last executing test programs:

27.386056364s ago: executing program 1 (id=317):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002440), 0x1b9101)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$inet6_sctp(0xa, 0x1, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
openat$cgroup(0xffffffffffffffff, &(0x7f0000000540)='syz0\x00', 0x200002, 0x0)
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000200))
syz_clone3(&(0x7f0000000480)={0x42000200, &(0x7f0000000280), &(0x7f0000000240), &(0x7f0000000300), {0x19}, &(0x7f0000000340)=""/157, 0x9d, &(0x7f00000001c0)=""/27, &(0x7f0000000440)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x3}, 0x58)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0)
preadv(r3, 0x0, 0x0, 0x59, 0x0)
r4 = dup(r2)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
write$cgroup_type(r4, &(0x7f0000002300), 0x9)
socket$kcm(0x29, 0x2, 0x0)
ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000080)={0xffffffffffffffff, 0x1, 0x8000, 0x100000000})
ioctl$sock_SIOCGIFCONF(r4, 0x8912, &(0x7f0000002380)=@buf={0x21, &(0x7f0000002340)="b567ff11a749c471eaab3cb38ac70af2a0a3b235edbb8a4585927f19c0926e83fa"})
memfd_create(&(0x7f0000000000)='e\xf4E\x88-\x00', 0x0)
userfaultfd(0x801)
pselect6(0x40, &(0x7f0000000600), 0x0, &(0x7f0000000680)={0x7ff}, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f00000002c0)={0x2020}, 0x2020)
io_submit(0x0, 0x3, &(0x7f0000003680)=[&(0x7f0000003d40)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0])
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)=ANY=[], 0x5c}}, 0x40000)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000100)={0x2, 0x1, 'client1\x00', 0x0, "f2ee0caa98d734db", "a4b4c0e68626b0f9f79802e8a704c6cc1156b4c629fb63be84bd3161e487659d", 0x8000, 0x7})
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={<r7=>0x0}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000240)={r7, 0xa49a, 0x30}, 0xc)
getsockopt$inet_sctp_SCTP_RTOINFO(r4, 0x84, 0x0, &(0x7f00000023c0)={r7, 0x5, 0x10001, 0x809}, &(0x7f0000002400)=0x10)
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x4, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

26.34241061s ago: executing program 4 (id=320):
socket$packet(0x11, 0x2, 0x300)
socket$kcm(0x10, 0x2, 0x4)
socket$alg(0x26, 0x5, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
socket$igmp6(0xa, 0x3, 0x2)
inotify_init1(0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$tipc(0x1e, 0x5, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000080)={0x1ff, "1f138a91b80f3795181800c70511603979e1ef3b3a9b0b8c7d6a2ef124708900"})
r1 = socket$packet(0x11, 0x3, 0x300)
socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
bind$packet(r1, &(0x7f0000000000)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14)
sendto$inet6(r1, &(0x7f0000000280)="02042800ec074802010e0200c52cf7c20675e005b02f0800eb2b2ff0dac8897c6b112002faffffff3066090cb600c5471d130a66321a54e7df305f80a88161b6fd8f24286a57c3feffff", 0xfc13, 0x800, 0x0, 0x2f)

26.305539105s ago: executing program 1 (id=321):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0x0)
fsetxattr$trusted_overlay_nlink(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x8, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000a0000000000000000000000b7080000000000007baaf8ff00000000b5080200000000007b8af0ff00000000bf8100000000000007010000a8d5b100bfc300000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000001000000b705000008000000850000000800000095"], &(0x7f0000000300)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r3=>0x0})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r3, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001400), 0xffffffffffffffff)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000002340)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r6, &(0x7f0000002640)={0x0, 0x0, &(0x7f0000002600)={&(0x7f00000000c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000002100000008000300", @ANYRES32=r9], 0x54}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x34, r5, 0x1, 0x0, 0x0, {{0x8}, {@void, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x8}, @NL80211_ATTR_IE={0x15, 0x2a, [@chsw_timing={0x68, 0x4, {0x800, 0xffff}}, @ssid={0x0, 0x6, @default_ibss_ssid}, @dsss={0x3, 0x1, 0xa5}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x68854}, 0x0)

26.031745594s ago: executing program 1 (id=322):
socket$packet(0x11, 0x2, 0x300)
socket$kcm(0x10, 0x2, 0x4)
socket$alg(0x26, 0x5, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
socket$igmp6(0xa, 0x3, 0x2)
inotify_init1(0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$tipc(0x1e, 0x5, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000080)={0x1ff, "1f138a91b80f3795181800c70511603979e1ef3b3a9b0b8c7d6a2ef124708900"})
r1 = socket$packet(0x11, 0x3, 0x300)
socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
bind$packet(r1, &(0x7f0000000000)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14)
sendto$inet6(r1, &(0x7f0000000280)="02042800ec074802010e0200c52cf7c20675e005b02f0800eb2b2ff0dac8897c6b112002faffffff3066090cb600c5471d130a66321a54e7df305f80a88161b6fd8f24286a57c3feffff", 0xfc13, 0x800, 0x0, 0x2f) (fail_nth: 1)

26.000743397s ago: executing program 4 (id=324):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000100)={'batadv0\x00', <r2=>0x0})
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x800}, 0x20)
setsockopt$XDP_TX_RING(r3, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4)
setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
bind$xdp(r3, &(0x7f00000001c0)={0x2c, 0x0, r2}, 0x10)
r4 = dup(r0)
recvmsg$qrtr(r4, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x1c, 0x0)

25.746256847s ago: executing program 3 (id=325):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001f40)={0x88, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x51, 0xe, {{}, 0x9, @default, 0x0, @void, @void, @void, @val={0x4, 0x6, {0x2}}, @void, @void, @val={0x25, 0x3}, @void, @void, @val={0x2d, 0x1a, {0x0, 0x0, 0x0, 0x0, {}, 0x6}}, @void, @void, @void}}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @beacon=[@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_BEACON_TAIL={0x4}]]}, 0x88}}, 0x4040840) (fail_nth: 1)

25.694913481s ago: executing program 4 (id=326):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001f40)={0x88, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x51, 0xe, {{}, 0x9, @default, 0x0, @void, @void, @void, @val={0x4, 0x6, {0x2}}, @void, @void, @val={0x25, 0x3}, @void, @void, @val={0x2d, 0x1a, {0x0, 0x0, 0x0, 0x0, {}, 0x6}}, @void, @void, @void}}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @beacon=[@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_BEACON_TAIL={0x4}]]}, 0x88}}, 0x4040840)

25.190863281s ago: executing program 4 (id=327):
r0 = socket$inet6(0x10, 0x2, 0x4)
sendto$inet6(r0, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0)

25.086455795s ago: executing program 1 (id=328):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000009802"])

25.062523625s ago: executing program 3 (id=330):
socket$packet(0x11, 0x2, 0x300) (async)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x67b}]}, 0x10)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r2, &(0x7f00000002c0)=[{&(0x7f0000000280)='2', 0x1}, {&(0x7f0000000080)='-', 0x1}], 0x2)
sendmmsg$inet(r1, &(0x7f00000039c0)=[{{&(0x7f0000000080)={0x2, 0x4e20, @multicast2}, 0x10, 0x0}}, {{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001380)="435d61e778eb38a7b38869e147b2bb2d8ea5f836c654c0d9d14ceca9529604eb9a1f8d24c87b2153413b8bc5d52b8aa671b64b2290f0d96afeaa40f60d23f9f9f7d8b4c37a6409abd84ddbe5264f73200c67d8f9742d0f51951f7bb8fe27a59cc395ba580c12f6e995b8a62901c58273c223abb61def8a2492d9c3e164fcc9c0ef085049e39d964b4afa4e79d6dc9d4f792776248a6ac45606026857497e7760e7dcc543cbd35aaaca6b30aa8acb8e4e77cd6626b8371a55fa07ede86c92893bad324de1fef3953ff5c36951f9647ffd6924de49d9a66baeb6a75df64352c800a13b897dbd01621199d6d5424e90a346c805c801fd6be1e96f2a69e5937a4e7df9445d776f56182a9c26c219e3462d7ef57f9037d6b14a5f0288", 0x11a}, {&(0x7f0000000180)="518cf9568a61ae87e9e450447422ed8ab8e2d292b9e8f1", 0x17}, {&(0x7f0000000380)="5132ac5e8205378f905fac4b0f7b0ad4ff080df00b5a6655e32124d51a45ebebdf4a86101587d502357bfc43f44098742b83caede42f6e007330dc8ab67371c65d39bc126b8f9bf17dce0ba9d14f263efa7056bb8a0291a4842e42342519a9e795b7d8aee13edfa09bd3f9ae3bdc4c2dccc274c0cf4fe85fa17f46ff8c017571490f296ef2ea1cf31486bd4167bb33cb9a5e1f96de2ee8af5074695ddf5d1ec4d17c9508cdd9e77ec5bc62a820e263a31521f0b9031c9e1e1491f0c99b44960df2aaee22480355aa20d280d1ed54ae539055ca1e20a57f81db185fa207", 0xdd}, {&(0x7f0000000280)="661da68e4cccac69431df174bbce91246fce262b3de6a53334d329a142ae0f304e4fbde8fab4d68bedcd182b41227278c65f7de3723a93dbbaeb901b447fb35a9f3f4b671a3e3929c119f9deec5e46cdbe5cac679cad88c9aa61bc7ffd219a18b36ef0bf5ca45da80aa46274c5cda17a4b8588c492dcdd43dee797fe7debf7c1143177d4f4b02255ca5a46", 0x8b}], 0x4}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000e00)="72126509caec0994a8681d10cede52616a79142ea93f72a822048babd5d9884ce638db1b533a4b26559bf9166ba1568930485350c8e4c4bc40d2f21c8042ef5f78d0ca450382c66ea27d01387272ddb6350a1b9df7af8dc636bd2a4e14c5ead6ff46562bbb74e63c835b9827f0b5be88de7ea0b09ad394495e7a2e45da891ae90f972844a00800000003a3102cc8ec0030873c527172f369fc7d7ebe01950d7c3c1a1df3b5c2c7940b81f27ed3e5bbb9db01d84e36e67763cde8eb69ed38a8401e2c6daa809497bf60b8b795aac9afe46e918edb28ea6fe06a6afcfad209e55826dc2000a46b358665fdfee08e82c24a22ef3e7c3a54dc04cb3abb100ae646af312feff09140f4fc5da3fa5b2a084e2e95c79cebffd665eca5d3acff205bba674b30ab69eec22e9b94f3b929047f23cf2b53e6d2eec0922dfc78de59dd59a1026ba84003f7ab70d9cf5a24d75fc12d34e7f0", 0x152}], 0x1}}, {{0x0, 0x0, &(0x7f0000001200)=[{&(0x7f0000000880)="9b94bd4f7c3a6ece62bebec3ebc3f6245c2cf71ebb80b25d12176c9248f03c509f9c9efa61aac34738d5eb54550e4ee1a5e35c2b82abfcd8c85c175b38e97da83e872522954d2a5ec48d8fa0f5363f20ca098ee73815ead5dccd3b1bd88c69cc612a19197857d16407c95aad3267a5e215e5286ad9499090ad01", 0x7a}, {&(0x7f0000000540)="ee3abaf71fc749fc5765db5d499bdb7f495357488642fbfc420a5c0d2c7236cdbf41030000000000000059af3dddc1fa8e86b98619791745d9871dc8263709b3d37ade2c3b317d744b5ee3520e326ab6e901d936b81dcb67bbcc2941a916a0e3fb2626f374f5d8ca78c299a5591a97ac38ef3ae70a4ee7fadf7c3a91bc37237c4a8daa4f2fb2d67adc9351677ff8d7638fc103fcb8dca2df6c455ab9d3415f8e4571a56f6c5976dec2439344a67dc81cba7a5412bb71f77c0ff69f8b80ac53f177264d49f5f2da55a890120ebbd65aceaf4bf29a506775fb5e73a932badfe38b6c1e8addfbcb5f404a489efec1bbd83f4179919a9fd44209ec0cfa0d735b73bd832badd4b50577affb2569d2c678", 0x10e}, {&(0x7f0000000bc0)="ebb4431e47a08e69be39d99a05e164370fea19918eda462585b3e7d878eab91929a2929e0c3d931b038606966c61ca9cb8691a4b8ff9eb5f4236355b275ae5db5cdd3dd74f0b442723d7c839f08eabfcdcdf92b8b8ccfdda4f3410e0bb79", 0x5e}, {&(0x7f0000000a40)="79a5ab1a0f9d91cfde8f26d84e989a7f13232cff8a084fdb400fe2092c2396051c32b0689f415a6b36647bd3072f2c326f78eaffb66d50b1f9b44eab40bd546e7ff8b43dd2e179857398e9c78c53b9e98941e7e870bee89f6dc90febbee5456bbb93000cfd62257b62804b4eb4ed0e9b8c6f3702ab333ef840acd1aa9fa01a967eb19b17fe01945f32bc9f890b23", 0x8e}], 0x4}}], 0x4, 0x2000c044) (async)
sendmmsg$inet(r1, &(0x7f00000039c0)=[{{&(0x7f0000000080)={0x2, 0x4e20, @multicast2}, 0x10, 0x0}}, {{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001380)="435d61e778eb38a7b38869e147b2bb2d8ea5f836c654c0d9d14ceca9529604eb9a1f8d24c87b2153413b8bc5d52b8aa671b64b2290f0d96afeaa40f60d23f9f9f7d8b4c37a6409abd84ddbe5264f73200c67d8f9742d0f51951f7bb8fe27a59cc395ba580c12f6e995b8a62901c58273c223abb61def8a2492d9c3e164fcc9c0ef085049e39d964b4afa4e79d6dc9d4f792776248a6ac45606026857497e7760e7dcc543cbd35aaaca6b30aa8acb8e4e77cd6626b8371a55fa07ede86c92893bad324de1fef3953ff5c36951f9647ffd6924de49d9a66baeb6a75df64352c800a13b897dbd01621199d6d5424e90a346c805c801fd6be1e96f2a69e5937a4e7df9445d776f56182a9c26c219e3462d7ef57f9037d6b14a5f0288", 0x11a}, {&(0x7f0000000180)="518cf9568a61ae87e9e450447422ed8ab8e2d292b9e8f1", 0x17}, {&(0x7f0000000380)="5132ac5e8205378f905fac4b0f7b0ad4ff080df00b5a6655e32124d51a45ebebdf4a86101587d502357bfc43f44098742b83caede42f6e007330dc8ab67371c65d39bc126b8f9bf17dce0ba9d14f263efa7056bb8a0291a4842e42342519a9e795b7d8aee13edfa09bd3f9ae3bdc4c2dccc274c0cf4fe85fa17f46ff8c017571490f296ef2ea1cf31486bd4167bb33cb9a5e1f96de2ee8af5074695ddf5d1ec4d17c9508cdd9e77ec5bc62a820e263a31521f0b9031c9e1e1491f0c99b44960df2aaee22480355aa20d280d1ed54ae539055ca1e20a57f81db185fa207", 0xdd}, {&(0x7f0000000280)="661da68e4cccac69431df174bbce91246fce262b3de6a53334d329a142ae0f304e4fbde8fab4d68bedcd182b41227278c65f7de3723a93dbbaeb901b447fb35a9f3f4b671a3e3929c119f9deec5e46cdbe5cac679cad88c9aa61bc7ffd219a18b36ef0bf5ca45da80aa46274c5cda17a4b8588c492dcdd43dee797fe7debf7c1143177d4f4b02255ca5a46", 0x8b}], 0x4}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000e00)="72126509caec0994a8681d10cede52616a79142ea93f72a822048babd5d9884ce638db1b533a4b26559bf9166ba1568930485350c8e4c4bc40d2f21c8042ef5f78d0ca450382c66ea27d01387272ddb6350a1b9df7af8dc636bd2a4e14c5ead6ff46562bbb74e63c835b9827f0b5be88de7ea0b09ad394495e7a2e45da891ae90f972844a00800000003a3102cc8ec0030873c527172f369fc7d7ebe01950d7c3c1a1df3b5c2c7940b81f27ed3e5bbb9db01d84e36e67763cde8eb69ed38a8401e2c6daa809497bf60b8b795aac9afe46e918edb28ea6fe06a6afcfad209e55826dc2000a46b358665fdfee08e82c24a22ef3e7c3a54dc04cb3abb100ae646af312feff09140f4fc5da3fa5b2a084e2e95c79cebffd665eca5d3acff205bba674b30ab69eec22e9b94f3b929047f23cf2b53e6d2eec0922dfc78de59dd59a1026ba84003f7ab70d9cf5a24d75fc12d34e7f0", 0x152}], 0x1}}, {{0x0, 0x0, &(0x7f0000001200)=[{&(0x7f0000000880)="9b94bd4f7c3a6ece62bebec3ebc3f6245c2cf71ebb80b25d12176c9248f03c509f9c9efa61aac34738d5eb54550e4ee1a5e35c2b82abfcd8c85c175b38e97da83e872522954d2a5ec48d8fa0f5363f20ca098ee73815ead5dccd3b1bd88c69cc612a19197857d16407c95aad3267a5e215e5286ad9499090ad01", 0x7a}, {&(0x7f0000000540)="ee3abaf71fc749fc5765db5d499bdb7f495357488642fbfc420a5c0d2c7236cdbf41030000000000000059af3dddc1fa8e86b98619791745d9871dc8263709b3d37ade2c3b317d744b5ee3520e326ab6e901d936b81dcb67bbcc2941a916a0e3fb2626f374f5d8ca78c299a5591a97ac38ef3ae70a4ee7fadf7c3a91bc37237c4a8daa4f2fb2d67adc9351677ff8d7638fc103fcb8dca2df6c455ab9d3415f8e4571a56f6c5976dec2439344a67dc81cba7a5412bb71f77c0ff69f8b80ac53f177264d49f5f2da55a890120ebbd65aceaf4bf29a506775fb5e73a932badfe38b6c1e8addfbcb5f404a489efec1bbd83f4179919a9fd44209ec0cfa0d735b73bd832badd4b50577affb2569d2c678", 0x10e}, {&(0x7f0000000bc0)="ebb4431e47a08e69be39d99a05e164370fea19918eda462585b3e7d878eab91929a2929e0c3d931b038606966c61ca9cb8691a4b8ff9eb5f4236355b275ae5db5cdd3dd74f0b442723d7c839f08eabfcdcdf92b8b8ccfdda4f3410e0bb79", 0x5e}, {&(0x7f0000000a40)="79a5ab1a0f9d91cfde8f26d84e989a7f13232cff8a084fdb400fe2092c2396051c32b0689f415a6b36647bd3072f2c326f78eaffb66d50b1f9b44eab40bd546e7ff8b43dd2e179857398e9c78c53b9e98941e7e870bee89f6dc90febbee5456bbb93000cfd62257b62804b4eb4ed0e9b8c6f3702ab333ef840acd1aa9fa01a967eb19b17fe01945f32bc9f890b23", 0x8e}], 0x4}}], 0x4, 0x2000c044)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r1, 0x89f8, &(0x7f0000000200)={'syztnl0\x00', &(0x7f0000000480)={'gretap0\x00', <r3=>0x0, 0x7, 0x8, 0x8, 0x0, {{0x17, 0x4, 0x2, 0x9, 0x5c, 0x66, 0x0, 0x9, 0x2f, 0x0, @local, @local, {[@lsrr={0x83, 0x17, 0x97, [@multicast2, @local, @local, @private=0xa010100, @loopback]}, @lsrr={0x83, 0x1f, 0x27, [@loopback, @local, @rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0xb}, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast]}, @timestamp={0x44, 0x10, 0x31, 0x0, 0x8, [0x5, 0x9, 0x7]}]}}}}})
sendmsg$nl_route_sched(r2, &(0x7f0000000700)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)=@newtfilter={0x3c, 0x2c, 0x10, 0x70bd26, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x1, 0xa}, {0xfff2, 0xe}, {0xffe0, 0x1}}, [@TCA_RATE={0x6, 0x5, {0x5, 0x1}}, @TCA_RATE={0x6, 0x5, {0x9, 0xe}}, @TCA_RATE={0x6, 0x5, {0x7, 0xff}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24000004}, 0x4000) (async)
sendmsg$nl_route_sched(r2, &(0x7f0000000700)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)=@newtfilter={0x3c, 0x2c, 0x10, 0x70bd26, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x1, 0xa}, {0xfff2, 0xe}, {0xffe0, 0x1}}, [@TCA_RATE={0x6, 0x5, {0x5, 0x1}}, @TCA_RATE={0x6, 0x5, {0x9, 0xe}}, @TCA_RATE={0x6, 0x5, {0x7, 0xff}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24000004}, 0x4000)
socket$nl_crypto(0x10, 0x3, 0x15) (async)
r4 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r4, &(0x7f0000000400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="f8000000100001"], 0xf8}, 0x1, 0x0, 0x0, 0x84}, 0x10)
setsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0x4)
sendto$inet(r1, &(0x7f0000000c80)="e8", 0x6200, 0x0, 0x0, 0x0)

24.806322171s ago: executing program 3 (id=333):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
unshare(0x22020400) (async)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0x9, 0x0, 0x2a) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) (async)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x3, 0x0, 0x2, 0x0) (async)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) (async)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240), 0x0, 0x0, 0x0) (async)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) (async)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f0000000480)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f00000000c0), 0x12)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000140)='cgroup\x00'}, 0x30)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_procs(r5, &(0x7f0000000480)='cgroup.threads\x00', 0x2, 0x0)
sendfile(r6, r6, 0x0, 0x1)

24.805788197s ago: executing program 4 (id=334):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000003c0)={<r1=>0xffffffffffffffff}, 0x111}}, 0x20)
r2 = openat$tcp_mem(0xffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
write$tcp_mem(r2, &(0x7f0000000080)={0x2, 0x20, 0x5, 0x20, 0x3}, 0x48)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20040000)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
fcntl$addseals(r4, 0x409, 0x8)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, &(0x7f0000000040))
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
prlimit64(0x0, 0x1, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
open(&(0x7f0000000200)='./bus\x00', 0x141a42, 0x0)
sendfile(r4, r4, 0x0, 0x9bdd93a)
ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x5001, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$EXT4_IOC_GETFSUUID(0xffffffffffffffff, 0x8008662c, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x20040800)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000006c0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r5, 0xc0505350, &(0x7f0000000700)={{0x0, 0x1}, {0xf}})
r6 = fsopen(&(0x7f00000004c0)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x3, &(0x7f0000000000)='source', &(0x7f0000000840)='%\\,:\x85X\\\x03\xa6\xd7}\xcd\xeb*\xb1\xa8\xb7\x81\xc8\xcbR\xa8?\x97 \xcbz&\x17\xa4\xfd^\xe1I\x11X\x90\x03\xb7W\x05\xb0\x99\x10F0\xb5YP9\xc3\xe2M\xaa\x81\xfev:\xe40\x9e\xdb\x98\xb4\xd0\xdcE\x14\x910\x1b.G\xab\x86\xdfy\xe6\xde11_H]\xe2\xc3\xb2fa\x7f\x8c\xf3\xc6\x85\xc9\xd6j\xff\xaa\xdbWD\x87\xe3\\mUSy\x0f\x82qW\fE\xd15ec>:D+', 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0xc)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r7, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a03020600000000000000020000000900020073797a30000000000900010073797a3000c6af0ca39acd00f6ff13000380080002400000000008000140000000001400000011000100000000000000"], 0x68}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000000000000003b1f1bef62a4b472160a01080000000000000000060000040900020073797a30000000040900010073797a30000000000900020073797a3100000000140000001100010000000000000000000000000a"], 0x60}, 0x1, 0x0, 0x0, 0x44040}, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000380)={&(0x7f00000002c0)="fc1e31346e295d6463a44815ffd7669258e6530e3af008397fac6a17cc45b16fe8e502f5bcc758a7a981c73bb941b0caf7eb913bcf0032c8f75b2e1f312e1dbb0342dad86504a181c15946794a1e01bd4aa413e4fc5b8749b7d7776f03697d47bfbdab75aa02aef7a938ec2f37a7bd95f07feef648cdb07f6122086dabb47b7641eea5497e25675c68df2c5917cdb0312a", &(0x7f0000000100)=""/61, &(0x7f0000000140)="536695f114db6853448a6ef17eb36d0ecf93d2c2e8bcd07b6f5148192bf24105561d7f3931f2c832d42d3d0fe2b5144196", &(0x7f0000000580)="5b4ebf14af00c43b1894a12ab6b0e38b8314ce6eaa35507f9abb2a1c54fd46159b17ee2dae125bfb3f92b16d3a138aa9f314db05cce46b4e1115bf5bc5e0e37d269c81b0e1053bcc9d5de0366cf35fdfd4cf195c5e5acbeb222b7a4fdec501871ed62b894504c978f8599335e13cd96b4f55428308aaa4687b7f6b39fe370ab2004451ad0f826a5c580f514a0c4bec253bd03c0adf33b9684dd511a95e3231", 0x8ad, r8}, 0x38)
write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000480)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x110, 0x0, @local, 0x6}, r1}}, 0x7)

24.759150159s ago: executing program 1 (id=335):
r0 = syz_usb_connect$hid(0x6, 0x3f, &(0x7f0000000340)=ANY=[@ANYBLOB="1201000000000040430521e600000000000109022d000100002000090400400103000000092100000001220700090581030000000002070603000000000000"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r1, 0xfff)
syz_emit_ethernet(0x82, &(0x7f0000000500)=ANY=[@ANYBLOB="85edea1d75fd0180c200000e86dd601e0000004c0600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e24", @ANYRESHEX=r0, @ANYBLOB="5efb72c501806268ea79fa22b12818a3b0a81b04bded5a46846ab4cbc93f9fbca426e0744f5cebd22b19451a2bf086ab4154a276694c5e900cb498b1ea474f4c2b8fa5142bf331b1406ce2a64c531fe8e196e5f0ec8404ee9f1f3ea1d36c7694720b5bf4cd42d7106fe92ff3a12c522140723bbd096588e98016e7e2c488dd260076a596121f0c03329d1d0dd8a8d1584b18522460759f8e1db5beb2c8c37a2d6f952b4c2682e29f2b7c29a91cba447cc00fa873a014d85ea5628c12630f5bb1ae54afc86dfde5ebbdcc5a96c3c6db19170796709ebea7969e9b7b8ce19ad47bb45a6d5c37cfb9169f09a05fc9b49fe38f1331e288f9024a", @ANYBLOB="30c20000907800000104e6fb00fe6194edddfe06e2d4c3d9080a00000003000000040402080a0000000700000009020409001e030a00"/64], 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYRES64=0x0, @ANYRESDEC=r1], 0xfc}, 0x1, 0x0, 0x0, 0x800}, 0x48000) (async)
sendmsg$nl_xfrm(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYRES64=0x0, @ANYRESDEC=r1], 0xfc}, 0x1, 0x0, 0x0, 0x800}, 0x48000)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) (async)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
syz_emit_ethernet(0x1e, &(0x7f0000000280)={@local, @link_local, @void, {@can={0xc, {{0x1, 0x1, 0x1, 0x1}, 0x5, 0x0, 0x0, 0x0, "5001b1a605f2e983"}}}}, 0x0) (async)
syz_emit_ethernet(0x1e, &(0x7f0000000280)={@local, @link_local, @void, {@can={0xc, {{0x1, 0x1, 0x1, 0x1}, 0x5, 0x0, 0x0, 0x0, "5001b1a605f2e983"}}}}, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0) (async)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
listen(0xffffffffffffffff, 0x0) (async)
listen(0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
openat$cgroup_ro(r1, &(0x7f0000000300)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0) (async)
r3 = openat$cgroup_ro(r1, &(0x7f0000000300)='cpuacct.usage_percpu_sys\x00', 0x26e1, 0x0)
close(r3)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f000000a300)) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f000000a300))
ioctl$SIOCSIFHWADDR(r3, 0x8b35, &(0x7f0000000000)={'wlan0\x00', @random="7cf1e97c9e4f"})
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="0b00000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a31000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008b000000ff07000052cc00000900000006000000955cc98c0422b7540ebaf9364c6fe2724c4ee30837a3625afef3cf5496b378164733b5130078f24e6f67b8fe0b433e3b6f282e9de25a0f342e57b123f8ae1c82bcc94dce"], 0x1a3)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400100, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000240), 0x208e24b) (async)
write$binfmt_script(r5, &(0x7f0000000240), 0x208e24b)

24.697538504s ago: executing program 2 (id=336):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000100)={'batadv0\x00', <r2=>0x0})
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x800}, 0x20)
setsockopt$XDP_TX_RING(r3, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4)
setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
bind$xdp(r3, &(0x7f00000001c0)={0x2c, 0x0, r2}, 0x10)
r4 = dup(r0)
recvmsg$qrtr(r4, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x1c, 0x0)

24.578407823s ago: executing program 3 (id=337):
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r0 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0)
r1 = syz_io_uring_setup(0xd3, &(0x7f0000000480), &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1)

24.537372953s ago: executing program 4 (id=338):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0x0)
syz_usb_connect$hid(0x0, 0x6c, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000040b827ed01000000000001090224"], 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100))
socket$nl_generic(0x10, 0x3, 0x10)
socket$alg(0x26, 0x5, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000140)=0x1)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000040)={0x9}, 0x8)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000000c0)={@map=r0, 0xffffffffffffffff, 0x33, 0x10, 0x0, @void, @value}, 0x20)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)={0x60, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x4}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x15}, @IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x60}}, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='loginuid\x00')
socket$unix(0x1, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04", 0xb)
r3 = accept$alg(r2, 0x0, 0x0)
sendmsg$alg(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0xfffffffffffffffd, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r4, &(0x7f0000001b00)=[{&(0x7f0000019740)=""/102392, 0x18ff8}, {&(0x7f00000001c0)=""/7, 0x7}, {&(0x7f0000000180)=""/41, 0x29}, {&(0x7f0000000340)=""/32, 0x20}, {&(0x7f0000000500)=""/246, 0xf6}, {&(0x7f0000000380)=""/185, 0xb9}, {&(0x7f0000000600)=""/240, 0xf0}, {&(0x7f0000000740)=""/4096, 0x1000}, {&(0x7f0000001740)=""/135, 0x87}, {&(0x7f00000018c0)=""/168, 0xa8}, {&(0x7f0000000200)=""/18, 0x12}, {&(0x7f0000001980)=""/236, 0xec}, {&(0x7f0000001a80)=""/119, 0x77}], 0xd, 0x8000, 0x0)
r5 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53048c4)
write$binfmt_script(r5, &(0x7f00000002c0), 0x191)
close(r5)
execve(&(0x7f0000000700)='./file0\x00', 0x0, 0x0)
ptrace$ARCH_GET_GS(0x1e, 0x0, 0x0, 0x1004)

24.491740094s ago: executing program 2 (id=339):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
r0 = getpid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x13, 0x0, @tid=r0}, &(0x7f0000000240)=<r1=>0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_opts(r2, 0x29, 0x4d, &(0x7f0000000140)=ANY=[@ANYRESDEC], 0x8)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendto$inet6(r3, &(0x7f0000000300), 0x5aa, 0x0, 0x0, 0xfffffffffffffdfd)
recvmsg(r2, &(0x7f0000002640)={0x0, 0x0, 0x0}, 0x5aa)
timer_settime(r1, 0x0, &(0x7f0000000340)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
write$binfmt_script(r5, 0x0, 0xb)
splice(r4, 0x0, r6, 0x0, 0x80, 0x0)

24.158413343s ago: executing program 3 (id=340):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
timer_create(0x0, &(0x7f0000000180)={0x0, 0x13, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000240)=<r0=>0x0)
timer_settime(r0, 0x0, &(0x7f0000000340)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
write$binfmt_script(r2, 0x0, 0xb)
splice(r1, 0x0, r3, 0x0, 0x80, 0x0)

23.52793376s ago: executing program 2 (id=342):
r0 = socket$inet(0x2, 0x4000000805, 0x0)
listen(r0, 0x7)
sendmmsg(r0, &(0x7f0000000e40)=[{{&(0x7f0000000000)=@l2tp={0x2, 0x0, @local}, 0x80, &(0x7f0000000300)=[{&(0x7f00000000c0)}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[{0x10, 0x84, 0x7}], 0x10}}], 0x2, 0x0)

23.246450648s ago: executing program 2 (id=343):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000100)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x3b, 0x44, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e29, 0x41424344, 0x41424344, 0x0, 0x0, 0xc, 0x16, 0x1, 0x0, 0x0, {[@generic={0x8, 0x2}, @mptcp=@remove_addr={0x1e, 0xe, 0x9, 0x0, "1ad97d5086ff932c1b088b"}, @exp_fastopen={0xfe, 0x9, 0xf989, "a2f19f22f5"}]}}}}}}}, 0x0)

23.225120788s ago: executing program 3 (id=344):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
recvfrom$inet6(r0, 0x0, 0x198, 0x120, 0x0, 0x0)
write$tun(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff0200"/53], 0xfdef)

23.073627504s ago: executing program 1 (id=345):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x98, 0x65, 0x114, 0x0, 0x0, {}, [@TCA_CHAIN={0x8, 0xb, 0x8001}, @TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_flower={{0xb}, {0x50, 0x2, [@TCA_FLOWER_KEY_ARP_OP={0x5}, @TCA_FLOWER_KEY_ICMPV6_CODE={0x5}, @TCA_FLOWER_KEY_SCTP_DST_MASK={0x6}, @TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK={0x14}, @TCA_FLOWER_KEY_UDP_SRC_MASK={0x6}, @TCA_FLOWER_KEY_ICMPV6_TYPE={0x5}, @TCA_FLOWER_KEY_PORT_DST_MIN={0x6}, @TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK={0x6}]}}]}, 0x98}}, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000002080)={0x8a4, r1, 0x400, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x7fff}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x17}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x4}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xfc}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x93}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x143c}], @NL80211_ATTR_TX_RATES={0x338, 0x5a, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x3c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x21, 0x1, [0x12, 0x3, 0x1, 0x60, 0xc, 0xc, 0x16, 0x30, 0x12, 0x48, 0x5, 0x1, 0x48, 0x24, 0x2, 0x30, 0x6c, 0x6, 0x9, 0x3, 0x36, 0x24, 0xc, 0x9, 0x9, 0x6c, 0x1b, 0x5, 0x12]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0xfff8, 0xd4, 0x5, 0x3a6, 0x5635, 0xffff, 0x9]}}]}, @NL80211_BAND_5GHZ={0x64, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0xa1, 0xa7a, 0x3, 0xb, 0x0, 0x2b, 0x47f, 0x8401]}}, @NL80211_TXRATE_LEGACY={0x12, 0x1, [0x68, 0x1b, 0x60, 0xb, 0x1, 0xb, 0xc, 0x4, 0xc, 0x14, 0x2, 0x5, 0x1, 0x16]}, @NL80211_TXRATE_LEGACY={0x8, 0x1, [0xb, 0x48, 0x24, 0x1e]}, @NL80211_TXRATE_LEGACY={0xa, 0x1, [0xc, 0x69, 0x9, 0x4, 0xc, 0x60]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x1ff, 0x24, 0x8, 0x120, 0xffff, 0xff7f, 0x5]}}]}, @NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}, @NL80211_BAND_60GHZ={0x98, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x44, 0x2, [{0x4, 0x9}, {0x2, 0x6}, {0x0, 0x7}, {0x3, 0xa}, {0x1, 0x3}, {0x4, 0x7}, {0x5, 0x1}, {0x5, 0x2}, {0x1, 0xa}, {0x3, 0x1}, {0x5, 0x3}, {0x5}, {0x4, 0x4}, {0x2, 0x4}, {0x0, 0x2}, {0x7, 0x2}, {0x6, 0x1}, {0x7, 0x6}, {0x4, 0x8}, {0x7}, {0x5}, {0x7, 0x9}, {0x7, 0x3}, {0x1, 0x7}, {0x4, 0x4}, {0x0, 0x9}, {0x0, 0x5}, {0x0, 0x9}, {0x3, 0x6}, {0x2, 0x6}, {0x1, 0x3}, {0x5, 0x9}, {0x4, 0x1}, {0x1, 0x5}, {0x7, 0x7}, {0x2, 0x6}, {0x1, 0x7}, {0x1, 0xa}, {0x7, 0x8}, {0x5, 0x8}, {0x3, 0xa}, {0x1, 0x4}, {0x3, 0x9}, {0x3}, {0x2, 0xa}, {0x6, 0x4}, {0x6, 0x1}, {0x1, 0xa}, {0x2, 0x9}, {0x5, 0x1}, {0x3, 0x6}, {0x0, 0x2}, {}, {0x1, 0x2}, {0x3, 0x7}, {0x3, 0x2}, {0x5, 0x5}, {0x2}, {0x6, 0x3}, {0x1, 0x8}, {0x0, 0x9}, {0x7, 0x1}, {0x3, 0x6}, {0x2, 0x8}]}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x6, 0x9ccd, 0x8, 0x7, 0xf, 0xf, 0x9]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x18a, 0x6, 0x88ae, 0x7f, 0xfff, 0xfff7, 0x1]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_6GHZ={0x28, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x11, 0x2, [{0x3, 0x2}, {0x5, 0x6}, {0x7, 0x6}, {0x5, 0x1}, {0x1, 0x7}, {0x4, 0x8}, {0x1, 0x3}, {0x1, 0x2}, {0x2, 0x8}, {0x1, 0x1}, {0x0, 0x5}, {0x7, 0x3}, {0x0, 0xa}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_60GHZ={0xdc, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x5, 0x2, 0x3, 0x587, 0xfe3e, 0x93ad, 0x6ee]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x4b0, 0xff80, 0x4, 0x9, 0x9, 0x7, 0x800, 0x9]}}, @NL80211_TXRATE_LEGACY={0x1c, 0x1, [0x24, 0xc, 0x36, 0x2, 0x4, 0x30, 0x5, 0x0, 0x30, 0x30, 0x4, 0x6d, 0x36, 0x2, 0x4, 0x1b, 0x24, 0x24, 0x48, 0x48, 0x24, 0x6, 0x18, 0x2]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x5, 0x9, 0x100, 0x2e6, 0x4, 0x7ff, 0x6]}}, @NL80211_TXRATE_LEGACY={0x22, 0x1, [0x5, 0x5, 0x18, 0xb, 0x48, 0x1, 0x16, 0x24, 0x12, 0x1, 0x9, 0xb, 0x48, 0x6c, 0x3, 0x1b, 0x48, 0x1, 0x4, 0x60, 0x36, 0x5, 0x9, 0x12, 0x6, 0x1d, 0x9, 0x60, 0x12, 0x16]}, @NL80211_TXRATE_HT={0x21, 0x2, [{0x0, 0x4}, {0x0, 0x1}, {0x3, 0x3}, {0x1}, {0x1, 0x6}, {0x3}, {0x1}, {0x3, 0x9}, {0x1}, {0x0, 0x6}, {0x7, 0x6}, {0x6, 0x2}, {0x3, 0x8}, {0x7, 0x1}, {0x0, 0x2}, {0x5, 0x9}, {0x7, 0x6}, {0x5}, {0x0, 0x5}, {0x2, 0x9}, {0x0, 0x1}, {0x3}, {0x1, 0x6}, {0x1, 0x1}, {0x3, 0x7}, {0x0, 0x7}, {0x1, 0x6}, {0x0, 0x2}, {0x1, 0xa}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x8, 0x5, 0x3, 0x6, 0x8, 0x401, 0x4]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xfffd, 0x1, 0x4, 0x0, 0x4, 0x5, 0xa539, 0x7]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_2GHZ={0xec, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x3, 0x8001, 0x4, 0x4, 0x40, 0x3, 0x8, 0x8]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_LEGACY={0x23, 0x1, [0x3, 0x1, 0x12, 0x24, 0x1, 0x6c, 0x6, 0x60, 0xc, 0x36, 0x36, 0x18, 0x16, 0x36, 0x48, 0x36, 0x3, 0x30, 0x20, 0x48, 0x30, 0x9, 0x3, 0x1d, 0x60, 0x30, 0x16, 0x48, 0x4, 0x3, 0x9]}, @NL80211_TXRATE_LEGACY={0xf, 0x1, [0xc, 0x1, 0x2, 0x30, 0x48, 0x36, 0x18, 0x12, 0x9, 0x2, 0x16]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0xc, 0x3, 0x101, 0x1c50, 0x5743, 0xe2, 0xfff9]}}, @NL80211_TXRATE_HT={0x3a, 0x2, [{0x0, 0x8}, {0x1, 0x3}, {0x1, 0x8}, {0x7, 0x5}, {0x1, 0x5}, {0x1}, {0x2, 0x6}, {0x3, 0xa}, {0x0, 0x3}, {0x2, 0x2}, {0x6, 0x7}, {0x2, 0x9}, {0x1, 0x2}, {0x4, 0x1}, {0x0, 0x8}, {0x2}, {0x0, 0xa}, {0x5, 0x7}, {0x6, 0x2}, {0x3, 0xa}, {0x0, 0x4}, {0x4, 0x7}, {0x3, 0x4}, {0x2, 0x4}, {0x1, 0x6}, {0x6, 0x5}, {0x7, 0x5}, {0x2, 0x7}, {0x3, 0x4}, {0x7, 0xa}, {0x7, 0x3}, {0x0, 0x1}, {0x5, 0x3}, {0x1, 0x4}, {0x0, 0xa}, {0x0, 0x8}, {0x0, 0x5}, {0x2, 0x5}, {0x3}, {0x7, 0x5}, {0x4, 0x2}, {0x4, 0x2}, {0x0, 0xa}, {0x2, 0x5}, {0x6, 0xa}, {0x4, 0x7}, {0x1, 0x1}, {0x5, 0x6}, {0x6, 0x7}, {0x2, 0x7}, {0x0, 0x2}, {0x0, 0x3}, {0x6, 0x8}, {0x2, 0x2}]}, @NL80211_TXRATE_LEGACY={0x22, 0x1, [0x48, 0x8, 0x3, 0x1b, 0x2, 0x1, 0x3, 0x5, 0x36, 0x16, 0x4, 0x0, 0x24, 0x48, 0x3, 0x5, 0x1, 0x36, 0x2, 0x3, 0xb, 0x16, 0xb, 0xc, 0x48, 0x16, 0x68, 0x60, 0x1b, 0xc]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1db, 0x0, 0x6, 0x9, 0x4, 0x800, 0x9, 0x6]}}]}]}, @NL80211_ATTR_MESH_CONFIG={0x14, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_PLINK_TIMEOUT={0x8, 0x1c, 0x6}, @NL80211_MESHCONF_NOLEARN={0x5, 0x1e, 0x1}]}, @NL80211_ATTR_TX_RATES={0x2b0, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x4c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x40, 0x7, 0xa, 0x8000, 0xea, 0x6, 0xedb0]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_6GHZ={0xc, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_2GHZ={0x90, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_LEGACY={0x1d, 0x1, [0x1b, 0x48, 0x36, 0x7c, 0x1, 0x12, 0xb, 0x18, 0x1b, 0x6c, 0x36, 0x9, 0x4, 0x6c, 0x1b, 0x60, 0x30, 0x6, 0x6c, 0x30, 0x12, 0x9, 0x1, 0x12, 0x30]}, @NL80211_TXRATE_LEGACY={0x19, 0x1, [0x7d, 0x3, 0x48, 0x48, 0x12, 0x2, 0x48, 0x4, 0x16, 0x1b, 0x24, 0x12, 0x16, 0x24, 0x0, 0x4, 0xb, 0x48, 0x3, 0x60, 0x48]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x9, 0xc, 0x400, 0x3, 0x3, 0x3, 0x8]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x2, 0x5, 0x7, 0x9, 0x1, 0xd7b, 0x3]}}]}, @NL80211_BAND_60GHZ={0xd8, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0x0, 0x5, 0x7f, 0x5, 0x40, 0x100, 0x6]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0xc, 0xfff1, 0x8, 0x3, 0xfff, 0x401]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0x400, 0x800, 0x1, 0x1, 0xfaf6, 0x6, 0x3]}}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HT={0x4a, 0x2, [{0x0, 0x7}, {0x6, 0x7}, {0x0, 0x6}, {0x1, 0x8}, {0x0, 0x7}, {0x6, 0x4}, {0x1, 0x9}, {0x1, 0x5}, {0x2, 0x4}, {0x6, 0x4}, {0x5, 0x5}, {0x5, 0x3}, {0x4, 0x4}, {0x2, 0x3}, {0x5, 0x6}, {0x3, 0x3}, {0x7, 0x5}, {0x2, 0xa}, {0x2, 0x1}, {0x4, 0x8}, {0x5, 0x8}, {0x5, 0xa}, {0x7, 0x8}, {0x0, 0x2}, {0x4, 0x3}, {0x4, 0x5}, {0x1, 0x6}, {0x6, 0x4}, {}, {0x2, 0x3}, {0x6, 0x2}, {0x4}, {0x6}, {0x0, 0x8}, {0x0, 0x5}, {0x5, 0x1}, {0x3, 0x2}, {0x6, 0xa}, {0x7, 0x7}, {0x2, 0x9}, {0x4, 0x8}, {0x1, 0x5}, {0x1, 0x8}, {0x6, 0x5}, {0x7, 0x5}, {}, {0x2, 0x6}, {0x4, 0x1}, {0x5, 0x7}, {0x3, 0x8}, {0x7, 0x9}, {0x5, 0x2}, {0x6, 0xa}, {0x7, 0x6}, {0x7, 0x4}, {0x1, 0x7}, {0x1, 0x9}, {0x3, 0x2}, {0x0, 0x9}, {0x6, 0x7}, {0x7, 0x6}, {0x5, 0x1}, {0x1, 0x4}, {0x1, 0x4}, {0x1, 0x6}, {0x7, 0x2}, {0x5, 0x6}, {0x1, 0x6}, {0x5, 0x7}, {0x3, 0x1}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x6, 0x800, 0x1, 0x2, 0x6, 0x0, 0xf885, 0x9]}}, @NL80211_TXRATE_HT={0x26, 0x2, [{0x6, 0x5}, {0x2, 0x4}, {0x3, 0x1}, {0x1, 0x6}, {0x2}, {0x0, 0x8}, {0x4, 0x6}, {0x3, 0x6}, {0x3, 0x7}, {0x1, 0x6}, {0x3, 0x5}, {0x7, 0xa}, {0x1, 0x8}, {0x2, 0x2}, {0x2}, {0x0, 0x3}, {0x7, 0x2}, {0x2, 0x6}, {0x5, 0xa}, {0x0, 0x9}, {0x5, 0x1}, {0x6, 0x6}, {0x0, 0x8}, {0x7, 0x7}, {0x0, 0x2}, {0x1, 0x5}, {0x1, 0x5}, {0x2, 0x4}, {0x5, 0x3}, {0x5, 0x7}, {0x6, 0x5}, {0x0, 0x7}, {0x5, 0x4}, {0x3, 0x9}]}]}, @NL80211_BAND_5GHZ={0x50, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x1d, 0x1, [0x48, 0x0, 0xb, 0x16, 0x7e, 0x2b, 0x0, 0x3, 0x18, 0x0, 0x18, 0x18, 0x30, 0x6, 0x24, 0x6c, 0x1b, 0x2, 0xc, 0x6c, 0xb, 0x12, 0x24, 0x32, 0x1]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x3, 0x401, 0x8, 0x1, 0xf71c, 0x1, 0xffed, 0x4460]}}, @NL80211_TXRATE_LEGACY={0x6, 0x1, [0x12, 0x6c]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_60GHZ={0x9c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x23, 0x2, [{0x2, 0x8}, {0x3, 0x1}, {0x7, 0x1}, {0x0, 0x1}, {0x1, 0xa}, {0x2, 0x1}, {0x4, 0x1}, {0x3}, {0x0, 0x6}, {0x1, 0x1}, {0x1, 0x8}, {0x7, 0xa}, {0x4, 0x9}, {0x7}, {0x0, 0x5}, {0x0, 0x4}, {0x7, 0x5}, {0x0, 0x8}, {0x0, 0x1}, {0x0, 0x5}, {0x4, 0x4}, {0x1}, {0x6, 0x1}, {0x5}, {0x2, 0x1}, {0x1, 0x8}, {0x0, 0x1}, {0x6, 0x4}, {0x3}, {0x4}, {0x2}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_LEGACY={0x20, 0x1, [0x18, 0x18, 0x1b, 0x18, 0xb, 0x9, 0x3, 0x3, 0x1b, 0x36, 0xb, 0x6c, 0x9, 0x36, 0x6c, 0xc, 0x12, 0x6, 0x1, 0x2, 0x3, 0x60, 0x3, 0x12, 0x1b, 0x9, 0x12, 0x30]}, @NL80211_TXRATE_LEGACY={0x9, 0x1, [0x9, 0x30, 0x4, 0xa96fdeb57a78937b, 0x1]}, @NL80211_TXRATE_HT={0x29, 0x2, [{0x2}, {0x0, 0x4}, {0x1, 0x5}, {0x0, 0x6}, {0x0, 0x3}, {0x3, 0x4}, {0x0, 0x4}, {0x0, 0x5}, {0x3, 0x2}, {0x6, 0x8}, {0x5, 0x5}, {0x2, 0x9}, {0x3, 0x7}, {0x4}, {0x0, 0x9}, {0x4, 0xa}, {0x1, 0x7}, {0x0, 0x7}, {0x4}, {0x5, 0xa}, {0x0, 0x8}, {0x5, 0x3}, {0x0, 0x1}, {0x2, 0x3}, {0x6, 0x8}, {0x1, 0x6}, {0x1, 0x2}, {0x5}, {0x7, 0x3}, {0x1, 0x7}, {0x4, 0x5}, {0x6, 0x1}, {0x5, 0x7}, {0x2}, {0x6}, {0x3}, {0x4, 0x2}]}, @NL80211_TXRATE_LEGACY={0x11, 0x1, [0x48, 0x48, 0x18, 0x60, 0x1b, 0x36, 0x18, 0x60, 0x60, 0x4, 0x48, 0x0, 0xb]}]}]}, @NL80211_ATTR_TX_RATES={0x210, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x44, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_LEGACY={0x1e, 0x1, [0x12, 0x1, 0x30, 0x2, 0xc, 0x6c, 0x4, 0x4, 0x1, 0xc, 0x1, 0x24, 0x36, 0x36, 0x6c, 0x34, 0x5, 0x30, 0x16, 0x1, 0x9, 0x36, 0x60, 0x6, 0x16, 0x5]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_60GHZ={0x20, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0xb, 0x3, 0xff, 0x9, 0x9d2, 0xb00, 0x2]}}]}, @NL80211_BAND_60GHZ={0x4c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x21, 0x1, [0xc, 0x3, 0x1b, 0x18, 0x3, 0x4, 0x2, 0x18, 0x12, 0x5, 0x48, 0x9, 0x1, 0x12, 0x48, 0x3, 0x36, 0x48, 0x6, 0x5, 0x30, 0x30, 0xb, 0x18, 0x1, 0x3, 0x0, 0x30, 0x2]}, @NL80211_TXRATE_LEGACY={0xf, 0x1, [0x2, 0x36, 0x4, 0xc, 0xb, 0x30, 0x5, 0x24, 0x24, 0x4, 0x1b]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x0, 0xb02c, 0x9, 0x81, 0x800, 0x0, 0x339]}}]}, @NL80211_BAND_2GHZ={0x9c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HT={0xf, 0x2, [{0x0, 0x7}, {0x0, 0x1}, {0x3}, {0x0, 0x3}, {0x0, 0x7}, {0x3, 0x8}, {0x7, 0x4}, {0x5, 0x7}, {0x0, 0x2}, {0x2, 0x1}, {0x1, 0x8}]}, @NL80211_TXRATE_HT={0x6, 0x2, [{0x1, 0x9}, {0x1, 0x6}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x9, 0x4cb, 0x6, 0x3, 0xf, 0x6, 0x7]}}, @NL80211_TXRATE_HT={0x44, 0x2, [{0x1, 0x2}, {0x3, 0x8}, {0x6, 0x9}, {0x6, 0x3}, {0x6, 0x8}, {0x3, 0x8}, {0x2, 0x7}, {0x7, 0x8}, {0x4, 0xa}, {0x6, 0x5}, {0x4, 0x5}, {0x2, 0xa}, {0x6, 0x7}, {0x2, 0x4}, {0x1, 0x4}, {0x5, 0x1}, {0x5, 0x3}, {0x5}, {0x5, 0x3}, {0x2, 0x3}, {0x3, 0x5}, {0x6, 0x4}, {0x2, 0x9}, {0x4, 0x7}, {0x3, 0x7}, {0x3}, {0x2, 0x7}, {0x1, 0x2}, {0x4, 0x2}, {0x2, 0x9}, {0x1}, {0x5, 0x4}, {0x0, 0x1c}, {0x7, 0x4}, {0x2, 0x4}, {0x1, 0xa}, {0x1, 0x2}, {0x2, 0x2}, {0x4, 0x1}, {0x0, 0x4}, {0x1, 0x1}, {0x6, 0x5}, {0x6, 0x7}, {0x6, 0x1}, {0x6, 0x8}, {0x6, 0x4}, {0x1}, {0x2, 0x3}, {0x3, 0x3}, {0x0, 0x3}, {0x4, 0x1}, {0x4, 0x2}, {0x3}, {0x7, 0x1}, {0x1, 0x9}, {0x4, 0x4}, {0x0, 0x7}, {0x4, 0x6}, {0x4, 0x3}, {0x5, 0x7}, {0x1, 0x5}, {0x1, 0x3}, {0x5, 0x1}, {0x1, 0x1}]}]}, @NL80211_BAND_5GHZ={0x54, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_LEGACY={0x1c, 0x1, [0x2, 0x6, 0x9, 0x5, 0x1b, 0x5, 0x16, 0x48, 0x48, 0x6c, 0x4, 0x9, 0x48, 0x4, 0x5, 0x9, 0x2, 0x5f, 0x36, 0x1b, 0x2, 0x3, 0x5, 0x1b]}, @NL80211_TXRATE_LEGACY={0xd, 0x1, [0x3, 0xc, 0x6, 0x18, 0x48, 0x3, 0x3, 0x9, 0x60]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0x9, 0x8000, 0xf, 0xee73, 0xfc01, 0x7, 0xfff7]}}]}, @NL80211_BAND_5GHZ={0x40, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_LEGACY={0x14, 0x1, [0x1b, 0x60, 0x24, 0x4, 0x1, 0x3, 0xb, 0x9, 0x1b, 0x48, 0x1b, 0x24, 0x19, 0x24, 0x1, 0x4]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x7, 0x6, 0x40, 0xfff7, 0xd, 0x7, 0xc933]}}]}, @NL80211_BAND_5GHZ={0x2c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x4, 0xff, 0x20e0, 0x1, 0x2, 0x4, 0x7f, 0x9]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x5, 0x5, 0x7fff, 0x48c3, 0x5400, 0x4, 0x7f]}}]}]}, @NL80211_ATTR_BSS_BASIC_RATES={0x1d, 0x24, [{0x36, 0x1}, {0xc}, {0x5, 0x1}, {0x1b, 0x1}, {0x6c}, {0x6}, {0xb}, {0x4}, {0x4}, {0x6}, {0x6c, 0x1}, {0x44}, {0x24}, {0x12}, {0x48}, {0x2a, 0x1}, {0xb, 0x1}, {0xb, 0x1}, {0x24, 0x1}, {0x1b}, {0x0, 0x1}, {0x18, 0x1}, {0x4}, {0xc}, {0x24, 0x1}]}, @NL80211_ATTR_BSS_BASIC_RATES={0x11, 0x24, [{0xb, 0x1}, {0x4, 0x1}, {0x18, 0x1}, {0x1b, 0x1}, {0x48}, {0x1b, 0x1}, {0x1b}, {0x33, 0x1}, {0x18, 0x1}, {0x9, 0x1}, {0x16, 0x1}, {0x36}, {0x5}]}]}, 0x8a4}, 0x1, 0x0, 0x0, 0x801}, 0x4000040)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x598}, {&(0x7f00000007c0)=""/154, 0x4c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

23.028160763s ago: executing program 0 (id=346):
syz_emit_ethernet(0xae, &(0x7f0000000200)={@link_local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "081f20", 0x78, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96489269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000000000400000126000400"}, {0x18, 0x1, "000000001b00"}]}}}}}}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000300)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{}], 0x1}, 0x0)

22.894071601s ago: executing program 2 (id=347):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10)
connect$inet(r0, 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x40000, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'tunl0\x00'})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000340)='yeah\x00', 0x5)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000080)=[@window, @mss, @window, @window, @sack_perm, @timestamp, @mss, @sack_perm], 0x8)
write$binfmt_elf64(r3, &(0x7f00000006c0)=ANY=[], 0x440)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r3, &(0x7f00000004c0)="3ce2de4d8d957a8de4e490b6cd03b988d4edef164bd3377aa381b5f50b7ca414516489f78cd7208982e9bde22b2b7c1c7606d565477f3db9d2b077283644c0f27ab52a863a42863e06944e40a0b3c5d21c8cbe102e7f726263f28aef1bc12a069063d4c30e8f329fdb36859be727fbef4314161e5fb5f01ae00a2634d5cdecca2089c62e32f4c919886b2b88d237e287318739bec0364caf15889f38a312ef6621c0f21709a4bf2b16274cf933f6ad8fcc9c2024bc1b4713f650e860f93ae93b2361956b3e80c38c5fd29b5c1b5d7ce67edc856a8dc0ba54cee53de9a48c131389426bd06ec7c695add357934fc0321f0d3d7982e4fe5a0039decc491a663afd02facb08dd9695f854c7b031d9af8bd7350897996b5208b23030cc0feb84570730eaf24b9f2ac05d0feb3be07a29f887095f36f3c8f0e77e45509acd14a5be4a1572dd4cd1231087b830fa03e071571d4abd694710ef140469cf6df8a59839aafe046a5bffb97e5247be901789eafd726ba090337a2c49207e6b900c7e982472e6aac70e5d52ca2c1bab47b1f6d00f9601e2281686c21f770ae96e0ffec4b30496d012fa00958f794cdbd721bd155cae87", 0x109e8, 0x805, 0x0, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x49, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000000)={0x40, 0xfff, 0x7, 0x6dc7, 0xd, "6c2f9c57446ac0753ea29922d4f3bfe7ba7352"})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'vlan0\x00', <r4=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x4, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}}, 0x14)

22.074357667s ago: executing program 0 (id=348):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@loopback, 0x0, 0x2b}, 0x0, @in=@broadcast}}, 0xe8)
r1 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4)
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r2, 0x10d, 0xb4, &(0x7f0000000040), 0x0)
sendmsg$key(r1, 0x0, 0x0)
sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
close(r0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="b80000001d0001"], 0xb8}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000006ac0)='cpuacct.stat\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000180), 0xb)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000005, 0x10012, r3, 0x0)
mmap$qrtrtun(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000000, 0x10010, r3, 0x74a)
time(&(0x7f0000000100))

21.765598775s ago: executing program 2 (id=349):
openat$procfs(0xffffffffffffff9c, &(0x7f0000000400)='/proc/bus/input/devices\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x2, 0x0, 0x3, 0x5}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x9})
io_uring_enter(r0, 0x20003d16, 0x80000, 0x0, 0x0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x4)
pipe(&(0x7f0000000300)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = socket(0x40000000015, 0x5, 0x0)
bind$inet(r6, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r6, 0x0, 0x240048c0)
connect$inet6(r6, &(0x7f00000000c0)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1}, 0x1c)
sendmsg$alg(r6, 0x0, 0x0)
sendto$inet6(r5, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
splice(r3, 0x0, r4, 0x0, 0x406f413, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8924, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f00000003c0)="50fe2db973148de2f90ef914cdf8a423c995fa284864289ef8ed0e59d77304e5b1f25bc98404ec112404c50de6df87995cb35812767ae29846655dd9188b3e8891418a6498d93a08e2e525ae0c6e8377c2681a637086edc9110c087ffee6349f045f024c4493e407f95b5568769e747a7b6de46d4b7569f5093c850c50a98862df0072c3e609922c4a157407589f25523d8e591db4b40775a59f7767224684ad08b3f0ee25cddd87847c16b5d550b4ac03b62db172370321d4bcf330115d0fd82a033c35692d9ca437745620689d55ed544c1a81ac976d6207d06a757c3aa9be6912cef27cca6c9d0a82ef9b4420cd5e4d10a260add2074553e6abc71c9ac750b232455105aca91878c9ed0707ff793bf376d8a31bb9822bbd023a8979e2f04759fc99327a8026fc0a5a39fc2c76a292cf75337eda63d959d3029a0c72ba288b25ddc0d47fc0d36fd6296ab48f8607579c65c32da4c204c837b523229d6a2d68c8f23075a010a0c17da0dfbb926f9c4cacf08d78cf2d81587a154154d10984", 0x17f, 0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000006180)={0x2020}, 0x2020)
r7 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r7, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_IP_XFRM_POLICY(r8, 0x0, 0x11, &(0x7f0000005b80)={{{@in=@private, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x800000000, 0x0, 0x0, 0x8}, {}, 0x100, 0x0, 0x0, 0x0, 0x3}, {{@in, 0x1000000, 0x6c}, 0x0, @in6=@dev, 0x0, 0x0, 0x0, 0x4}}, 0xe4)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={{0x14}, [@NFT_MSG_DELRULE={0xf0, 0x8, 0xa, 0x201, 0x0, 0x0, {0x5, 0x0, 0xa}, [@NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x5}, @NFTA_RULE_EXPRESSIONS={0xbc, 0x4, 0x0, 0x1, [{0x80, 0x1, 0x0, 0x1, @counter={{0xc}, @val={0x70, 0x2, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x40}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x2}, @NFTA_COUNTER_PACKETS={0xc}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0xffffffff}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x401}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x743d}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x4}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x5}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x2}]}}}, {0x14, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x4}}}, {0x14, 0x1, 0x0, 0x1, @notrack={{0xc}, @val={0x4, 0x2, 0x0, 0x1, ["", "", "", "", "", "", "", ""]}}}, {0x10, 0x1, 0x0, 0x1, @tproxy={{0xb}, @void}}]}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x3}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWOBJ={0x48, 0x12, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x7}, @NFT_OBJECT_COUNTER=@NFTA_OBJ_DATA={0x34, 0x4, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x7}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x7}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x7}]}}, @NFT_MSG_NEWFLOWTABLE={0x45c, 0x16, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_HOOK={0xc8, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x40, 0x3, 0x0, 0x1, [{0x14, 0x1, 'rose0\x00'}, {0x14, 0x1, 'veth1_to_bond\x00'}, {0x14, 0x1, 'rose0\x00'}]}, @NFTA_FLOWTABLE_HOOK_DEVS={0x7c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth0_to_bond\x00'}, {0x14, 0x1, 'batadv0\x00'}, {0x14}, {0x14, 0x1, 'pim6reg1\x00'}, {0x14, 0x1, 'gre0\x00'}, {0x14, 0x1, 'lo\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x8}]}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_HOOK={0x16c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x800}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x9}, @NFTA_FLOWTABLE_HOOK_DEVS={0xcc, 0x3, 0x0, 0x1, [{0x14, 0x1, 'bond_slave_0\x00'}, {0x14, 0x1, 'bridge_slave_1\x00'}, {0x14, 0x1, 'dvmrp0\x00'}, {0x14, 0x1, 'dummy0\x00'}, {0x14, 0x1, 'caif0\x00'}, {0x14, 0x1, 'wg0\x00'}, {0x14, 0x1, 'ip6gre0\x00'}, {0x14, 0x1, 'macvlan0\x00'}, {0x14, 0x1, 'team0\x00'}, {0x14, 0x1, 'syzkaller0\x00'}]}, @NFTA_FLOWTABLE_HOOK_DEVS={0x7c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'geneve0\x00'}, {0x14, 0x1, 'pim6reg1\x00'}, {0x14, 0x1, 'pimreg0\x00'}, {0x14, 0x1, 'veth1_macvtap\x00'}, {0x14, 0x1, 'gre0\x00'}, {0x14, 0x1, 'vlan0\x00'}]}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x5}, @NFTA_FLOWTABLE_HOOK={0x1d4, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x68, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth0\x00'}, {0x14, 0x1, 'veth1\x00'}, {0x14, 0x1, 'veth1\x00'}, {0x14, 0x1, 'macvlan0\x00'}, {0x14, 0x1, 'pim6reg0\x00'}]}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x74}, @NFTA_FLOWTABLE_HOOK_DEVS={0x4}, @NFTA_FLOWTABLE_HOOK_DEVS={0x7c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth0_vlan\x00'}, {0x14, 0x1, 'pim6reg1\x00'}, {0x14, 0x1, 'hsr0\x00'}, {0x14, 0x1, 'pim6reg\x00'}, {0x14, 0x1, 'virt_wifi0\x00'}, {0x14, 0x1, 'batadv_slave_0\x00'}]}, @NFTA_FLOWTABLE_HOOK_DEVS={0xb8, 0x3, 0x0, 0x1, [{0x14, 0x1, 'sit0\x00'}, {0x14, 0x1, 'rose0\x00'}, {0x14, 0x1, 'batadv0\x00'}, {0x4d, 0x1, 'xfrm0\x00'}, {0x14, 0x1, 'bond_slave_0\x00'}, {0x14, 0x1, 'nicvf0\x00'}, {0x14, 0x1, 'team0\x00'}, {0x14, 0x1, 'veth1_to_team\x00'}, {0x14, 0x1, 'nr0\x00'}]}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x2}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x5bc}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

21.65220677s ago: executing program 0 (id=350):
r0 = socket(0x1f, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000300)=ANY=[], 0xc0)
prlimit64(0x0, 0xf, &(0x7f0000000140)={0x0, 0xffffffffffffffff}, 0x0)
timer_create(0x3, 0x0, &(0x7f0000000200))
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
prlimit64(0x0, 0x0, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x6)
sendmsg$nl_route(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@bridge_delneigh={0x1c, 0x1c, 0x1}, 0x1c}}, 0x0)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000140)={0xc})
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000100)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r2, 0x3ba0, &(0x7f0000000400)={0x48, 0x5, r4, 0x0, 0xffffffffffffffff, 0x1})
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000580)=@newqdisc={0x4c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r1, {0x3}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x9, 0x3, 0x0, 0x6, 0xfffffff6, 0x22}}}}]}, 0x4c}}, 0x0)

13.185151048s ago: executing program 0 (id=352):
mknod(&(0x7f0000000000)='./bus\x00', 0x1000, 0x0)
open(&(0x7f0000000200)='./bus\x00', 0xaa583, 0x1eb)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x2000, &(0x7f00008b6000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = add_key(&(0x7f0000000140)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, 0xffffffffffffffff, 0x8e)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x9, 0x5d032, 0xffffffffffffffff, 0x0)
r4 = userfaultfd(0x801)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r4, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xa, 0x0, 0x0)
syz_usb_connect(0x0, 0x144, &(0x7f00000003c0)={{0x12, 0x1, 0x110, 0x95, 0xc, 0xc6, 0x20, 0x10c4, 0x81a6, 0x294f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x132, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xa1, 0x0, 0x5, 0xfd, 0xab, 0x8f, 0xe1, [], [{{0x9, 0x5, 0x8, 0xc, 0x10, 0x3, 0x3, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x8, 0xfff}, @generic={0xd7, 0x23, "e84ff117fa3c52de2871d37a4ec545f6674624fe42e424af417f4875a2d6cc272292e31cfd54c907ba28af49dee29c94adb42b8320edd111c8ccb84911844ca0dd65d999a0011350b367048c9cbb3efc95fc39f70b4fc689abe10d0914a06bb6c816f60967ea22156f61108536a65316208c441ea0af68296fc5116624c3e30ac47a4e5386c80632d49d3b86c3f4011333245da96d1002447a64ee1ee54900a1ace5b8981c67113f48a37fb263b6f375308757f55b3085fe472313b39a4f879f9cc3892b307d0de2fd1dcb191a2e90d1fee7963d5b"}]}}, {{0x9, 0x5, 0x7, 0x0, 0x20, 0x5, 0x9, 0x10, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x0, 0x6}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x6, 0x4}]}}, {{0x9, 0x5, 0xa, 0x3, 0x200, 0x9, 0x4, 0x5}}, {{0x9, 0x5, 0x1, 0x0, 0x40, 0xf, 0x9, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x5, 0x9}]}}, {{0x9, 0x5, 0xb, 0x10, 0x28, 0x6, 0x9, 0x1}}]}}]}}]}}, &(0x7f0000000380)={0x0, 0x0, 0x5, &(0x7f0000000180)={0x5, 0xf, 0x5}})

3.228463022s ago: executing program 0 (id=356):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000005c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f200011800e000100636f6e6e6c696d69740000000c0002800800014000000000400000000c0a01020000000000000000010000000900020073797a320000000014000380100000800800034000000002040400800900010073797a30"], 0xe4}}, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYRES16=0x0, @ANYRES8=0x0], 0x0)

0s ago: executing program 0 (id=357):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000100)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x3b, 0x44, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e29, 0x41424344, 0x41424344, 0x0, 0x0, 0xc, 0x16, 0x1, 0x0, 0x0, {[@generic={0x8, 0x2}, @mptcp=@remove_addr={0x1e, 0xe, 0x9, 0x0, "1ad97d5086ff932c1b088b"}, @exp_fastopen={0xfe, 0x9, 0xf989, "a2f19f22f5"}]}}}}}}}, 0x0)

kernel console output (not intermixed with test programs):

lready exists on: batadv_slave_1
[  122.935699][ T6342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  122.936987][ T6342] batman_adv: batadv0: Interface activated: batadv_slave_1
[  122.943314][ T6342] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  122.943347][ T6342] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  122.943375][ T6342] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  122.943401][ T6342] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  123.189067][ T6467] bridge0: entered promiscuous mode
[  123.189231][ T6467] vlan2: entered promiscuous mode
[  123.189294][ T6467] vlan2: entered allmulticast mode
[  123.189303][ T6467] bridge0: entered allmulticast mode
[  123.194757][ T6467] bridge0: left allmulticast mode
[  123.194885][ T6467] bridge0: left promiscuous mode
[  123.196066][ T1103] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.196080][ T1103] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.318427][ T1103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.318448][ T1103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.403884][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.403906][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.491147][ T1103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.491173][ T1103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.568314][ T6482] netlink: 'syz.3.154': attribute type 29 has an invalid length.
[  123.569646][ T6482] netlink: 'syz.3.154': attribute type 29 has an invalid length.
[  123.596213][ T6482] netlink: 'syz.3.154': attribute type 29 has an invalid length.
[  123.742096][    T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  123.892062][    T9] usb 2-1: Using ep0 maxpacket: 8
[  123.912321][    T9] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  123.912353][    T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  123.912377][    T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  123.912400][    T9] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  123.912433][    T9] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  123.912456][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.057261][   T54] Bluetooth: hci4: command tx timeout
[  124.133149][    T9] usb 2-1: GET_CAPABILITIES returned 0
[  124.133186][    T9] usbtmc 2-1:16.0: can't read capabilities
[  124.152144][ T5292] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  124.307116][ T5292] usb 5-1: Using ep0 maxpacket: 16
[  124.409325][ T5292] usb 5-1: unable to get BOS descriptor or descriptor too short
[  124.409385][ T5292] usb 5-1: too many configurations: 251, using maximum allowed: 8
[  124.411592][ T5292] usb 5-1: unable to read config index 0 descriptor/start: -71
[  124.411624][ T5292] usb 5-1: can't read configurations, error -71
[  124.416954][ T5229] usb 2-1: USB disconnect, device number 2
[  124.726915][ T5278] usb 1-1: USB disconnect, device number 7
[  125.017353][ T6518] x_tables: duplicate entry at hook 1
[  125.432207][ T6542] netlink: 324 bytes leftover after parsing attributes in process `syz.0.194'.
[  125.522582][ T5278] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  125.715852][ T5278] usb 4-1: New USB device found, idVendor=06cd, idProduct=010c, bcdDevice= a.f0
[  125.731049][ T5278] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.789258][ T5278] usb 4-1: Product: syz
[  125.802953][ T5278] usb 4-1: Manufacturer: syz
[  125.841876][ T5278] usb 4-1: SerialNumber: syz
[  125.892617][ T5278] usb 4-1: config 0 descriptor??
[  125.916820][ T5278] keyspan 4-1:0.0: Keyspan 1 port adapter converter detected
[  126.032326][ T5278] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 84
[  126.064143][ T5278] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 81
[  126.105005][ T5278] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 82
[  126.131282][ T5278] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 1
[  126.159874][ T5278] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 2
[  126.232752][   T29] audit: type=1326 audit(1727814164.593:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6532 comm="syz.3.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49fe37dff9 code=0x7ffc0000
[  126.246504][ T5278] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 83
[  126.254751][    C1] vkms_vblank_simulate: vblank timer overrun
[  126.288300][ T6572] dummy0: entered promiscuous mode
[  126.324006][   T29] audit: type=1326 audit(1727814164.593:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6532 comm="syz.3.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49fe37dff9 code=0x7ffc0000
[  126.328819][ T5278] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 3
[  126.369930][ T6572] dummy0: left promiscuous mode
[  126.422285][   T29] audit: type=1326 audit(1727814164.593:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6532 comm="syz.3.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f49fe37dff9 code=0x7ffc0000
[  126.469522][ T5278] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  126.511922][   T29] audit: type=1326 audit(1727814164.593:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6532 comm="syz.3.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49fe37dff9 code=0x7ffc0000
[  126.533933][    C1] vkms_vblank_simulate: vblank timer overrun
[  126.567207][   T29] audit: type=1326 audit(1727814164.593:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6532 comm="syz.3.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f49fe37dff9 code=0x7ffc0000
[  126.595210][   T29] audit: type=1326 audit(1727814164.593:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6532 comm="syz.3.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49fe37dff9 code=0x7ffc0000
[  126.664093][   T29] audit: type=1326 audit(1727814164.593:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6532 comm="syz.3.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f49fe37dff9 code=0x7ffc0000
[  126.696562][   T29] audit: type=1326 audit(1727814164.593:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6532 comm="syz.3.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49fe37dff9 code=0x7ffc0000
[  126.732319][   T29] audit: type=1326 audit(1727814164.593:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6532 comm="syz.3.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=51 compat=0 ip=0x7f49fe37dff9 code=0x7ffc0000
[  126.760934][   T29] audit: type=1326 audit(1727814164.593:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6532 comm="syz.3.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49fe37dff9 code=0x7ffc0000
[  126.992803][   T25] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  127.071958][    T9] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  127.158549][   T25] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  127.182242][   T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.202043][   T25] usb 2-1: Product: syz
[  127.212333][   T25] usb 2-1: Manufacturer: syz
[  127.223172][   T25] usb 2-1: SerialNumber: syz
[  127.225245][    T9] usb 3-1: config 0 has an invalid interface number: 226 but max is 0
[  127.233667][   T25] usb 2-1: config 0 descriptor??
[  127.248444][    T9] usb 3-1: config 0 has no interface number 0
[  127.265407][    T9] usb 3-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=db.47
[  127.272424][ T5292] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  127.287815][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.297296][    T9] usb 3-1: Product: syz
[  127.301563][    T9] usb 3-1: Manufacturer: syz
[  127.307106][    T9] usb 3-1: SerialNumber: syz
[  127.320722][    T9] usb 3-1: config 0 descriptor??
[  127.349143][    T9] hub 3-1:0.226: bad descriptor, ignoring hub
[  127.363147][    T9] hub 3-1:0.226: probe with driver hub failed with error -5
[  127.388837][    T9] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.226/input/input5
[  127.391392][   T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.445292][ T5292] usb 5-1: config 1 interface 0 has no altsetting 0
[  127.460173][ T5292] usb 5-1: New USB device found, idVendor=0e8f, idProduct=0003, bcdDevice= 0.40
[  127.465436][ T5282] usb 2-1: USB disconnect, device number 3
[  127.483584][ T5292] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.495772][ T5292] usb 5-1: Product: 䀊
[  127.500049][ T5292] usb 5-1: Manufacturer: ⽊ꖣ厑䡫蒄ᨣ윬熯㐟돫뀕塩蹉⽺䞎ඐ쿼첊쇅䣶䆻℟⍖뙁ꏀ粼錷⷟푂狩♃囈昺
[  127.551735][ T5292] usb 5-1: SerialNumber: syz
[  127.609490][   T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.710951][   T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.772919][   T11] bond0: (slave netdevsim0): Releasing backup interface
[  127.785828][   T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.799592][ T6601] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  127.922213][ T5231] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  127.930944][ T5231] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  127.940736][ T5231] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  127.962951][ T5231] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  127.970621][ T5231] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  127.978791][ T5231] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  128.092005][   T11] bridge_slave_1: left allmulticast mode
[  128.097799][   T11] bridge_slave_1: left promiscuous mode
[  128.104331][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  128.116901][   T11] bridge_slave_0: left allmulticast mode
[  128.123095][   T11] bridge_slave_0: left promiscuous mode
[  128.129048][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  128.246702][    T9] usb 4-1: USB disconnect, device number 3
[  128.259749][    T9] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  128.271310][    T9] keyspan 4-1:0.0: device disconnected
[  128.650389][ T5292] usbhid 5-1:1.0: can't add hid device: -71
[  128.657301][ T5292] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  128.689814][ T5292] usb 5-1: USB disconnect, device number 6
[  128.782310][    T9] usb 3-1: USB disconnect, device number 5
[  128.884873][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  128.897459][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  128.908214][   T11] bond0 (unregistering): Released all slaves
[  128.938448][    T8] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  128.946169][ T6623] netlink: 72 bytes leftover after parsing attributes in process `syz.2.210'.
[  129.138378][    T8] usb 2-1: Using ep0 maxpacket: 8
[  129.157587][    T8] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  129.166268][    T8] usb 2-1: config 179 has no interface number 0
[  129.176150][    T8] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  129.187589][    T8] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  129.199345][    T8] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  129.210569][    T8] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  129.222097][    T8] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  129.235384][    T8] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  129.244490][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.278857][ T6619] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  129.379626][ T6611] chnl_net:caif_netlink_parms(): no params data found
[  129.522409][   T11] hsr_slave_0: left promiscuous mode
[  129.528652][   T11] hsr_slave_1: left promiscuous mode
[  129.536989][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  129.558378][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  129.579555][ T5282] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input6
[  129.606398][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  129.638487][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  129.760680][ T5282] usb 2-1: USB disconnect, device number 4
[  129.760752][    C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  129.760897][    C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  129.796278][   T11] veth1_macvtap: left promiscuous mode
[  129.821434][ T5282] xpad 2-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  129.835944][   T11] veth0_macvtap: left promiscuous mode
[  129.851140][   T11] veth1_vlan: left promiscuous mode
[  129.866813][   T11] veth0_vlan: left promiscuous mode
[  130.052137][   T54] Bluetooth: hci3: command tx timeout
[  130.107657][ T5231] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  130.117495][ T5231] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  130.127584][ T5231] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  130.136586][ T5231] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  130.156253][ T5231] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  130.166196][ T5231] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  130.466822][   T11] team0 (unregistering): Port device team_slave_1 removed
[  130.543364][   T11] team0 (unregistering): Port device team_slave_0 removed
[  130.982071][ T5292] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  131.164663][ T5292] usb 2-1: New USB device found, idVendor=06cd, idProduct=010c, bcdDevice= a.f0
[  131.181903][ T5292] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.190028][ T5292] usb 2-1: Product: syz
[  131.200695][ T5292] usb 2-1: Manufacturer: syz
[  131.214355][ T5292] usb 2-1: SerialNumber: syz
[  131.243734][ T5292] usb 2-1: config 0 descriptor??
[  131.263363][ T5292] keyspan 2-1:0.0: Keyspan 1 port adapter converter detected
[  131.273135][ T5292] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 84
[  131.299035][ T5292] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 81
[  131.314428][ T5292] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 82
[  131.333933][ T5292] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 1
[  131.341559][ T5292] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 2
[  131.356215][ T5292] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 83
[  131.376802][ T5292] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 3
[  131.397773][ T5292] usb 2-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  131.490831][ T6681] netlink: 72 bytes leftover after parsing attributes in process `syz.2.221'.
[  131.559379][ T6663] ip6gretap0: entered promiscuous mode
[  131.620254][ T6663] ip6gretap0: left promiscuous mode
[  131.705364][    T8] usb 2-1: USB disconnect, device number 5
[  131.728565][    T8] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  131.759964][ T6611] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.768905][ T6611] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.772759][    T8] keyspan 2-1:0.0: device disconnected
[  131.776880][ T6611] bridge_slave_0: entered allmulticast mode
[  131.788903][ T6611] bridge_slave_0: entered promiscuous mode
[  131.801484][ T6611] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.811655][ T6611] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.819766][ T6611] bridge_slave_1: entered allmulticast mode
[  131.828338][ T6611] bridge_slave_1: entered promiscuous mode
[  131.910985][ T6611] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  131.937748][ T6611] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  132.019046][ T6611] team0: Port device team_slave_0 added
[  132.037101][ T6611] team0: Port device team_slave_1 added
[  132.104640][ T6611] batman_adv: batadv0: Adding interface: batadv_slave_0
[  132.112580][ T6611] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  132.147625][   T54] Bluetooth: hci3: command tx timeout
[  132.155175][ T6611] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  132.168279][ T6611] batman_adv: batadv0: Adding interface: batadv_slave_1
[  132.175612][ T6611] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  132.202517][ T6611] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  132.213383][   T54] Bluetooth: hci2: command tx timeout
[  132.225259][ T6651] chnl_net:caif_netlink_parms(): no params data found
[  132.438449][   T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.590786][ T6611] hsr_slave_0: entered promiscuous mode
[  132.623233][ T6611] hsr_slave_1: entered promiscuous mode
[  132.642663][ T6611] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  132.664419][ T6611] Cannot create hsr debugfs directory
[  132.833231][ T6651] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.852808][ T6651] bridge0: port 1(bridge_slave_0) entered disabled state
[  132.860015][ T6651] bridge_slave_0: entered allmulticast mode
[  132.870165][ T6651] bridge_slave_0: entered promiscuous mode
[  132.939778][   T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.014536][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[  133.020978][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[  133.054249][ T6651] bridge0: port 2(bridge_slave_1) entered blocking state
[  133.061363][ T6651] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.105151][ T6651] bridge_slave_1: entered allmulticast mode
[  133.127404][ T6651] bridge_slave_1: entered promiscuous mode
[  133.230507][   T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.869557][ T5231] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  133.879886][ T5231] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  133.900736][ T5231] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  133.916926][ T5231] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  133.925663][ T5231] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  133.933987][ T5231] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  134.004006][   T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.060843][ T6651] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  134.088665][ T6651] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  134.212343][   T54] Bluetooth: hci3: command tx timeout
[  134.280064][ T6651] team0: Port device team_slave_0 added
[  134.293503][   T54] Bluetooth: hci2: command tx timeout
[  134.385172][ T5231] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  134.413970][ T5231] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  134.423777][ T5231] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  134.431506][ T6651] team0: Port device team_slave_1 added
[  134.443439][ T5231] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  134.459296][ T5231] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  134.467129][ T5231] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  134.613225][   T54] Bluetooth: hci0: command tx timeout
[  134.656208][ T6651] batman_adv: batadv0: Adding interface: batadv_slave_0
[  134.665304][ T6651] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  134.692524][ T6651] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  134.709384][ T6651] batman_adv: batadv0: Adding interface: batadv_slave_1
[  134.725205][ T6651] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  134.751160][    C1] vkms_vblank_simulate: vblank timer overrun
[  134.760253][ T6651] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  134.910356][   T11] bridge_slave_1: left allmulticast mode
[  134.918129][   T11] bridge_slave_1: left promiscuous mode
[  134.924915][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.935482][   T11] bridge_slave_0: left allmulticast mode
[  134.941125][   T11] bridge_slave_0: left promiscuous mode
[  134.947267][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  135.222368][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  135.234184][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  135.247855][   T11] bond0 (unregistering): Released all slaves
[  135.330909][ T6651] hsr_slave_0: entered promiscuous mode
[  135.338159][ T6651] hsr_slave_1: entered promiscuous mode
[  135.344998][ T6651] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  135.352960][ T6651] Cannot create hsr debugfs directory
[  135.411177][ T6611] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  135.460396][ T6611] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  135.494883][ T6611] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  135.511032][ T6611] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  135.560314][ T6739] chnl_net:caif_netlink_parms(): no params data found
[  135.726714][   T11] hsr_slave_0: left promiscuous mode
[  135.747397][   T11] hsr_slave_1: left promiscuous mode
[  135.757529][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  135.766246][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  135.774385][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  135.781951][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  135.798925][   T11] veth1_macvtap: left promiscuous mode
[  135.804750][   T11] veth0_macvtap: left promiscuous mode
[  135.810293][   T11] veth1_vlan: left promiscuous mode
[  135.821162][   T11] veth0_vlan: left promiscuous mode
[  135.974316][   T54] Bluetooth: hci4: command tx timeout
[  136.163528][   T11] team0 (unregistering): Port device team_slave_1 removed
[  136.195278][   T11] team0 (unregistering): Port device team_slave_0 removed
[  136.301993][   T54] Bluetooth: hci3: command tx timeout
[  136.372763][   T54] Bluetooth: hci2: command tx timeout
[  136.532201][   T54] Bluetooth: hci1: command tx timeout
[  136.636386][ T6749] chnl_net:caif_netlink_parms(): no params data found
[  136.674736][ T6739] bridge0: port 1(bridge_slave_0) entered blocking state
[  136.687607][ T6739] bridge0: port 1(bridge_slave_0) entered disabled state
[  136.695579][ T6739] bridge_slave_0: entered allmulticast mode
[  136.702620][ T6739] bridge_slave_0: entered promiscuous mode
[  136.711213][ T6739] bridge0: port 2(bridge_slave_1) entered blocking state
[  136.735825][ T6739] bridge0: port 2(bridge_slave_1) entered disabled state
[  136.751714][ T6739] bridge_slave_1: entered allmulticast mode
[  136.763211][ T6739] bridge_slave_1: entered promiscuous mode
[  137.016158][ T6739] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  137.035091][ T6739] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  137.280962][ T6739] team0: Port device team_slave_0 added
[  137.300397][ T6739] team0: Port device team_slave_1 added
[  137.318523][ T6749] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.340713][ T5231] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  137.342358][ T6749] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.356790][ T6749] bridge_slave_0: entered allmulticast mode
[  137.363500][ T5231] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  137.364008][ T6749] bridge_slave_0: entered promiscuous mode
[  137.377860][ T5231] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  137.387795][ T5231] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  137.411566][ T5231] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  137.421646][ T5231] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  137.431700][ T6749] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.480339][ T6749] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.488589][ T6749] bridge_slave_1: entered allmulticast mode
[  137.510821][ T6749] bridge_slave_1: entered promiscuous mode
[  137.547965][ T6739] batman_adv: batadv0: Adding interface: batadv_slave_0
[  137.566390][ T6739] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  137.602860][ T6739] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  137.617989][ T6739] batman_adv: batadv0: Adding interface: batadv_slave_1
[  137.626265][ T6739] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  137.652148][    C1] vkms_vblank_simulate: vblank timer overrun
[  137.658948][ T6739] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  137.686882][ T6749] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  137.698753][ T6749] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  137.720190][ T6611] 8021q: adding VLAN 0 to HW filter on device bond0
[  137.767714][ T6749] team0: Port device team_slave_0 added
[  137.777487][ T6749] team0: Port device team_slave_1 added
[  137.845558][ T6739] hsr_slave_0: entered promiscuous mode
[  137.853942][ T6739] hsr_slave_1: entered promiscuous mode
[  137.870406][ T6611] 8021q: adding VLAN 0 to HW filter on device team0
[  137.886125][ T6749] batman_adv: batadv0: Adding interface: batadv_slave_0
[  137.897439][ T6749] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  137.938691][ T6749] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  137.991507][ T6651] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  138.019618][ T6749] batman_adv: batadv0: Adding interface: batadv_slave_1
[  138.027174][ T6749] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  138.062104][ T6749] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  138.062822][   T54] Bluetooth: hci4: command tx timeout
[  138.107511][   T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.140757][ T6651] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  138.152389][ T6651] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  138.164827][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[  138.171944][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[  138.219843][   T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.250869][ T6651] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  138.278400][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.285538][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[  138.329565][   T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.407718][ T6749] hsr_slave_0: entered promiscuous mode
[  138.421238][ T6749] hsr_slave_1: entered promiscuous mode
[  138.428636][ T6749] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  138.441944][ T6749] Cannot create hsr debugfs directory
[  138.463420][   T54] Bluetooth: hci2: command tx timeout
[  138.493836][   T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.612224][   T54] Bluetooth: hci1: command tx timeout
[  138.782742][   T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.840364][ T6739] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.865771][ T6804] chnl_net:caif_netlink_parms(): no params data found
[  138.894771][   T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.948847][ T6739] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.994676][   T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.069469][ T6739] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.088793][ T6611] 8021q: adding VLAN 0 to HW filter on device batadv0
[  139.132369][   T12] bond0: (slave netdevsim0): Releasing backup interface
[  139.140875][   T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.184539][ T6739] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.224151][ T6804] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.233177][ T6804] bridge0: port 1(bridge_slave_0) entered disabled state
[  139.240348][ T6804] bridge_slave_0: entered allmulticast mode
[  139.247366][ T6804] bridge_slave_0: entered promiscuous mode
[  139.286286][ T6804] bridge0: port 2(bridge_slave_1) entered blocking state
[  139.293805][ T6804] bridge0: port 2(bridge_slave_1) entered disabled state
[  139.301097][ T6804] bridge_slave_1: entered allmulticast mode
[  139.316305][ T6804] bridge_slave_1: entered promiscuous mode
[  139.413211][ T6804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  139.464691][ T6651] 8021q: adding VLAN 0 to HW filter on device bond0
[  139.482951][ T6804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  139.502875][   T54] Bluetooth: hci0: command tx timeout
[  139.504350][ T6611] veth0_vlan: entered promiscuous mode
[  139.646292][ T6804] team0: Port device team_slave_0 added
[  139.676724][ T6651] 8021q: adding VLAN 0 to HW filter on device team0
[  139.698601][ T6611] veth1_vlan: entered promiscuous mode
[  139.707893][ T6804] team0: Port device team_slave_1 added
[  139.740190][   T12] bridge_slave_1: left allmulticast mode
[  139.749299][   T12] bridge_slave_1: left promiscuous mode
[  139.755478][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  139.764439][   T12] bridge_slave_0: left allmulticast mode
[  139.770080][   T12] bridge_slave_0: left promiscuous mode
[  139.776895][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  139.786555][   T12] bridge_slave_1: left allmulticast mode
[  139.792375][   T12] bridge_slave_1: left promiscuous mode
[  139.798003][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  139.807038][   T12] bridge_slave_0: left allmulticast mode
[  139.813968][   T12] bridge_slave_0: left promiscuous mode
[  139.819685][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  139.828706][   T12] bridge_slave_1: left allmulticast mode
[  139.834994][   T12] bridge_slave_1: left promiscuous mode
[  139.840689][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  139.849954][   T12] bridge_slave_0: left allmulticast mode
[  139.856048][   T12] bridge_slave_0: left promiscuous mode
[  139.861673][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  140.132321][   T54] Bluetooth: hci4: command tx timeout
[  140.466891][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  140.481190][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  140.491672][   T12] bond0 (unregistering): Released all slaves
[  140.581537][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  140.597724][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  140.607901][   T12] bond0 (unregistering): Released all slaves
[  140.693902][   T54] Bluetooth: hci1: command tx timeout
[  140.703110][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  140.714388][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  140.724928][   T12] bond0 (unregistering): Released all slaves
[  140.746718][ T6739] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  140.832438][ T6804] batman_adv: batadv0: Adding interface: batadv_slave_0
[  140.839422][ T6804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  140.866754][ T6804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  140.912663][ T6739] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  140.922873][ T6739] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  140.931904][ T6804] batman_adv: batadv0: Adding interface: batadv_slave_1
[  140.938888][ T6804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  140.967742][ T6804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  140.994651][ T2578] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.001749][ T2578] bridge0: port 1(bridge_slave_0) entered forwarding state
[  141.010268][ T2578] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.017352][ T2578] bridge0: port 2(bridge_slave_1) entered forwarding state
[  141.028122][ T6739] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  141.170587][ T6651] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  141.182661][ T6651] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  141.196817][ T6611] veth0_macvtap: entered promiscuous mode
[  141.213876][ T6804] hsr_slave_0: entered promiscuous mode
[  141.220104][ T6804] hsr_slave_1: entered promiscuous mode
[  141.231645][ T6804] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  141.239447][ T6804] Cannot create hsr debugfs directory
[  141.281212][ T6611] veth1_macvtap: entered promiscuous mode
[  141.383344][ T6611] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  141.399606][ T6611] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  141.411149][ T6611] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  141.425175][ T6611] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  141.435656][ T6611] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  141.451898][ T6611] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  141.463392][ T6611] batman_adv: batadv0: Interface activated: batadv_slave_0
[  141.541078][ T6611] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  141.562563][ T6611] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  141.574798][ T6611] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  141.587000][   T54] Bluetooth: hci0: command tx timeout
[  141.592809][ T6611] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  141.603045][ T6611] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  141.613532][ T6611] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  141.624828][ T6611] batman_adv: batadv0: Interface activated: batadv_slave_1
[  141.683975][ T6611] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  141.701531][ T6611] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  141.711485][ T6611] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  141.721570][ T6611] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  141.753723][ T6651] 8021q: adding VLAN 0 to HW filter on device batadv0
[  141.923687][ T6749] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  141.999506][ T6749] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  142.020878][ T6749] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  142.160622][   T12] hsr_slave_0: left promiscuous mode
[  142.166808][   T12] hsr_slave_1: left promiscuous mode
[  142.180029][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  142.196222][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  142.208506][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  142.220481][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  142.223805][   T54] Bluetooth: hci4: command tx timeout
[  142.238013][   T12] hsr_slave_0: left promiscuous mode
[  142.249740][   T12] hsr_slave_1: left promiscuous mode
[  142.268558][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  142.276562][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  142.297156][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  142.305265][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  142.319004][   T12] hsr_slave_0: left promiscuous mode
[  142.325277][   T12] hsr_slave_1: left promiscuous mode
[  142.331242][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  142.343763][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  142.351737][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  142.370152][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  142.452305][   T12] veth1_macvtap: left promiscuous mode
[  142.457860][   T12] veth0_macvtap: left promiscuous mode
[  142.471975][   T12] veth1_vlan: left promiscuous mode
[  142.477297][   T12] veth0_vlan: left promiscuous mode
[  142.492203][   T12] veth1_macvtap: left promiscuous mode
[  142.497755][   T12] veth0_macvtap: left promiscuous mode
[  142.511966][   T12] veth1_vlan: left promiscuous mode
[  142.517279][   T12] veth0_vlan: left promiscuous mode
[  142.531529][   T12] veth1_macvtap: left promiscuous mode
[  142.538216][   T12] veth0_macvtap: left promiscuous mode
[  142.550123][   T12] veth1_vlan: left promiscuous mode
[  142.556122][   T12] veth0_vlan: left promiscuous mode
[  142.776554][   T54] Bluetooth: hci1: command tx timeout
[  143.066061][   T12] team0 (unregistering): Port device team_slave_1 removed
[  143.100809][   T12] team0 (unregistering): Port device team_slave_0 removed
[  143.656618][   T12] team0 (unregistering): Port device team_slave_1 removed
[  143.663678][   T54] Bluetooth: hci0: command tx timeout
[  143.691769][   T12] team0 (unregistering): Port device team_slave_0 removed
[  144.269915][   T12] team0 (unregistering): Port device team_slave_1 removed
[  144.305405][   T12] team0 (unregistering): Port device team_slave_0 removed
[  144.619543][ T6749] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  144.762103][ T6651] veth0_vlan: entered promiscuous mode
[  144.771263][ T6739] 8021q: adding VLAN 0 to HW filter on device bond0
[  144.772016][ T1051] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  144.797962][ T6651] veth1_vlan: entered promiscuous mode
[  144.808095][ T1051] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  144.878316][ T6739] 8021q: adding VLAN 0 to HW filter on device team0
[  144.939834][ T1103] bridge0: port 1(bridge_slave_0) entered blocking state
[  144.946972][ T1103] bridge0: port 1(bridge_slave_0) entered forwarding state
[  144.979555][ T1103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  145.011212][ T1103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  145.064836][ T5744] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.071991][ T5744] bridge0: port 2(bridge_slave_1) entered forwarding state
[  145.118442][ T6651] veth0_macvtap: entered promiscuous mode
[  145.206573][ T6651] veth1_macvtap: entered promiscuous mode
[  145.220831][ T6651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  145.231778][ T6651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.243539][ T6651] batman_adv: batadv0: Interface activated: batadv_slave_0
[  145.283581][ T6651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  145.297556][ T6651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.310163][ T6651] batman_adv: batadv0: Interface activated: batadv_slave_1
[  145.329861][ T6804] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  145.353728][ T6749] 8021q: adding VLAN 0 to HW filter on device bond0
[  145.372464][ T6651] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  145.381274][ T6651] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  145.391157][ T6651] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  145.407462][ T6651] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  145.430070][ T6804] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  145.446704][ T6804] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  145.464643][ T6804] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  145.548998][ T6749] 8021q: adding VLAN 0 to HW filter on device team0
[  145.610989][ T1103] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.618124][ T1103] bridge0: port 1(bridge_slave_0) entered forwarding state
[  145.637925][   T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  145.648175][   T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  145.662484][ T5278] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  145.665359][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.677149][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  145.698713][ T6739] 8021q: adding VLAN 0 to HW filter on device batadv0
[  145.740531][ T2578] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  145.742704][   T54] Bluetooth: hci0: command tx timeout
[  145.749659][ T2578] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  145.831975][ T5278] usb 1-1: Using ep0 maxpacket: 8
[  145.839613][ T5278] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  145.849870][ T5278] usb 1-1: config 179 has no interface number 0
[  145.865125][ T5278] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 64, changing to 10
[  145.892446][ T5278] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 1029, setting to 1024
[  145.913572][ T5278] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  145.938019][ T5278] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[  145.971426][ T6804] 8021q: adding VLAN 0 to HW filter on device bond0
[  145.988396][ T5278] usb 1-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  146.013980][ T6739] veth0_vlan: entered promiscuous mode
[  146.030989][ T5278] usb 1-1: config 179 interface 65 has no altsetting 0
[  146.047762][ T6804] 8021q: adding VLAN 0 to HW filter on device team0
[  146.057165][ T5278] usb 1-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  146.078681][ T6739] veth1_vlan: entered promiscuous mode
[  146.086913][ T5278] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.119590][ T6900] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  146.138610][ T2578] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.145762][ T2578] bridge0: port 1(bridge_slave_0) entered forwarding state
[  146.158866][ T5278] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input7
[  146.199922][ T5744] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.207081][ T5744] bridge0: port 2(bridge_slave_1) entered forwarding state
[  146.297338][ T6749] 8021q: adding VLAN 0 to HW filter on device batadv0
[  146.389031][ T5278] usb 1-1: USB disconnect, device number 8
[  146.394110][ T6739] veth0_macvtap: entered promiscuous mode
[  146.394932][    C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  146.422936][ T5278] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  146.425508][ T6739] veth1_macvtap: entered promiscuous mode
[  146.554340][ T6739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  146.573265][ T6739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  146.583350][ T6739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  146.595114][ T6739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  146.607104][ T6739] batman_adv: batadv0: Interface activated: batadv_slave_0
[  146.649520][ T6749] veth0_vlan: entered promiscuous mode
[  146.668928][ T6739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  146.687856][ T6739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  146.700106][ T6739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  146.710887][ T6739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  146.728687][ T6739] batman_adv: batadv0: Interface activated: batadv_slave_1
[  146.751325][ T6739] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  146.767633][ T6739] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  146.789394][ T6739] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  146.798894][ T6739] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  146.815741][ T6749] veth1_vlan: entered promiscuous mode
[  146.832924][ T6804] 8021q: adding VLAN 0 to HW filter on device batadv0
[  146.908980][ T6804] veth0_vlan: entered promiscuous mode
[  146.921256][ T6804] veth1_vlan: entered promiscuous mode
[  147.047735][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  147.064347][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  147.142894][ T6749] veth0_macvtap: entered promiscuous mode
[  147.167288][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  147.172783][ T6804] veth0_macvtap: entered promiscuous mode
[  147.194484][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  147.217865][ T6749] veth1_macvtap: entered promiscuous mode
[  147.274962][ T6804] veth1_macvtap: entered promiscuous mode
[  147.281619][ T6928] netlink: 4 bytes leftover after parsing attributes in process `syz.3.243'.
[  147.318044][ T6804] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  147.344724][ T6804] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.354903][ T6804] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  147.370413][ T6804] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.385876][ T6804] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  147.396887][ T6804] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.409844][ T6804] batman_adv: batadv0: Interface activated: batadv_slave_0
[  147.429674][ T6749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  147.441146][ T6749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.456764][ T6749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  147.467641][ T6749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.478076][ T6749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  147.489175][ T6749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.500588][ T6749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  147.517683][ T6749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.529775][ T6749] batman_adv: batadv0: Interface activated: batadv_slave_0
[  147.544305][ T6934] netlink: 72 bytes leftover after parsing attributes in process `syz.2.230'.
[  147.598058][ T6804] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  147.618972][ T6804] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.644364][ T6804] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  147.667613][ T6804] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.684913][ T6804] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  147.707081][ T6804] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.725629][ T6804] batman_adv: batadv0: Interface activated: batadv_slave_1
[  147.737959][ T6804] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  147.747268][ T6804] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  147.758290][ T6804] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  147.771941][ T6804] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  147.789038][ T6950] FAULT_INJECTION: forcing a failure.
[  147.789038][ T6950] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  147.814700][ T6749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  147.822776][ T6952] FAULT_INJECTION: forcing a failure.
[  147.822776][ T6952] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  147.832927][ T6749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.838342][ T6952] CPU: 1 UID: 0 PID: 6952 Comm: syz.2.247 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0
[  147.858574][ T6952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  147.860338][ T6749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  147.868804][ T6952] Call Trace:
[  147.868820][ T6952]  <TASK>
[  147.868830][ T6952]  dump_stack_lvl+0x241/0x360
[  147.890204][ T6952]  ? __pfx_dump_stack_lvl+0x10/0x10
[  147.895412][ T6952]  ? __pfx__printk+0x10/0x10
[  147.900008][ T6952]  ? __pfx_lock_release+0x10/0x10
[  147.905044][ T6952]  should_fail_ex+0x3b0/0x4e0
[  147.909730][ T6952]  _copy_from_user+0x2f/0xe0
[  147.914325][ T6952]  copy_msghdr_from_user+0xae/0x680
[  147.919526][ T6952]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  147.925346][ T6952]  __sys_sendmsg+0x22d/0x380
[  147.929939][ T6952]  ? __pfx___sys_sendmsg+0x10/0x10
[  147.935053][ T6952]  ? __pfx_vfs_write+0x10/0x10
[  147.939825][ T6952]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  147.946155][ T6952]  ? do_syscall_64+0x100/0x230
[  147.950919][ T6952]  ? do_syscall_64+0xb6/0x230
[  147.955593][ T6952]  do_syscall_64+0xf3/0x230
[  147.960091][ T6952]  ? clear_bhb_loop+0x35/0x90
[  147.964762][ T6952]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.970692][ T6952] RIP: 0033:0x7fb5ea77dff9
[  147.975106][ T6952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  147.994708][ T6952] RSP: 002b:00007fb5eb61d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  148.003126][ T6952] RAX: ffffffffffffffda RBX: 00007fb5ea935f80 RCX: 00007fb5ea77dff9
[  148.011088][ T6952] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[  148.019048][ T6952] RBP: 00007fb5eb61d090 R08: 0000000000000000 R09: 0000000000000000
[  148.027017][ T6952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  148.034983][ T6952] R13: 0000000000000000 R14: 00007fb5ea935f80 R15: 00007fb5eaa5fa28
[  148.042957][ T6952]  </TASK>
[  148.046003][    C1] vkms_vblank_simulate: vblank timer overrun
[  148.054236][ T6749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  148.066775][ T6950] CPU: 0 UID: 0 PID: 6950 Comm: syz.3.246 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0
[  148.067438][ T6749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  148.077367][ T6950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  148.077381][ T6950] Call Trace:
[  148.077389][ T6950]  <TASK>
[  148.077398][ T6950]  dump_stack_lvl+0x241/0x360
[  148.077424][ T6950]  ? __pfx_dump_stack_lvl+0x10/0x10
[  148.077441][ T6950]  ? __pfx__printk+0x10/0x10
[  148.077468][ T6950]  ? __pfx_lock_release+0x10/0x10
[  148.099501][ T6749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  148.101180][ T6950]  should_fail_ex+0x3b0/0x4e0
[  148.104163][ T6749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  148.108742][ T6950]  _copy_from_user+0x2f/0xe0
[  148.108770][ T6950]  copy_msghdr_from_user+0xae/0x680
[  148.114011][ T6749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  148.118502][ T6950]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  148.124760][ T6749] batman_adv: batadv0: Interface activated: batadv_slave_1
[  148.133361][ T6950]  __sys_sendmsg+0x22d/0x380
[  148.133391][ T6950]  ? __pfx___sys_sendmsg+0x10/0x10
[  148.133422][ T6950]  ? __pfx_vfs_write+0x10/0x10
[  148.133465][ T6950]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  148.133493][ T6950]  ? do_syscall_64+0x100/0x230
[  148.133516][ T6950]  ? do_syscall_64+0xb6/0x230
[  148.133537][ T6950]  do_syscall_64+0xf3/0x230
[  148.133555][ T6950]  ? clear_bhb_loop+0x35/0x90
[  148.133576][ T6950]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.133600][ T6950] RIP: 0033:0x7f39f837dff9
[  148.133618][ T6950] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  148.133635][ T6950] RSP: 002b:00007f39f920d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  148.133656][ T6950] RAX: ffffffffffffffda RBX: 00007f39f8535f80 RCX: 00007f39f837dff9
[  148.133671][ T6950] RDX: 0000000000000000 RSI: 00000000200006c0 RDI: 0000000000000005
[  148.133684][ T6950] RBP: 00007f39f920d090 R08: 0000000000000000 R09: 0000000000000000
[  148.133696][ T6950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  148.133709][ T6950] R13: 0000000000000000 R14: 00007f39f8535f80 R15: 00007f39f865fa28
[  148.133736][ T6950]  </TASK>
[  148.309806][ T6749] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  148.318763][ T6749] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  148.327731][ T6749] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  148.336779][ T6749] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  148.466287][ T6962] capability: warning: `syz.3.252' uses deprecated v2 capabilities in a way that may be insecure
[  148.503085][ T6962] FAULT_INJECTION: forcing a failure.
[  148.503085][ T6962] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  148.534502][ T6962] CPU: 1 UID: 0 PID: 6962 Comm: syz.3.252 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0
[  148.545138][ T6962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  148.555210][ T6962] Call Trace:
[  148.558504][ T6962]  <TASK>
[  148.561453][ T6962]  dump_stack_lvl+0x241/0x360
[  148.566158][ T6962]  ? __pfx_dump_stack_lvl+0x10/0x10
[  148.571388][ T6962]  ? __pfx__printk+0x10/0x10
[  148.576009][ T6962]  ? __pfx_lock_release+0x10/0x10
[  148.581059][ T6962]  ? __lock_acquire+0x1384/0x2050
[  148.586126][ T6962]  should_fail_ex+0x3b0/0x4e0
[  148.590828][ T6962]  _copy_from_user+0x2f/0xe0
[  148.595462][ T6962]  sk_setsockopt+0x2d4/0x33b0
[  148.600130][ T6962]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  148.605485][ T6962]  ? __pfx_sk_setsockopt+0x10/0x10
[  148.610585][ T6962]  ? __pfx___might_resched+0x10/0x10
[  148.615858][ T6962]  ? __lock_acquire+0x1384/0x2050
[  148.620878][ T6962]  udp_lib_setsockopt+0x11d/0xc10
[  148.625897][ T6962]  ? __pfx_udp_lib_setsockopt+0x10/0x10
[  148.631430][ T6962]  ? __pfx_aa_sk_perm+0x10/0x10
[  148.636286][ T6962]  ? __pfx_lock_acquire+0x10/0x10
[  148.641328][ T6962]  udpv6_setsockopt+0x73/0xb0
[  148.645995][ T6962]  ? __pfx_udp_v6_push_pending_frames+0x10/0x10
[  148.652225][ T6962]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  148.658108][ T6962]  do_sock_setsockopt+0x3af/0x720
[  148.663119][ T6962]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  148.668642][ T6962]  ? __fget_files+0x29/0x470
[  148.673218][ T6962]  ? __fget_files+0x3f3/0x470
[  148.677880][ T6962]  ? __fget_files+0x29/0x470
[  148.682474][ T6962]  __sys_setsockopt+0x1a2/0x250
[  148.687345][ T6962]  __x64_sys_setsockopt+0xb5/0xd0
[  148.692375][ T6962]  do_syscall_64+0xf3/0x230
[  148.696872][ T6962]  ? clear_bhb_loop+0x35/0x90
[  148.701533][ T6962]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.707414][ T6962] RIP: 0033:0x7f39f837dff9
[  148.711824][ T6962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  148.731430][ T6962] RSP: 002b:00007f39f920d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  148.739845][ T6962] RAX: ffffffffffffffda RBX: 00007f39f8535f80 RCX: 00007f39f837dff9
[  148.747923][ T6962] RDX: 000000000000003e RSI: 0000000000000001 RDI: 0000000000000003
[  148.755887][ T6962] RBP: 00007f39f920d090 R08: 0000000000000008 R09: 0000000000000000
[  148.763841][ T6962] R10: 0000000020000180 R11: 0000000000000246 R12: 0000000000000001
[  148.771802][ T6962] R13: 0000000000000000 R14: 00007f39f8535f80 R15: 00007f39f865fa28
[  148.779789][ T6962]  </TASK>
[  148.782849][    C1] vkms_vblank_simulate: vblank timer overrun
[  148.808059][ T2578] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  148.848601][ T2578] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  148.909053][   T78] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.921919][ T5229] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  148.941368][ T6964] netlink: 72 bytes leftover after parsing attributes in process `syz.3.253'.
[  148.973800][ T1103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  148.996329][ T1103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  149.019451][   T78] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.071379][ T2578] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  149.081938][ T5229] usb 3-1: Using ep0 maxpacket: 16
[  149.098058][ T5229] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  149.106300][ T2578] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  149.129509][ T5229] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  149.160110][ T5229] usb 3-1: New USB device found, idVendor=1770, idProduct=ff00, bcdDevice= 0.00
[  149.164770][   T78] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.193827][ T5229] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  149.223007][ T5229] usb 3-1: config 0 descriptor??
[  149.290546][   T78] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.355892][ T1051] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  149.384226][ T1051] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  149.446166][ T6973] FAULT_INJECTION: forcing a failure.
[  149.446166][ T6973] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  149.494096][ T6973] CPU: 1 UID: 0 PID: 6973 Comm: syz.1.257 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0
[  149.504728][ T6973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  149.514875][ T6973] Call Trace:
[  149.518174][ T6973]  <TASK>
[  149.521122][ T6973]  dump_stack_lvl+0x241/0x360
[  149.525835][ T6973]  ? __pfx_dump_stack_lvl+0x10/0x10
[  149.531059][ T6973]  ? __pfx__printk+0x10/0x10
[  149.535679][ T6973]  ? __pfx_lock_release+0x10/0x10
[  149.540743][ T6973]  should_fail_ex+0x3b0/0x4e0
[  149.545449][ T6973]  _copy_from_user+0x2f/0xe0
[  149.550065][ T6973]  __sys_bpf+0x1a4/0x810
[  149.554334][ T6973]  ? __pfx___sys_bpf+0x10/0x10
[  149.559129][ T6973]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  149.565133][ T6973]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  149.571489][ T6973]  ? do_syscall_64+0x100/0x230
[  149.573660][ T5231] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  149.576255][ T6973]  __x64_sys_bpf+0x7c/0x90
[  149.585632][ T5231] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  149.587693][ T6973]  do_syscall_64+0xf3/0x230
[  149.587719][ T6973]  ? clear_bhb_loop+0x35/0x90
[  149.595930][ T5231] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  149.599104][ T6973]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.616604][ T6973] RIP: 0033:0x7f711cf7dff9
[  149.621015][ T6973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  149.640627][ T6973] RSP: 002b:00007f711de59038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  149.649056][ T6973] RAX: ffffffffffffffda RBX: 00007f711d135f80 RCX: 00007f711cf7dff9
[  149.657119][ T6973] RDX: 0000000000000014 RSI: 0000000020000100 RDI: 000000000000001c
[  149.665090][ T6973] RBP: 00007f711de59090 R08: 0000000000000000 R09: 0000000000000000
[  149.673058][ T6973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  149.681023][ T6973] R13: 0000000000000000 R14: 00007f711d135f80 R15: 00007f711d25fa28
[  149.689000][ T6973]  </TASK>
[  149.692123][    C1] vkms_vblank_simulate: vblank timer overrun
[  149.713292][ T5231] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  149.722050][ T5229] gt683r_led 0003:1770:FF00.0002: unknown main item tag 0x0
[  149.725826][ T5231] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  149.737300][ T5231] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  149.745166][ T5229] gt683r_led 0003:1770:FF00.0002: hidraw0: USB HID v0.00 Device [HID 1770:ff00] on usb-dummy_hcd.2-1/input0
[  149.806148][   T78] bridge_slave_1: left allmulticast mode
[  149.814036][   T78] bridge_slave_1: left promiscuous mode
[  149.844404][   T78] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.844837][   T29] kauditd_printk_skb: 5 callbacks suppressed
[  149.844850][   T29] audit: type=1800 audit(1727814188.203:21): pid=6979 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.259" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  149.883538][   T78] bridge_slave_0: left allmulticast mode
[  149.896282][   T78] bridge_slave_0: left promiscuous mode
[  149.902355][   T78] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.916798][ T6960] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  149.961433][ T6960] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  150.011560][ T5282] usb 3-1: USB disconnect, device number 6
[  150.027815][ T5281] gt683r_led 0003:1770:FF00.0002: failed to send set report request: -19
[  150.075009][   T29] audit: type=1800 audit(1727814188.433:22): pid=6989 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.261" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  150.188745][ T6989] FAULT_INJECTION: forcing a failure.
[  150.188745][ T6989] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  150.219486][ T6989] CPU: 0 UID: 0 PID: 6989 Comm: syz.1.261 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0
[  150.230125][ T6989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  150.240198][ T6989] Call Trace:
[  150.243489][ T6989]  <TASK>
[  150.246431][ T6989]  dump_stack_lvl+0x241/0x360
[  150.251137][ T6989]  ? __pfx_dump_stack_lvl+0x10/0x10
[  150.256356][ T6989]  ? __pfx__printk+0x10/0x10
[  150.260977][ T6989]  ? __pfx_lock_release+0x10/0x10
[  150.266038][ T6989]  should_fail_ex+0x3b0/0x4e0
[  150.270750][ T6989]  _copy_to_user+0x2f/0xb0
[  150.275191][ T6989]  __se_sys_shmctl+0x556/0x660
[  150.279974][ T6989]  ? __mutex_unlock_slowpath+0x21d/0x750
[  150.285611][ T6989]  ? __pfx___se_sys_shmctl+0x10/0x10
[  150.290908][ T6989]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  150.296897][ T6989]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  150.303228][ T6989]  ? do_syscall_64+0x100/0x230
[  150.307988][ T6989]  ? do_syscall_64+0xb6/0x230
[  150.312660][ T6989]  do_syscall_64+0xf3/0x230
[  150.317158][ T6989]  ? clear_bhb_loop+0x35/0x90
[  150.321840][ T6989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.327736][ T6989] RIP: 0033:0x7f711cf7dff9
[  150.332147][ T6989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  150.351751][ T6989] RSP: 002b:00007f711de59038 EFLAGS: 00000246 ORIG_RAX: 000000000000001f
[  150.360162][ T6989] RAX: ffffffffffffffda RBX: 00007f711d135f80 RCX: 00007f711cf7dff9
[  150.368125][ T6989] RDX: 0000000020000900 RSI: 000000000000000e RDI: 0000000000000000
[  150.376088][ T6989] RBP: 00007f711de59090 R08: 0000000000000000 R09: 0000000000000000
[  150.384051][ T6989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  150.392013][ T6989] R13: 0000000000000000 R14: 00007f711d135f80 R15: 00007f711d25fa28
[  150.399984][ T6989]  </TASK>
[  150.739802][ T7007] FAULT_INJECTION: forcing a failure.
[  150.739802][ T7007] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  150.756636][ T7007] CPU: 0 UID: 0 PID: 7007 Comm: syz.1.269 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0
[  150.767255][ T7007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  150.777309][ T7007] Call Trace:
[  150.780581][ T7007]  <TASK>
[  150.783506][ T7007]  dump_stack_lvl+0x241/0x360
[  150.788194][ T7007]  ? __pfx_dump_stack_lvl+0x10/0x10
[  150.793396][ T7007]  ? __pfx__printk+0x10/0x10
[  150.797989][ T7007]  ? __pfx_lock_release+0x10/0x10
[  150.803016][ T7007]  should_fail_ex+0x3b0/0x4e0
[  150.807694][ T7007]  _copy_from_user+0x2f/0xe0
[  150.812282][ T7007]  copy_msghdr_from_user+0xae/0x680
[  150.817483][ T7007]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  150.823301][ T7007]  __sys_sendmsg+0x22d/0x380
[  150.827891][ T7007]  ? __pfx___sys_sendmsg+0x10/0x10
[  150.833010][ T7007]  ? __pfx_vfs_write+0x10/0x10
[  150.837782][ T7007]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  150.844114][ T7007]  ? do_syscall_64+0x100/0x230
[  150.848880][ T7007]  ? do_syscall_64+0xb6/0x230
[  150.853567][ T7007]  do_syscall_64+0xf3/0x230
[  150.858082][ T7007]  ? clear_bhb_loop+0x35/0x90
[  150.862757][ T7007]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.868647][ T7007] RIP: 0033:0x7f711cf7dff9
[  150.873059][ T7007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  150.892660][ T7007] RSP: 002b:00007f711de59038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  150.901072][ T7007] RAX: ffffffffffffffda RBX: 00007f711d135f80 RCX: 00007f711cf7dff9
[  150.909038][ T7007] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  150.916999][ T7007] RBP: 00007f711de59090 R08: 0000000000000000 R09: 0000000000000000
[  150.924962][ T7007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  150.932926][ T7007] R13: 0000000000000000 R14: 00007f711d135f80 R15: 00007f711d25fa28
[  150.940908][ T7007]  </TASK>
[  151.050899][ T7013] netlink: 12 bytes leftover after parsing attributes in process `syz.1.271'.
[  151.116822][   T78] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  151.128009][   T78] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  151.138464][   T78] bond0 (unregistering): Released all slaves
[  151.665263][   T78] hsr_slave_0: left promiscuous mode
[  151.672546][   T78] hsr_slave_1: left promiscuous mode
[  151.694277][   T78] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  151.703616][   T78] batman_adv: batadv0: Removing interface: batadv_slave_0
[  151.732739][   T78] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  151.740211][   T78] batman_adv: batadv0: Removing interface: batadv_slave_1
[  151.776942][   T78] veth1_macvtap: left promiscuous mode
[  151.796155][   T78] veth0_macvtap: left promiscuous mode
[  151.801837][   T78] veth1_vlan: left promiscuous mode
[  151.814023][ T5231] Bluetooth: hci3: command tx timeout
[  151.819674][   T78] veth0_vlan: left promiscuous mode
[  152.021994][   T46] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  152.069714][   T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  152.078395][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  152.095425][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  152.104132][   T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  152.125858][   T54] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  152.142366][   T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  152.192630][   T46] usb 3-1: Using ep0 maxpacket: 8
[  152.208239][   T46] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  152.230767][   T46] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  152.271850][   T46] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  152.307644][   T46] usb 3-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00
[  152.317215][   T46] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  152.358533][   T46] usb 3-1: config 0 descriptor??
[  152.609643][   T78] team0 (unregistering): Port device team_slave_1 removed
[  152.651077][   T78] team0 (unregistering): Port device team_slave_0 removed
[  152.781553][   T46] hid-picolcd 0003:04D8:C002.0003: unknown main item tag 0x0
[  152.789289][   T46] hid-picolcd 0003:04D8:C002.0003: unknown main item tag 0x0
[  152.863129][   T46] hid-picolcd 0003:04D8:C002.0003: No report with id 0x11 found
[  152.990406][ T5281] usb 3-1: USB disconnect, device number 7
[  153.260879][ T6977] chnl_net:caif_netlink_parms(): no params data found
[  153.709137][ T7047] chnl_net:caif_netlink_parms(): no params data found
[  153.903075][ T6977] bridge0: port 1(bridge_slave_0) entered blocking state
[  153.910322][ T5231] Bluetooth: hci3: command tx timeout
[  153.928043][ T6977] bridge0: port 1(bridge_slave_0) entered disabled state
[  153.938079][ T6977] bridge_slave_0: entered allmulticast mode
[  153.945335][ T6977] bridge_slave_0: entered promiscuous mode
[  153.953744][ T6977] bridge0: port 2(bridge_slave_1) entered blocking state
[  153.960916][ T6977] bridge0: port 2(bridge_slave_1) entered disabled state
[  153.970036][ T6977] bridge_slave_1: entered allmulticast mode
[  153.980254][ T6977] bridge_slave_1: entered promiscuous mode
[  154.121205][ T7082] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  154.207445][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  154.222822][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  154.223342][ T5230] Bluetooth: hci2: command tx timeout
[  154.242046][ T5230] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  154.258490][ T5230] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  154.266495][ T5230] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  154.275396][ T5230] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  154.279920][ T6977] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  154.306850][ T6977] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  154.416355][   T78] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.556552][   T78] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.613242][ T6977] team0: Port device team_slave_0 added
[  154.635484][ T7047] bridge0: port 1(bridge_slave_0) entered blocking state
[  154.645471][ T7047] bridge0: port 1(bridge_slave_0) entered disabled state
[  154.653384][ T7047] bridge_slave_0: entered allmulticast mode
[  154.671962][ T7047] bridge_slave_0: entered promiscuous mode
[  154.681689][ T6977] team0: Port device team_slave_1 added
[  154.709770][   T78] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.735013][ T7099] kvm: emulating exchange as write
[  154.735137][ T7047] bridge0: port 2(bridge_slave_1) entered blocking state
[  154.748607][ T7047] bridge0: port 2(bridge_slave_1) entered disabled state
[  154.757746][ T7047] bridge_slave_1: entered allmulticast mode
[  154.765812][ T7047] bridge_slave_1: entered promiscuous mode
[  154.839523][   T78] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.867116][ T7047] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  154.876987][ T6977] batman_adv: batadv0: Adding interface: batadv_slave_0
[  154.891911][ T6977] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  154.892253][   T46] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  154.955779][ T6977] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  154.969284][ T6977] batman_adv: batadv0: Adding interface: batadv_slave_1
[  154.977574][ T6977] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  155.004859][ T6977] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  155.022227][ T7047] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  155.044061][ T7104] netlink: 72 bytes leftover after parsing attributes in process `syz.1.292'.
[  155.085867][   T46] usb 3-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4
[  155.105938][   T46] usb 3-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0
[  155.121912][   T46] usb 3-1: Manufacturer: syz
[  155.132899][   T46] usb 3-1: config 0 descriptor??
[  155.196013][ T7047] team0: Port device team_slave_0 added
[  155.229398][ T7047] team0: Port device team_slave_1 added
[  155.273178][ T6977] hsr_slave_0: entered promiscuous mode
[  155.288825][ T6977] hsr_slave_1: entered promiscuous mode
[  155.292900][ T7116] FAULT_INJECTION: forcing a failure.
[  155.292900][ T7116] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  155.310995][ T7116] CPU: 0 UID: 0 PID: 7116 Comm: syz.1.294 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0
[  155.321613][ T7116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  155.331687][ T7116] Call Trace:
[  155.334984][ T7116]  <TASK>
[  155.337930][ T7116]  dump_stack_lvl+0x241/0x360
[  155.342632][ T7116]  ? __pfx_dump_stack_lvl+0x10/0x10
[  155.347849][ T7116]  ? __pfx__printk+0x10/0x10
[  155.352471][ T7116]  ? snprintf+0xda/0x120
[  155.356747][ T7116]  should_fail_ex+0x3b0/0x4e0
[  155.361452][ T7116]  _copy_to_user+0x2f/0xb0
[  155.365900][ T7116]  simple_read_from_buffer+0xca/0x150
[  155.371302][ T7116]  proc_fail_nth_read+0x1e9/0x250
[  155.376358][ T7116]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  155.381930][ T7116]  ? rw_verify_area+0x55e/0x6f0
[  155.386804][ T7116]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  155.392382][ T7116]  vfs_read+0x201/0xbc0
[  155.396560][ T7116]  ? __pfx_lock_release+0x10/0x10
[  155.401593][ T7116]  ? __pfx_vfs_read+0x10/0x10
[  155.406274][ T7116]  ? __fget_files+0x3f3/0x470
[  155.410958][ T7116]  ? fdget_pos+0x24e/0x320
[  155.415388][ T7116]  ksys_read+0x183/0x2b0
[  155.419638][ T7116]  ? __pfx_ksys_read+0x10/0x10
[  155.424416][ T7116]  do_syscall_64+0xf3/0x230
[  155.428928][ T7116]  ? clear_bhb_loop+0x35/0x90
[  155.433603][ T7116]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.439505][ T7116] RIP: 0033:0x7f711cf7ca3c
[  155.443946][ T7116] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  155.463552][ T7116] RSP: 002b:00007f711de59030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  155.471983][ T7116] RAX: ffffffffffffffda RBX: 00007f711d135f80 RCX: 00007f711cf7ca3c
[  155.479949][ T7116] RDX: 000000000000000f RSI: 00007f711de590a0 RDI: 0000000000000004
[  155.487914][ T7116] RBP: 00007f711de59090 R08: 0000000000000000 R09: 0000000000000000
[  155.495877][ T7116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  155.503843][ T7116] R13: 0000000000000000 R14: 00007f711d135f80 R15: 00007f711d25fa28
[  155.511910][ T7116]  </TASK>
[  155.521750][ T6977] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  155.560542][   T46] gs_usb 3-1:0.0: Couldn't get device config: (err=-71)
[  155.562176][ T6977] Cannot create hsr debugfs directory
[  155.567677][   T46] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -71
[  155.632143][   T46] usb 3-1: USB disconnect, device number 8
[  155.778365][ T7128] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  155.791038][ T7047] batman_adv: batadv0: Adding interface: batadv_slave_0
[  155.798595][ T7047] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  155.827093][ T7047] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  155.886329][ T7047] batman_adv: batadv0: Adding interface: batadv_slave_1
[  155.898550][ T7047] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  155.926483][ T7047] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  155.972951][ T5230] Bluetooth: hci3: command tx timeout
[  156.017780][ T7093] chnl_net:caif_netlink_parms(): no params data found
[  156.057094][ T7047] hsr_slave_0: entered promiscuous mode
[  156.063726][ T7047] hsr_slave_1: entered promiscuous mode
[  156.069662][ T7047] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  156.077806][ T7047] Cannot create hsr debugfs directory
[  156.092193][   T46] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  156.116042][   T78] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.210843][   T78] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.262091][   T46] usb 2-1: Using ep0 maxpacket: 16
[  156.273946][   T46] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  156.285125][   T46] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  156.295057][ T5230] Bluetooth: hci2: command tx timeout
[  156.300857][   T46] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  156.314816][   T46] usb 2-1: New USB device found, idVendor=056a, idProduct=2a22, bcdDevice=32.49
[  156.324451][   T46] usb 2-1: New USB device strings: Mfr=132, Product=0, SerialNumber=0
[  156.335848][   T46] usb 2-1: Manufacturer: syz
[  156.345855][   T46] usb 2-1: config 0 descriptor??
[  156.370481][   T78] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.381991][ T5230] Bluetooth: hci0: command tx timeout
[  156.403782][ T7093] bridge0: port 1(bridge_slave_0) entered blocking state
[  156.410890][ T7093] bridge0: port 1(bridge_slave_0) entered disabled state
[  156.421367][ T7093] bridge_slave_0: entered allmulticast mode
[  156.434563][ T7093] bridge_slave_0: entered promiscuous mode
[  156.519891][   T78] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.541429][ T7093] bridge0: port 2(bridge_slave_1) entered blocking state
[  156.550912][ T7093] bridge0: port 2(bridge_slave_1) entered disabled state
[  156.580293][ T7093] bridge_slave_1: entered allmulticast mode
[  156.582170][   T46] usbhid 2-1:0.0: can't add hid device: -71
[  156.598522][ T7093] bridge_slave_1: entered promiscuous mode
[  156.602151][   T46] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  156.645351][   T46] usb 2-1: USB disconnect, device number 6
[  156.738915][ T7093] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  156.786902][ T7093] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  157.029886][ T7093] team0: Port device team_slave_0 added
[  157.053321][ T7093] team0: Port device team_slave_1 added
[  157.265081][ T7093] batman_adv: batadv0: Adding interface: batadv_slave_0
[  157.272411][ T7093] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  157.336254][ T7093] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  157.350714][   T78] bridge_slave_1: left allmulticast mode
[  157.357836][   T78] bridge_slave_1: left promiscuous mode
[  157.363762][   T78] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.374022][   T78] bridge_slave_0: left allmulticast mode
[  157.379692][   T78] bridge_slave_0: left promiscuous mode
[  157.385773][   T78] bridge0: port 1(bridge_slave_0) entered disabled state
[  157.396658][   T78] bridge_slave_1: left allmulticast mode
[  157.402602][   T78] bridge_slave_1: left promiscuous mode
[  157.408343][   T78] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.418181][   T78] bridge_slave_0: left allmulticast mode
[  157.424069][   T78] bridge_slave_0: left promiscuous mode
[  157.429700][   T78] bridge0: port 1(bridge_slave_0) entered disabled state
[  157.522006][ T5278] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  157.693995][ T5278] usb 3-1: config 0 has an invalid interface number: 226 but max is 0
[  157.710121][ T5278] usb 3-1: config 0 has no interface number 0
[  157.718890][ T5278] usb 3-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=db.47
[  157.733115][ T5278] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.741293][ T5278] usb 3-1: Product: syz
[  157.745671][ T5278] usb 3-1: Manufacturer: syz
[  157.750362][ T5278] usb 3-1: SerialNumber: syz
[  157.761089][ T5278] usb 3-1: config 0 descriptor??
[  157.770749][ T5278] hub 3-1:0.226: bad descriptor, ignoring hub
[  157.777202][ T5278] hub 3-1:0.226: probe with driver hub failed with error -5
[  157.789749][ T5278] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.226/input/input8
[  157.990969][   T78] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  158.003609][   T78] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  158.015139][   T78] bond0 (unregistering): Released all slaves
[  158.057683][ T5230] Bluetooth: hci3: command tx timeout
[  158.121168][   T78] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  158.132857][   T78] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  158.144277][   T78] bond0 (unregistering): Released all slaves
[  158.222506][ T7093] batman_adv: batadv0: Adding interface: batadv_slave_1
[  158.229490][ T7093] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  158.255424][    C1] vkms_vblank_simulate: vblank timer overrun
[  158.266079][ T7093] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  158.302103][ T7160] netlink: 72 bytes leftover after parsing attributes in process `syz.1.300'.
[  158.373511][ T5230] Bluetooth: hci2: command tx timeout
[  158.415914][ T7093] hsr_slave_0: entered promiscuous mode
[  158.427396][ T7093] hsr_slave_1: entered promiscuous mode
[  158.437617][ T7093] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  158.445433][ T7093] Cannot create hsr debugfs directory
[  158.454856][ T5230] Bluetooth: hci0: command tx timeout
[  158.509487][ T7164] FAULT_INJECTION: forcing a failure.
[  158.509487][ T7164] name failslab, interval 1, probability 0, space 0, times 1
[  158.522471][ T7164] CPU: 1 UID: 0 PID: 7164 Comm: syz.1.302 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0
[  158.533076][ T7164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  158.543123][ T7164] Call Trace:
[  158.546389][ T7164]  <TASK>
[  158.549311][ T7164]  dump_stack_lvl+0x241/0x360
[  158.553989][ T7164]  ? __pfx_dump_stack_lvl+0x10/0x10
[  158.559176][ T7164]  ? __pfx__printk+0x10/0x10
[  158.563770][ T7164]  ? fs_reclaim_acquire+0x93/0x140
[  158.568872][ T7164]  ? __pfx___might_resched+0x10/0x10
[  158.574159][ T7164]  should_fail_ex+0x3b0/0x4e0
[  158.578835][ T7164]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  158.584548][ T7164]  should_failslab+0xac/0x100
[  158.589219][ T7164]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  158.594954][ T7164]  __kmalloc_noprof+0xd8/0x400
[  158.599731][ T7164]  tomoyo_realpath_from_path+0xcf/0x5e0
[  158.605284][ T7164]  tomoyo_path_number_perm+0x23a/0x880
[  158.610761][ T7164]  ? tomoyo_path_number_perm+0x208/0x880
[  158.616396][ T7164]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  158.622392][ T7164]  ? __fget_files+0x29/0x470
[  158.626982][ T7164]  ? __fget_files+0x3f3/0x470
[  158.631657][ T7164]  security_file_ioctl+0xc6/0x2a0
[  158.636692][ T7164]  __se_sys_ioctl+0x47/0x170
[  158.641291][ T7164]  do_syscall_64+0xf3/0x230
[  158.645788][ T7164]  ? clear_bhb_loop+0x35/0x90
[  158.650457][ T7164]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.656364][ T7164] RIP: 0033:0x7f711cf7dff9
[  158.660790][ T7164] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  158.680395][ T7164] RSP: 002b:00007f711de59038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  158.688811][ T7164] RAX: ffffffffffffffda RBX: 00007f711d135f80 RCX: 00007f711cf7dff9
[  158.696782][ T7164] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  158.704747][ T7164] RBP: 00007f711de59090 R08: 0000000000000000 R09: 0000000000000000
[  158.712712][ T7164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  158.720675][ T7164] R13: 0000000000000000 R14: 00007f711d135f80 R15: 00007f711d25fa28
[  158.728649][ T7164]  </TASK>
[  158.731779][    C1] vkms_vblank_simulate: vblank timer overrun
[  158.761705][ T7164] ERROR: Out of memory at tomoyo_realpath_from_path.
[  158.973504][ T7168] FAULT_INJECTION: forcing a failure.
[  158.973504][ T7168] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  158.987612][ T7168] CPU: 1 UID: 0 PID: 7168 Comm: syz.1.303 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0
[  158.998250][ T7168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  159.008295][ T7168] Call Trace:
[  159.011559][ T7168]  <TASK>
[  159.014490][ T7168]  dump_stack_lvl+0x241/0x360
[  159.019179][ T7168]  ? __pfx_dump_stack_lvl+0x10/0x10
[  159.024368][ T7168]  ? __pfx__printk+0x10/0x10
[  159.028952][ T7168]  ? __pfx_lock_release+0x10/0x10
[  159.033969][ T7168]  should_fail_ex+0x3b0/0x4e0
[  159.038638][ T7168]  _copy_from_user+0x2f/0xe0
[  159.043230][ T7168]  copy_msghdr_from_user+0xae/0x680
[  159.048454][ T7168]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  159.054275][ T7168]  __sys_sendmsg+0x22d/0x380
[  159.058857][ T7168]  ? __pfx___sys_sendmsg+0x10/0x10
[  159.063986][ T7168]  ? __pfx_vfs_write+0x10/0x10
[  159.068745][ T7168]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  159.075058][ T7168]  ? do_syscall_64+0x100/0x230
[  159.079807][ T7168]  ? do_syscall_64+0xb6/0x230
[  159.084471][ T7168]  do_syscall_64+0xf3/0x230
[  159.088964][ T7168]  ? clear_bhb_loop+0x35/0x90
[  159.093642][ T7168]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.099644][ T7168] RIP: 0033:0x7f711cf7dff9
[  159.104061][ T7168] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.123660][ T7168] RSP: 002b:00007f711de59038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  159.132070][ T7168] RAX: ffffffffffffffda RBX: 00007f711d135f80 RCX: 00007f711cf7dff9
[  159.140023][ T7168] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[  159.147990][ T7168] RBP: 00007f711de59090 R08: 0000000000000000 R09: 0000000000000000
[  159.155966][ T7168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  159.163922][ T7168] R13: 0000000000000000 R14: 00007f711d135f80 R15: 00007f711d25fa28
[  159.171886][ T7168]  </TASK>
[  159.224867][ T7170] FAULT_INJECTION: forcing a failure.
[  159.224867][ T7170] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  159.239351][ T7170] CPU: 0 UID: 0 PID: 7170 Comm: syz.1.304 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0
[  159.249964][ T7170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  159.260015][ T7170] Call Trace:
[  159.263294][ T7170]  <TASK>
[  159.266229][ T7170]  dump_stack_lvl+0x241/0x360
[  159.270989][ T7170]  ? __pfx_dump_stack_lvl+0x10/0x10
[  159.276180][ T7170]  ? __pfx__printk+0x10/0x10
[  159.280769][ T7170]  should_fail_ex+0x3b0/0x4e0
[  159.285442][ T7170]  _copy_from_user+0x2f/0xe0
[  159.290028][ T7170]  move_addr_to_kernel+0x82/0x150
[  159.295047][ T7170]  __sys_connect+0xc1/0x300
[  159.299539][ T7170]  ? __pfx___sys_connect+0x10/0x10
[  159.304644][ T7170]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  159.310973][ T7170]  ? do_syscall_64+0x100/0x230
[  159.315729][ T7170]  __x64_sys_connect+0x7a/0x90
[  159.320479][ T7170]  do_syscall_64+0xf3/0x230
[  159.324969][ T7170]  ? clear_bhb_loop+0x35/0x90
[  159.329635][ T7170]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.335538][ T7170] RIP: 0033:0x7f711cf7dff9
[  159.339941][ T7170] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.359535][ T7170] RSP: 002b:00007f711de59038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  159.367940][ T7170] RAX: ffffffffffffffda RBX: 00007f711d135f80 RCX: 00007f711cf7dff9
[  159.375901][ T7170] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000004
[  159.383873][ T7170] RBP: 00007f711de59090 R08: 0000000000000000 R09: 0000000000000000
[  159.391845][ T7170] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  159.399827][ T7170] R13: 0000000000000000 R14: 00007f711d135f80 R15: 00007f711d25fa28
[  159.407815][ T7170]  </TASK>
[  159.565667][   T78] hsr_slave_0: left promiscuous mode
[  159.571613][   T78] hsr_slave_1: left promiscuous mode
[  159.586556][   T78] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  159.599645][   T78] batman_adv: batadv0: Removing interface: batadv_slave_0
[  159.611199][   T78] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  159.624230][   T78] batman_adv: batadv0: Removing interface: batadv_slave_1
[  159.647322][   T78] hsr_slave_0: left promiscuous mode
[  159.662153][ T5324] usb 3-1: USB disconnect, device number 9
[  159.668193][   T78] hsr_slave_1: left promiscuous mode
[  159.684179][   T78] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  159.691757][   T78] batman_adv: batadv0: Removing interface: batadv_slave_0
[  159.710577][   T78] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  159.718739][   T78] batman_adv: batadv0: Removing interface: batadv_slave_1
[  159.746594][ T7177] netlink: 52 bytes leftover after parsing attributes in process `syz.2.306'.
[  159.762970][ T7177] unsupported nlmsg_type 40
[  159.777582][   T78] veth1_macvtap: left promiscuous mode
[  159.783315][   T78] veth0_macvtap: left promiscuous mode
[  159.788928][   T78] veth1_vlan: left promiscuous mode
[  159.794285][   T78] veth0_vlan: left promiscuous mode
[  159.801135][   T78] veth1_macvtap: left promiscuous mode
[  159.806970][   T78] veth0_macvtap: left promiscuous mode
[  159.816423][   T78] veth1_vlan: left promiscuous mode
[  159.822354][   T78] veth0_vlan: left promiscuous mode
[  160.250330][   T78] team0 (unregistering): Port device team_slave_1 removed
[  160.286105][   T78] team0 (unregistering): Port device team_slave_0 removed
[  160.452087][ T5230] Bluetooth: hci2: command tx timeout
[  160.532744][ T5230] Bluetooth: hci0: command tx timeout
[  160.871595][   T78] team0 (unregistering): Port device team_slave_1 removed
[  160.910024][   T78] team0 (unregistering): Port device team_slave_0 removed
[  161.490612][ T7047] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  161.523704][ T7047] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  161.579555][ T7047] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  161.593486][ T7194] FAULT_INJECTION: forcing a failure.
[  161.593486][ T7194] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  161.594939][ T7047] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  161.621178][ T7194] CPU: 1 UID: 0 PID: 7194 Comm: syz.2.308 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0
[  161.631797][ T7194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  161.641865][ T7194] Call Trace:
[  161.645159][ T7194]  <TASK>
[  161.648106][ T7194]  dump_stack_lvl+0x241/0x360
[  161.652806][ T7194]  ? __pfx_dump_stack_lvl+0x10/0x10
[  161.658024][ T7194]  ? __pfx__printk+0x10/0x10
[  161.662672][ T7194]  ? __pfx_lock_release+0x10/0x10
[  161.667740][ T7194]  should_fail_ex+0x3b0/0x4e0
[  161.672455][ T7194]  _copy_from_user+0x2f/0xe0
[  161.677072][ T7194]  do_fcntl+0x75b/0x1a60
[  161.681340][ T7194]  ? __pfx_lock_release+0x10/0x10
[  161.686394][ T7194]  ? __pfx_do_fcntl+0x10/0x10
[  161.691112][ T7194]  ? __fget_files+0x29/0x470
[  161.695732][ T7194]  ? tomoyo_file_fcntl+0x78/0x120
[  161.700780][ T7194]  __se_sys_fcntl+0xd2/0x1e0
[  161.705390][ T7194]  do_syscall_64+0xf3/0x230
[  161.709891][ T7194]  ? clear_bhb_loop+0x35/0x90
[  161.714562][ T7194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.720452][ T7194] RIP: 0033:0x7fb5ea77dff9
[  161.724864][ T7194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  161.744463][ T7194] RSP: 002b:00007fb5eb5fc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
[  161.752880][ T7194] RAX: ffffffffffffffda RBX: 00007fb5ea936058 RCX: 00007fb5ea77dff9
[  161.760846][ T7194] RDX: 0000000020000380 RSI: 0000000000000006 RDI: 0000000000000003
[  161.768826][ T7194] RBP: 00007fb5eb5fc090 R08: 0000000000000000 R09: 0000000000000000
[  161.776799][ T7194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  161.784769][ T7194] R13: 0000000000000001 R14: 00007fb5ea936058 R15: 00007fb5eaa5fa28
[  161.792743][ T7194]  </TASK>
[  161.797982][    T9] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  161.899586][ T6977] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  161.950195][ T6977] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  161.963206][ T6977] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  161.983810][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  161.998124][ T6977] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  162.011416][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  162.038779][    T9] usb 2-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  162.058518][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  162.093684][    T9] usb 2-1: config 0 descriptor??
[  162.148154][ T7047] 8021q: adding VLAN 0 to HW filter on device bond0
[  162.287617][ T7047] 8021q: adding VLAN 0 to HW filter on device team0
[  162.323055][ T5516] bridge0: port 1(bridge_slave_0) entered blocking state
[  162.330167][ T5516] bridge0: port 1(bridge_slave_0) entered forwarding state
[  162.363390][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  162.370512][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  162.485475][ T7047] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  162.495950][ T7047] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  162.522405][ T7047] 8021q: adding VLAN 0 to HW filter on device batadv0
[  162.543492][    T9] hid-steam 0003:28DE:1142.0004: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.1-1/input0
[  162.612492][ T5230] Bluetooth: hci0: command tx timeout
[  162.630112][ T6977] 8021q: adding VLAN 0 to HW filter on device bond0
[  162.649676][    T9] hid-steam 0003:28DE:1142.0004: Steam wireless receiver connected
[  162.670085][ T7093] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  162.679194][    T9] hid-steam 0003:28DE:1142.0005: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.1-1/input0
[  162.698346][ T7093] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  162.712065][ T7093] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  162.725844][ T7093] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  162.741754][    T9] usb 2-1: USB disconnect, device number 7
[  162.761239][    T9] hid-steam 0003:28DE:1142.0004: Steam wireless receiver disconnected
[  162.775347][ T6977] 8021q: adding VLAN 0 to HW filter on device team0
[  162.804749][ T7047] veth0_vlan: entered promiscuous mode
[  162.812786][   T78] bridge0: port 1(bridge_slave_0) entered blocking state
[  162.819887][   T78] bridge0: port 1(bridge_slave_0) entered forwarding state
[  162.823024][ T5229] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  162.844991][   T78] bridge0: port 2(bridge_slave_1) entered blocking state
[  162.852125][   T78] bridge0: port 2(bridge_slave_1) entered forwarding state
[  162.872870][ T7047] veth1_vlan: entered promiscuous mode
[  162.990568][ T7047] veth0_macvtap: entered promiscuous mode
[  163.002268][ T5229] usb 3-1: Using ep0 maxpacket: 16
[  163.007300][ T7047] veth1_macvtap: entered promiscuous mode
[  163.018560][ T5229] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  163.025931][ T7093] 8021q: adding VLAN 0 to HW filter on device bond0
[  163.040090][ T5229] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  163.060509][ T5229] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  163.060795][ T7047] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  163.087786][ T5229] usb 3-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  163.105618][ T7047] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  163.108064][ T5229] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.115514][ T7047] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  163.115535][ T7047] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  163.116824][ T7047] batman_adv: batadv0: Interface activated: batadv_slave_0
[  163.148606][ T5229] usb 3-1: config 0 descriptor??
[  163.186064][ T7093] 8021q: adding VLAN 0 to HW filter on device team0
[  163.190564][ T5229] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input9
[  163.202287][ T6977] 8021q: adding VLAN 0 to HW filter on device batadv0
[  163.226624][ T4669] pxrc 3-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  163.247015][ T5516] bridge0: port 1(bridge_slave_0) entered blocking state
[  163.254169][ T5516] bridge0: port 1(bridge_slave_0) entered forwarding state
[  163.270109][ T7047] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  163.286189][ T7047] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  163.298724][ T7047] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  163.322137][ T7047] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  163.328381][ T5601] pxrc 3-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  163.343324][ T7047] batman_adv: batadv0: Interface activated: batadv_slave_1
[  163.400358][ T5516] bridge0: port 2(bridge_slave_1) entered blocking state
[  163.407513][ T5516] bridge0: port 2(bridge_slave_1) entered forwarding state
[  163.432487][ T4669] pxrc 3-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  163.441023][ T7213] pxrc 3-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  163.481348][ T7093] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  163.502618][ T7093] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  163.513289][ T4669] pxrc 3-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  163.531240][ T4669] pxrc 3-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  163.545613][ T5229] usb 3-1: USB disconnect, device number 10
[  163.558235][ T6977] veth0_vlan: entered promiscuous mode
[  163.567656][ T4669] pxrc 3-1:0.0: pxrc_open - usb_submit_urb failed, error: -19
[  163.579839][ T7047] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  163.595400][ T7047] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  163.605293][ T7047] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  163.614260][ T7047] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  163.635003][ T7226] netlink: 8 bytes leftover after parsing attributes in process `syz.1.310'.
[  163.673323][ T7093] 8021q: adding VLAN 0 to HW filter on device batadv0
[  163.703076][ T7093] veth0_vlan: entered promiscuous mode
[  163.713529][ T7093] veth1_vlan: entered promiscuous mode
[  163.797412][ T6977] veth1_vlan: entered promiscuous mode
[  163.839010][ T7236] FAULT_INJECTION: forcing a failure.
[  163.839010][ T7236] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  163.866960][ T7093] veth0_macvtap: entered promiscuous mode
[  163.875650][ T7093] veth1_macvtap: entered promiscuous mode
[  163.877425][ T7236] CPU: 1 UID: 0 PID: 7236 Comm: syz.1.312 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0
[  163.890509][ T7093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  163.891937][ T7236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  163.891952][ T7236] Call Trace:
[  163.891960][ T7236]  <TASK>
[  163.891968][ T7236]  dump_stack_lvl+0x241/0x360
[  163.902777][ T7093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  163.912478][ T7236]  ? __pfx_dump_stack_lvl+0x10/0x10
[  163.912503][ T7236]  ? __pfx__printk+0x10/0x10
[  163.912533][ T7236]  ? snprintf+0xda/0x120
[  163.912556][ T7236]  should_fail_ex+0x3b0/0x4e0
[  163.912586][ T7236]  _copy_to_user+0x2f/0xb0
[  163.912609][ T7236]  simple_read_from_buffer+0xca/0x150
[  163.912645][ T7236]  proc_fail_nth_read+0x1e9/0x250
[  163.912676][ T7236]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  163.912705][ T7236]  ? rw_verify_area+0x55e/0x6f0
[  163.912730][ T7236]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  163.912759][ T7236]  vfs_read+0x201/0xbc0
[  163.912784][ T7236]  ? __pfx_lock_release+0x10/0x10
[  163.912816][ T7236]  ? __pfx_vfs_read+0x10/0x10
[  163.916089][ T7093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  163.919001][ T7236]  ? __fget_files+0x3f3/0x470
[  163.923935][ T7093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  163.933425][ T7236]  ? fdget_pos+0x24e/0x320
[  163.933453][ T7236]  ksys_read+0x183/0x2b0
[  163.938637][ T7093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  163.943192][ T7236]  ? __pfx_ksys_read+0x10/0x10
[  163.943224][ T7236]  ? do_syscall_64+0x100/0x230
[  163.943247][ T7236]  ? do_syscall_64+0xb6/0x230
[  163.947459][ T7093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  163.952105][ T7236]  do_syscall_64+0xf3/0x230
[  163.952126][ T7236]  ? clear_bhb_loop+0x35/0x90
[  163.957691][ T7093] batman_adv: batadv0: Interface activated: batadv_slave_0
[  163.961859][ T7236]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.961893][ T7236] RIP: 0033:0x7f711cf7ca3c
[  163.968996][ T7093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  163.972407][ T7236] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  163.972427][ T7236] RSP: 002b:00007f711de59030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  163.972450][ T7236] RAX: ffffffffffffffda RBX: 00007f711d135f80 RCX: 00007f711cf7ca3c
[  163.972464][ T7236] RDX: 000000000000000f RSI: 00007f711de590a0 RDI: 0000000000000004
[  163.972477][ T7236] RBP: 00007f711de59090 R08: 0000000000000000 R09: 0000000000000000
[  163.972489][ T7236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  163.972502][ T7236] R13: 0000000000000000 R14: 00007f711d135f80 R15: 00007f711d25fa28
[  163.972531][ T7236]  </TASK>
[  164.177214][ T7093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.187151][ T7093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  164.197651][ T7093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.207815][ T7093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  164.218666][ T7093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.229733][ T7093] batman_adv: batadv0: Interface activated: batadv_slave_1
[  164.285444][ T7093] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  164.295445][ T7093] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  164.305252][ T7093] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  164.359326][ T7093] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  164.418621][   T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  164.427355][   T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  164.439225][ T6977] veth0_macvtap: entered promiscuous mode
[  164.597544][ T6977] veth1_macvtap: entered promiscuous mode
[  164.614341][ T7257] netlink: 24 bytes leftover after parsing attributes in process `syz.2.316'.
[  164.663242][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  164.710794][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  164.722901][ T6977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  164.740448][ T6977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.750360][ T6977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  164.767251][ T6977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.777779][ T6977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  164.793781][ T6977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.805150][ T6977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  164.816051][ T6977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.844257][ T6977] batman_adv: batadv0: Interface activated: batadv_slave_0
[  164.864746][ T5516] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  164.865060][ T6977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  164.893633][ T5516] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  164.901907][ T6977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.912644][ T6977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  164.923743][ T6977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.934073][ T6977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  164.948757][ T6977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.960701][ T6977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  164.975911][ T6977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.987665][ T6977] batman_adv: batadv0: Interface activated: batadv_slave_1
[  165.072030][    T9] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  165.099042][ T6977] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  165.119511][ T6977] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  165.142008][ T6977] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  165.170449][ T6977] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  165.190953][ T5516] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  165.206952][ T5516] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  165.267584][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  165.292930][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  165.345061][    T9] usb 3-1: New USB device found, idVendor=1345, idProduct=3008, bcdDevice= 0.00
[  165.417659][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  165.482846][    T9] usb 3-1: config 0 descriptor??
[  165.708613][ T2578] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  165.716689][ T2578] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  165.778402][ T1051] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  165.799831][ T1051] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  165.872358][ T7281] netlink: 56 bytes leftover after parsing attributes in process `syz.1.321'.
[  165.903493][    T9] sony 0003:1345:3008.0006: item fetching failed at offset 5/7
[  165.914556][    T9] sony 0003:1345:3008.0006: parse failed
[  165.920988][    T9] sony 0003:1345:3008.0006: probe with driver sony failed with error -22
[  166.177151][ T5324] usb 3-1: USB disconnect, device number 11
[  166.270354][ T7289] FAULT_INJECTION: forcing a failure.
[  166.270354][ T7289] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  166.287483][ T7292] mmap: syz.0.255 (7292) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  166.291880][ T7289] CPU: 0 UID: 0 PID: 7289 Comm: syz.1.322 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0
[  166.309877][ T7289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  166.319946][ T7289] Call Trace:
[  166.323239][ T7289]  <TASK>
[  166.326187][ T7289]  dump_stack_lvl+0x241/0x360
[  166.330887][ T7289]  ? __pfx_dump_stack_lvl+0x10/0x10
[  166.336105][ T7289]  ? __pfx__printk+0x10/0x10
[  166.340718][ T7289]  ? __pfx_lock_release+0x10/0x10
[  166.345772][ T7289]  should_fail_ex+0x3b0/0x4e0
[  166.350481][ T7289]  _copy_from_iter+0x1ed/0x1d60
[  166.355358][ T7289]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  166.360844][ T7289]  ? packet_cached_dev_get+0x1c/0x2b0
[  166.366241][ T7289]  ? __pfx_lock_release+0x10/0x10
[  166.371298][ T7289]  ? __pfx__copy_from_iter+0x10/0x10
[  166.376609][ T7289]  ? packet_cached_dev_get+0x1c/0x2b0
[  166.382008][ T7289]  packet_sendmsg+0x3a96/0x6860
[  166.386883][ T7289]  ? mark_lock+0x9a/0x360
[  166.391236][ T7289]  ? mark_lock+0x9a/0x360
[  166.395585][ T7289]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  166.400986][ T7289]  ? __pfx___might_resched+0x10/0x10
[  166.406292][ T7289]  ? aa_sk_perm+0x96d/0xab0
[  166.410785][ T7289]  ? __pfx_packet_sendmsg+0x10/0x10
[  166.415977][ T7289]  ? __fget_files+0x29/0x470
[  166.420555][ T7289]  ? aa_sock_msg_perm+0x91/0x160
[  166.425499][ T7289]  ? __pfx_packet_sendmsg+0x10/0x10
[  166.430684][ T7289]  __sock_sendmsg+0x221/0x270
[  166.435020][ T7302] FAULT_INJECTION: forcing a failure.
[  166.435020][ T7302] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  166.435345][ T7289]  __sys_sendto+0x39b/0x4f0
[  166.452835][ T7289]  ? __pfx___sys_sendto+0x10/0x10
[  166.457846][ T7289]  ? __mutex_unlock_slowpath+0x21d/0x750
[  166.463481][ T7289]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  166.469539][ T7289]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  166.475861][ T7289]  __x64_sys_sendto+0xde/0x100
[  166.480612][ T7289]  do_syscall_64+0xf3/0x230
[  166.485109][ T7289]  ? clear_bhb_loop+0x35/0x90
[  166.489808][ T7289]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.495727][ T7289] RIP: 0033:0x7f711cf7dff9
[  166.500159][ T7289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  166.519865][ T7289] RSP: 002b:00007f711de59038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  166.528305][ T7289] RAX: ffffffffffffffda RBX: 00007f711d135f80 RCX: 00007f711cf7dff9
[  166.536303][ T7289] RDX: 000000000000fc13 RSI: 0000000020000280 RDI: 000000000000000f
[  166.544300][ T7289] RBP: 00007f711de59090 R08: 0000000000000000 R09: 000000000000002f
[  166.552292][ T7289] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001
[  166.560284][ T7289] R13: 0000000000000000 R14: 00007f711d135f80 R15: 00007f711d25fa28
[  166.568289][ T7289]  </TASK>
[  166.571394][ T7302] CPU: 1 UID: 0 PID: 7302 Comm: syz.3.325 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0
[  166.581995][ T7302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  166.592122][ T7302] Call Trace:
[  166.595386][ T7302]  <TASK>
[  166.598300][ T7302]  dump_stack_lvl+0x241/0x360
[  166.602977][ T7302]  ? __pfx_dump_stack_lvl+0x10/0x10
[  166.608157][ T7302]  ? __pfx__printk+0x10/0x10
[  166.612738][ T7302]  ? __pfx_lock_release+0x10/0x10
[  166.617753][ T7302]  should_fail_ex+0x3b0/0x4e0
[  166.622424][ T7302]  _copy_from_user+0x2f/0xe0
[  166.627015][ T7302]  copy_msghdr_from_user+0xae/0x680
[  166.632212][ T7302]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  166.638010][ T7302]  __sys_sendmsg+0x22d/0x380
[  166.642587][ T7302]  ? __pfx___sys_sendmsg+0x10/0x10
[  166.647686][ T7302]  ? __pfx_vfs_write+0x10/0x10
[  166.652449][ T7302]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  166.658769][ T7302]  ? do_syscall_64+0x100/0x230
[  166.663522][ T7302]  ? do_syscall_64+0xb6/0x230
[  166.668186][ T7302]  do_syscall_64+0xf3/0x230
[  166.672676][ T7302]  ? clear_bhb_loop+0x35/0x90
[  166.677335][ T7302]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.683214][ T7302] RIP: 0033:0x7f07a9b7dff9
[  166.687611][ T7302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  166.707207][ T7302] RSP: 002b:00007f07aaa36038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  166.715609][ T7302] RAX: ffffffffffffffda RBX: 00007f07a9d36058 RCX: 00007f07a9b7dff9
[  166.723564][ T7302] RDX: 0000000004040840 RSI: 00000000200001c0 RDI: 0000000000000003
[  166.731514][ T7302] RBP: 00007f07aaa36090 R08: 0000000000000000 R09: 0000000000000000
[  166.739467][ T7302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  166.747417][ T7302] R13: 0000000000000001 R14: 00007f07a9d36058 R15: 00007f07a9e5fa28
[  166.755380][ T7302]  </TASK>
[  166.921672][ T7292] netlink: 'syz.0.255': attribute type 32 has an invalid length.
[  166.952097][ T7292] netlink: 8 bytes leftover after parsing attributes in process `syz.0.255'.
[  166.969605][ T7292] (unnamed net_device) (uninitialized): option coupled_control: invalid value (121)
[  167.116934][ T7318] netlink: 24 bytes leftover after parsing attributes in process `syz.3.330'.
[  167.377410][ T7338] netlink: 20 bytes leftover after parsing attributes in process `syz.4.334'.
[  167.861927][ T5282] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  168.044538][ T5282] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  168.072068][ T5282] usb 5-1: config 0 has no interfaces?
[  168.102352][ T5282] usb 5-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  168.111419][ T5282] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.140166][ T5282] usb 5-1: config 0 descriptor??
[  169.100745][ T7399] syz.3.344 uses obsolete (PF_INET,SOCK_PACKET)
[  169.607727][ T7409] netlink: 'syz.0.346': attribute type 10 has an invalid length.
[  169.762670][ T7409] team0: Port device netdevsim0 added
[  170.160382][ T7415] netlink: 168 bytes leftover after parsing attributes in process `syz.0.348'.
[  171.639676][ T7429] netlink: 8 bytes leftover after parsing attributes in process `syz.0.350'.
[  176.621804][    C0] sched: DL replenish lagged too much
[  183.201905][ T5324] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  183.431887][ T5324] usb 1-1: Using ep0 maxpacket: 32
[  183.482321][ T5324] usb 1-1: config 0 has an invalid interface number: 161 but max is 0
[  183.548260][ T5324] usb 1-1: config 0 has no interface number 0
[  183.682823][ T5324] usb 1-1: New USB device found, idVendor=10c4, idProduct=81a6, bcdDevice=29.4f
[  183.713915][ T5324] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.786737][ T5324] usb 1-1: Product: syz
[  183.790947][ T5324] usb 1-1: Manufacturer: syz
[  183.842345][ T5324] usb 1-1: SerialNumber: syz
[  183.922696][ T5324] usb 1-1: config 0 descriptor??
[  184.073311][ T5231] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  184.082845][ T5231] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  184.090881][ T5231] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  184.100340][ T5231] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  184.110344][ T5231] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  184.121121][ T5231] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  184.142957][ T5324] cp210x 1-1:0.161: cp210x converter detected
[  184.230204][ T5324] cp210x 1-1:0.161: failed to get vendor val 0x370b size 1: -71
[  184.327669][ T5324] cp210x 1-1:0.161: querying part number failed
[  184.356411][ T5230] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  184.372278][ T5230] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  184.400810][ T5230] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  184.414738][ T5230] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  184.423143][ T5230] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  184.432221][ T5230] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  184.488308][ T5324] usb 1-1: cp210x converter now attached to ttyUSB0
[  184.543434][   T54] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  184.552378][   T54] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  184.560455][   T54] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  184.568817][   T54] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  184.576733][   T54] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  184.586321][   T54] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  184.647691][ T5324] usb 1-1: USB disconnect, device number 9
[  184.754062][ T5230] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  184.764074][ T5230] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  184.771971][ T5230] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  184.780910][ T5230] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  184.789027][ T5324] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  184.798486][ T5230] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  184.811989][ T5230] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  184.879806][ T5324] cp210x 1-1:0.161: device disconnected
[  186.212016][   T54] Bluetooth: hci5: command tx timeout
[  186.622088][   T54] Bluetooth: hci6: command tx timeout
[  186.691993][   T54] Bluetooth: hci7: command tx timeout
[  186.851943][   T54] Bluetooth: hci4: command tx timeout
[  188.292050][   T54] Bluetooth: hci5: command tx timeout
[  188.693660][   T54] Bluetooth: hci6: command tx timeout
[  188.772053][   T54] Bluetooth: hci7: command tx timeout
[  188.935918][   T54] Bluetooth: hci4: command tx timeout
[  189.008678][ T7475] netlink: 4 bytes leftover after parsing attributes in process `syz.0.356'.
[  189.034781][ T7475] netlink: 4 bytes leftover after parsing attributes in process `syz.0.356'.
[  189.312927][   T46] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  189.452345][   T46] usb 1-1: device descriptor read/64, error -71
[  189.703247][   T46] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  189.851922][   T46] usb 1-1: device descriptor read/64, error -71
[  189.972804][   T46] usb usb1-port1: attempt power cycle
[  190.332777][   T46] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  190.371072][   T46] usb 1-1: device descriptor read/8, error -71
[  190.377517][   T54] Bluetooth: hci5: command tx timeout
[  190.627333][   T46] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  190.667454][   T46] usb 1-1: device descriptor read/8, error -71
[  190.771949][   T54] Bluetooth: hci6: command tx timeout
[  190.786562][   T46] usb usb1-port1: unable to enumerate USB device
[  190.852039][   T54] Bluetooth: hci7: command tx timeout
[  191.011978][   T54] Bluetooth: hci4: command tx timeout
[  192.827089][   T54] Bluetooth: hci5: command tx timeout
[  192.930954][   T54] Bluetooth: hci6: command tx timeout
[  192.954191][ T5230] Bluetooth: hci7: command tx timeout
[  193.389847][   T54] Bluetooth: hci4: command tx timeout
[  195.282522][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[  195.301315][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[  282.105873][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[  282.127789][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[  297.941773][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  297.948773][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=32049, q=2679386 ncpus=2)
[  297.956870][    C0] rcu: All QSes seen, last rcu_preempt kthread activity 9390 (4294966893-4294957503), jiffies_till_next_fqs=1, root ->qsmask 0x0
[  297.970268][    C0] rcu: rcu_preempt kthread starved for 9390 jiffies! g32049 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  297.981405][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  297.991398][    C0] rcu: RCU grace-period kthread stack dump:
[  297.997653][    C0] task:rcu_preempt     state:R  running task     stack:25552 pid:17    tgid:17    ppid:2      flags:0x00004000
[  298.009570][    C0] Call Trace:
[  298.012877][    C0]  <TASK>
[  298.015838][    C0]  __schedule+0x1895/0x4b30
[  298.020394][    C0]  ? __pfx___schedule+0x10/0x10
[  298.025284][    C0]  ? __pfx_lock_release+0x10/0x10
[  298.030337][    C0]  ? __asan_memset+0x23/0x50
[  298.034958][    C0]  ? __pfx_lockdep_init_map_type+0x10/0x10
[  298.040799][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  298.047204][    C0]  ? schedule+0x90/0x320
[  298.051477][    C0]  schedule+0x14b/0x320
[  298.055667][    C0]  schedule_timeout+0x1be/0x310
[  298.060546][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[  298.066034][    C0]  ? __pfx_process_timeout+0x10/0x10
[  298.071350][    C0]  ? prepare_to_swait_event+0x330/0x350
[  298.076933][    C0]  rcu_gp_fqs_loop+0x2df/0x1330
[  298.081806][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[  298.087044][    C0]  ? __pfx_rcu_watching_snap_recheck+0x10/0x10
[  298.093223][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  298.098546][    C0]  ? finish_swait+0xd4/0x1e0
[  298.103160][    C0]  rcu_gp_kthread+0xa7/0x3b0
[  298.107774][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  298.113016][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  298.118940][    C0]  ? __kthread_parkme+0x169/0x1d0
[  298.123995][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  298.129218][    C0]  kthread+0x2f0/0x390
[  298.133305][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  298.138533][    C0]  ? __pfx_kthread+0x10/0x10
[  298.143154][    C0]  ret_from_fork+0x4b/0x80
[  298.147602][    C0]  ? __pfx_kthread+0x10/0x10
[  298.152303][    C0]  ret_from_fork_asm+0x1a/0x30
[  298.157122][    C0]  </TASK>
[  298.160163][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  298.166508][    C0] Sending NMI from CPU 0 to CPUs 1:
[  298.171742][    C1] NMI backtrace for cpu 1
[  298.171763][    C1] CPU: 1 UID: 0 PID: 5229 Comm: kworker/1:3 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0
[  298.171783][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  298.171793][    C1] Workqueue: events_power_efficient neigh_periodic_work
[  298.171818][    C1] RIP: 0010:rcu_stall_kick_kthreads+0xa/0x240
[  298.171838][    C1] Code: f3 0f 1e fa e9 77 08 ff ff 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 41 56 53 80 3d 96 1e c5 18 00 <0f> 84 60 01 00 00 48 8b 1d 09 fd 17 0d 48 c7 c0 00 f2 60 8e 48 c1
[  298.171850][    C1] RSP: 0000:ffffc90000a171e8 EFLAGS: 00000046
[  298.171864][    C1] RAX: 0000000000000000 RBX: ffff8880b8700000 RCX: ffffffff817ad765
[  298.171876][    C1] RDX: 0000000000000000 RSI: ffffffff8c60f840 RDI: ffffffff8c60f800
[  298.171887][    C1] RBP: ffffc90000a172c8 R08: ffffffff901ce66f R09: 1ffffffff2039ccd
[  298.171900][    C1] R10: dffffc0000000000 R11: fffffbfff2039cce R12: ffff8880b873fa58
[  298.171912][    C1] R13: ffff8880b873fa40 R14: 1ffff110170e7f4b R15: dffffc0000000000
[  298.171924][    C1] FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  298.171938][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  298.171949][    C1] CR2: 00007f7fef63716a CR3: 00000000289fa000 CR4: 00000000003526f0
[  298.171963][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  298.171973][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  298.171984][    C1] Call Trace:
[  298.171990][    C1]  <NMI>
[  298.171997][    C1]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[  298.172016][    C1]  ? __pfx_lock_acquire+0x10/0x10
[  298.172039][    C1]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  298.172056][    C1]  ? nmi_handle+0x2a/0x5a0
[  298.172079][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  298.172099][    C1]  ? nmi_handle+0x14f/0x5a0
[  298.172114][    C1]  ? nmi_handle+0x2a/0x5a0
[  298.172131][    C1]  ? rcu_stall_kick_kthreads+0xa/0x240
[  298.172145][    C1]  ? default_do_nmi+0x63/0x160
[  298.172163][    C1]  ? exc_nmi+0x123/0x1f0
[  298.172187][    C1]  ? end_repeat_nmi+0xf/0x53
[  298.172206][    C1]  ? trace_rcu_utilization+0x35/0x1e0
[  298.172227][    C1]  ? rcu_stall_kick_kthreads+0xa/0x240
[  298.172242][    C1]  ? rcu_stall_kick_kthreads+0xa/0x240
[  298.172258][    C1]  ? rcu_stall_kick_kthreads+0xa/0x240
[  298.172273][    C1]  </NMI>
[  298.172278][    C1]  <IRQ>
[  298.172284][    C1]  rcu_sched_clock_irq+0x5ae/0x10d0
[  298.172304][    C1]  ? __pfx_rcu_sched_clock_irq+0x10/0x10
[  298.172322][    C1]  ? hrtimer_run_queues+0x16c/0x460
[  298.172339][    C1]  ? acct_account_cputime+0x207/0x210
[  298.172360][    C1]  update_process_times+0x1ce/0x230
[  298.172381][    C1]  tick_nohz_handler+0x37c/0x500
[  298.172401][    C1]  ? __pfx_tick_nohz_handler+0x10/0x10
[  298.172418][    C1]  __hrtimer_run_queues+0x551/0xd50
[  298.172442][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  298.172460][    C1]  ? ktime_get_update_offsets_now+0x22d/0x250
[  298.172483][    C1]  hrtimer_interrupt+0x396/0x990
[  298.172510][    C1]  __sysvec_apic_timer_interrupt+0x110/0x3f0
[  298.172528][    C1]  sysvec_apic_timer_interrupt+0x52/0xc0
[  298.172550][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  298.172566][    C1] RIP: 0010:unwind_next_frame+0x6a4/0x22d0
[  298.172582][    C1] Code: 09 00 00 4c 89 7c 24 28 48 8b 44 24 58 42 80 3c 20 00 74 08 4c 89 f7 e8 2a 30 bd 00 49 8b 2e e9 32 02 00 00 4d 89 ec 4d 89 ee <48> 89 e8 4c 29 f0 48 89 c1 48 c1 f9 02 48 c1 e8 3f 48 01 c8 48 83
[  298.172596][    C1] RSP: 0000:ffffc90000a176d0 EFLAGS: 00000293
[  298.172609][    C1] RAX: ffffffff9035bf28 RBX: ffffffff9035bf2c RCX: ffffffff9035bf30
[  298.172621][    C1] RDX: 00000000000b0001 RSI: ffffffff90af4672 RDI: 0000000000000001
[  298.172632][    C1] RBP: ffffffff9035bf54 R08: 0000000000000014 R09: ffffc90000a17890
[  298.172644][    C1] R10: ffffc90000a177f0 R11: ffffffff81808f50 R12: ffffffff9035bf2c
[  298.172657][    C1] R13: ffffffff9035bf08 R14: ffffffff9035bf30 R15: ffffffff81fe58b5
[  298.172669][    C1]  ? __kasan_slab_alloc+0x65/0x80
[  298.172688][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  298.172716][    C1]  ? __kasan_slab_alloc+0x66/0x80
[  298.172734][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  298.172752][    C1]  arch_stack_walk+0x11c/0x150
[  298.172771][    C1]  ? __kasan_slab_alloc+0x66/0x80
[  298.172790][    C1]  stack_trace_save+0x118/0x1d0
[  298.172806][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[  298.172827][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  298.172843][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  298.172865][    C1]  ? ktime_get_with_offset+0x83/0x150
[  298.172886][    C1]  kasan_save_track+0x3f/0x80
[  298.172901][    C1]  ? kasan_save_track+0x3f/0x80
[  298.172915][    C1]  ? __kasan_slab_alloc+0x66/0x80
[  298.172955][    C1]  __kasan_slab_alloc+0x66/0x80
[  298.172971][    C1]  ? dst_alloc+0x12b/0x190
[  298.172985][    C1]  kmem_cache_alloc_noprof+0x135/0x2a0
[  298.173007][    C1]  dst_alloc+0x12b/0x190
[  298.173023][    C1]  ip_route_output_key_hash_rcu+0x13cc/0x2390
[  298.173052][    C1]  ip_route_output_key_hash+0x193/0x2b0
[  298.173073][    C1]  ? ip_route_output_key_hash+0xdf/0x2b0
[  298.173094][    C1]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  298.173116][    C1]  ? __pfx_lock_release+0x10/0x10
[  298.173136][    C1]  ? kthread+0x2f0/0x390
[  298.173156][    C1]  ip_route_output_flow+0x29/0x140
[  298.173182][    C1]  ip_route_me_harder+0x80d/0x1300
[  298.173207][    C1]  ? __pfx_ip_route_me_harder+0x10/0x10
[  298.173227][    C1]  ? trace_kmalloc+0x1f/0xd0
[  298.173244][    C1]  ? __kmalloc_node_track_caller_noprof+0x242/0x440
[  298.173274][    C1]  synproxy_send_tcp+0x356/0x6c0
[  298.173299][    C1]  synproxy_send_client_synack+0x8b8/0xf30
[  298.173325][    C1]  ? __pfx_synproxy_send_client_synack+0x10/0x10
[  298.173346][    C1]  ? synproxy_pernet+0x45/0x270
[  298.173369][    C1]  nft_synproxy_eval_v4+0x3ca/0x610
[  298.173392][    C1]  ? __pfx_nft_synproxy_eval_v4+0x10/0x10
[  298.173412][    C1]  ? NF_HOOK+0x29e/0x450
[  298.173429][    C1]  ? nf_ip_checksum+0x13a/0x500
[  298.173453][    C1]  nft_synproxy_do_eval+0x362/0xa60
[  298.173477][    C1]  ? __pfx_nft_synproxy_do_eval+0x10/0x10
[  298.173499][    C1]  ? __lock_acquire+0x1384/0x2050
[  298.173520][    C1]  ? __pfx_validate_chain+0x10/0x10
[  298.173541][    C1]  nft_do_chain+0x4ad/0x1da0
[  298.173563][    C1]  ? __pfx_nft_do_chain+0x10/0x10
[  298.173583][    C1]  ? __local_bh_enable_ip+0x168/0x200
[  298.173619][    C1]  nft_do_chain_inet+0x418/0x6b0
[  298.173641][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  298.173661][    C1]  ? ipt_do_table+0x312/0x1860
[  298.173689][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  298.173708][    C1]  nf_hook_slow+0xc3/0x220
[  298.173727][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  298.173743][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  298.173761][    C1]  NF_HOOK+0x29e/0x450
[  298.173779][    C1]  ? NF_HOOK+0x9a/0x450
[  298.173794][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[  298.173812][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  298.173832][    C1]  ? ip_rcv_finish+0x406/0x560
[  298.173850][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[  298.173866][    C1]  NF_HOOK+0x3a4/0x450
[  298.173882][    C1]  ? __lock_acquire+0x1384/0x2050
[  298.173903][    C1]  ? NF_HOOK+0x9a/0x450
[  298.173919][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[  298.173934][    C1]  ? ip_rcv_core+0x801/0xd10
[  298.173952][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[  298.173972][    C1]  ? __pfx_ip_rcv+0x10/0x10
[  298.173988][    C1]  __netif_receive_skb+0x2bf/0x650
[  298.174008][    C1]  ? __pfx_lock_acquire+0x10/0x10
[  298.174029][    C1]  ? __pfx___netif_receive_skb+0x10/0x10
[  298.174046][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  298.174067][    C1]  ? __pfx_lock_release+0x10/0x10
[  298.174088][    C1]  ? _raw_spin_lock_irq+0xdf/0x120
[  298.174113][    C1]  process_backlog+0x662/0x15b0
[  298.174134][    C1]  ? process_backlog+0x33b/0x15b0
[  298.174156][    C1]  ? __pfx_process_backlog+0x10/0x10
[  298.174179][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  298.174201][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  298.174224][    C1]  __napi_poll+0xcb/0x490
[  298.174244][    C1]  net_rx_action+0x89b/0x1240
[  298.174272][    C1]  ? __pfx_net_rx_action+0x10/0x10
[  298.174290][    C1]  ? __run_timer_base+0x178/0x8e0
[  298.174309][    C1]  ? __pfx_tmigr_handle_remote+0x10/0x10
[  298.174344][    C1]  handle_softirqs+0x2c5/0x980
[  298.174366][    C1]  ? do_softirq+0x11b/0x1e0
[  298.174386][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  298.174409][    C1]  do_softirq+0x11b/0x1e0
[  298.174426][    C1]  </IRQ>
[  298.174432][    C1]  <TASK>
[  298.174438][    C1]  ? __pfx_do_softirq+0x10/0x10
[  298.174457][    C1]  ? __pfx_lockdep_softirqs_on+0x10/0x10
[  298.174480][    C1]  ? rcu_is_watching+0x15/0xb0
[  298.174497][    C1]  __local_bh_enable_ip+0x1bb/0x200
[  298.174517][    C1]  ? neigh_periodic_work+0xb35/0xd50
[  298.174535][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  298.174555][    C1]  ? neigh_destroy+0x423/0x580
[  298.174576][    C1]  neigh_periodic_work+0xb35/0xd50
[  298.174597][    C1]  ? process_scheduled_works+0x976/0x1850
[  298.174617][    C1]  process_scheduled_works+0xa63/0x1850
[  298.174649][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  298.174673][    C1]  ? assign_work+0x364/0x3d0
[  298.174695][    C1]  worker_thread+0x870/0xd30
[  298.174721][    C1]  ? __kthread_parkme+0x169/0x1d0
[  298.174742][    C1]  ? __pfx_worker_thread+0x10/0x10
[  298.174762][    C1]  kthread+0x2f0/0x390
[  298.174776][    C1]  ? __pfx_worker_thread+0x10/0x10
[  298.174795][    C1]  ? __pfx_kthread+0x10/0x10
[  298.174810][    C1]  ret_from_fork+0x4b/0x80
[  298.174830][    C1]  ? __pfx_kthread+0x10/0x10
[  298.174845][    C1]  ret_from_fork_asm+0x1a/0x30
[  298.174872][    C1]  </TASK>