 4-1: config 0 descriptor??
[  212.670233][ T7437] usb usb9: usbfs: interface 0 claimed by hub while 'syz.0.548' sets config #0
[  212.778479][ T5273] usb 1-1: string descriptor 0 read error: -71
[  212.819650][ T5273] usb 1-1: USB disconnect, device number 24
[  213.359753][ T5274] usb 4-1: Can not set alternate setting to 1, error: -71
[  213.394881][ T5274] synaptics_usb 4-1:0.52: probe with driver synaptics_usb failed with error -71
[  213.442842][ T7462] loop0: detected capacity change from 0 to 7
[  213.450089][ T5275] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  213.460362][ T5274] usb 4-1: USB disconnect, device number 30
[  213.510460][ T7462] Dev loop0: unable to read RDB block 7
[  213.516421][ T7462]  loop0: unable to read partition table
[  213.578369][ T7462] loop0: partition table beyond EOD, truncated
[  213.606037][ T7462] loop_reread_partitions: partition scan of loop0 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[  213.606037][ T7462] 
) failed (rc=-5)
[  213.638768][ T4681] Dev loop0: unable to read RDB block 7
[  213.644413][ T4681]  loop0: unable to read partition table
[  213.658014][ T5275] usb 5-1: Using ep0 maxpacket: 32
[  213.669836][ T4681] loop0: partition table beyond EOD, truncated
[  213.677155][ T5275] usb 5-1: config 0 has an invalid interface number: 206 but max is 1
[  213.685907][ T5275] usb 5-1: config 0 has no interface number 1
[  213.700732][ T5275] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  213.712672][ T5275] usb 5-1: config 0 interface 206 has no altsetting 0
[  213.722617][ T5275] usb 5-1: New USB device found, idVendor=13d3, idProduct=3393, bcdDevice=6b.ed
[  213.738193][ T5275] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  213.746229][ T5275] usb 5-1: Product: syz
[  213.756741][ T5275] usb 5-1: Manufacturer: syz
[  213.770710][ T5275] usb 5-1: SerialNumber: syz
[  213.801694][ T7474] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  213.834357][ T5275] usb 5-1: config 0 descriptor??
[  214.153277][ T5273] usb 5-1: USB disconnect, device number 25
[  215.027633][ T7497] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.565'.
[  215.050293][ T7496] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.565'.
[  215.538027][ T7505] netlink: 12 bytes leftover after parsing attributes in process `syz.0.568'.
[  215.708227][ T5273] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  215.828523][ T5277] usb 1-1: new full-speed USB device number 25 using dummy_hcd
[  215.878716][ T5274] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  215.908010][ T5273] usb 5-1: Using ep0 maxpacket: 8
[  215.947180][ T5273] usb 5-1: config 0 has an invalid interface number: 52 but max is 0
[  215.977721][ T5273] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  216.011350][ T5273] usb 5-1: config 0 has no interface number 0
[  216.028131][ T5273] usb 5-1: config 0 interface 52 has no altsetting 0
[  216.050719][ T5277] usb 1-1: config 0 has no interfaces?
[  216.065652][ T5273] usb 5-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  216.067940][ T5277] usb 1-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00
[  216.095609][ T5273] usb 5-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35
[  216.104792][ T5273] usb 5-1: Product: syz
[  216.115377][ T5273] usb 5-1: Manufacturer: syz
[  216.125947][ T5273] usb 5-1: SerialNumber: syz
[  216.139560][ T5274] usb 2-1: Using ep0 maxpacket: 8
[  216.155889][ T5274] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  216.167989][ T5277] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  216.175305][ T5273] usb 5-1: config 0 descriptor??
[  216.183628][ T5274] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  216.214838][ T5277] usb 1-1: config 0 descriptor??
[  216.253624][ T5274] usb 2-1: config 0 descriptor??
[  216.536323][ T5277] usb 1-1: string descriptor 0 read error: -71
[  216.575926][ T5277] usb 1-1: USB disconnect, device number 25
[  216.938100][ T5273] usb 5-1: Can not set alternate setting to 1, error: -71
[  217.014727][ T5273] synaptics_usb 5-1:0.52: probe with driver synaptics_usb failed with error -71
[  217.083220][ T5273] usb 5-1: USB disconnect, device number 26
[  217.200716][   T54] Bluetooth: hci4: command 0x0406 tx timeout
[  217.624301][   T29] audit: type=1326 audit(1722313136.023:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7521 comm="syz.2.574" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3d22977299 code=0x0
[  217.938513][ T5278] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  218.149415][ T5278] usb 4-1: Using ep0 maxpacket: 16
[  218.182792][ T5278] usb 4-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=8e.53
[  218.205326][ T5278] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.216787][ T5278] usb 4-1: Product: syz
[  218.224247][ T5278] usb 4-1: Manufacturer: syz
[  218.229789][ T5278] usb 4-1: SerialNumber: syz
[  218.244625][ T5278] usb 4-1: config 0 descriptor??
[  218.258432][ T5278] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in warm state.
[  218.269333][ T5278] dvb-usb: bulk message failed: -22 (2/0)
[  218.275271][ T5278] dvb-usb: WideView WT-220U PenType Receiver (based on ZL353) error while loading driver (-22)
[  218.399461][    T9] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  218.466594][ T5278] usb 4-1: USB disconnect, device number 31
[  218.598868][    T9] usb 1-1: Using ep0 maxpacket: 32
[  218.640204][    T9] usb 1-1: config 0 has an invalid interface number: 206 but max is 1
[  218.667290][    T9] usb 1-1: config 0 has no interface number 1
[  218.693512][    T9] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  218.726039][    T9] usb 1-1: config 0 interface 206 has no altsetting 0
[  218.741586][    T9] usb 1-1: New USB device found, idVendor=13d3, idProduct=3393, bcdDevice=6b.ed
[  218.753487][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.762139][    T9] usb 1-1: Product: syz
[  218.771812][    T9] usb 1-1: Manufacturer: syz
[  218.776455][    T9] usb 1-1: SerialNumber: syz
[  218.804980][    T9] usb 1-1: config 0 descriptor??
[  220.206048][ T7563] netlink: 12 bytes leftover after parsing attributes in process `syz.2.583'.
[  220.528153][    T9] usb 3-1: new full-speed USB device number 26 using dummy_hcd
[  220.741517][    T9] usb 3-1: config 0 has no interfaces?
[  220.747677][    T9] usb 3-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00
[  220.757546][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  220.788113][    T9] usb 3-1: config 0 descriptor??
[  220.882167][ T5297] usb 1-1: USB disconnect, device number 26
[  221.190987][ T7573] usb usb9: usbfs: interface 0 claimed by hub while 'syz.2.583' sets config #0
[  221.266955][    T9] usb 3-1: string descriptor 0 read error: -71
[  221.310515][    T9] usb 3-1: USB disconnect, device number 26
[  221.857618][ T7585] netlink: 2 bytes leftover after parsing attributes in process `syz.4.590'.
[  221.873913][ T7585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  221.884668][ T7585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  221.895720][ T7585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  221.907040][ T7585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  221.917939][ T7585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  221.929695][ T7585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  221.940437][ T7585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  221.952004][ T7585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  221.963479][ T7585] batadv_slave_1: entered promiscuous mode
[  222.075326][    T9] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  222.238857][ T5274] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -110
[  222.260526][ T5274] asix 2-1:0.0: probe with driver asix failed with error -110
[  222.270373][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  222.289708][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  222.313237][    T9] usb 4-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00
[  222.335521][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  222.366695][    T9] usb 4-1: config 0 descriptor??
[  222.651102][ T7596] netlink: 'syz.0.593': attribute type 21 has an invalid length.
[  222.651932][ T7597] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  222.671061][ T7596] netlink: 132 bytes leftover after parsing attributes in process `syz.0.593'.
[  222.681577][ T7597] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  222.718872][ T7597] netlink: 56 bytes leftover after parsing attributes in process `syz.3.587'.
[  222.941791][ T7597] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  223.000004][ T7597] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  223.131650][    T9] usbhid 4-1:0.0: can't add hid device: -71
[  223.163921][    T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  223.205494][    T9] usb 4-1: USB disconnect, device number 32
[  223.858003][ T5274] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  224.071626][ T5274] usb 3-1: Using ep0 maxpacket: 32
[  224.101153][ T5274] usb 3-1: config 0 has an invalid interface number: 206 but max is 1
[  224.114821][ T5274] usb 3-1: config 0 has no interface number 1
[  224.123791][ T5274] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  224.137249][ T5274] usb 3-1: config 0 interface 206 has no altsetting 0
[  224.158882][ T5274] usb 3-1: New USB device found, idVendor=13d3, idProduct=3393, bcdDevice=6b.ed
[  224.183258][ T5274] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  224.197904][ T5274] usb 3-1: Product: syz
[  224.205651][ T5274] usb 3-1: Manufacturer: syz
[  224.214422][ T5274] usb 3-1: SerialNumber: syz
[  224.225945][ T5274] usb 3-1: config 0 descriptor??
[  224.482805][ T7630] netlink: 12 bytes leftover after parsing attributes in process `syz.0.602'.
[  224.500533][ T5274] usb 3-1: USB disconnect, device number 27
[  224.818032][ T5297] usb 1-1: new full-speed USB device number 27 using dummy_hcd
[  225.024881][ T5297] usb 1-1: config 0 has no interfaces?
[  225.030589][ T5297] usb 1-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00
[  225.041504][ T5297] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.051942][ T5297] usb 1-1: config 0 descriptor??
[  225.468693][ T7630] usb usb9: usbfs: interface 0 claimed by hub while 'syz.0.602' sets config #0
[  225.646863][ T5297] usb 1-1: string descriptor 0 read error: -71
[  225.699865][ T5297] usb 1-1: USB disconnect, device number 27
[  225.876626][   T29] audit: type=1326 audit(1722313144.273:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7645 comm="syz.4.607" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8fc8d77299 code=0x0
[  225.997797][   T29] audit: type=1326 audit(1722313144.393:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7643 comm="syz.3.608" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fce42777299 code=0x0
[  226.141280][ T7651] netlink: 16 bytes leftover after parsing attributes in process `syz.3.608'.
[  226.277042][   T54] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  226.287729][   T54] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  226.298942][   T54] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  226.308341][   T54] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  226.317034][   T54] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  226.327447][   T54] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  226.659383][ T5274] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  226.868517][ T5297] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  226.882338][ T7655] chnl_net:caif_netlink_parms(): no params data found
[  226.885227][ T5274] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  226.978473][ T5274] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  227.005408][ T5274] usb 3-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00
[  227.047827][ T5274] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.073346][ T7655] bridge0: port 1(bridge_slave_0) entered blocking state
[  227.091888][ T5274] usb 3-1: config 0 descriptor??
[  227.096053][ T7655] bridge0: port 1(bridge_slave_0) entered disabled state
[  227.105266][ T7655] bridge_slave_0: entered allmulticast mode
[  227.113124][ T7655] bridge_slave_0: entered promiscuous mode
[  227.118101][ T5297] usb 1-1: Using ep0 maxpacket: 8
[  227.125195][ T7655] bridge0: port 2(bridge_slave_1) entered blocking state
[  227.132940][ T7655] bridge0: port 2(bridge_slave_1) entered disabled state
[  227.133853][ T5297] usb 1-1: config 0 has an invalid interface number: 52 but max is 0
[  227.142430][ T7655] bridge_slave_1: entered allmulticast mode
[  227.170266][ T7655] bridge_slave_1: entered promiscuous mode
[  227.184397][ T5297] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  227.204095][ T5297] usb 1-1: config 0 has no interface number 0
[  227.220696][   T29] audit: type=1326 audit(1722313145.623:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7666 comm="syz.3.612" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fce42777299 code=0x0
[  227.221365][ T5297] usb 1-1: config 0 interface 52 has no altsetting 0
[  227.287454][ T5297] usb 1-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  227.306645][ T7655] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  227.328188][ T5297] usb 1-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35
[  227.350967][ T7655] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  227.358842][ T5297] usb 1-1: Product: syz
[  227.364316][ T5297] usb 1-1: Manufacturer: syz
[  227.378479][ T5297] usb 1-1: SerialNumber: syz
[  227.382314][ T7675] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  227.392711][ T5297] usb 1-1: config 0 descriptor??
[  227.429249][ T7675] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  227.484950][ T7675] netlink: 56 bytes leftover after parsing attributes in process `syz.2.609'.
[  227.510964][ T7655] team0: Port device team_slave_0 added
[  227.533942][ T7655] team0: Port device team_slave_1 added
[  227.684421][ T7655] batman_adv: batadv0: Adding interface: batadv_slave_0
[  227.722130][ T7655] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  227.750283][ T7675] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  227.791606][ T7675] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  227.825954][ T7655] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  227.908440][ T5274] usbhid 3-1:0.0: can't add hid device: -71
[  227.922631][ T7655] batman_adv: batadv0: Adding interface: batadv_slave_1
[  227.931003][  T945] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  227.958263][ T5274] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  227.986935][ T7655] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  228.023343][ T5274] usb 3-1: USB disconnect, device number 28
[  228.036719][ T7655] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  228.155444][ T7655] hsr_slave_0: entered promiscuous mode
[  228.161404][  T945] usb 5-1: Using ep0 maxpacket: 32
[  228.171130][  T945] usb 5-1: config 0 has an invalid interface number: 206 but max is 1
[  228.173516][ T7655] hsr_slave_1: entered promiscuous mode
[  228.180157][  T945] usb 5-1: config 0 has no interface number 1
[  228.195049][ T7655] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  228.195575][  T945] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  228.214142][  T945] usb 5-1: config 0 interface 206 has no altsetting 0
[  228.221586][ T7655] Cannot create hsr debugfs directory
[  228.230375][  T945] usb 5-1: New USB device found, idVendor=13d3, idProduct=3393, bcdDevice=6b.ed
[  228.250273][ T5297] usb 1-1: Can not set alternate setting to 1, error: -71
[  228.255596][  T945] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  228.275615][  T945] usb 5-1: Product: syz
[  228.285403][ T5297] synaptics_usb 1-1:0.52: probe with driver synaptics_usb failed with error -71
[  228.288784][  T945] usb 5-1: Manufacturer: syz
[  228.316609][  T945] usb 5-1: SerialNumber: syz
[  228.334744][  T945] usb 5-1: config 0 descriptor??
[  228.356157][ T5297] usb 1-1: USB disconnect, device number 28
[  228.408266][   T54] Bluetooth: hci5: command tx timeout
[  228.492557][ T7688] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.615'.
[  228.533528][ T7687] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.615'.
[  228.659767][ T5297] usb 5-1: USB disconnect, device number 27
[  228.884312][ T7655] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  228.896680][ T7655] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  228.987710][ T5277] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  229.160056][ T7655] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  229.187330][ T7655] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  229.239361][ T5277] usb 3-1: Using ep0 maxpacket: 8
[  229.247605][ T5277] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  229.266226][ T5277] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  229.282277][ T5277] usb 3-1: config 0 descriptor??
[  229.308339][  T945] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  229.401952][ T7655] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  229.415126][ T7655] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  229.483627][ T7707] netlink: 'syz.0.618': attribute type 21 has an invalid length.
[  229.492186][ T7707] netlink: 132 bytes leftover after parsing attributes in process `syz.0.618'.
[  229.535702][  T945] usb 4-1: Using ep0 maxpacket: 32
[  229.544892][  T945] usb 4-1: config 0 has an invalid interface number: 206 but max is 1
[  229.554315][  T945] usb 4-1: config 0 has no interface number 1
[  229.567310][  T945] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  229.580101][  T945] usb 4-1: config 0 interface 206 has no altsetting 0
[  229.601925][  T945] usb 4-1: New USB device found, idVendor=13d3, idProduct=3393, bcdDevice=6b.ed
[  229.620345][  T945] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  229.651315][  T945] usb 4-1: Product: syz
[  229.659516][  T945] usb 4-1: Manufacturer: syz
[  229.665024][  T945] usb 4-1: SerialNumber: syz
[  229.686195][ T7655] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  229.708319][  T945] usb 4-1: config 0 descriptor??
[  229.755773][ T7655] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.029382][ T7655] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  230.040600][ T7655] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  230.092490][ T7655] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  230.128969][ T7655] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  230.336745][   T29] audit: type=1326 audit(1722313148.733:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7713 comm="syz.4.620" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8fc8d77299 code=0x0
[  230.481917][ T7655] 8021q: adding VLAN 0 to HW filter on device bond0
[  230.496703][   T54] Bluetooth: hci5: command tx timeout
[  230.573615][ T7655] 8021q: adding VLAN 0 to HW filter on device team0
[  230.616617][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  230.623926][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  230.710924][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  230.718222][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  230.754097][ T7721] netlink: 16 bytes leftover after parsing attributes in process `syz.4.620'.
[  230.805568][   T29] audit: type=1326 audit(1722313149.203:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7726 comm="syz.0.622" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe4fc577299 code=0x0
[  230.957675][ T7655] 8021q: adding VLAN 0 to HW filter on device batadv0
[  231.219259][ T7655] veth0_vlan: entered promiscuous mode
[  231.265069][ T7655] veth1_vlan: entered promiscuous mode
[  231.316848][ T7731] netlink: 12 bytes leftover after parsing attributes in process `syz.4.623'.
[  231.354542][ T7655] veth0_macvtap: entered promiscuous mode
[  231.422106][ T7655] veth1_macvtap: entered promiscuous mode
[  231.482630][ T7655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  231.493764][ T7655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.504993][ T7655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  231.517820][ T7655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.531144][ T7655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  231.542912][ T7655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.564198][ T7655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  231.609246][ T7655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.626071][ T7655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  231.637499][ T7655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.667443][ T7655] batman_adv: batadv0: Interface activated: batadv_slave_0
[  231.742430][ T7655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.814715][  T945] usb 4-1: USB disconnect, device number 33
[  231.819804][ T7655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.874927][    C1] eth0: bad gso: type: 1, size: 1408
[  231.896975][ T7655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.917078][ T7655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.930011][ T7655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.942815][ T7655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.955327][ T7655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.966871][ T7655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.977084][ T7655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.991022][ T7655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  232.040523][ T7655] batman_adv: batadv0: Interface activated: batadv_slave_1
[  232.102924][ T7655] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  232.128139][ T7655] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  232.167795][ T7655] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  232.189520][ T7655] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  232.415820][ T5454] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  232.438899][ T5454] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  232.462349][ T7746] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.627'.
[  232.498317][ T5275] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  232.522342][ T7743] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.627'.
[  232.551280][ T5458] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  232.562045][ T5458] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  232.571816][   T54] Bluetooth: hci5: command tx timeout
[  232.672091][   T29] audit: type=1326 audit(1722313151.053:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7741 comm="syz.4.626" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8fc8d77299 code=0x0
[  232.708029][ T5275] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  232.732928][ T5275] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  232.744419][ T5275] usb 4-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00
[  232.794189][ T5275] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  232.849637][ T5275] usb 4-1: config 0 descriptor??
[  233.141418][ T7765] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  233.175721][ T7765] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  233.221443][ T7765] netlink: 56 bytes leftover after parsing attributes in process `syz.3.625'.
[  233.528230][ T7765] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  233.528474][    T9] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  233.553636][ T7765] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  233.597482][ T5275] usbhid 4-1:0.0: can't add hid device: -71
[  233.608989][ T5275] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  233.641562][ T5275] usb 4-1: USB disconnect, device number 34
[  233.809021][    T9] usb 1-1: Using ep0 maxpacket: 32
[  233.826722][    T9] usb 1-1: config 0 has an invalid interface number: 206 but max is 1
[  233.836353][    T9] usb 1-1: config 0 has no interface number 1
[  233.844298][    T9] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  233.855305][    T9] usb 1-1: config 0 interface 206 has no altsetting 0
[  233.872444][    T9] usb 1-1: New USB device found, idVendor=13d3, idProduct=3393, bcdDevice=6b.ed
[  233.883577][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.893930][    T9] usb 1-1: Product: syz
[  233.898784][    T9] usb 1-1: Manufacturer: syz
[  233.905429][    T9] usb 1-1: SerialNumber: syz
[  233.956153][    T9] usb 1-1: config 0 descriptor??
[  234.099654][ T7772] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  234.111523][ T7772] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  234.347635][ T5278] usb 1-1: USB disconnect, device number 29
[  234.566431][   T29] audit: type=1326 audit(1722313152.963:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7781 comm="syz.4.633" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8fc8d77299 code=0x0
[  234.638661][   T54] Bluetooth: hci5: command tx timeout
[  235.188134][ T5275] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  235.199550][ T5277] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -110
[  235.233815][ T5277] asix 3-1:0.0: probe with driver asix failed with error -110
[  235.388185][ T5275] usb 4-1: Using ep0 maxpacket: 32
[  235.402060][ T5275] usb 4-1: config 0 has an invalid interface number: 206 but max is 1
[  235.433336][ T5275] usb 4-1: config 0 has no interface number 1
[  235.461619][ T5275] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  235.480891][ T5275] usb 4-1: config 0 interface 206 has no altsetting 0
[  235.514222][ T5275] usb 4-1: New USB device found, idVendor=13d3, idProduct=3393, bcdDevice=6b.ed
[  235.543273][ T5275] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  235.568531][ T5275] usb 4-1: Product: syz
[  235.581572][ T5275] usb 4-1: Manufacturer: syz
[  235.604541][ T5275] usb 4-1: SerialNumber: syz
[  235.620986][ T5275] usb 4-1: config 0 descriptor??
[  235.706891][ T7802] input: syz0 as /devices/virtual/input/input19
[  236.156547][ T7807] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.638'.
[  236.170309][ T7806] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.638'.
[  236.633242][ T5278] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  236.845190][ T5278] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[  236.875822][ T5278] usb 1-1: Dual-Role OTG device on HNP port
[  236.883463][ T5278] usb 1-1: New USB device found, idVendor=1a0a, idProduct=0102, bcdDevice=7a.b1
[  236.893856][ T5278] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  236.902864][ T5278] usb 1-1: Product: syz
[  236.909882][ T5278] usb 1-1: Manufacturer: syz
[  236.914832][ T5278] usb 1-1: SerialNumber: syz
[  236.929169][ T5278] usb 1-1: config 0 descriptor??
[  236.955838][ T5278] usb_ehset_test 1-1:0.0: probe with driver usb_ehset_test failed with error -32
[  237.194853][ T7818] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  237.223920][ T7818] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  237.343744][ T7820] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  237.368731][ T7820] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  237.394505][ T7820] netlink: 56 bytes leftover after parsing attributes in process `syz.1.641'.
[  237.430910][ T7820] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  237.474501][ T7820] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  237.720585][    T9] usb 4-1: USB disconnect, device number 35
[  238.176765][   T29] audit: type=1326 audit(1722313156.573:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7841 comm="syz.1.647" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f461d377299 code=0x0
[  238.838607][   T54] Bluetooth: hci1: unexpected event for opcode 0x200a
[  238.976538][ T7853] usb usb9: usbfs: interface 0 claimed by hub while 'syz.3.651' sets config #0
[  239.138373][    T9] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  239.275366][ T5229] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  239.289821][ T5229] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  239.299661][ T5229] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  239.312017][ T5229] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  239.323516][ T5229] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  239.335150][ T5229] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  239.351795][    T9] usb 5-1: Using ep0 maxpacket: 16
[  239.423831][    T9] usb 5-1: config 0 has no interfaces?
[  239.576515][ T5275] usb 1-1: USB disconnect, device number 30
[  239.583195][   T29] audit: type=1326 audit(1722313157.973:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7855 comm="syz.1.652" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f461d377299 code=0x0
[  240.265339][ T7859] chnl_net:caif_netlink_parms(): no params data found
[  240.428725][ T7859] bridge0: port 1(bridge_slave_0) entered blocking state
[  240.434236][ T7880] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  240.436241][ T7859] bridge0: port 1(bridge_slave_0) entered disabled state
[  240.466567][ T7859] bridge_slave_0: entered allmulticast mode
[  240.467074][ T7880] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  240.487271][ T7859] bridge_slave_0: entered promiscuous mode
[  240.500945][ T7859] bridge0: port 2(bridge_slave_1) entered blocking state
[  240.515601][ T7859] bridge0: port 2(bridge_slave_1) entered disabled state
[  240.547408][ T7859] bridge_slave_1: entered allmulticast mode
[  240.557749][ T7859] bridge_slave_1: entered promiscuous mode
[  240.815726][ T7859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  240.866517][ T7859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  241.147528][ T7859] team0: Port device team_slave_0 added
[  241.217766][ T7859] team0: Port device team_slave_1 added
[  241.322877][ T7859] batman_adv: batadv0: Adding interface: batadv_slave_0
[  241.330587][ T7859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  241.333923][ T7881] netlink: 432 bytes leftover after parsing attributes in process `syz.1.654'.
[  241.359697][   T54] Bluetooth: hci6: command tx timeout
[  241.379066][ T7859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  241.407122][ T7859] batman_adv: batadv0: Adding interface: batadv_slave_1
[  241.415367][ T7859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  241.442416][ T7859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  241.448835][ T5275] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  241.494316][ T7880] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  241.514973][ T7880] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  241.528273][  T942] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  241.543458][ T7859] hsr_slave_0: entered promiscuous mode
[  241.550793][ T7859] hsr_slave_1: entered promiscuous mode
[  241.557816][ T7859] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  241.566472][ T7859] Cannot create hsr debugfs directory
[  241.623812][    T9] usb 5-1: string descriptor 0 read error: -71
[  241.636054][    T9] usb 5-1: New USB device found, idVendor=f76d, idProduct=c71d, bcdDevice= 0.40
[  241.646150][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  241.657483][    T9] usb 5-1: config 0 descriptor??
[  241.663319][ T5275] usb 4-1: Using ep0 maxpacket: 32
[  241.680088][ T5275] usb 4-1: config 0 has an invalid interface number: 206 but max is 1
[  241.697967][    T9] usb 5-1: can't set config #0, error -71
[  241.708513][ T5275] usb 4-1: config 0 has no interface number 1
[  241.714699][ T5275] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  241.741117][  T942] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  241.753416][    T9] usb 5-1: USB disconnect, device number 28
[  241.769103][  T942] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  241.779553][ T5275] usb 4-1: config 0 interface 206 has no altsetting 0
[  241.797524][  T942] usb 1-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00
[  241.807939][  T942] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  241.829884][ T5275] usb 4-1: New USB device found, idVendor=13d3, idProduct=3393, bcdDevice=6b.ed
[  241.851868][  T942] usb 1-1: config 0 descriptor??
[  241.857194][ T5275] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  241.878496][ T5275] usb 4-1: Product: syz
[  241.884535][ T5275] usb 4-1: Manufacturer: syz
[  241.894779][ T5275] usb 4-1: SerialNumber: syz
[  241.909065][ T5275] usb 4-1: config 0 descriptor??
[  242.103181][ T7859] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.156604][ T7902] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  242.221530][ T7902] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  242.471503][ T7859] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.523201][ T7902] netlink: 56 bytes leftover after parsing attributes in process `syz.0.657'.
[  242.545318][ T7902] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  242.562577][ T7902] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  242.642864][ T7859] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.724821][  T942] usbhid 1-1:0.0: can't add hid device: -71
[  242.745270][  T942] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  242.772483][  T942] usb 1-1: USB disconnect, device number 31
[  242.795514][ T7859] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.975045][   T29] audit: type=1326 audit(1722313161.373:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7905 comm="syz.1.661" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f461d377299 code=0x0
[  243.051009][ T5458] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.171886][ T5458] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.239539][ T7859] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  243.297838][ T5458] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.314625][ T7859] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  243.314970][ T5229] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  243.332732][ T5229] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  243.347216][ T5229] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  243.358716][ T5229] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  243.373022][ T5229] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  243.383006][ T5229] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  243.436831][ T7859] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  243.438528][   T54] Bluetooth: hci6: command tx timeout
[  243.473427][ T7859] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  243.524089][ T5458] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.889300][ T5297] usb 4-1: USB disconnect, device number 36
[  243.982741][ T5458] bridge_slave_1: left allmulticast mode
[  243.999770][ T5458] bridge_slave_1: left promiscuous mode
[  244.023241][ T5458] bridge0: port 2(bridge_slave_1) entered disabled state
[  244.063831][ T5458] bridge_slave_0: left allmulticast mode
[  244.083114][ T5458] bridge_slave_0: left promiscuous mode
[  244.097080][ T5458] bridge0: port 1(bridge_slave_0) entered disabled state
[  244.185012][ T7922] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  244.195412][ T7922] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  244.262202][ T7923] usb usb9: usbfs: interface 0 claimed by hub while 'syz.3.664' sets config #0
[  245.260011][ T5458] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  245.289929][ T5458] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  245.315752][ T5458] bond0 (unregistering): Released all slaves
[  245.444722][   T54] Bluetooth: hci1: command tx timeout
[  245.532682][   T54] Bluetooth: hci6: command tx timeout
[  245.555811][ T7910] chnl_net:caif_netlink_parms(): no params data found
[  246.149794][ T5458] hsr_slave_0: left promiscuous mode
[  246.173814][ T5458] hsr_slave_1: left promiscuous mode
[  246.196095][ T5458] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  246.206095][ T5458] batman_adv: batadv0: Removing interface: batadv_slave_0
[  246.220702][ T5458] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  246.228443][ T5458] batman_adv: batadv0: Removing interface: batadv_slave_1
[  246.254957][ T5458] veth1_macvtap: left promiscuous mode
[  246.262348][ T5458] veth0_macvtap: left promiscuous mode
[  246.272879][ T5458] veth1_vlan: left promiscuous mode
[  246.288659][ T5458] veth0_vlan: left promiscuous mode
[  247.294525][ T5458] team0 (unregistering): Port device team_slave_1 removed
[  247.347502][ T5458] team0 (unregistering): Port device team_slave_0 removed
[  247.518080][   T54] Bluetooth: hci1: command tx timeout
[  247.598147][   T54] Bluetooth: hci6: command tx timeout
[  247.995441][ T7859] 8021q: adding VLAN 0 to HW filter on device bond0
[  248.013965][ T7910] bridge0: port 1(bridge_slave_0) entered blocking state
[  248.037409][ T7910] bridge0: port 1(bridge_slave_0) entered disabled state
[  248.045495][ T7910] bridge_slave_0: entered allmulticast mode
[  248.053766][ T7910] bridge_slave_0: entered promiscuous mode
[  248.066191][ T7910] bridge0: port 2(bridge_slave_1) entered blocking state
[  248.074058][ T7910] bridge0: port 2(bridge_slave_1) entered disabled state
[  248.082327][ T7910] bridge_slave_1: entered allmulticast mode
[  248.090356][ T7910] bridge_slave_1: entered promiscuous mode
[  248.155234][ T7910] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  248.174047][ T7910] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  248.258656][ T5275] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  248.261853][ T7910] team0: Port device team_slave_0 added
[  248.281612][ T7910] team0: Port device team_slave_1 added
[  248.323219][ T7859] 8021q: adding VLAN 0 to HW filter on device team0
[  248.365097][ T7910] batman_adv: batadv0: Adding interface: batadv_slave_0
[  248.372448][ T7910] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  248.399187][ T7910] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  248.424244][ T5273] bridge0: port 1(bridge_slave_0) entered blocking state
[  248.431477][ T5273] bridge0: port 1(bridge_slave_0) entered forwarding state
[  248.445258][ T5273] bridge0: port 2(bridge_slave_1) entered blocking state
[  248.452418][ T5273] bridge0: port 2(bridge_slave_1) entered forwarding state
[  248.463054][ T7910] batman_adv: batadv0: Adding interface: batadv_slave_1
[  248.477424][ T7910] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  248.508506][ T5275] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  248.519652][ T5275] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  248.529868][ T7910] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  248.541083][ T5275] usb 4-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00
[  248.558343][ T5275] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  248.590841][ T5275] usb 4-1: config 0 descriptor??
[  248.669692][ T7910] hsr_slave_0: entered promiscuous mode
[  248.676786][ T7910] hsr_slave_1: entered promiscuous mode
[  248.925035][   T29] audit: type=1326 audit(1722313167.323:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7969 comm="syz.0.671" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe4fc577299 code=0x0
[  248.925289][ T7971] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  249.047332][ T7971] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  249.187714][ T7971] netlink: 56 bytes leftover after parsing attributes in process `syz.3.670'.
[  249.334151][ T7859] 8021q: adding VLAN 0 to HW filter on device batadv0
[  249.413740][ T7971] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  249.461367][ T7971] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  249.546254][ T5275] usbhid 4-1:0.0: can't add hid device: -71
[  249.570199][ T5275] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  249.597375][ T7859] veth0_vlan: entered promiscuous mode
[  249.603757][   T54] Bluetooth: hci1: command tx timeout
[  249.621141][ T5275] usb 4-1: USB disconnect, device number 37
[  249.769733][ T7859] veth1_vlan: entered promiscuous mode
[  249.869778][    C1] eth0: bad gso: type: 1, size: 1408
[  249.882995][ T7859] veth0_macvtap: entered promiscuous mode
[  249.915349][ T7859] veth1_macvtap: entered promiscuous mode
[  249.964138][ T7859] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  249.984774][ T7859] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  249.995321][ T7859] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  250.006178][ T7859] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.017490][ T7859] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  250.028576][ T7859] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.039005][ T7859] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  250.051286][ T7859] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.087099][ T7859] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  250.136325][ T7859] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.192101][ T7859] batman_adv: batadv0: Interface activated: batadv_slave_0
[  250.252813][ T7910] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  250.275493][ T7998] netlink: 24 bytes leftover after parsing attributes in process `syz.3.673'.
[  250.306210][ T7859] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  250.319746][ T7859] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.347997][ T7859] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  250.365689][ T7859] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.388700][ T7859] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  250.408460][ T7859] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.421730][ T7859] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  250.433339][ T7859] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.443539][ T7859] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  250.455353][ T7859] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.468872][ T7859] batman_adv: batadv0: Interface activated: batadv_slave_1
[  250.476277][ T7910] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  250.501243][ T7910] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  250.521029][ T7910] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  250.543670][ T7859] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  250.548249][ T5274] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  250.565144][ T7859] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  250.579582][ T7859] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  250.595449][ T7859] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  250.768775][ T5274] usb 1-1: Using ep0 maxpacket: 32
[  250.778545][ T5274] usb 1-1: config 0 has an invalid interface number: 206 but max is 1
[  250.793295][ T5274] usb 1-1: config 0 has no interface number 1
[  250.819726][ T5274] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  250.855548][ T5274] usb 1-1: config 0 interface 206 has no altsetting 0
[  250.872139][ T5274] usb 1-1: New USB device found, idVendor=13d3, idProduct=3393, bcdDevice=6b.ed
[  250.882559][ T5274] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  250.895550][ T5274] usb 1-1: Product: syz
[  250.903117][ T5274] usb 1-1: Manufacturer: syz
[  250.908997][ T5274] usb 1-1: SerialNumber: syz
[  250.917387][ T5274] usb 1-1: config 0 descriptor??
[  250.985202][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  251.009752][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  251.033657][ T7910] 8021q: adding VLAN 0 to HW filter on device bond0
[  251.090345][ T5459] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  251.124698][ T5459] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  251.137332][ T7910] 8021q: adding VLAN 0 to HW filter on device team0
[  251.182304][ T5273] bridge0: port 1(bridge_slave_0) entered blocking state
[  251.189554][ T5273] bridge0: port 1(bridge_slave_0) entered forwarding state
[  251.220048][ T5273] bridge0: port 2(bridge_slave_1) entered blocking state
[  251.227324][ T5273] bridge0: port 2(bridge_slave_1) entered forwarding state
[  251.488846][ T7910] 8021q: adding VLAN 0 to HW filter on device batadv0
[  251.617381][ T8018] usb usb9: usbfs: interface 0 claimed by hub while 'syz.3.675' sets config #0
[  251.656178][ T7910] veth0_vlan: entered promiscuous mode
[  251.679051][   T54] Bluetooth: hci1: command tx timeout
[  251.754653][ T7910] veth1_vlan: entered promiscuous mode
[  251.856455][ T7910] veth0_macvtap: entered promiscuous mode
[  251.901399][ T7910] veth1_macvtap: entered promiscuous mode
[  252.029532][ T7910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  252.044561][ T7910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.055065][ T7910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  252.067362][ T7910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.080685][ T7910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  252.093692][ T7910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.104708][ T7910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  252.115565][ T7910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.131477][ T7910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  252.142906][ T7910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.174264][ T7910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  252.212682][ T7910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.266617][ T7910] batman_adv: batadv0: Interface activated: batadv_slave_0
[  252.337993][ T7910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  252.357953][ T7910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.368005][ T7910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  252.379635][ T7910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.390510][ T7910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  252.410380][ T7910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.425096][ T7910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  252.440654][ T7910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.456742][ T7910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  252.474328][ T7910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.505134][ T7910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  252.516480][ T7910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.533147][ T7910] batman_adv: batadv0: Interface activated: batadv_slave_1
[  252.564306][ T7910] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  252.615277][ T7910] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  252.657115][ T7910] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  252.686919][ T7910] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  253.007388][ T2911] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  253.036187][   T29] audit: type=1326 audit(1722313171.433:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8040 comm="syz.3.677" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fce42777299 code=0x0
[  253.069112][ T2911] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  253.084290][ T5273] usb 1-1: USB disconnect, device number 32
[  253.173726][ T5459] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  253.199731][ T5459] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  253.774680][   T58] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  253.968635][   T58] usb 5-1: Using ep0 maxpacket: 8
[  253.987740][   T58] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  254.000877][   T58] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  254.020870][   T58] usb 5-1: config 0 descriptor??
[  254.058378][   T29] audit: type=1326 audit(1722313172.433:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8056 comm="syz.3.680" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fce42777299 code=0x0
[  254.806295][ T8064] netlink: 24 bytes leftover after parsing attributes in process `syz.2.682'.
[  254.947281][    C1] eth0: bad gso: type: 1, size: 1408
[  255.216975][ T8076] usb usb9: usbfs: interface 0 claimed by hub while 'syz.2.685' sets config #0
[  255.520375][ T5229] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  255.536632][ T5229] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  255.545983][ T5229] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  255.556734][ T5229] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  255.567180][ T5229] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  255.575277][ T5229] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  256.081126][ T1271] ieee802154 phy0 wpan0: encryption failed: -22
[  256.090160][ T1271] ieee802154 phy1 wpan1: encryption failed: -22
[  256.465271][ T8097] team_slave_0: entered promiscuous mode
[  256.471372][ T8097] team_slave_1: entered promiscuous mode
[  256.497766][ T8097] macsec1: entered allmulticast mode
[  256.503548][ T8097] team0: entered allmulticast mode
[  256.509898][ T8097] team_slave_0: entered allmulticast mode
[  256.515792][ T8097] team_slave_1: entered allmulticast mode
[  256.554708][ T8097] team0: left allmulticast mode
[  256.562379][ T8097] team_slave_0: left allmulticast mode
[  256.573403][ T8097] team_slave_1: left allmulticast mode
[  256.586597][ T8097] team_slave_0: left promiscuous mode
[  256.592231][ T8097] team_slave_1: left promiscuous mode
[  256.674117][ T8086] chnl_net:caif_netlink_parms(): no params data found
[  256.927096][ T8086] bridge0: port 1(bridge_slave_0) entered blocking state
[  256.938619][ T8086] bridge0: port 1(bridge_slave_0) entered disabled state
[  256.950959][ T8086] bridge_slave_0: entered allmulticast mode
[  256.961631][ T8086] bridge_slave_0: entered promiscuous mode
[  256.973997][ T8086] bridge0: port 2(bridge_slave_1) entered blocking state
[  256.982548][ T8111] netlink: 24 bytes leftover after parsing attributes in process `syz.0.694'.
[  256.984031][ T8086] bridge0: port 2(bridge_slave_1) entered disabled state
[  257.000374][ T8086] bridge_slave_1: entered allmulticast mode
[  257.009107][ T8086] bridge_slave_1: entered promiscuous mode
[  257.089095][ T8086] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  257.110299][ T8086] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  257.221487][   T29] audit: type=1326 audit(1722313175.613:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8114 comm="syz.0.695" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe4fc577299 code=0x0
[  257.232137][ T8086] team0: Port device team_slave_0 added
[  257.265721][ T8086] team0: Port device team_slave_1 added
[  257.379277][ T8086] batman_adv: batadv0: Adding interface: batadv_slave_0
[  257.386311][ T8086] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  257.439074][ T8086] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  257.527976][ T8086] batman_adv: batadv0: Adding interface: batadv_slave_1
[  257.535016][ T8086] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  257.581437][ T8086] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  257.678543][   T54] Bluetooth: hci7: command tx timeout
[  257.737453][ T8086] hsr_slave_0: entered promiscuous mode
[  257.783347][ T8086] hsr_slave_1: entered promiscuous mode
[  257.807523][ T8086] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  257.830822][ T8086] Cannot create hsr debugfs directory
[  257.958975][ T8124] usb usb9: usbfs: interface 0 claimed by hub while 'syz.3.698' sets config #0
[  258.229247][ T8086] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.349819][ T8086] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.444476][ T8086] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.545761][ T8086] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.961640][ T8086] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  258.994423][ T8086] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  259.036197][ T8086] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  259.062265][ T8086] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  259.273966][ T8086] 8021q: adding VLAN 0 to HW filter on device bond0
[  259.323470][ T8086] 8021q: adding VLAN 0 to HW filter on device team0
[  259.362069][  T945] bridge0: port 1(bridge_slave_0) entered blocking state
[  259.369326][  T945] bridge0: port 1(bridge_slave_0) entered forwarding state
[  259.396198][  T945] bridge0: port 2(bridge_slave_1) entered blocking state
[  259.403468][  T945] bridge0: port 2(bridge_slave_1) entered forwarding state
[  259.594355][   T29] audit: type=1326 audit(1722313177.993:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8158 comm="syz.2.709" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdbb5d77299 code=0x0
[  259.671504][ T8086] 8021q: adding VLAN 0 to HW filter on device batadv0
[  259.758911][   T54] Bluetooth: hci7: command tx timeout
[  259.815689][ T8086] veth0_vlan: entered promiscuous mode
[  259.861082][ T8086] veth1_vlan: entered promiscuous mode
[  259.958684][ T8086] veth0_macvtap: entered promiscuous mode
[  259.991233][ T8086] veth1_macvtap: entered promiscuous mode
[  260.009834][   T58] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -110
[  260.042145][   T58] asix 5-1:0.0: probe with driver asix failed with error -110
[  260.045576][ T8086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  260.071483][ T8086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  260.092188][ T8086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  260.108251][ T8086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  260.168243][ T8086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  260.194196][ T8086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  260.208466][ T8086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  260.221985][ T8086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  260.234168][ T8086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  260.246942][ T8086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  260.257502][ T8086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  260.288285][ T8086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  260.301032][ T8086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  260.313589][ T8086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  260.340423][ T8086] batman_adv: batadv0: Interface activated: batadv_slave_0
[  260.372128][ T8086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  260.390301][ T8086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  260.401256][ T8086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  260.414674][ T8086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  260.437058][ T8086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  260.447679][ T8086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  260.466426][ T8086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  260.477024][ T8086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  260.487263][ T8086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  260.499740][ T8086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  260.510098][ T8086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  260.521630][ T8086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  260.535710][ T8086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  260.546975][ T8086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  260.561964][ T8086] batman_adv: batadv0: Interface activated: batadv_slave_1
[  260.583799][ T8086] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  260.593366][ T8086] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  260.604158][ T8086] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  260.615584][ T8086] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  260.799340][ T5454] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  260.824641][ T5454] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  260.871512][ T5454] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  260.888622][ T5454] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  260.997094][ T8182] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  261.006303][ T8182] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  261.086181][ T8185] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  261.110954][ T8185] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  261.163810][ T8185] netlink: 56 bytes leftover after parsing attributes in process `syz.1.681'.
[  261.208506][ T8184] can: request_module (can-proto-0) failed.
[  261.235403][ T8185] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  261.282706][ T8185] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  261.667502][   T29] audit: type=1326 audit(1722313180.063:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8191 comm="syz.3.718" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fce42777299 code=0x0
[  261.838801][   T54] Bluetooth: hci7: command tx timeout
[  262.107606][ T8212] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  262.135487][   T29] audit: type=1326 audit(1722313180.533:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8208 comm="syz.2.723" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdbb5d77299 code=0x0
[  262.168459][ T8212] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  262.946334][ T8228] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  262.957681][ T8228] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  263.017168][ T8228] QAT: Device 0 not found
[  263.280536][    T8] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  263.481221][    T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  263.523223][    T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  263.587686][    T8] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  263.630952][    T8] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  263.665606][    T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  263.720285][    T8] usb 1-1: config 0 descriptor??
[  263.754596][ T8230] raw-gadget.5 gadget.0: fail, usb_ep_enable returned -22
[  263.918049][   T54] Bluetooth: hci7: command tx timeout
[  264.031404][ T8230] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  264.089983][ T8230] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  264.162388][ T8230] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  264.269024][   T29] audit: type=1326 audit(1722313182.673:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8242 comm="syz.2.735" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdbb5d77299 code=0x0
[  264.391418][ T5229] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  264.410436][ T5229] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  264.423619][ T5229] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  264.439979][ T5229] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  264.451109][    T8] plantronics 0003:047F:FFFF.0004: unknown main item tag 0xd
[  264.463080][ T5229] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3
[  264.470798][ T5229] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  264.529477][    T8] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  264.549488][    T8] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  264.565489][    T8] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving
[  264.596724][    T8] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  265.355089][ T8253] chnl_net:caif_netlink_parms(): no params data found
[  265.385662][ T8259] FAULT_INJECTION: forcing a failure.
[  265.385662][ T8259] name failslab, interval 1, probability 0, space 0, times 0
[  265.424920][ T8259] CPU: 0 UID: 0 PID: 8259 Comm: syz.3.737 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0
[  265.435560][ T8259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  265.445640][ T8259] Call Trace:
[  265.448959][ T8259]  <TASK>
[  265.451897][ T8259]  dump_stack_lvl+0x241/0x360
[  265.456603][ T8259]  ? __pfx_dump_stack_lvl+0x10/0x10
[  265.461828][ T8259]  ? __pfx__printk+0x10/0x10
[  265.466447][ T8259]  should_fail_ex+0x3b0/0x4e0
[  265.471158][ T8259]  should_failslab+0xac/0x100
[  265.475891][ T8259]  ? sctp_add_bind_addr+0x89/0x3a0
[  265.481037][ T8259]  __kmalloc_cache_noprof+0x6c/0x2c0
[  265.486445][ T8259]  sctp_add_bind_addr+0x89/0x3a0
[  265.491422][ T8259]  sctp_copy_local_addr_list+0x311/0x500
[  265.497109][ T8259]  ? sctp_copy_local_addr_list+0xab/0x500
[  265.502879][ T8259]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  265.509089][ T8259]  ? sctp_v4_is_any+0x35/0x60
[  265.513810][ T8259]  sctp_bind_addr_copy+0xad/0x3b0
[  265.518881][ T8259]  ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190
[  265.525253][ T8259]  sctp_connect_new_asoc+0x2f3/0x6c0
[  265.530617][ T8259]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  265.536463][ T8259]  ? sctp_endpoint_lookup_assoc+0x7c/0x250
[  265.542348][ T8259]  ? sctp_endpoint_lookup_assoc+0x217/0x250
[  265.548282][ T8259]  ? sctp_endpoint_lookup_assoc+0x7c/0x250
[  265.554113][ T8259]  __sctp_connect+0x66d/0xe30
[  265.558818][ T8259]  ? __pfx___sctp_connect+0x10/0x10
[  265.564037][ T8259]  ? __might_fault+0xc6/0x120
[  265.568751][ T8259]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  265.574323][ T8259]  ? security_sctp_bind_connect+0x90/0xb0
[  265.580071][ T8259]  sctp_getsockopt_connectx3+0x46f/0x730
[  265.585743][ T8259]  ? __local_bh_enable_ip+0x168/0x200
[  265.591173][ T8259]  ? __pfx_sctp_getsockopt_connectx3+0x10/0x10
[  265.597341][ T8259]  ? __local_bh_enable_ip+0x168/0x200
[  265.602797][ T8259]  ? sctp_getsockopt+0x13a/0xbb0
[  265.607742][ T8259]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  265.613502][ T8259]  sctp_getsockopt+0x8de/0xbb0
[  265.618347][ T8259]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  265.624266][ T8259]  do_sock_getsockopt+0x373/0x850
[  265.629357][ T8259]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  265.634943][ T8259]  ? __fget_files+0x3f6/0x470
[  265.639732][ T8259]  __sys_getsockopt+0x271/0x330
[  265.644617][ T8259]  ? __pfx___sys_getsockopt+0x10/0x10
[  265.650030][ T8259]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  265.656371][ T8259]  ? do_syscall_64+0x100/0x230
[  265.661163][ T8259]  __x64_sys_getsockopt+0xb5/0xd0
[  265.666207][ T8259]  do_syscall_64+0xf3/0x230
[  265.670726][ T8259]  ? clear_bhb_loop+0x35/0x90
[  265.675440][ T8259]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  265.681370][ T8259] RIP: 0033:0x7fce42777299
[  265.685814][ T8259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  265.705441][ T8259] RSP: 002b:00007fce4362b048 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  265.713875][ T8259] RAX: ffffffffffffffda RBX: 00007fce42905f80 RCX: 00007fce42777299
[  265.721854][ T8259] RDX: 000000000000006f RSI: 0000000000000084 RDI: 0000000000000003
[  265.729844][ T8259] RBP: 00007fce4362b0a0 R08: 0000000020000100 R09: 0000000000000000
[  265.737821][ T8259] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000002
[  265.745815][ T8259] R13: 000000000000000b R14: 00007fce42905f80 R15: 00007fce42a2fa38
[  265.753828][ T8259]  </TASK>
[  266.046810][ T8253] bridge0: port 1(bridge_slave_0) entered blocking state
[  266.099850][ T8253] bridge0: port 1(bridge_slave_0) entered disabled state
[  266.134175][ T8253] bridge_slave_0: entered allmulticast mode
[  266.152240][ T8253] bridge_slave_0: entered promiscuous mode
[  266.211206][ T8253] bridge0: port 2(bridge_slave_1) entered blocking state
[  266.229579][ T8253] bridge0: port 2(bridge_slave_1) entered disabled state
[  266.253282][   T29] audit: type=1326 audit(1722313184.653:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8271 comm="syz.2.741" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdbb5d77299 code=0x0
[  266.279016][ T8253] bridge_slave_1: entered allmulticast mode
[  266.286761][ T8253] bridge_slave_1: entered promiscuous mode
[  266.343900][ T8253] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  266.366350][ T8253] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  266.508288][ T8253] team0: Port device team_slave_0 added
[  266.516627][ T8279] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  266.528587][ T8279] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  266.539962][ T8253] team0: Port device team_slave_1 added
[  266.559151][   T54] Bluetooth: hci8: command tx timeout
[  266.622058][ T8253] batman_adv: batadv0: Adding interface: batadv_slave_0
[  266.637142][ T8253] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  266.682413][ T5278] usb 1-1: USB disconnect, device number 33
[  266.727732][ T8253] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  266.764815][ T8253] batman_adv: batadv0: Adding interface: batadv_slave_1
[  266.775154][ T8253] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  266.838144][ T8253] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  266.968801][ T8253] hsr_slave_0: entered promiscuous mode
[  266.993489][ T8253] hsr_slave_1: entered promiscuous mode
[  267.033202][ T8253] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  267.054507][ T8253] Cannot create hsr debugfs directory
[  267.253879][    C1] eth0: bad gso: type: 1, size: 1408
[  267.727414][   T29] audit: type=1326 audit(1722313186.123:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8295 comm="syz.0.747" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe4fc577299 code=0x0
[  267.851835][ T8253] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  268.037009][ T8253] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  268.237114][ T8253] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  268.395609][ T8253] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  268.638182][   T54] Bluetooth: hci8: command tx timeout
[  269.032249][ T8253] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  269.071865][ T8253] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  269.115160][ T8253] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  269.235565][ T8253] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  269.419439][    T8] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  269.471573][ T8309] capability: warning: `syz.0.750' uses 32-bit capabilities (legacy support in use)
[  269.638685][    T8] usb 4-1: Using ep0 maxpacket: 16
[  269.653882][    T8] usb 4-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[  269.679246][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  269.714797][    T8] usb 4-1: Product: syz
[  269.730706][    T8] usb 4-1: Manufacturer: syz
[  269.745871][    T8] usb 4-1: SerialNumber: syz
[  269.760677][    T8] usb 4-1: config 0 descriptor??
[  269.806502][    T8] visor 4-1:0.0: Sony Clie 3.5 converter detected
[  269.868330][ T8253] 8021q: adding VLAN 0 to HW filter on device bond0
[  269.988810][ T8253] 8021q: adding VLAN 0 to HW filter on device team0
[  270.030937][ T8306] mmap: syz.3.749 (8306) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  270.041168][ T5273] bridge0: port 1(bridge_slave_0) entered blocking state
[  270.050170][ T5273] bridge0: port 1(bridge_slave_0) entered forwarding state
[  270.069283][ T5273] bridge0: port 2(bridge_slave_1) entered blocking state
[  270.076555][ T5273] bridge0: port 2(bridge_slave_1) entered forwarding state
[  270.101202][    T8] usb 4-1: clie_3_5_startup: get config number failed: -71
[  270.112494][    T8] visor 4-1:0.0: probe with driver visor failed with error -71
[  270.113244][   T29] audit: type=1326 audit(1722313188.513:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8319 comm="syz.0.752" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe4fc577299 code=0x0
[  270.181857][    T8] usb 4-1: USB disconnect, device number 38
[  270.270828][ T8253] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  270.396415][ T8253] 8021q: adding VLAN 0 to HW filter on device batadv0
[  270.406519][   T29] audit: type=1326 audit(1722313188.803:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8326 comm="syz.2.754" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdbb5d77299 code=0x0
[  270.454960][ T8253] veth0_vlan: entered promiscuous mode
[  270.484513][ T8253] veth1_vlan: entered promiscuous mode
[  270.543473][ T8253] veth0_macvtap: entered promiscuous mode
[  270.555035][ T8253] veth1_macvtap: entered promiscuous mode
[  270.590775][ T8253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  270.601679][ T8253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  270.614156][ T8253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  270.625307][ T8253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  270.637651][ T8253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  270.678286][ T8253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  270.698144][ T8253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  270.720366][   T54] Bluetooth: hci8: command tx timeout
[  270.725892][ T8253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  270.745982][ T8253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  270.757234][ T8253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  270.774387][ T8253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  270.795461][ T8253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  270.833460][ T8253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  270.845108][ T8253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  270.855541][ T8253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  270.868686][ T8253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  270.883302][ T8253] batman_adv: batadv0: Interface activated: batadv_slave_0
[  270.986943][ T8253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  271.000969][ T8253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  271.011394][ T8253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  271.022248][ T8253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  271.032233][ T8253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  271.043534][ T8253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  271.058185][ T8253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  271.083540][ T8253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  271.093831][ T8253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  271.104880][ T8253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  271.116680][ T8253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  271.147983][ T8253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  271.160290][ T8253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  271.180262][ T8253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  271.190355][ T8253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  271.228141][ T8253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  271.240330][ T8253] batman_adv: batadv0: Interface activated: batadv_slave_1
[  271.266266][ T8253] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  271.318255][ T8253] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  271.327016][ T8253] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  271.347809][ T8253] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  271.753868][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  271.794551][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  271.852069][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  271.873567][   T29] audit: type=1326 audit(1722313190.263:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8343 comm="syz.0.759" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe4fc577299 code=0x0
[  271.881778][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  272.220489][ T8354] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  272.263480][ T8354] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  272.382520][ T8356] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  272.419265][ T8356] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  272.561106][ T8357] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  272.593011][ T8356] netlink: 56 bytes leftover after parsing attributes in process `syz.4.732'.
[  272.691391][ T8357] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  272.706414][ T8359] netlink: 80 bytes leftover after parsing attributes in process `syz.2.761'.
[  272.798559][   T54] Bluetooth: hci8: command tx timeout
[  272.873677][ T8360] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  272.908809][ T8360] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  274.850051][ T5273] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  274.887694][   T29] audit: type=1326 audit(1722313193.283:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8389 comm="syz.0.772" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe4fc577299 code=0x0
[  275.058129][ T5273] usb 4-1: Using ep0 maxpacket: 8
[  275.100703][ T5273] usb 4-1: config 0 has an invalid interface number: 52 but max is 0
[  275.112209][ T5273] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  275.137815][ T5273] usb 4-1: config 0 has no interface number 0
[  275.148153][ T5273] usb 4-1: config 0 interface 52 has no altsetting 0
[  275.174102][ T5273] usb 4-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  275.184013][ T5273] usb 4-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35
[  275.197510][ T5273] usb 4-1: Product: syz
[  275.228346][ T5273] usb 4-1: Manufacturer: syz
[  275.248958][ T5273] usb 4-1: SerialNumber: syz
[  275.285500][ T5273] usb 4-1: config 0 descriptor??
[  275.480529][ T8397] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  275.532770][ T8397] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  275.648254][ T8399] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  275.676814][ T8399] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  275.707267][ T8399] netlink: 56 bytes leftover after parsing attributes in process `syz.4.773'.
[  275.756274][ T8399] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  275.795734][ T8399] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  277.339176][ T5229] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  277.354110][ T5229] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  277.365030][ T5229] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  277.375363][ T5229] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  277.409581][ T5229] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3
[  277.418441][ T5229] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  277.542689][ T5273] usb 4-1: Can not set alternate setting to 1, error: -71
[  277.567282][ T5273] synaptics_usb 4-1:0.52: probe with driver synaptics_usb failed with error -71
[  277.609478][ T5273] usb 4-1: USB disconnect, device number 39
[  278.037557][   T29] audit: type=1326 audit(1722313196.433:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8433 comm="syz.4.785" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f66f0d77299 code=0x0
[  278.208043][    T8] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  278.274401][ T8424] chnl_net:caif_netlink_parms(): no params data found
[  278.422309][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  278.493817][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  278.529814][    T8] usb 4-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00
[  278.612019][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  278.716948][    T8] usb 4-1: config 0 descriptor??
[  278.806658][ T8461] netlink: 24 bytes leftover after parsing attributes in process `syz.2.791'.
[  278.829510][ T8424] bridge0: port 1(bridge_slave_0) entered blocking state
[  278.837320][ T8424] bridge0: port 1(bridge_slave_0) entered disabled state
[  278.873959][ T8424] bridge_slave_0: entered allmulticast mode
[  278.892975][ T8424] bridge_slave_0: entered promiscuous mode
[  278.925793][ T8424] bridge0: port 2(bridge_slave_1) entered blocking state
[  278.938331][ T8424] bridge0: port 2(bridge_slave_1) entered disabled state
[  278.953056][ T8424] bridge_slave_1: entered allmulticast mode
[  278.980901][ T8424] bridge_slave_1: entered promiscuous mode
[  279.094596][ T8467] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  279.153768][ T8467] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  279.212412][ T8424] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  279.330428][ T8467] netlink: 56 bytes leftover after parsing attributes in process `syz.3.787'.
[  279.384842][ T8424] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  279.493329][ T8467] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  279.520256][   T54] Bluetooth: hci9: command tx timeout
[  279.528806][ T8467] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  279.538687][ T5278] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  279.593258][ T8424] team0: Port device team_slave_0 added
[  279.630246][ T8424] team0: Port device team_slave_1 added
[  279.648432][    T8] usbhid 4-1:0.0: can't add hid device: -71
[  279.668151][    T8] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  279.709750][    T8] usb 4-1: USB disconnect, device number 40
[  279.738368][ T5278] usb 1-1: Using ep0 maxpacket: 8
[  279.751466][ T5278] usb 1-1: config 0 has an invalid interface number: 52 but max is 0
[  279.768699][ T5278] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  279.817259][ T5278] usb 1-1: config 0 has no interface number 0
[  279.826462][ T5278] usb 1-1: config 0 interface 52 has no altsetting 0
[  279.839556][ T5278] usb 1-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  279.850191][ T5278] usb 1-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35
[  279.860874][ T5278] usb 1-1: Product: syz
[  279.865087][ T5278] usb 1-1: Manufacturer: syz
[  279.872849][ T5278] usb 1-1: SerialNumber: syz
[  279.891456][ T5278] usb 1-1: config 0 descriptor??
[  279.915287][ T8424] batman_adv: batadv0: Adding interface: batadv_slave_0
[  279.932757][ T8424] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  279.963623][ T8424] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  280.001028][ T8424] batman_adv: batadv0: Adding interface: batadv_slave_1
[  280.008144][ T8424] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  280.054965][ T8424] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  280.192433][ T8424] hsr_slave_0: entered promiscuous mode
[  280.203862][ T8424] hsr_slave_1: entered promiscuous mode
[  280.232146][ T8424] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  280.278023][ T8424] Cannot create hsr debugfs directory
[  280.701100][ T5278] usb 1-1: Can not set alternate setting to 1, error: -71
[  280.734077][ T5278] synaptics_usb 1-1:0.52: probe with driver synaptics_usb failed with error -71
[  280.781858][ T5278] usb 1-1: USB disconnect, device number 34
[  281.143578][   T29] audit: type=1326 audit(1722313199.523:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8490 comm="syz.0.801" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe4fc577299 code=0x0
[  281.183245][ T8500] netlink: 24 bytes leftover after parsing attributes in process `syz.2.803'.
[  281.395989][ T8424] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.598572][   T54] Bluetooth: hci9: command tx timeout
[  281.745832][ T8424] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.960394][ T8424] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  282.142084][ T8424] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  282.538189][ T5277] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  282.551904][ T8424] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  282.610727][ T8424] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  282.677513][ T8424] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  282.723756][ T8424] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  282.780460][ T5277] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  282.811847][ T5277] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  282.832319][   T29] audit: type=1326 audit(1722313201.223:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8515 comm="syz.3.808" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fce42777299 code=0x0
[  282.877684][ T5277] usb 1-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00
[  282.923584][ T5277] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  282.955222][ T5277] usb 1-1: config 0 descriptor??
[  283.253017][ T8526] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  283.374281][ T8526] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  283.457087][ T8526] netlink: 56 bytes leftover after parsing attributes in process `syz.0.807'.
[  283.548402][ T8424] 8021q: adding VLAN 0 to HW filter on device bond0
[  283.639687][ T8424] 8021q: adding VLAN 0 to HW filter on device team0
[  283.678243][   T54] Bluetooth: hci9: command tx timeout
[  283.690933][ T5297] bridge0: port 1(bridge_slave_0) entered blocking state
[  283.698408][ T5297] bridge0: port 1(bridge_slave_0) entered forwarding state
[  283.735368][ T8526] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  283.763897][ T8526] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  283.791539][ T5273] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.798804][ T5273] bridge0: port 2(bridge_slave_1) entered forwarding state
[  283.888683][ T5277] usbhid 1-1:0.0: can't add hid device: -71
[  283.894772][ T5277] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  283.940730][ T5277] usb 1-1: USB disconnect, device number 35
[  284.034550][ T8424] 8021q: adding VLAN 0 to HW filter on device batadv0
[  284.244728][ T8424] veth0_vlan: entered promiscuous mode
[  284.277801][ T8424] veth1_vlan: entered promiscuous mode
[  284.640784][ T8424] veth0_macvtap: entered promiscuous mode
[  284.672129][ T8424] veth1_macvtap: entered promiscuous mode
[  284.783634][ T8424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  284.813655][ T8424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  284.867973][ T8424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  284.909494][ T8424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  284.919736][ T8424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  284.930964][ T8424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  284.945779][ T8424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  284.970321][ T8424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  284.995355][ T8424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  285.020627][ T8424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  285.042851][ T8424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  285.066094][ T8424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  285.091531][ T8424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  285.117249][ T8424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  285.141833][ T8424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  285.163190][ T8424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  285.184695][ T8424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  285.206305][ T8424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  285.225102][ T8424] batman_adv: batadv0: Interface activated: batadv_slave_0
[  285.237441][ T8424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  285.258573][ T8424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  285.285079][ T8424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  285.317056][ T8424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  285.337319][ T8424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  285.359032][ T8424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  285.378360][ T8424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  285.409321][ T8424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  285.428266][ T8424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  285.448284][ T8424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  285.468787][ T8424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  285.488206][ T8424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  285.511804][ T8424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  285.558130][ T8424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  285.578238][ T8424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  285.598447][ T8424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  285.619169][ T8424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  285.638223][ T8424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  285.669103][ T8424] batman_adv: batadv0: Interface activated: batadv_slave_1
[  285.759229][   T54] Bluetooth: hci9: command tx timeout
[  285.771933][ T8424] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  285.828292][ T8424] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  285.858406][ T8424] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  285.867166][ T8424] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  286.320785][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  286.393753][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  286.398507][   T29] audit: type=1326 audit(1722313204.773:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8550 comm="syz.3.816" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fce42777299 code=0x0
[  286.450252][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  286.482254][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  286.499461][ T8563] netlink: 'syz.2.819': attribute type 1 has an invalid length.
[  286.554624][ T8481] syz.4.797 (8481): drop_caches: 1
[  286.952153][ T8568] bond_slave_0: entered promiscuous mode
[  286.957956][ T8568] bond_slave_1: entered promiscuous mode
[  286.983726][ T8568] macsec1: entered allmulticast mode
[  286.991870][ T8568] bond0: entered allmulticast mode
[  287.034415][ T8568] bond_slave_0: entered allmulticast mode
[  287.081909][ T8568] bond_slave_1: entered allmulticast mode
[  287.154181][ T8568] bond0: left allmulticast mode
[  287.168389][ T8568] bond_slave_0: left allmulticast mode
[  287.218403][ T8568] bond_slave_1: left allmulticast mode
[  287.259058][ T8568] bond_slave_0: left promiscuous mode
[  287.264580][ T8568] bond_slave_1: left promiscuous mode
[  287.862113][ T8594] bond_slave_0: entered promiscuous mode
[  287.867934][ T8594] bond_slave_1: entered promiscuous mode
[  287.880219][ T8594] macsec1: entered allmulticast mode
[  287.885658][ T8594] bond0: entered allmulticast mode
[  287.891671][ T8594] bond_slave_0: entered allmulticast mode
[  287.897523][ T8594] bond_slave_1: entered allmulticast mode
[  287.960310][ T8594] bond0: left allmulticast mode
[  287.973863][ T8594] bond_slave_0: left allmulticast mode
[  287.990456][ T8594] bond_slave_1: left allmulticast mode
[  288.006334][ T8594] bond_slave_0: left promiscuous mode
[  288.011957][ T8594] bond_slave_1: left promiscuous mode
[  288.506812][ T8603] netlink: 76 bytes leftover after parsing attributes in process `syz.2.830'.
[  288.977557][ T8610] syz.0.832 (8610): drop_caches: 1
[  289.113614][   T29] audit: type=1326 audit(1722313207.513:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8617 comm="syz.1.835" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f29ca777299 code=0x0
[  289.620936][ T8626] bond_slave_0: entered promiscuous mode
[  289.626760][ T8626] bond_slave_1: entered promiscuous mode
[  289.698461][ T8626] macsec1: entered allmulticast mode
[  289.712912][ T8626] bond0: entered allmulticast mode
[  289.721784][ T8626] bond_slave_0: entered allmulticast mode
[  289.738776][ T8626] bond_slave_1: entered allmulticast mode
[  289.848462][ T8626] bond0: left allmulticast mode
[  289.896336][ T8626] bond_slave_0: left allmulticast mode
[  289.914239][ T8626] bond_slave_1: left allmulticast mode
[  289.930754][ T8626] bond_slave_0: left promiscuous mode
[  289.936234][ T8626] bond_slave_1: left promiscuous mode
[  290.382435][ T8643] FAULT_INJECTION: forcing a failure.
[  290.382435][ T8643] name failslab, interval 1, probability 0, space 0, times 0
[  290.472943][ T8643] CPU: 1 UID: 0 PID: 8643 Comm: syz.0.842 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0
[  290.483610][ T8643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  290.493704][ T8643] Call Trace:
[  290.497069][ T8643]  <TASK>
[  290.500035][ T8643]  dump_stack_lvl+0x241/0x360
[  290.504775][ T8643]  ? __pfx_dump_stack_lvl+0x10/0x10
[  290.510024][ T8643]  ? __pfx__printk+0x10/0x10
[  290.514662][ T8643]  ? fs_reclaim_acquire+0x93/0x140
[  290.519909][ T8643]  ? __pfx___might_resched+0x10/0x10
[  290.525242][ T8643]  should_fail_ex+0x3b0/0x4e0
[  290.529973][ T8643]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  290.535738][ T8643]  should_failslab+0xac/0x100
[  290.540475][ T8643]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  290.546238][ T8643]  __kmalloc_noprof+0xd8/0x400
[  290.551039][ T8643]  ? kfree+0x4e/0x360
[  290.555063][ T8643]  tomoyo_realpath_from_path+0xcf/0x5e0
[  290.560663][ T8643]  tomoyo_path_number_perm+0x23a/0x880
[  290.566185][ T8643]  ? tomoyo_path_number_perm+0x208/0x880
[  290.571881][ T8643]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  290.577968][ T8643]  ? __fget_files+0x29/0x470
[  290.582615][ T8643]  ? __fget_files+0x3f6/0x470
[  290.587424][ T8643]  ? __fget_files+0x29/0x470
[  290.592071][ T8643]  security_file_ioctl+0x75/0xb0
[  290.597068][ T8643]  __se_sys_ioctl+0x47/0x170
[  290.601712][ T8643]  do_syscall_64+0xf3/0x230
[  290.606264][ T8643]  ? clear_bhb_loop+0x35/0x90
[  290.610996][ T8643]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.616940][ T8643] RIP: 0033:0x7fe4fc577299
[  290.621394][ T8643] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  290.641133][ T8643] RSP: 002b:00007fe4fd267048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  290.649600][ T8643] RAX: ffffffffffffffda RBX: 00007fe4fc705f80 RCX: 00007fe4fc577299
[  290.657614][ T8643] RDX: 0000000020000000 RSI: 0000000040045612 RDI: 0000000000000008
[  290.665627][ T8643] RBP: 00007fe4fd2670a0 R08: 0000000000000000 R09: 0000000000000000
[  290.673639][ T8643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  290.681656][ T8643] R13: 000000000000000b R14: 00007fe4fc705f80 R15: 00007fe4fc82fa38
[  290.689776][ T8643]  </TASK>
[  290.735683][ T8643] ERROR: Out of memory at tomoyo_realpath_from_path.
[  290.744563][ T8643] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:16x16 (0x33424752, 8, 0, 0, 0)
[  292.362987][ T8681] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  292.420627][ T8681] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  292.930579][ T8697] netlink: 104 bytes leftover after parsing attributes in process `syz.3.856'.
[  293.408079][  T945] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  293.608171][  T945] usb 4-1: Using ep0 maxpacket: 8
[  293.766299][  T945] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[  293.796891][  T945] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  293.855628][  T945] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  293.889284][  T945] usb 4-1: New USB device found, idVendor=1870, idProduct=0001, bcdDevice=e6.7f
[  293.926819][  T945] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  293.983957][  T945] usb 4-1: Product: syz
[  294.015498][  T945] usb 4-1: Manufacturer: syz
[  294.042824][  T945] usb 4-1: SerialNumber: syz
[  294.095809][  T945] usb 4-1: config 0 descriptor??
[  294.120175][  T945] usbtouchscreen 4-1:0.0: probe with driver usbtouchscreen failed with error -8
[  294.152555][ T8722] netlink: zone id is out of range
[  294.157724][ T8722] netlink: zone id is out of range
[  294.202034][ T8722] netlink: zone id is out of range
[  294.207217][ T8722] netlink: zone id is out of range
[  294.244254][ T8722] netlink: zone id is out of range
[  294.281666][ T8722] netlink: zone id is out of range
[  294.306990][ T8722] netlink: zone id is out of range
[  294.321738][ T8722] netlink: zone id is out of range
[  294.352140][ T8722] netlink: zone id is out of range
[  294.388405][ T8722] netlink: zone id is out of range
[  294.538872][ T8732] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  294.618471][ T8732] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  295.705402][ T5273] usb 4-1: USB disconnect, device number 41
[  296.114993][ T8756] netlink: 16 bytes leftover after parsing attributes in process `syz.4.873'.
[  296.897262][ T8767] netlink: 'syz.0.877': attribute type 9 has an invalid length.
[  296.956399][ T8767] FAULT_INJECTION: forcing a failure.
[  296.956399][ T8767] name failslab, interval 1, probability 0, space 0, times 0
[  297.020270][ T8767] CPU: 1 UID: 0 PID: 8767 Comm: syz.0.877 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0
[  297.030944][ T8767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  297.041039][ T8767] Call Trace:
[  297.044347][ T8767]  <TASK>
[  297.047379][ T8767]  dump_stack_lvl+0x241/0x360
[  297.052089][ T8767]  ? __pfx_dump_stack_lvl+0x10/0x10
[  297.057310][ T8767]  ? __pfx__printk+0x10/0x10
[  297.061918][ T8767]  ? __kmalloc_cache_noprof+0x44/0x2c0
[  297.067389][ T8767]  ? __pfx___might_resched+0x10/0x10
[  297.072694][ T8767]  should_fail_ex+0x3b0/0x4e0
[  297.077395][ T8767]  should_failslab+0xac/0x100
[  297.082095][ T8767]  ? alloc_netdev_mqs+0xb9d/0x1000
[  297.087217][ T8767]  __kmalloc_cache_noprof+0x6c/0x2c0
[  297.092518][ T8767]  ? __xdp_rxq_info_reg+0x142/0x290
[  297.097737][ T8767]  alloc_netdev_mqs+0xb9d/0x1000
[  297.102693][ T8767]  rtnl_create_link+0x2f9/0xc20
[  297.107567][ T8767]  rtnl_newlink+0x1423/0x20a0
[  297.112256][ T8767]  ? rtnl_newlink+0xa61/0x20a0
[  297.117049][ T8767]  ? __pfx_rtnl_newlink+0x10/0x10
[  297.122086][ T8767]  ? __pfx___mutex_trylock_common+0x10/0x10
[  297.128007][ T8767]  ? rcu_is_watching+0x15/0xb0
[  297.132799][ T8767]  ? trace_contention_end+0x3c/0x120
[  297.138095][ T8767]  ? __mutex_lock+0x2ef/0xd70
[  297.142792][ T8767]  ? __pfx_lock_release+0x10/0x10
[  297.147851][ T8767]  ? __pfx_rtnl_newlink+0x10/0x10
[  297.152896][ T8767]  rtnetlink_rcv_msg+0x73f/0xcf0
[  297.157851][ T8767]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  297.162985][ T8767]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  297.168472][ T8767]  ? ref_tracker_free+0x643/0x7e0
[  297.173511][ T8767]  netlink_rcv_skb+0x1e3/0x430
[  297.178296][ T8767]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  297.183774][ T8767]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  297.189103][ T8767]  ? netlink_deliver_tap+0x2e/0x1b0
[  297.194324][ T8767]  netlink_unicast+0x7f0/0x990
[  297.199112][ T8767]  ? __pfx_netlink_unicast+0x10/0x10
[  297.204417][ T8767]  ? __virt_addr_valid+0x183/0x530
[  297.209550][ T8767]  ? __check_object_size+0x49c/0x900
[  297.214843][ T8767]  ? bpf_lsm_netlink_send+0x9/0x10
[  297.219968][ T8767]  netlink_sendmsg+0x8e4/0xcb0
[  297.224761][ T8767]  ? __pfx_netlink_sendmsg+0x10/0x10
[  297.230064][ T8767]  ? __import_iovec+0x536/0x820
[  297.234925][ T8767]  ? aa_sock_msg_perm+0x91/0x160
[  297.239911][ T8767]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  297.245209][ T8767]  ? security_socket_sendmsg+0x87/0xb0
[  297.250693][ T8767]  ? __pfx_netlink_sendmsg+0x10/0x10
[  297.256002][ T8767]  __sock_sendmsg+0x221/0x270
[  297.260698][ T8767]  ____sys_sendmsg+0x525/0x7d0
[  297.265480][ T8767]  ? __pfx_____sys_sendmsg+0x10/0x10
[  297.270787][ T8767]  __sys_sendmsg+0x2b0/0x3a0
[  297.275389][ T8767]  ? __pfx___sys_sendmsg+0x10/0x10
[  297.280507][ T8767]  ? vfs_write+0x7c4/0xc90
[  297.284996][ T8767]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  297.291359][ T8767]  ? do_syscall_64+0x100/0x230
[  297.296141][ T8767]  ? do_syscall_64+0xb6/0x230
[  297.300831][ T8767]  do_syscall_64+0xf3/0x230
[  297.305348][ T8767]  ? clear_bhb_loop+0x35/0x90
[  297.310046][ T8767]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.315954][ T8767] RIP: 0033:0x7fe4fc577299
[  297.320377][ T8767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  297.340001][ T8767] RSP: 002b:00007fe4fd267048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  297.348430][ T8767] RAX: ffffffffffffffda RBX: 00007fe4fc705f80 RCX: 00007fe4fc577299
[  297.356412][ T8767] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  297.364393][ T8767] RBP: 00007fe4fd2670a0 R08: 0000000000000000 R09: 0000000000000000
[  297.372377][ T8767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  297.380355][ T8767] R13: 000000000000000b R14: 00007fe4fc705f80 R15: 00007fe4fc82fa38
[  297.388363][ T8767]  </TASK>
[  297.391516][    C1] vkms_vblank_simulate: vblank timer overrun
[  300.031827][ T8808] netlink: 32 bytes leftover after parsing attributes in process `syz.3.888'.
[  300.368321][    T8] usb 4-1: new low-speed USB device number 42 using dummy_hcd
[  300.534737][ T8815] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  300.581812][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid maxpacket 200, setting to 8
[  300.594820][   T54] Bluetooth: hci0: unexpected Set CIG Parameters response data
[  300.603434][   T54] Bluetooth: hci0: unexpected event for opcode 0x2062
[  300.623813][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 is Bulk; changing to Interrupt
[  300.651594][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  300.688242][    T8] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  300.712660][    T8] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  300.725426][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  300.794138][    T8] usb 4-1: config 0 descriptor??
[  300.814387][ T8808] raw-gadget.5 gadget.3: fail, usb_ep_enable returned -22
[  301.071857][ T5297] usb 4-1: USB disconnect, device number 42
[  301.191362][ T8822] net_ratelimit: 562 callbacks suppressed
[  301.191385][ T8822] netlink: zone id is out of range
[  301.234831][ T8822] netlink: zone id is out of range
[  301.271963][ T8822] netlink: zone id is out of range
[  301.303198][ T8822] netlink: zone id is out of range
[  301.318934][ T8822] netlink: zone id is out of range
[  301.333759][ T8822] netlink: zone id is out of range
[  301.352923][ T8822] netlink: zone id is out of range
[  301.375498][ T8822] netlink: zone id is out of range
[  301.400140][ T8822] netlink: zone id is out of range
[  301.415852][ T8822] netlink: zone id is out of range
[  301.805998][   T54] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585
[  301.816440][   T54] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 54, name: kworker/u9:0
[  301.826037][   T54] preempt_count: 0, expected: 0
[  301.832547][   T54] RCU nest depth: 1, expected: 0
[  301.837538][   T54] 4 locks held by kworker/u9:0/54:
[  301.842958][   T54]  #0: ffff88802f30d948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  301.859908][   T54]  #1: ffffc90000be7d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  301.873988][   T54]  #2: ffff888023a28078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[  301.884843][   T54]  #3: ffffffff8e9377a0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[  301.898316][   T54] CPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0
[  301.909056][   T54] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  301.915288][ T8813] syz.2.889 (8813): drop_caches: 1
[  301.919134][   T54] Workqueue: hci0 hci_rx_work
[  301.929015][   T54] Call Trace:
[  301.932307][   T54]  <TASK>
[  301.935248][   T54]  dump_stack_lvl+0x241/0x360
[  301.939953][   T54]  ? __pfx_dump_stack_lvl+0x10/0x10
[  301.945170][   T54]  ? __pfx__printk+0x10/0x10
[  301.949792][   T54]  __might_resched+0x5d4/0x780
[  301.954586][   T54]  ? __mutex_lock+0x112/0xd70
[  301.959288][   T54]  ? __pfx___might_resched+0x10/0x10
[  301.964616][   T54]  __mutex_lock+0xc1/0xd70
[  301.969060][   T54]  ? __pfx_lock_acquire+0x10/0x10
[  301.974105][   T54]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[  301.980358][   T54]  ? __pfx_lock_release+0x10/0x10
[  301.985400][   T54]  ? __pfx___mutex_lock+0x10/0x10
[  301.990445][   T54]  ? trace_contention_end+0x3c/0x120
[  301.995755][   T54]  ? skb_pull_data+0x112/0x230
[  302.000551][   T54]  ? hci_conn_set_handle+0x9a/0x270
[  302.005794][   T54]  hci_le_create_big_complete_evt+0x3d9/0xae0
[  302.011897][   T54]  ? __copy_skb_header+0x437/0x5b0
[  302.017036][   T54]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[  302.023251][   T54]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  302.029956][   T54]  ? hci_le_meta_evt+0x366/0x580
[  302.034907][   T54]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  302.041513][   T54]  hci_event_packet+0xa55/0x1540
[  302.046474][   T54]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  302.051778][   T54]  ? __pfx_hci_event_packet+0x10/0x10
[  302.057176][   T54]  ? do_raw_spin_unlock+0x13c/0x8b0
[  302.062398][   T54]  ? hci_send_to_monitor+0xd8/0x7f0
[  302.067610][   T54]  ? kcov_remote_start+0x9e/0x7e0
[  302.072672][   T54]  hci_rx_work+0x3e8/0xca0
[  302.077135][   T54]  ? process_scheduled_works+0x945/0x1830
[  302.082880][   T54]  process_scheduled_works+0xa2c/0x1830
[  302.088483][   T54]  ? __pfx_process_scheduled_works+0x10/0x10
[  302.094517][   T54]  ? assign_work+0x364/0x3d0
[  302.099152][   T54]  worker_thread+0x86d/0xd40
[  302.103795][   T54]  ? __kthread_parkme+0x169/0x1d0
[  302.108858][   T54]  ? __pfx_worker_thread+0x10/0x10
[  302.114008][   T54]  kthread+0x2f0/0x390
[  302.118102][   T54]  ? __pfx_worker_thread+0x10/0x10
[  302.123234][   T54]  ? __pfx_kthread+0x10/0x10
[  302.127836][   T54]  ret_from_fork+0x4b/0x80
[  302.132279][   T54]  ? __pfx_kthread+0x10/0x10
[  302.136879][   T54]  ret_from_fork_asm+0x1a/0x30
[  302.141682][   T54]  </TASK>
[  302.188386][   T54] 
[  302.190771][   T54] =============================
[  302.195637][   T54] [ BUG: Invalid wait context ]
[  302.200494][   T54] 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0 Tainted: G        W         
[  302.209087][   T54] -----------------------------
[  302.213933][   T54] kworker/u9:0/54 is trying to lock:
[  302.219217][   T54] ffffffff8fdeb1a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x3d9/0xae0
[  302.229851][   T54] other info that might help us debug this:
[  302.235769][   T54] context-{4:4}
[  302.239225][   T54] 4 locks held by kworker/u9:0/54:
[  302.244330][   T54]  #0: ffff88802f30d948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  302.255319][   T54]  #1: ffffc90000be7d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  302.267344][   T54]  #2: ffff888023a28078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[  302.277891][   T54]  #3: ffffffff8e9377a0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[  302.288608][   T54] stack backtrace:
[  302.292324][   T54] CPU: 1 UID: 0 PID: 54 Comm: kworker/u9:0 Tainted: G        W          6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0
[  302.304481][   T54] Tainted: [W]=WARN
[  302.308287][   T54] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  302.318358][   T54] Workqueue: hci0 hci_rx_work
[  302.323063][   T54] Call Trace:
[  302.326344][   T54]  <TASK>
[  302.329279][   T54]  dump_stack_lvl+0x241/0x360
[  302.333970][   T54]  ? __pfx_dump_stack_lvl+0x10/0x10
[  302.339174][   T54]  ? __pfx__printk+0x10/0x10
[  302.343774][   T54]  __lock_acquire+0x153b/0x2040
[  302.348646][   T54]  lock_acquire+0x1ed/0x550
[  302.353249][   T54]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[  302.359502][   T54]  ? __pfx_lock_acquire+0x10/0x10
[  302.364636][   T54]  ? __mutex_lock+0x112/0xd70
[  302.369326][   T54]  ? __pfx___might_resched+0x10/0x10
[  302.374624][   T54]  __mutex_lock+0x136/0xd70
[  302.379138][   T54]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[  302.385386][   T54]  ? __pfx_lock_acquire+0x10/0x10
[  302.390423][   T54]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[  302.396669][   T54]  ? __pfx_lock_release+0x10/0x10
[  302.401706][   T54]  ? __pfx___mutex_lock+0x10/0x10
[  302.406747][   T54]  ? trace_contention_end+0x3c/0x120
[  302.412041][   T54]  ? skb_pull_data+0x112/0x230
[  302.416821][   T54]  ? hci_conn_set_handle+0x9a/0x270
[  302.422038][   T54]  hci_le_create_big_complete_evt+0x3d9/0xae0
[  302.428118][   T54]  ? __copy_skb_header+0x437/0x5b0
[  302.433233][   T54]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[  302.439394][   T54]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  302.445989][   T54]  ? hci_le_meta_evt+0x366/0x580
[  302.450931][   T54]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  302.457525][   T54]  hci_event_packet+0xa55/0x1540
[  302.462480][   T54]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  302.467776][   T54]  ? __pfx_hci_event_packet+0x10/0x10
[  302.473160][   T54]  ? do_raw_spin_unlock+0x13c/0x8b0
[  302.478368][   T54]  ? hci_send_to_monitor+0xd8/0x7f0
[  302.483570][   T54]  ? kcov_remote_start+0x9e/0x7e0
[  302.488605][   T54]  hci_rx_work+0x3e8/0xca0
[  302.493038][   T54]  ? process_scheduled_works+0x945/0x1830
[  302.498765][   T54]  process_scheduled_works+0xa2c/0x1830
[  302.504331][   T54]  ? __pfx_process_scheduled_works+0x10/0x10
[  302.510327][   T54]  ? assign_work+0x364/0x3d0
[  302.514930][   T54]  worker_thread+0x86d/0xd40
[  302.519542][   T54]  ? __kthread_parkme+0x169/0x1d0
[  302.524577][   T54]  ? __pfx_worker_thread+0x10/0x10
[  302.529732][   T54]  kthread+0x2f0/0x390
[  302.533801][   T54]  ? __pfx_worker_thread+0x10/0x10
[  302.538942][   T54]  ? __pfx_kthread+0x10/0x10
[  302.543536][   T54]  ret_from_fork+0x4b/0x80
[  302.547970][   T54]  ? __pfx_kthread+0x10/0x10
[  302.552564][   T54]  ret_from_fork_asm+0x1a/0x30
[  302.557351][   T54]  </TASK>
[  302.603607][   T54] ==================================================================
[  302.611718][   T54] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0x383/0xae0
[  302.620792][   T54] Read of size 8 at addr ffff88807b568000 by task kworker/u9:0/54
[  302.628632][   T54] 
[  302.630985][   T54] CPU: 1 UID: 0 PID: 54 Comm: kworker/u9:0 Tainted: G        W          6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0
[  302.643168][   T54] Tainted: [W]=WARN
[  302.646997][   T54] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  302.657079][   T54] Workqueue: hci0 hci_rx_work
[  302.661807][   T54] Call Trace:
[  302.665114][   T54]  <TASK>
[  302.668057][   T54]  dump_stack_lvl+0x241/0x360
[  302.672768][   T54]  ? __pfx_dump_stack_lvl+0x10/0x10
[  302.677989][   T54]  ? __pfx__printk+0x10/0x10
[  302.682604][   T54]  ? _printk+0xd5/0x120
[  302.686775][   T54]  ? __virt_addr_valid+0x183/0x530
[  302.691890][   T54]  ? __virt_addr_valid+0x183/0x530
[  302.697003][   T54]  print_report+0x169/0x550
[  302.701517][   T54]  ? __virt_addr_valid+0x183/0x530
[  302.706643][   T54]  ? __virt_addr_valid+0x183/0x530
[  302.711757][   T54]  ? __virt_addr_valid+0x45f/0x530
[  302.716881][   T54]  ? __phys_addr+0xba/0x170
[  302.721388][   T54]  ? hci_le_create_big_complete_evt+0x383/0xae0
[  302.727633][   T54]  kasan_report+0x143/0x180
[  302.732155][   T54]  ? hci_le_create_big_complete_evt+0x383/0xae0
[  302.738413][   T54]  hci_le_create_big_complete_evt+0x383/0xae0
[  302.744482][   T54]  ? __copy_skb_header+0x437/0x5b0
[  302.749595][   T54]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[  302.755792][   T54]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  302.762389][   T54]  ? hci_le_meta_evt+0x366/0x580
[  302.767335][   T54]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  302.773940][   T54]  hci_event_packet+0xa55/0x1540
[  302.778929][   T54]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  302.784244][   T54]  ? __pfx_hci_event_packet+0x10/0x10
[  302.789628][   T54]  ? do_raw_spin_unlock+0x13c/0x8b0
[  302.794850][   T54]  ? hci_send_to_monitor+0xd8/0x7f0
[  302.800066][   T54]  ? kcov_remote_start+0x9e/0x7e0
[  302.805114][   T54]  hci_rx_work+0x3e8/0xca0
[  302.809588][   T54]  ? process_scheduled_works+0x945/0x1830
[  302.815339][   T54]  process_scheduled_works+0xa2c/0x1830
[  302.820926][   T54]  ? __pfx_process_scheduled_works+0x10/0x10
[  302.826919][   T54]  ? assign_work+0x364/0x3d0
[  302.831518][   T54]  worker_thread+0x86d/0xd40
[  302.836121][   T54]  ? __kthread_parkme+0x169/0x1d0
[  302.841154][   T54]  ? __pfx_worker_thread+0x10/0x10
[  302.846282][   T54]  kthread+0x2f0/0x390
[  302.850379][   T54]  ? __pfx_worker_thread+0x10/0x10
[  302.855509][   T54]  ? __pfx_kthread+0x10/0x10
[  302.860099][   T54]  ret_from_fork+0x4b/0x80
[  302.864527][   T54]  ? __pfx_kthread+0x10/0x10
[  302.869132][   T54]  ret_from_fork_asm+0x1a/0x30
[  302.873909][   T54]  </TASK>
[  302.876935][   T54] 
[  302.879271][   T54] Allocated by task 54:
[  302.883419][   T54]  kasan_save_track+0x3f/0x80
[  302.888115][   T54]  __kasan_kmalloc+0x98/0xb0
[  302.892735][   T54]  __kmalloc_cache_noprof+0x19c/0x2c0
[  302.898119][   T54]  __hci_conn_add+0x2f9/0x1850
[  302.902901][   T54]  hci_le_big_sync_established_evt+0x414/0xc20
[  302.909102][   T54]  hci_event_packet+0xa55/0x1540
[  302.914062][   T54]  hci_rx_work+0x3e8/0xca0
[  302.918586][   T54]  process_scheduled_works+0xa2c/0x1830
[  302.924161][   T54]  worker_thread+0x86d/0xd40
[  302.928758][   T54]  kthread+0x2f0/0x390
[  302.932842][   T54]  ret_from_fork+0x4b/0x80
[  302.937269][   T54]  ret_from_fork_asm+0x1a/0x30
[  302.942151][   T54] 
[  302.944470][   T54] Freed by task 54:
[  302.948270][   T54]  kasan_save_track+0x3f/0x80
[  302.952952][   T54]  kasan_save_free_info+0x40/0x50
[  302.957995][   T54]  poison_slab_object+0xe0/0x150
[  302.962960][   T54]  __kasan_slab_free+0x37/0x60
[  302.967751][   T54]  kfree+0x149/0x360
[  302.971642][   T54]  device_release+0x99/0x1c0
[  302.976239][   T54]  kobject_put+0x22f/0x480
[  302.980673][   T54]  hci_conn_del+0x8c4/0xc40
[  302.985174][   T54]  hci_le_create_big_complete_evt+0x619/0xae0
[  302.991243][   T54]  hci_event_packet+0xa55/0x1540
[  302.996198][   T54]  hci_rx_work+0x3e8/0xca0
[  303.000628][   T54]  process_scheduled_works+0xa2c/0x1830
[  303.006170][   T54]  worker_thread+0x86d/0xd40
[  303.010761][   T54]  kthread+0x2f0/0x390
[  303.014820][   T54]  ret_from_fork+0x4b/0x80
[  303.019250][   T54]  ret_from_fork_asm+0x1a/0x30
[  303.024043][   T54] 
[  303.026360][   T54] The buggy address belongs to the object at ffff88807b568000
[  303.026360][   T54]  which belongs to the cache kmalloc-8k of size 8192
[  303.040416][   T54] The buggy address is located 0 bytes inside of
[  303.040416][   T54]  freed 8192-byte region [ffff88807b568000, ffff88807b56a000)
[  303.054130][   T54] 
[  303.056450][   T54] The buggy address belongs to the physical page:
[  303.062862][   T54] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b568
[  303.071622][   T54] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  303.080118][   T54] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  303.087754][   T54] page_type: 0xfdffffff(slab)
[  303.092428][   T54] raw: 00fff00000000040 ffff888015842280 ffffea0001751c00 dead000000000006
[  303.101010][   T54] raw: 0000000000000000 0000000000020002 00000001fdffffff 0000000000000000
[  303.109590][   T54] head: 00fff00000000040 ffff888015842280 ffffea0001751c00 dead000000000006
[  303.118258][   T54] head: 0000000000000000 0000000000020002 00000001fdffffff 0000000000000000
[  303.126936][   T54] head: 00fff00000000003 ffffea0001ed5a01 ffffffffffffffff 0000000000000000
[  303.135608][   T54] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  303.144270][   T54] page dumped because: kasan: bad access detected
[  303.150682][   T54] page_owner tracks the page as allocated
[  303.156394][   T54] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5543, tgid 5540 (syz.3.56), ts 97222105078, free_ts 97212024459
[  303.178796][   T54]  post_alloc_hook+0x1f3/0x230
[  303.183566][   T54]  get_page_from_freelist+0x2e4c/0x2f10
[  303.189202][   T54]  __alloc_pages_noprof+0x256/0x6c0
[  303.194403][   T54]  alloc_slab_page+0x5f/0x120
[  303.199082][   T54]  allocate_slab+0x5a/0x2f0
[  303.203585][   T54]  ___slab_alloc+0xcd1/0x14b0
[  303.208259][   T54]  __slab_alloc+0x58/0xa0
[  303.212584][   T54]  __kmalloc_node_noprof+0x286/0x440
[  303.217871][   T54]  __kvmalloc_node_noprof+0x72/0x190
[  303.223173][   T54]  kvm_dev_ioctl_get_cpuid+0x324/0xac0
[  303.228635][   T54]  kvm_arch_dev_ioctl+0x3cf/0xbb0
[  303.233666][   T54]  kvm_dev_ioctl+0x5ac/0x2370
[  303.238345][   T54]  __se_sys_ioctl+0xfc/0x170
[  303.242931][   T54]  do_syscall_64+0xf3/0x230
[  303.247432][   T54]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  303.253331][   T54] page last free pid 5522 tgid 5522 stack trace:
[  303.259650][   T54]  free_unref_page+0xd22/0xea0
[  303.264418][   T54]  __put_partials+0xeb/0x130
[  303.269007][   T54]  put_cpu_partial+0x17c/0x250
[  303.273770][   T54]  __slab_free+0x2ea/0x3d0
[  303.278186][   T54]  qlist_free_all+0x9e/0x140
[  303.282776][   T54]  kasan_quarantine_reduce+0x14f/0x170
[  303.288236][   T54]  __kasan_slab_alloc+0x23/0x80
[  303.293088][   T54]  kmem_cache_alloc_noprof+0x135/0x2a0
[  303.298541][   T54]  ptlock_alloc+0x20/0x70
[  303.302871][   T54]  pte_alloc_one+0xcd/0x5d0
[  303.307371][   T54]  handle_pte_fault+0x218b/0x6eb0
[  303.312392][   T54]  handle_mm_fault+0x1029/0x1980
[  303.317327][   T54]  exc_page_fault+0x459/0x8c0
[  303.322003][   T54]  asm_exc_page_fault+0x26/0x30
[  303.326866][   T54] 
[  303.329200][   T54] Memory state around the buggy address:
[  303.334820][   T54]  ffff88807b567f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  303.342876][   T54]  ffff88807b567f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  303.350930][   T54] >ffff88807b568000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  303.358983][   T54]                    ^
[  303.363043][   T54]  ffff88807b568080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  303.371097][   T54]  ffff88807b568100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  303.379148][   T54] ==================================================================
[  303.402418][   T54] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  303.409659][   T54] CPU: 1 UID: 0 PID: 54 Comm: kworker/u9:0 Tainted: G        W          6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0
[  303.421820][   T54] Tainted: [W]=WARN
[  303.425617][   T54] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  303.435682][   T54] Workqueue: hci0 hci_rx_work
[  303.440385][   T54] Call Trace:
[  303.443664][   T54]  <TASK>
[  303.446606][   T54]  dump_stack_lvl+0x241/0x360
[  303.451291][   T54]  ? __pfx_dump_stack_lvl+0x10/0x10
[  303.456494][   T54]  ? __pfx__printk+0x10/0x10
[  303.461082][   T54]  ? rcu_is_watching+0x15/0xb0
[  303.465852][   T54]  ? preempt_schedule+0xe1/0xf0
[  303.470703][   T54]  ? vscnprintf+0x5d/0x90
[  303.475041][   T54]  panic+0x349/0x860
[  303.478940][   T54]  ? check_panic_on_warn+0x21/0xb0
[  303.484051][   T54]  ? __pfx_panic+0x10/0x10
[  303.488470][   T54]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  303.494449][   T54]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  303.500776][   T54]  ? print_report+0x502/0x550
[  303.505460][   T54]  check_panic_on_warn+0x86/0xb0
[  303.510396][   T54]  ? hci_le_create_big_complete_evt+0x383/0xae0
[  303.516639][   T54]  end_report+0x77/0x160
[  303.520902][   T54]  kasan_report+0x154/0x180
[  303.525413][   T54]  ? hci_le_create_big_complete_evt+0x383/0xae0
[  303.531669][   T54]  hci_le_create_big_complete_evt+0x383/0xae0
[  303.537766][   T54]  ? __copy_skb_header+0x437/0x5b0
[  303.542882][   T54]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[  303.549041][   T54]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  303.555631][   T54]  ? hci_le_meta_evt+0x366/0x580
[  303.560578][   T54]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  303.567197][   T54]  hci_event_packet+0xa55/0x1540
[  303.572184][   T54]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  303.577474][   T54]  ? __pfx_hci_event_packet+0x10/0x10
[  303.582851][   T54]  ? do_raw_spin_unlock+0x13c/0x8b0
[  303.588141][   T54]  ? hci_send_to_monitor+0xd8/0x7f0
[  303.593340][   T54]  ? kcov_remote_start+0x9e/0x7e0
[  303.598370][   T54]  hci_rx_work+0x3e8/0xca0
[  303.602799][   T54]  ? process_scheduled_works+0x945/0x1830
[  303.608523][   T54]  process_scheduled_works+0xa2c/0x1830
[  303.614084][   T54]  ? __pfx_process_scheduled_works+0x10/0x10
[  303.620067][   T54]  ? assign_work+0x364/0x3d0
[  303.624748][   T54]  worker_thread+0x86d/0xd40
[  303.629348][   T54]  ? __kthread_parkme+0x169/0x1d0
[  303.634390][   T54]  ? __pfx_worker_thread+0x10/0x10
[  303.639527][   T54]  kthread+0x2f0/0x390
[  303.643594][   T54]  ? __pfx_worker_thread+0x10/0x10
[  303.648722][   T54]  ? __pfx_kthread+0x10/0x10
[  303.653325][   T54]  ret_from_fork+0x4b/0x80
[  303.657759][   T54]  ? __pfx_kthread+0x10/0x10
[  303.662353][   T54]  ret_from_fork_asm+0x1a/0x30
[  303.667133][   T54]  </TASK>
[  303.670492][   T54] Kernel Offset: disabled
[  303.674814][   T54] Rebooting in 86400 seconds..