last executing test programs:

1m7.324687066s ago: executing program 3 (id=98):
openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x45a380, 0x0)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5414, 0x0)
io_setup(0x2, &(0x7f0000000040)=<r0=>0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
eventfd2(0x0, 0x0)
listen(r1, 0x0)
io_submit(r0, 0x0, &(0x7f00000000c0))
sendto$inet6(r1, 0x0, 0x0, 0x2004c8a0, 0x0, 0x0)
socket$nl_crypto(0x10, 0x3, 0x15)

1m6.955740004s ago: executing program 3 (id=99):
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
open$dir(&(0x7f0000000100)='./file0\x00', 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8880}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) (async)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000040)=@v={0x93, 0x2, 0x0, 0xfd})
socket$nl_route(0x10, 0x3, 0x0)
fsopen(&(0x7f0000000040)='afs\x00', 0x0) (async)
r1 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='%(:2', 0x0) (async)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='%(:2', 0x0)
r2 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000280)='source', &(0x7f0000000180)='%(,c\xbe\xfbL:', 0x0)
unshare(0x22020400)
bind$l2tp(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10)
r3 = syz_io_uring_setup(0x6017, &(0x7f00000003c0)={0x0, 0x7483, 0x20, 0x0, 0x3}, &(0x7f0000000140)=<r4=>0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) (async)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(r5, 0x0, 0x0)
poll(&(0x7f0000000300)=[{r1, 0x12}, {0xffffffffffffffff, 0x4}, {r1}], 0x3, 0x80) (async)
poll(&(0x7f0000000300)=[{r1, 0x12}, {0xffffffffffffffff, 0x4}, {r1}], 0x3, 0x80)
syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x2b, 0x0, @fd_index, 0x0, 0x0}) (async)
syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x2b, 0x0, @fd_index, 0x0, 0x0})
io_uring_enter(r3, 0x54, 0x4, 0xf, 0x0, 0x0) (async)
io_uring_enter(r3, 0x54, 0x4, 0xf, 0x0, 0x0)
fsopen(&(0x7f0000000040)='afs\x00', 0x1) (async)
r6 = fsopen(&(0x7f0000000040)='afs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='%.,:', 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wg1\x00'})
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r7, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102378, 0x18ff2}], 0x22, 0xfffffffd, 0x3)
socket$alg(0x26, 0x5, 0x0)

1m6.638187231s ago: executing program 3 (id=104):
pipe2(&(0x7f0000000200)={<r0=>0x0, <r1=>0x0}, 0x0)
r2 = fanotify_init(0x200, 0x0)
r3 = dup(r1)
fanotify_mark(r2, 0x1, 0x4000005b, r0, 0x0)
writev(r3, &(0x7f0000000540)=[{&(0x7f0000000280)="1680", 0x2}], 0x1) (fail_nth: 3)

1m6.027591487s ago: executing program 3 (id=105):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x275a, 0x0)
write$P9_RSTAT(r0, &(0x7f0000000200)={0x4f, 0x7d, 0x0, {0x0, 0x48, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x8, 'io.stat\x00', 0x2, '!^', 0x0, '', 0xb, '*{.$H#8::l!'}}, 0x4f)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0)
io_uring_setup(0x17c0, &(0x7f0000000080)={0x0, 0x48a2, 0x10, 0x1, 0x2e3, 0x0, r0})
sched_setaffinity(0x0, 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'lo\x00', <r4=>0x0})
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180), &(0x7f0000000300)={'L-', 0x9}, 0x16, 0x2)
setsockopt$IP_VS_SO_SET_TIMEOUT(r5, 0x0, 0x48a, &(0x7f0000000080)={0x8, 0x80000001, 0xfffb}, 0xc)
ioctl$LOOP_CLR_FD(r1, 0x4c01)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000280)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{}, [@TCA_NETEM_JITTER64={0xc, 0xe}]}}}]}, 0x58}}, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00'})
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)
open(0x0, 0x8060, 0x0)

1m5.68788756s ago: executing program 3 (id=107):
r0 = creat(&(0x7f0000000080)='./file0\x00', 0x1de)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r1, 0x40085112, &(0x7f0000000380)=@l={0x92, 0x0, 0xd0})
sendmsg$nl_generic(r0, &(0x7f0000000600)={&(0x7f0000000040), 0xc, &(0x7f00000005c0)={&(0x7f0000000500)={0xb0, 0x1b, 0x100, 0x70bd2c, 0x25dfdbfc, {0x1}, [@generic="95833877f477d913156ff2fae3d9ec51b40ec6cd1791ae4c5905c2a9941f9d10cd3b191b720d25bf36bc560c23353e90b8ba473bb37bfa3aaa0ac2b8f2e605ee895558705d0016f8176c737604994c25069d600d1338f8868af14c26f9a7cdb82967dc32a4d2061fa5ca4b68241b9ae96c03a8af59c7e1771c90e8649ce9003762a6c27f30265285da26587bb5583e7b70e2bbe7", @typed={0x8, 0x131, 0x0, 0x0, @u32=0x5}]}, 0xb0}, 0x1, 0x0, 0x0, 0xc801}, 0x20004040)
syz_open_procfs(0x0, 0x0)
r2 = socket(0x21, 0x2, 0x2)
getsockopt$CAN_RAW_FD_FRAMES(r2, 0x110, 0x6, 0x0, &(0x7f0000000080))
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f00000000c0)={0x0, 0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff]})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x8, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x3, 0x2, 0x3, 0x1, 0x0, 0x3a}]}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x5e, &(0x7f0000000640)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0xe, 0x4, 0x0, 0x0, 0x50, 0x0, 0x0, 0x0, 0x5, 0x0, @dev, @private=0xa010100, {[@timestamp_addr={0x44, 0x14, 0x6, 0x3, 0x0, [{@empty}, {}]}, @ssrr={0x89, 0xb, 0xce, [@remote, @multicast1]}, @generic={0x83, 0x2}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x6, 0x0, 0x0, 0x0, 0x0, {[@mss={0x2, 0x4, 0x40}]}}}}}}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_NG_MODULUS={0x8}, @NFTA_NG_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0)
ioctl$KVM_GET_MSR_INDEX_LIST(r3, 0xc008aec1, 0x0)
execve(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)=[0x0, &(0x7f00000007c0)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\x04\xda\nU\x84\xc2\xe3E\xc1\xd8L\xb1r\xb0\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x11\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xa7\x83}\x92W\xeb\xe5\xa3\xcc\a\x10dxb\xc2\x13mNP\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb6\\\xf5\xf3\xeb\xa3\x98\f1\x8b\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0=k\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\xa6\xa1\x03cz>R\x11\xba\xf9\x17\r\x98\ap\xda-\xb0R\t\x93.r/\xce\xa4\rK\xcb\x1aO\x03z$\xbeYvYn\xddI\xe7\x13\x8f\x15\xefL\xba`\x9d\xea\xed\xf0)s\x12r\x9b\xf2&\xf2-\xc6\xec\x96\x19\xc9\xd7\xda\x06\xba\x87\x18\xef+\xcdp\x95\xef\xd9\xb9s\x8b\xf3\x8b\x88<\xa0\xa3\xad\x8c\xaf&iMM\xc5>\xa7v\x17\xdf \xca\x86#\xa7*\xecl\xbfp\xc3x\xc3\xc1r\xbe7\xb5\xa3\xf11[`\xcb7z\xa0P\xd5p\xe9\xddC\xc0\x80=\xd9y\x01\x1c\xe7\x1cdN\xd5x\x89\xc9\xc0\xc4{\x01\xa6o\x9ceZ\xe1\xfa0?\x94\x1f\x9aQ\xf0Lf\x1e\x17A@\x06\x89\xadg+$/V\r\xc9oQ=k\xa0\xa6\\\x00\x99\x94\x10dy\x7f\xd1\xd2\xd04\x96\b\x80/\x9a\xfc\a\'\x83\xb8\xcd\xb1\xf5#\tr\xb4\xc4\x929\x01\xee\xe6\n\x8ba\xde\xdbsAzG\xe86\xfe\x83\x1d\xb3K2\xf0\x8f\xde\x85\x00M&\x00\x00O\x86\xec2/\xea\xe6$(L\x85\xf8Y\xcf,\xa3\x87^\xe1\xd8F\xe4AJ\xaa\x1f\xe9\xff?\x9aF\x97M\x80\xe9LR\xdc\x9f~\xce\xb5\xef\x14M\f#>O\xb44LB\xc6a\x82\xc5\x107\xae\xdb\v\xf7\xc4k\xab\xf8:\x1fj\xa2vf)\xee\xab\xb3C\x92\x8e\x80\xb1\x01\x85\xb1v\xae*\xa7])n)+\xd9\xcf\xe9\x9ag\x8a*u\xe4e?\xf9\x93\x93u\xd2M\xfd\xa1\xc5\xff\xd9\x15-\xabH\x90\x04\xea\x88\"\xfe\v\x1d\xa5}H\xee\xc7\x94\xdb\x02\xf7\t\x92\t5\x1e\xd6~R\x9e\xb5NV)\xa6\x1ff\xde\xbf\x97V\x87\v\x94\xb4\xb0\x7f3\xa3\x85c=\xb0\x8ab\x06\xfa\xe9\xb3\x1d\xc9.\x8br\xf9\xde\xd6\xe6\x14O\xc8\xff3ZA\xea\xd4\xa9]7\xd8\xed\xc6\xdf\x01\xb3\n8\xbf\xbe\x1e\v\x18\xd9\xb3+X4\xb5S\xe7\xf6oO;\xc5\xc8-\x9e\xb5\xbe\x97\xb4k\xd2n\xfa\xd1\x82\x16\xea\x93\xc7\xb3?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb7\xf2K\xe9\xcf\xc6y\xb00\xe0\xa0\f\xef\x02\xd5 (S\xffhY\"\x83\x05M\x0f\v\xec0B\xa9\xd7\x80\xdaL\xa2Q\x8c\xde\x17* \xf5)tk\xb6\xb9\x86?\x1a\xff\xdc\xecP\xd1w1\xf4a\x00r\x06,\x86S\x11)\xf4\x16W\xd6\x86\x10\x02\x15mod\x854\xd4\'^\xb6\xe9f\xd6:\xfc5%\x16\xc5\xa5\xf1\x11k\xdd{\xaai\x8a\xde\xa6\x18,H\xd8\xe5\xf5g\xe7U\\(\x01\xc5\xde\x1d\x8acHf\x86`9qV|=\xbb\xd1\x95\x0f\x86\xffa\xb1\xdb\x82l\xc3\xcf\x88\xeeJ\xda\x8b0f\xac\xc2n\xd1\')\xf2\xaf\xc0\x06\x01\xb4b\xef\xa8!\xf9\n\xf7{C\xdc`h\b6>\x171\x16\x89\xa8\xe9OC\x7f\xb1\x1c\xd4\xd5\xa7\x7f\xfd\xa8Y\xf0s_\xfb\x00', &(0x7f00000019c0)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\x04\xda\nU\x84\xc2\xe3E\xc1\xd8L\xb1r\xb0\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x11\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xa7\x83}\x92W\xeb\xe5\xa3\xcc\a\x10dxb\xc2\x13mNP\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb6\\\xf5\xf3\xeb\xa3\x98\f1\x8b\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0=k\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\xa6\xa1\x03cz>R\x11\xba\xf9\x17\r\x98\ap\xda-\xb0R\t\x93.r/\xce\xa4\rK\xcb\x1aO\x03z$\xbeYvYn\xddI\xe7\x13\x8f\x15\xefL\xba`\x9d\xea\xed\xf0)s\x12r\x9b\xf2&\xf2-\xc6\xec\x96\x19\xc9\xd7\xda\x06\xba\x87\x18\xef+\xcdp\x95\xef\xd9\xb9s\x8b\xf3\x8b\x88<\xa0\xa3\xad\x8c\xaf&iMM\xc5>\xa7v\x17\xdf \xca\x86#\xa7*\xecl\xbfp\xc3x\xc3\xc1r\xbe7\xb5\xa3\xf11[`\xcb7z\xa0P\xd5p\xe9\xddC\xc0\x80=\xd9y\x01\x1c\xe7\x1cdN\xd5x\x89\xc9\xc0\xc4{\x01\xa6o\x9ceZ\xe1\xfa0?\x94\x1f\x9aQ\xf0Lf\x1e\x17A@\x06\x89\xadg+$/V\r\xc9oQ=k\xa0\xa6\\\x00\x99\x94\x10dy\x7f\xd1\xd2\xd04\x96\b\x80/\x9a\xfc\a\'\x83\xb8\xcd\xb1\xf5#\tr\xb4\xc4\x929\x01\xee\xe6\n\x8ba\xde\xdbsAzG\xe86\xfe\x83\x1d\xb3K2\xf0\x8f\xde\x85\x00M&\x00\x00O\x86\xec2/\xea\xe6$(L\x85\xf8Y\xcf,\xa3\x87^\xe1\xd8F\xe4AJ\xaa\x1f\xe9\xff?\x9aF\x97M\x80\xe9LR\xdc\x9f~\xce\xb5\xef\x14M\f#>O\xb44LB\xc6a\x82\xc5\x107\xae\xdb\v\xf7\xc4k\xab\xf8:\x1fj\xa2vf)\xee\xab\xb3C\x92\x8e\x80\xb1\x01\x85\xb1v\xae*\xa7])n)+\xd9\xcf\xe9\x9ag\x8a*u\xe4e?\xf9\x93\x93u\xd2M\xfd\xa1\xc5\xff\xd9\x15-\xab\b\x90\x04\xea\x88\"\xfe\v\x1d\xa5}H\xee\xc7\x94\xdb\x02\xf7\t\x92\t5\x1e\xd6~R\x9e\xb5NV)\xa6\x1ff\xde\xbf\x97V\x87\v\x94\xb4\xb0\x7f3\xa3\x85c=\xb0\x8ab\x06\xfa\xe9\xb3\x1d\xc9.\x8br\xf9\xde\xd6\xe6\x14O\xc8\xff3ZA\xea\xd4\xa9]7\xd8\xed\xc6\xdf\x01\xb3\n8\xbf\xbe\x1e\v\x18\xd9\xb3+X4\xb5S\xe7\xf6oO;\xc5\xc8-\x9e\xb5\xbe\x97\xb4k\xd2n\xfa\xd1\x82\x16\xea\x93\xc7\xb3?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb7\xf2K\xe9\xcf\xc6y\xb00\xe0\xa0\f\xef\x02\xd5 (S\xffhY\"\x83\x05M\x0f\v\xec0B\xa9\xd7\x80\xdaL\xa2Q\x8c\xde\x17* \xf5)tk\xb6\xb9\x86?\x1a\xff\xdc\xecP\xd1w1\xf4a\x00r\x06,\x86S\f)\xf4\x16W\xd6\x86\x10\x02\x15mod\x854\xd4\'^\xb6\xe9f\xd6:\xfc5%\x16\xc5\xa5\xf1\x11k\xdd{\xaai\x8a\xde\xa6\x18,H\xd8\xe5\xf5g\xe7U\\(\x01\xc5\xde\x1d\x8acHf\x86`9qV|=\xbb\xd1\x95\x0f\x86\xffa\xb1\xdb\x82l\xc3\xcf\x88\xeeJ\xda\x8b0f\xac\xc2n\xd1\')\xf2\xaf\xc0\x06\x01\xb4b\xef\xa8!\xf9\n\xf7{C\xdc`h\b6>\x171\x16\x89\xa8\xe9OC\x7f\xb1\x1c\xd4\xd5\xa7\x7f\xfd\xa8Y\xf0s_\xfb\x004Wq\x80\xcc\xb7\v\x9e,Q\xea\x19\xc9ck?_\x92\x1e\x0e\t\xb4\xa7_#Y\xbb\xe4\xa5\x15\xad\xbb\xd6\x00\vJ\xb6\xf6\xebE\x14T\xb6\x9c\v\xca\xdf\n(', &(0x7f00000027c0)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\x04\xda\nU\x84\xc2\xe3E\xc1\xd8L\xb1r\xb0\xdaH\xf2{\xf6~\x0f\xb9\xe1\xa2\xdb\xbd\n\xb5.\xc7.*\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x11\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 X\x17\xf0\xa7\x83}\x92W\xeb\xe5\xa3\xcc\a\x10dxb\xc2\x13mNP\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb6\\\xf5\xf3\xeb\xa3\x98\f1\x8b\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0=k\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\xa6\xa1\x03cz>R\x11\xba\xf9\x17\r\x98\ap\xda-\xb0R\t\x93.r/\xce\xa4\rK\xcb\x1aO\x03z$\xbeYvYn\xddI\xe7\x13\x8f\x15\xefL\xba`\x9d\xea\xed\xf0)s\x12r\x9b\xf2&\xf2-\xc6\xec\x96\x19\xc9\xd7\xda\x06\xba\x87\x18\xef+\xcdp\x95\xef\xd9\xb9s\x8b\xf3\x8b\x88<\xa0\xa3\xad\x8c\xaf&iMM\xc5>\xa7v\x17\xdf \xca\x86#\xa7*\xecl\xbfp\xc3x\xc3\xc1r\xbe7\xb5\xa3\xf11[`\xcb7z\xa0P\xd5p\xe9\xddC\xc0\x80=\xd9y\x01\x1c\xe7\x1cdN\xd5x\x89\xc9\xc0\xc4{\x01\xa6o\x9ceZ\xe1\xfa0?\x94\x1f\x9aQ\xf0Lf\x1e\x17A@\x06\x89\xadg+$/V\r\xc9oQ=k\xa0\xa6\\\x00\x99\x94\x10dy\x7f\x9b\xd7\xc6k\x00\x00\x00\x00\x9a\xfc\a\'\x83\xb8\xcd\xb1\xf5#\tr\xb4\xc4\x929\x01\xee\xe6\n\x8ba\xde\xdbsAzG\xe86\xfe\x83\x1d\xb3K2\xf0\x8f\xde\x85\x00M&\x00\x00O\x86\xec2/\xea\xe6$(L\x85\xf8Y\xcf,\xa3\x87^\xe1\xd8F\xe4AJ\xaa\x1f\xe9\xff?\x9aF\x97M\x80\xe9LR\xdc\x9f~\xce\xb5\xef\x14M\f#>O\xb44LB\xc6a\x82\xc5\x107\xae\xdb\v\xf7\xc4k\xab\xf8:\x1fj\xa2vf)\xee\xab\xb3C\x92\x8e\x80\xb1\x01\x85\xb1v\xae*\xa7])n)+\xd9\xcf\xe9\x9ag\x8a*u\xe4e?\xf9\x93\x93u\xd2M\xfd\xa1\xc5\xff\xd9\x15-\xabH\x90\x04\xea\x88\"\xfe\v\x1d\xa5}H\xee\xc7\x94\xdb\x02\xf7\t\x92\t5\x1e\xd6~R\x9e\xb5NV)\xa6\x1ff\xde\xbf\x97V\x87\v\x94\xb4\xb0\x7f3\xa3\x85c=\xb0\x8ab\x06\xfa\xe9\xb3\x1d\xc9.\x8br\xf9\xde\xd6=\xf4\xe6\x14O\xc8\xff3ZA\xea\xd4\xa9]7\xd8\xed\xc6\xdf\x01\xb3\n8\xbf\xbe\x1e\v\x18\xd9\xb3+X4\xb5S\xe7\xf6oO;\xc5\xc8-\x9e\xb5\xbe\x97\xb4k\xd2n\xfa\xd1\x82\x16\xea\x93\xc7\xb3?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb7\xf2K\xe9\xcf\xc6y\xb00\xe0\xa0\f\xef\x02\xd5 (S\xffhY\"\x83\x05M\x0f\v\xec0B\xa9\xd7\x80\xdaL\xa2Q\x8c\xde\x17* \xf5)tk\xb6\xb9\x86?\x1a\xff\xdc\xecP\xd1w1\xf4a\x00r\x06,\x86S\x11)\xf4\x16W\xd6\x86\x10\x02\x15mod\x854\xd4\'^\xb6\xe9f\xd6:\xfc5%\x16\xc5\xa5\xf1\x11k\xdd{\xaai\x8a\xde\xa6\x18,H\xd8\xe5\xf5g\xe7U\\(\x01\xc5\xde\x1d\x8acHf\x86`9qV|=\xbb\xd1\x95\x0f\x86\xffa\xb1\xdb\x82l\xc3\xcf\x88\xeeJ\xda\x8b0f\xac\xc2n\xd1\')\xf2\xaf\xc0\x06\x01\xb4b\xef\xa8!\xf9\n\xf7{C\xdc`h\b6>\x171\x16\x89\xa8\xe9OC\x7f\xb1\x1c\xd4\xd5\xa7\x7f\xfd\xa8Y\xf0s_', &(0x7f0000001540)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\x04\xda\nU\x84\xc2\xe3E\xc1\xd8L\xb1r\xb0\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x11\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xa7\x83}\x92W\xeb\xe5\xa3\xcc\a\x10dxb\xc2\x13mNP\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb6\\\xf5\xf3\xeb\xa3\x98\f1\x8b\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0=k\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\xa6\xa1\x03cz>R\x11\xba\xf9\x17\r\x98\ap\xda-\xb0R\t\x93.r/\xce\xa4\rK\xcb\x1aO\x03z$\xbeYvYn\xddI\xe7\x13\x8f\x15\xefL\xba`\x9d\xea\xed\xf0)s\x12r\x9b\xf2&\xf2-\xc6\xec\x96\x19\xc9\xd7\xda\x06\xba\x87\x18\xef+\xcdp\x95\xef\xd9\xb9s\x8b\xf3\x8b\x88<\xa0\xa3\xad\x8c\xaf&iMM\xc5>\xa7v\x17\xdf \xca\x86#\xa7*\xecl\xbfp\xc3x\xc3\xc1r\xbe7\xb5\xa3\xf11[`\xcb7z\xa0P\xd5p\xe9\xddC\xc0\x80=\xd9y\x01\x1c\xe7\x1cdN\xd5x\x89\xc9\xc0\xc4{\x01\xa6o\x9ceZ\xe1\xfa0?\x94\x1f\x9aQ\xf0Lf\x1e\x17A@\x06\x89\xadg+$/V\r\xc9oQ=k\xa0\xa6\\\x00\x99\x94\x10dy\x7f\xd1\xd2\xd04\x96\b\x80/\x9a\xfc\a\'\x83\xb8\xcd\xb1\xf5#\tr\xb4\xc4\x929\x01\xee\xe6\n\x8ba\xde\xdbsAzG\xe86\xfe\x83\x1d\xb3K2\xf0\x8f\xde\x85\x00M&\x00\x00O\x86\xec2/\xea\xe6$(L\x85\xf8Y\xcf,\xa3\x87^\xe1\xd8F\xe4AJ\xaa\x1f\xe9\xff?\x9aF\x97M\x80\xe9LR\xdc\x9f~\xce\xb5\xef\x14M\f#>O\xb44LB\xc6a\x82\xc5\x107\xae\xdb\v\xf7\xc4k\xab\xf8:\x1fj\xa2vf)\xee\xab\xb3C\x92\x8e\x80\xb1\x01\x85\xb1v\xae*\xa7])n)+\xd9\xcf\xe9\x9ag\x8a*u\xe4e?\xf9\x93\x93u\xd2M\xfd\xa1\xc5\xff\xd9\x15-\xabH\x90\x04\xea\x88\"\xfe\v\x1d\xa5}H\xee\xc7\x94\xdb\x02\xf7\t\x92\t5\x1e\xd6~R\x9e\xb5NV)\xa6\x1ff\xde\xbf\x97V\x87\v\x94\xb4\xb0\x7f3\xa3\x85c=\xb0\x8ab\x06\xfa\xe9\xb3\x1d\xc9.\x8br\xf9\xde\xd6\xe6\x14O\xc8\xff3ZA\xea\xd4\xa9]7\xd8\xed\xc6\xdf\x01\xb3\n8\xbf\xbe\x1e\v\x18\xd9\xb3+X4\xb5S\xe7\xf6oO;\xc5\xc8-\x9e\xb5\xbe\x97\xb4k\xd2n\xfa\xd1\x82\x16\xea\x93\xc7\xb3?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb7\xf2K\xe9\xcf\xc6y\xb00\xe0\xa0\f\xef\x02\xd5 (S\xffhY\"\x83\x05M\x0f\v\xec0B\xa9\xd7\x80\xdaL\xa2Q\x8c\xde\x17* \xf5)tk\xb6\xb9\x86?\x1a\xff\xdc\xecP\xd1w1\xf4a\x00r\x06,\x86S\x11)\xf4\x16W\xd6\x86\x10\x02\x15mod\x854\xd4\'^\xb6\xe9f\xd6:\xfc5%\x16\xc5\xa5\xf1\x11k\xdd{\xaai\x8a\xde\xa6\x18,H\xd8\xe5\xf5g\xe7U\\(\x01\xc5\xde\x1d\x8acHf\x86`9qV|=\xbb\xd1\x95\x0f\x86\xffa\xb1\xdb\x82l\xc3\xcf\x88\xeeJ\xda\x8b0f\xac\xc2n\xd1\')\xf2\xaf\xc0\x06\x01\xb4b\xef\xa8!\xf9\n\xf7{C\xdc`h\b6>\x171\x16\x89\xa8\xe9OC\x7f\xb1\x1c\xd4\xd5\xa7\x7f\xfd\xa8Y\xf0s_\xfb\x00', &(0x7f0000002300)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\x04\xda\nU\x84\xc2\xe3E\xc1\xd8L\xb1r\xb0\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x11\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xa7\x83}\x92W\xeb\xe5\xa3\xcc\a\x10dxb\xc2\x13mNP\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb6\\\xf5\xf3\xeb\xa3\x98\f1\x8b\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0=k\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\xa6\xa1\x03cz>R\x11\xba\xf9\x17\r\x98\ap\xda-\xb0R\t\x93.r/\xce\xa4\rK\xcb\x1aO\x03z$\xbeYvYn\xddI\xe7\x13\x8f\x15\xefL\xba`\x9d\xea\xed\xf0)s\x12r\x9b\xf2&\xf2-\xc6\xec\x96\x19\xc9\xd7\xda\x06\xba\x87\x18\xef+\xcdp\x95\xef\xd9\xb9s\x8b\xf3\x8b\x88<\xa0\xa3\xad\x8c\xaf&iMM\xc5>\xa7v\x17\xdf \xca\x86#\xa7*\xecl\xbfp\xc3x\xc3\xc1r\xbe7\xb5\xa3\xf11[`\xcb7z\xa0P\xd5p\xe9\xddC\xc0\x80=\xd9y\x01\x1c\xe7\x1cdN\xd5x\x89\xc9\xc0\xc4{\x01\xa6o\x9ceZ\xe1\xfa0?\x94\x1f\x9aQ\xf0Lf\x1e\x17A@\x06\x89\xadg+$/V\r\xc9oQ=k\xa0\xa6\\\x00\x99\x94\x10dy\x7f\xd1\xd2\xd04\x96\b\x80/\x9a\xfc\a\'\x83\xb8\xcd\xb1\xf5#\tr\xb4\xc4\x929\x01\xee\xe6\n\x8ba\xde\xdbsAzG\xe86\xfe\x83\x1d\xb3K2\xf0\x8f\xde\x85\x00M&\x00\x00O\x86\xec2/\xea\xe6$(L\x85\xf8Y\xcf,\xa3\x87^\xe1\xd8F\xe4AJ\xaa\x1f\xe9\xff?\x9aF\x97M\x80\xe9LR\xdc\x9f~\xce\xb5\xef\x14M\f#>O\xb44LB\xc6a\x82\xc5\x107\xae\xdb\v\xf7\xc4k\xab\xf8:\x1fj\xa2vf)\xee\xab\xb3C\x92\x8e\x80\xb1\x01\x85\xb1v\xae*\xa7])n)+\xd9\xcf\xe9\x9ag\x8a*u\xe4e?\xf9\x93\x93u\xd2M\xfd\xa1\xc5\xff\xd9\x15-\xab\b\x90\x04\xea\x88\"\xfe\v\x1d\xa5}H\xee\xc7\x94\xdb\x02\xf7\t\x92\t5\x1e\xd6~R\x9e\xb5NV)\xa6\x1ff\xde\xbf\x97V\x87\v\x94\xb4\xb0\x7f3\xa3\x85c=\xb0\x8ab\x06\xfa\xe9\xb3\x1d\xc9.\x8br\xf9\xde\xd6\xe6\x14O\xc8\xff3ZA\xea\xd4\xa9]7\xd8\xed\xc6\xdf\x01\xb3\n8\xbf\xbe\x1e\v\x18\xd9\xb3+X4\xb5S\xe7\xf6oO;\xc5\xc8-\x9e\xb5\xbe\x97\xb4k\xd2n\xfa\xd1\x82\x16\xea\x93\xc7\xb3?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb7\xf2K\xe9\xcf\xc6y\xb00\xe0\xa0\f\xef\x02\xd5 (S\xffhY\"\x83\x05M\x0f\v\xec0B\xa9\xd7\x80\xdaL\xa2Q\x8c\xde\x17* \xf5)tk\xb6\xb9\x86?\x1a\xff\xdc\xecP\xd1w1\xf4a\x00r\x06,\x86S\f)\xf4\x16W\xd6\x86\x10\x02\x15mod\x854\xd4\'^\xb6\xe9f\xd6:\xfc5%\x16\xc5\xa5\xf1\x11k\xdd{\xaai\x8a\xde\xa6\x18,H\xd8\xe5\xf5g\xe7U\\(\x01\xc5\xde\x1d\x8acHf\x86`9qV|=\xbb\xd1\x95\x0f\x86\xffa\xb1\xdb\x82l\xc3\xcf\x88\xeeJ\xda\x8b0f\xac\xc2n\xd1\')\xf2\xaf\xc0\x06\x01\xb4b\xef\xa8!\xf9\n\xf7{C\xdc`h\b6>\x171\x16\x89\xa8\xe9OC\x7f\xb1\x1c\xd4\xd5\xa7\x7f\xfd\xa8Y\xf0s_\xfb\x004Wq\x80\xcc\xb7\v\x9e,Q\xea\x19\xc9ck?_\x92\x1e\x0e\t\xb4\xa7_#Y\xbb\xe4\xa5\x15\xad\xbb\xd6\x00\vJ\xb6\xf6\xebE\x14T\xb6\x9c\v\xca\xdf\n('], 0x0)

1m5.218443883s ago: executing program 3 (id=111):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d0422c2000000000001090224000100000000090400000103000000092100000001220b0009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, 0x0, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000400)={{{@in6=@loopback, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0, 0x0, 0x3a}, {}, {0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2}, {{@in6=@local}, 0x0, @in=@rand_addr=0x64010101, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000000c0)={@mcast2={0xff, 0x5}, @ipv4={'\x00', '\xff\xff', @loopback}, @private0})
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000000)=0x3)
mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000002, 0x8012, r4, 0x0)
ioctl$SNDCTL_DSP_POST(r4, 0x5008, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r4, 0x800c5012, &(0x7f0000000040))
sendmsg$NL80211_CMD_JOIN_IBSS(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000a40)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYBLOB="4ed3117a4b5eb20c96d128921857488cbc9ca9ff8cf5120f9627d8e9bb05fc01fc10d604fd91d0ac6a815e281957781a1831ab59f7a46589c196fdf0507b6e052d6db35769c02ed626b2f3", @ANYBLOB="010100000000000000002b00000008000300cfc42e3519969e4111c6210cdaf5768be27bfee526eabe783d1054ad407a3919fd87be262e83a45a888fbce3a3e2767500bbecb72edeae54740c6b3f0c6cca9418f76377800d3462a963b952e9a369562c5fa4662fe1708e2d420ded96fbb9d51c004350d13f111f698975dfb42261be6b4c393efc4166aebe1fa49dab384d51e02bb8c18699d2e01df28b056b50a737d2e7b7e5ad717268005b5949e2a4154400c271cc876d7ea9d5039658e0bb352aff693cce6075e6ff3ffbf6651939951ffbcd9df6ec5ddcf8c2b50d3c17664435", @ANYBLOB="2caba343cb8fc1de53b949a1c1952188b686cd74ca3fd993b372f9a51a2d3171fb31e1f9b1463ad53c7879909aa91db935225e3bc7a8974429", @ANYBLOB="04004600240051802000008005000200000000000900010000000000000000000800030001ac0f000a0034000202020202020000080026006c090000"], 0x58}}, 0x0) (async)
sendmsg$NL80211_CMD_JOIN_IBSS(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000a40)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYBLOB="4ed3117a4b5eb20c96d128921857488cbc9ca9ff8cf5120f9627d8e9bb05fc01fc10d604fd91d0ac6a815e281957781a1831ab59f7a46589c196fdf0507b6e052d6db35769c02ed626b2f3", @ANYBLOB="010100000000000000002b00000008000300cfc42e3519969e4111c6210cdaf5768be27bfee526eabe783d1054ad407a3919fd87be262e83a45a888fbce3a3e2767500bbecb72edeae54740c6b3f0c6cca9418f76377800d3462a963b952e9a369562c5fa4662fe1708e2d420ded96fbb9d51c004350d13f111f698975dfb42261be6b4c393efc4166aebe1fa49dab384d51e02bb8c18699d2e01df28b056b50a737d2e7b7e5ad717268005b5949e2a4154400c271cc876d7ea9d5039658e0bb352aff693cce6075e6ff3ffbf6651939951ffbcd9df6ec5ddcf8c2b50d3c17664435", @ANYBLOB="2caba343cb8fc1de53b949a1c1952188b686cd74ca3fd993b372f9a51a2d3171fb31e1f9b1463ad53c7879909aa91db935225e3bc7a8974429", @ANYBLOB="04004600240051802000008005000200000000000900010000000000000000000800030001ac0f000a0034000202020202020000080026006c090000"], 0x58}}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x281c2, 0x10) (async)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x281c2, 0x10)
fcntl$setlease(r5, 0x400, 0x1)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})
bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) (async)
bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
close_range(r6, 0xffffffffffffffff, 0x0) (async)
close_range(r6, 0xffffffffffffffff, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="3401000016008502000000000000000020010000000000000000000000000002e00000020000000000843530af110d884c00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000032"], 0x134}}, 0x0)
r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000140), 0x200000, 0x0)
write$rfkill(r7, &(0x7f0000000180)={0x0, 0x2, 0x1, 0x1}, 0x8)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r8, 0x4000000000000, 0x40, &(0x7f0000000280)=@raw={'raw\x00', 0x8, 0x3, 0x228, 0xb8, 0x8, 0xfa04, 0x0, 0x6c02, 0x190, 0x194, 0x194, 0x190, 0x194, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xb8, 0x0, {0x0, 0x74020000}}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 'wg1\x00', {0xfffffffffffffbff}}}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x22, 0x0, 0xfffffffd, 0x2, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x288) (async)
setsockopt$IPT_SO_SET_REPLACE(r8, 0x4000000000000, 0x40, &(0x7f0000000280)=@raw={'raw\x00', 0x8, 0x3, 0x228, 0xb8, 0x8, 0xfa04, 0x0, 0x6c02, 0x190, 0x194, 0x194, 0x190, 0x194, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xb8, 0x0, {0x0, 0x74020000}}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 'wg1\x00', {0xfffffffffffffbff}}}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x22, 0x0, 0xfffffffd, 0x2, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x288)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000840)=ANY=[@ANYBLOB="a4015ae30469ee210000160001000000000000000000fe0000000000ffffffff00000000bbfc9f1f", @ANYRESDEC=r2, @ANYRES16=r8, @ANYRES32=r2], 0x1a4}}, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000481c0401000c0000f9fffffffffe000000af509bed40c15ebe7d26e903800f54078ce445bceb04fcc51881c76f3e7927c0171ed138f47345ab46dff857892d57365bbdb602041fb65f6c386500480942fdb7987d9e76596bf78be080bed333241ebf5acd1fd3943f453c895d5ac86fb5c7781d4f1f1c065bbb229a10111a2cf07e42bf7f2732d5aa060d3e6bcd0b4dfd4ecebe2481d2e7efb589c932aa08a9526bca668686a90f08a278ba88ca4119c152cc6f394d3e40bfa3749a66cde8f6103ed23d32b78f0788e680cd1110d6cf139c9f9367f826ef45c6771cd3fa15102dabd81f8490bc87418432144a1762649195917439219fb913d557b6a84caa3edb4dce62f368b541ba257c05c95e0c3e716a8133e0c196"], 0x14}}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000500)={0x24, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="00220b00000035f457bf927e640066"], 0x0}, 0x0) (async)
syz_usb_control_io$hid(r0, &(0x7f0000000500)={0x24, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="00220b00000035f457bf927e640066"], 0x0}, 0x0)

1m0.362128341s ago: executing program 1 (id=130):
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8916, &(0x7f0000000040)={'ip6gretap0\x00', @random="0200ff7fdfff"}) (async)
ioctl$SIOCSIFHWADDR(r1, 0x8916, &(0x7f0000000040)={'ip6gretap0\x00', @random="0200ff7fdfff"})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) (async)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f00000000c0)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}, {&(0x7f0000000580)=""/173, 0xad}], 0x2, 0x0, 0x5)
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f0000000140)=0x200000000)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, 0x0)
sendmsg$nl_route(r2, 0x0, 0x884) (async)
sendmsg$nl_route(r2, 0x0, 0x884)
write$vhost_msg_v2(r3, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48) (async)
write$vhost_msg_v2(r3, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f0000000640)={0x2, 0x0, {&(0x7f0000000740)=""/234, 0xea, 0x0, 0x0, 0x2}}, 0x4f)
write$vhost_msg_v2(r3, &(0x7f00000003c0)={0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}}, 0x48)
r4 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r4, 0x10d, 0xf9, &(0x7f0000000000), &(0x7f0000000240)=0x4) (async)
getsockopt$inet_int(r4, 0x10d, 0xf9, &(0x7f0000000000), &(0x7f0000000240)=0x4)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r6=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000340)=0x1, r6, 0x0, 0x1, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r5, &(0x7f0000000040)={0x7, 0x8, 0xfa00, {r6}}, 0x10)
prlimit64(0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x81, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
sendmsg$NL80211_CMD_CONNECT(r0, 0x0, 0x0) (async)
sendmsg$NL80211_CMD_CONNECT(r0, 0x0, 0x0)

58.382666167s ago: executing program 1 (id=133):
prctl$PR_SET_NAME(0x4, 0x0)
madvise(&(0x7f0000990000/0x3000)=nil, 0x3000, 0xe)
remap_file_pages(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000008, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10003)
r0 = openat$sysfs(0xffffff9c, &(0x7f00000000c0)='/sys/kernel/address_bits', 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
read$FUSE(0xffffffffffffffff, &(0x7f0000003400)={0x2020, 0x0, <r1=>0x0, 0x0, 0x0, <r2=>0x0}, 0xfffffffffffffd0a)
preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x11)
landlock_create_ruleset(&(0x7f0000000080), 0x10, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000003c0)="9f9087453b0000000000000052859b3668efb791dff72501c7e5d5f3dfffbc2f", 0x20)
r4 = accept(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r4)
fsopen(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x5, 0x2})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
socketpair$unix(0x1, 0x6, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$unix(r7, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYRESHEX=r0, @ANYRES8=r1, @ANYBLOB="f0b95f90ae8b279e3d16f732dc74c22038c795cf05112bc07bd93368991aadf17c96840d1298e921039804fee750e14ad0aeb48be3d45820df53f595006a2d3ea9562369e0da0a92650084b58683d3e1bdc09fbfb382a6e41f68411b7e10a7128901f8838c9cf72ad3f9577188a5b3325c76edf2b5066c43465e5eca8648c00f2ddd1da7c47a8a552dff164ff32c6d03921f", @ANYRES16, @ANYRES16=r2, @ANYRESHEX=0x0, @ANYBLOB="0045834a6373f37dc1fd7befcc0fbcd7c7f19f7897", @ANYRESHEX=r0], 0x18}, 0x200448c4)
close_range(r5, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3)

57.885875282s ago: executing program 0 (id=134):
openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) (async)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000240)={@hyper})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000080)={{@hyper}, @hyper, 0x0, 0x0, 0x2})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000300)={{@host}, @host, 0x0, 0x0, 0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000000)={{@my=0x1}, @my=0x1, 0x0, 0x0, 0x421})
ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(r0, 0x7a9, &(0x7f00000000c0)={{@hyper}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff8, 0x4})
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56a, 0x32a, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff}}}}}]}}]}}, 0x0) (async)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56a, 0x32a, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0) (async)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f0000000400)={0x2c, &(0x7f0000000280)={0x0, 0x21, 0x7, {0x7, 0x0, "3d7da32915"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

57.772588407s ago: executing program 1 (id=136):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)={0x20, r2, 0x21, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_TX_RATES={0x4, 0x10d}]}, 0x20}}, 0x0)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='3\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000001000000240001800600010002000000060001000200000008000300ac1414aa00000700", @ANYRES32=0x0, @ANYBLOB], 0x38}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
socket$kcm(0x29, 0x7, 0x0)

57.243861877s ago: executing program 1 (id=138):
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1f}]}, @NFT_MSG_NEWSETELEM={0x8c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x60, 0x3, 0x0, 0x1, [{0x5c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x50, 0xb, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}, {0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x5}, @NFTA_LIMIT_UNIT={0xc}]}}}]}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0x110}}, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',=', @ANYBLOB=','])

57.043546592s ago: executing program 1 (id=139):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f0000004000)=""/102399, 0x18fff}], 0x1, 0xfffffffd, 0x0)
r1 = mq_open(&(0x7f0000000200)='^-!-):(%@^+\x00', 0x40, 0x104, 0x0)
mq_getsetattr(r1, 0x0, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$inet_opts(r2, 0x0, 0xd, &(0x7f0000000000)=""/2, &(0x7f0000003fc0)=0x2)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000180)={0xfffffc}, 0x10)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100))
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000040)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000640)={0x20, 0x0, &(0x7f0000000280)=[@request_death, @clear_death], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0x4, 0x0, &(0x7f0000000080)="ecfa2a69"})
write(r3, &(0x7f00000000c0)="240000001a005f0214f9f4070000000000080004000100"/36, 0x24)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)}}], 0x2, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r6)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
setitimer(0x2, 0x0, 0x0)
r7 = mq_open(&(0x7f0000000000)='trusted.syz\x00', 0x40, 0x74, 0x0)
syz_io_uring_setup(0x1315, &(0x7f00000002c0)={0x0, 0xe06b, 0x8, 0x1, 0x94}, &(0x7f0000000340), &(0x7f0000000380))
fsync(r7)
setitimer(0x2, &(0x7f0000000440)={{0x77359400}, {0x77359400}}, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r8, 0x107, 0x7, 0x0, 0x0)

50.883791166s ago: executing program 1 (id=142):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_type(r0, &(0x7f00000001c0), 0x2, 0x0)
write$cgroup_type(r1, &(0x7f0000000280), 0x9)
r2 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f0000000c40), 0x12)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="380000005400e501000000000000000007000000", @ANYRES32, @ANYBLOB="20000100", @ANYRES32, @ANYBLOB="e1030000000000000002000000000099e0955e1650"], 0x38}}, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
syz_clone(0x40020000, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000100))
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r7 = dup3(r5, r1, 0x0)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000005c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r8, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000000180)={0x73622a85, 0xa, 0x1})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0xc, &(0x7f00000007c0)={@ptr={0x70742a85, 0x1, &(0x7f0000000900)=""/231, 0xe7, 0x1, 0x25}, @fda={0x66646185, 0x4, 0x1, 0x11}, @flat=@weak_binder={0x77622a85, 0x101, 0x2}}, &(0x7f0000000240)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0})
r9 = openat$cgroup_ro(r4, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r9, &(0x7f0000000200)=0x1, 0x12)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r10 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r11 = openat$cgroup_procs(r10, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r11, &(0x7f0000000080), 0x12)

50.831679663s ago: executing program 0 (id=143):
socket$inet_sctp(0x2, 0x1, 0x84)
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000200)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x70)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000100)=@assoc_value, &(0x7f0000000980)=0x59)
r2 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0xc}}}, 0x24}}, 0x10)
getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff3}, {0x0, 0x1}, {0xc}}, [@filter_kind_options=@f_flower={{0xb}, {0xfffffffffffffe03, 0x2, [@TCA_FLOWER_INDEV={0x14, 0x2, 'ip6gretap0\x00'}, @TCA_FLOWER_KEY_ETH_DST={0xa, 0x4, @local}]}}]}, 0x54}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0)
ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x20001400)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x40047451, 0x2000000e)
ioctl$TUNSETOFFLOAD(r4, 0x40047451, 0x20000015)
r5 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r5, 0x40045532, &(0x7f0000000140))
openat$audio(0xffffffffffffff9c, 0x0, 0x88602, 0x0)
syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000e00), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket(0x28, 0x1, 0x15331f43)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'syz_tun\x00'})
sendmsg$ETHTOOL_MSG_COALESCE_SET(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="ff030000000000000400000000000016140000000c00018008000100", @ANYRES16=r2, @ANYBLOB="0800040005000000080014000300000005000b0001000000"], 0x38}}, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401)

47.115838749s ago: executing program 0 (id=145):
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="120100007e9eb4104c053a00f51601020301090212000100000000090400000008c53800"], 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000380))
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_io_uring_setup(0x416f, &(0x7f0000000780)={0x0, 0x0, 0x10100}, &(0x7f0000001240)=<r4=>0x0, &(0x7f0000001340)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r3, 0x567, 0x0, 0x0, 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f00000002c0)=0x200000000)

45.629191951s ago: executing program 0 (id=146):
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0)
mount$fuse(0x20000000, &(0x7f0000000580)='./file0\x00', 0x0, 0x223216, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67ffffdfffffb5e900", @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt(r4, 0xff, 0x1, 0x0, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x1e, &(0x7f0000000180)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
bind$l2tp(r3, &(0x7f0000000100)={0x2, 0x0, @empty, 0x3}, 0x10)
r5 = syz_open_dev$vivid(&(0x7f00000001c0), 0x1, 0x2)
close_range(r2, r5, 0x2)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "0040041e1d113c812e5d601adda05c7b5d27c9"})
r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='blkio.throttle.io_service_bytes\x00', 0x275a, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000180)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r8, <r9=>0xffffffffffffffff}, 0x4)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000140)={r9, 0x0}, 0x20)
ioctl$FS_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000040))
write$cgroup_int(r7, &(0x7f0000000000), 0xffffff6a)
ioctl$FS_IOC_RESVSP(r7, 0x4030582a, &(0x7f0000000200)={0x1100, 0x0, 0x0, 0x10000})
ioctl$FIBMAP(r7, 0x1, &(0x7f0000000080))
bpf$MAP_CREATE(0x0, &(0x7f0000000900)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)

45.369213037s ago: executing program 0 (id=147):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9}, [@ldst={0x3, 0x0, 0x3, 0x1, 0xb, 0x5e}]}, &(0x7f0000000040)='syzkaller\x00', 0x9, 0x20, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

41.959912311s ago: executing program 0 (id=154):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000001000a64000000090a010200000000000000000000000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d2800098008000140000000001c0002800c"], 0x8c}}, 0x0)

37.836072068s ago: executing program 2 (id=161):
r0 = epoll_create1(0x0)
r1 = syz_open_dev$usbmon(&(0x7f00000000c0), 0x0, 0x80401)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r0, &(0x7f0000000100)={0x90002017})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r3, 0x0)
syz_emit_ethernet(0x5a, &(0x7f0000000580)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd60ff00f500240600fe8000000000000000000000000000bbfe8000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="90c20000907800001ed1edb91ff13508743a994f27"], 0x0)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000000)={0xc0002015})
unshare(0x20000400)
socket$rds(0x15, 0x5, 0x0)
r4 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc9\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\xa4(V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93i|\xc0\x00\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\xefo\xb8\x8f]\x14\x1d', 0x0)
r5 = syz_open_dev$I2C(0x0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
ioctl$I2C_RDWR(r5, 0x707, &(0x7f00000000c0)={&(0x7f0000000080), 0x23})
pwritev(r4, &(0x7f0000000bc0)=[{0x0}, {&(0x7f0000000340)="8510b3ddb3dd290329bba23d65c0fae8ebb2f0b5ed63c435969226439bfd1562668894f843aa07345b0c80f1b10088abbf872a345ec89921df70fcf18047732f829a3a07e023fd2c5413b1ffe37ac9546cc182e7d1e4837b6c23540ec273bb3afa6fd17c9067876d72d212362c4dea697c7ddb634322900b881e9c14b10f694793e8158516758f6a695c541b4b16084bd0b1e32ee7045e91219ad93891bbfe098caa49e7e9274c7bcc6b106052e35fb0e91b8e4db5ba9ecac7708550ca3d9dbfcfe30eb261ff073f3278c1bba7920c", 0xcf}, {&(0x7f00000001c0)="f8c7916431808fc8d645c584b649d2f90ff791dc52592dd32e968a16a26fd335211f9999b3bcf092b5e5c09fc554d3ce786eef96d10a21736eb49a792a", 0x3d}, {&(0x7f00000004c0)="7eb4a6a2926e44", 0x7}, {&(0x7f0000000640)="cdd6dee20daa014bfd5a680351b093ee564fae8d631d7ae9b834b9617b086fdfffda9ec19a2017bb3cae32e31414ad979b48625d180a9f133c84501442a0959feb60328608481083d41f75aaf2ba0c22fb6e4b5c53c19c9f0e14ac739b9cdfe2f697060c1b8e21e33871e9414d82e5c091de81fb712f3f6d2611a2053eff49b8c4ea6061dc3dffb072dfda968a78d386dbd0d2bf747b1986f53bf23956b12d79653ad5851fd14ef600188f9c47a4effbd7fcdaa87c11b1b36507236a1f8fad", 0xbf}, {&(0x7f00000007c0)="132633073092f4d22bf19c8ce61eab62e09fddd48a5fd9aab25e19bad3ecad8f0876a08e523637d70ed77f194d23c6ad3fb667bbb1464e242c1d1d4f5b551f7ad07679b2d407a9182075a66aa5286e1a62100c183d683ad8ad225701f65103f271b3d8773628c62efc2f9b6baf9818cc6220b2271519a3ed1f4ce5fe8123ca4372750cbc7c50dee8174d804a10bb1e40520d3f79d7f97290c1fcc4c69c00ef0ee28789b96c6c0dd2add31c16", 0xac}, {0x0}, {&(0x7f0000000ac0)="6452361e6f3714638cccfba421e4c8f9bb2664ce62247aefec8345e547d86a23ac43fb33e4cbe2722329ce8d69664883d448755eb299a07453ad8864c004a37b5cf4755dba5dd6fd69de3d743135b5d9", 0x50}, {&(0x7f0000000b40)="166c68527a82695fe73a5883a4ee7d7c9b7b2a7daab16d98054d6a50236721ec107241d4edda0663d9d985402224271f5957cd3f59b61c2c990b8df79a62fd2a1ae6", 0x42}], 0x9, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, r4)
creat(0x0, 0x198)
sendfile(r4, 0xffffffffffffffff, 0x0, 0x4000000000000000)
ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0xfffffffffffffe27)
connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r6 = creat(&(0x7f0000000140)='./file0\x00', 0x2)
setsockopt$inet6_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f0000000100), 0xfd8a)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58)
rseq(&(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x100000001, 0x239, 0x8}, 0x1}, 0x20, 0x1, 0x0)

36.545600733s ago: executing program 2 (id=164):
syz_io_uring_setup(0x110, &(0x7f0000000140), 0x0, 0x0)
r0 = socket$inet6(0xa, 0x3, 0xff)
mknod(&(0x7f00000004c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8001420, 0x0)
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r1, 0x402, 0x8000003d)
fcntl$setsig(r1, 0xa, 0x21)
creat(&(0x7f0000001080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000140)=ANY=[@ANYBLOB="00020201"], 0x18)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
write$binfmt_elf64(r0, 0x0, 0x90)
link(&(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', &(0x7f00000006c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newneigh={0x30, 0x1c, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r4, 0x40, 0xa2}, [@NDA_LLADDR={0xa, 0x2, @remote}, @NDA_VLAN={0x6, 0x5, 0x1}]}, 0x30}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)=<r6=>0x0)
prlimit64(r6, 0xe, &(0x7f0000000080)={0x200, 0xd0}, &(0x7f00000000c0))

30.356950778s ago: executing program 2 (id=167):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000001140)={{0x12, 0x1, 0x0, 0xbd, 0xf7, 0x13, 0x8, 0x2770, 0x930c, 0x8d6a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2a, 0xc5, 0x98}}]}}]}}, 0x0)
r1 = openat$ttyS3(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = dup(r1)
ioctl$TCSETSW2(r2, 0x402c542c, 0x0)
sendto$inet6(r2, &(0x7f0000000000)="83a7d9dca0663a766580801f1d6208cc3ff375e8c0eaddbbabff7b4730bc87e372", 0x21, 0x80, &(0x7f0000000040)={0xa, 0x4e22, 0xfffffffd, @remote, 0x6f8f6b81}, 0x1c)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f00000000c0)={0x0, 0x15, 0x6, "fc19d02303f6"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

28.327798557s ago: executing program 2 (id=168):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
clock_gettime(0x0, &(0x7f0000000300)={<r1=>0x0, <r2=>0x0})
r3 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0x0, 0x5}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x5, "fff1000000000500"}}}]}, 0x48}}, 0x0)
recvmmsg(r0, &(0x7f00000002c0)=[{{&(0x7f0000000000), 0x80, &(0x7f0000000280)=[{&(0x7f0000000100)=""/9, 0x9}, {&(0x7f0000000140)}, {&(0x7f0000000180)=""/219, 0xdb}], 0x3}, 0x1}], 0x1, 0x40000001, &(0x7f0000000340)={r1, r2+10000000})
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000380)=0x1, 0x4)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
prctl$PR_SCHED_CORE(0x3e, 0x1, r6, 0x1, &(0x7f0000000140))
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f0000001000)=[{{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000640)="0036d551863e1902129da79f5986e05288f50e5398660c1a29b0f45c0cc36902e0251c8d34197b357b32b161f9ad72d55a0eab976aae24ed805271b43f0ce2fea5e764494873e0d82a172b3bb54f59b458fd35039c7d81e9ab07f2fb4dad61bd500a119b54c74a12e4569e47b69a95", 0x6f}], 0x1}}], 0x1, 0x0)

27.328583095s ago: executing program 2 (id=169):
socket$inet(0x2, 0x4, 0x400)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$netlink(0x10, 0x3, 0x6)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000800)=ANY=[@ANYBLOB="5c00000091736a3a84c85190002c45001173d02d3d31023a11cc18e86a3a8dae8c803cca935e56c61a30c6b6607d08fa86edc2bae6327cd7c70b7da0cab90629d564b771a8ba1804f0e123788840bc447bac03934918bed7e588ab64"], 0x5c}, 0x1, 0x0, 0x0, 0x8000800}, 0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={0xffffffffffffffff, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000200)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), <r1=>0x0, 0xd0, &(0x7f0000000300)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000000340), &(0x7f0000000380), 0x8, 0xd3, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r2 = mq_open(&(0x7f00005a1ffb)='e\xeeQ\x92o', 0x42, 0x0, 0x0)
r3 = dup2(r2, r2)
mq_notify(r3, &(0x7f0000000000)={0x20000000, 0x4000000000003, 0x2})
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_clone(0x80280, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
unshare(0x4000400)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r5 = epoll_create1(0x80000)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r6, 0x89f0, &(0x7f0000000140)={'ip6gre0\x00', &(0x7f00000000c0)={'ip6_vti0\x00', 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, @empty, @empty}})
r7 = eventfd2(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r7, &(0x7f0000000180))
socket(0x29, 0xa, 0x3)
r8 = epoll_create1(0x0)
r9 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r9, 0xc0045516, &(0x7f0000000000)=0xfff)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000000)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x30, 0x3, 0xa, 0x301, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_USERDATA={0x4}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x109}], {0x14}}, 0x8c}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r9, &(0x7f00000001c0))
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r9, 0xc1105517, 0x0)

26.957517295s ago: executing program 2 (id=170):
socket$nl_route(0x10, 0x3, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
unshare(0x68040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r0 = gettid()
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r1, &(0x7f0000000000), 0xffe000)
timer_create(0x2, &(0x7f000049efa0)={0x0, 0x7, 0x4, @tid=r0}, &(0x7f0000044000)=<r2=>0x0)
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
timer_gettime(r2, &(0x7f0000000080))

20.313582498s ago: executing program 4 (id=172):
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt(0xffffffffffffffff, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x19, &(0x7f0000000340), 0x8)
gettid()
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0)
r1 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x169, 0x4)
getsockopt$inet_tcp_int(r1, 0x6, 0x2, 0x0, &(0x7f0000000340))
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0x40045542, &(0x7f0000000b00))
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
getsockopt$IP_VS_SO_GET_TIMEOUT(0xffffffffffffffff, 0x0, 0x486, 0x0, &(0x7f0000000100))
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r3, 0x1, 0x2a, &(0x7f0000006780)=0xcf, 0x62)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c)
recvmmsg(r3, &(0x7f0000005dc0)=[{{0x0, 0x0, 0x0}}], 0x4000000000002b1, 0x1f, 0x0)
connect$inet6(r3, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0)
syz_open_dev$dmmidi(&(0x7f0000000080), 0x200, 0x0)

17.058891967s ago: executing program 4 (id=173):
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x1c, 0x2, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x7, 0x2480)
ioctl$LOOP_GET_STATUS64(r1, 0x4c05, &(0x7f0000000400))
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000004c0)=ANY=[@ANYBLOB="5c0000001000090400"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000028001280090001007665746800000000180002801400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\n'], 0x5c}}, 0x0)

12.13729623s ago: executing program 4 (id=175):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c0000005a00e923000000000000000000000000080001"], 0x1c}}, 0x0)
futex(&(0x7f000000cffc), 0xb, 0x0, 0x0, &(0x7f0000000340), 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000000280), 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
socket(0x1e, 0x5, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0xf, &(0x7f0000000d80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
socket(0x10, 0x3, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000019000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0xa, 0x0, 0x0)
r4 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r4, &(0x7f0000000000)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x24)
listen(r4, 0x4)
recvmmsg(r4, &(0x7f00000050c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2040, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

3.887091307s ago: executing program 4 (id=176):
io_uring_setup(0x253d, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x172})
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
setsockopt$sock_timeval(r1, 0x1, 0x14, 0x0, 0x0)
bind$unix(r1, 0x0, 0x0)
listen(r1, 0x1)
r2 = fcntl$dupfd(r0, 0x0, r0)
ioctl$UI_ABS_SETUP(r2, 0x401c5504, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
r3 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(r2, &(0x7f0000000340)={0x2, 0x4e23, @loopback}, 0x10)
sendmsg$xdp(r3, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4044010}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0xc4}, 0xda1df123c5ed76bd)
ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000500)={{}, 'syz0\x00'})
ioctl$UI_DEV_CREATE(r0, 0x5501)
socket$inet_udp(0x2, 0x2, 0x0)
syz_open_dev$evdev(&(0x7f0000000500), 0x4, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
fdatasync(r1)
mincore(&(0x7f0000ffd000/0x2000)=nil, 0x2000, &(0x7f0000000900)=""/4096)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CAP_HALT_POLL(r5, 0x4068aea3, &(0x7f0000000000)={0xdf, 0x0, 0x10000})
r6 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r6, &(0x7f0000000080), 0xc)
r7 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r7, &(0x7f0000000040)={0x2a, 0x1, 0x4000}, 0xc)

249.131012ms ago: executing program 4 (id=177):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000a80)=@raw={'raw\x00', 0x3c1, 0x3, 0x3e0, 0x108, 0x9403, 0x4, 0x0, 0x2c0, 0x310, 0x4a8, 0x3d8, 0x310, 0x3d8, 0x3, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x4}, @empty, [0x0, 0xff000000], [], 'veth1\x00', 'pimreg\x00'}, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@private, [], 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x7ff, 0xfffffffc}}}, {{@ipv6={@empty, @loopback, [], [], 'bond_slave_1\x00', 'batadv_slave_1\x00'}, 0x0, 0x1a0, 0x208, 0x0, {}, [@common=@inet=@iprange={{0x68}, {@ipv6=@mcast2, @ipv6=@mcast1, @ipv6=@remote, @ipv6=@mcast1}}, @common=@srh1={{0x90}, {0x73, 0x81, 0x6, 0x25, 0x5, @empty, @loopback, @ipv4={'\x00', '\xff\xff', @broadcast}, [0xff000000, 0xffffff00], [0xff000000, 0xff000000, 0xff000000], [0x0, 0x0, 0xff000000, 0xff], 0x24, 0x3004}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x440)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), r1)

0s ago: executing program 4 (id=178):
r0 = memfd_secret(0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_usb_connect(0x2, 0x1b, &(0x7f0000000880)={{0x12, 0x1, 0x0, 0xa0, 0xba, 0xd5, 0x10, 0x46d, 0x892, 0x495f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x9, 0x0, 0x0, 0x2}}]}}, 0x0)
r1 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setlease(r1, 0x400, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$kcm(0x11, 0xf, 0x300)
sched_setaffinity(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = dup2(r3, r5)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r6, 0xa, 0x0, r7)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r8 = userfaultfd(0x1)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f0000000040))
mremap(&(0x7f00002d7000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000a88000/0x2000)=nil, 0x3)
ioctl$UFFDIO_WRITEPROTECT(r8, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000800000/0x800000)=nil, 0x802000}, 0x2})
r9 = fcntl$dupfd(r8, 0x0, r8)
ioctl$UFFDIO_CONTINUE(r9, 0xc018aa06, &(0x7f0000000140)={{&(0x7f0000a85000/0x1000)=nil, 0x1000}})
landlock_restrict_self(r0, 0x0)
syz_emit_ethernet(0x70, &(0x7f0000000280)={@broadcast, @random="9d6f61fa0500", @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x2, 0x0, 0x62, 0x0, 0x0, 0x0, 0x2f, 0x0, @remote, @broadcast}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, [0x0, 0x0, 0x0]}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x9, 0x9]}}}}}}, 0x0)

kernel console output (not intermixed with test programs):

[ T5247] hsr_slave_1: entered promiscuous mode
[   74.701419][ T5247] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   74.709020][ T5247] Cannot create hsr debugfs directory
[   74.778653][ T5235] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   74.790891][ T5235] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   74.811709][ T5235] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   74.821427][ T5235] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   74.910902][ T5242] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   74.922584][ T5242] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   74.937041][ T5242] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   74.965432][ T5242] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   75.031162][ T5236] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   75.041400][ T5236] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   75.059789][ T5236] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   75.071411][ T5236] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   75.164981][ T5235] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.178608][ T5244] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   75.189627][ T5244] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   75.202087][ T5244] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   75.218753][ T5244] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   75.279370][ T5235] 8021q: adding VLAN 0 to HW filter on device team0
[   75.325151][ T5247] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   75.336685][ T5247] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   75.351598][ T2931] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.358860][ T2931] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.390344][ T5247] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   75.401724][ T2931] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.408898][ T2931] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.431522][ T5242] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.445365][ T5247] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   75.511380][ T5236] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.522031][ T5242] 8021q: adding VLAN 0 to HW filter on device team0
[   75.554395][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.561587][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.589666][ T5244] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.608103][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.615415][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.676432][ T5236] 8021q: adding VLAN 0 to HW filter on device team0
[   75.702631][ T2931] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.709768][ T2931] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.722193][ T2931] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.729338][ T2931] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.764274][ T5244] 8021q: adding VLAN 0 to HW filter on device team0
[   75.781249][ T5235] 8021q: adding VLAN 0 to HW filter on device batadv0
[   75.793473][ T2931] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.800609][ T2931] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.833329][ T2903] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.840573][ T2903] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.872756][ T5247] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.895996][ T5236] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   75.907842][ T5236] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   75.992579][ T5236] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.004289][ T5244] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   76.021539][ T5247] 8021q: adding VLAN 0 to HW filter on device team0
[   76.036607][ T5235] veth0_vlan: entered promiscuous mode
[   76.060407][   T54] Bluetooth: hci1: command tx timeout
[   76.062253][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.065996][ T5230] Bluetooth: hci0: command tx timeout
[   76.072994][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.094519][ T5235] veth1_vlan: entered promiscuous mode
[   76.105418][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.112566][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.167709][ T5247] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   76.183730][ T5247] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   76.197386][ T5242] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.220333][ T5230] Bluetooth: hci2: command tx timeout
[   76.242094][ T5236] veth0_vlan: entered promiscuous mode
[   76.257637][ T5244] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.282105][ T5247] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.299051][ T5236] veth1_vlan: entered promiscuous mode
[   76.300246][ T5230] Bluetooth: hci3: command tx timeout
[   76.326936][ T5235] veth0_macvtap: entered promiscuous mode
[   76.349401][ T5235] veth1_macvtap: entered promiscuous mode
[   76.381130][ T5230] Bluetooth: hci4: command tx timeout
[   76.403507][ T5244] veth0_vlan: entered promiscuous mode
[   76.417639][ T5236] veth0_macvtap: entered promiscuous mode
[   76.444920][ T5244] veth1_vlan: entered promiscuous mode
[   76.456689][ T5236] veth1_macvtap: entered promiscuous mode
[   76.485736][ T5235] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.519169][ T5247] veth0_vlan: entered promiscuous mode
[   76.526123][ T5242] veth0_vlan: entered promiscuous mode
[   76.536506][ T5235] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.558849][ T5236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   76.570478][ T5236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.584205][ T5236] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.605507][ T5247] veth1_vlan: entered promiscuous mode
[   76.615302][ T5236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   76.633374][ T5236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.645775][ T5236] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.657312][ T5235] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.666802][ T5235] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.676091][ T5235] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.684975][ T5235] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.728901][ T5244] veth0_macvtap: entered promiscuous mode
[   76.738105][ T5242] veth1_vlan: entered promiscuous mode
[   76.746210][ T5236] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.756605][ T5236] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.766449][ T5236] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.775589][ T5236] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.802842][ T5244] veth1_macvtap: entered promiscuous mode
[   76.837796][ T5247] veth0_macvtap: entered promiscuous mode
[   76.869529][ T5247] veth1_macvtap: entered promiscuous mode
[   76.918291][ T5244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   76.929188][ T5244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.940888][ T5244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   76.952143][ T5244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.964947][ T5244] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.975121][ T5244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   76.986237][ T5244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.996787][ T5244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   77.008722][ T5244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.019793][ T5244] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.030500][ T5244] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.039227][ T5244] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.048659][ T5244] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.057667][ T5244] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.097892][ T5247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   77.108814][ T5247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.121029][ T5247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   77.131810][ T5247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.141872][ T5247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   77.152698][ T5247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.166220][ T5247] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.176593][ T5247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   77.187884][ T5247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.198136][ T5247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   77.208823][ T5247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.218754][ T5247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   77.229468][ T5247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.241605][ T5247] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.257490][ T2903] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.267562][ T2903] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.284606][ T2903] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.294168][ T2903] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.301169][ T5247] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.310884][ T5247] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.319714][ T5247] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.328519][ T5247] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.339523][ T5242] veth0_macvtap: entered promiscuous mode
[   77.376906][ T5242] veth1_macvtap: entered promiscuous mode
[   77.407016][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.427487][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.464500][ T5242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   77.476466][ T5242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.486847][ T5242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   77.497602][ T5242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.507983][ T5242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   77.518622][ T5242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.529219][ T5242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   77.540017][ T5242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.551857][ T5242] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.565925][ T5242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   77.576988][ T5242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.587361][ T5242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   77.598028][ T5242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.608259][ T5242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   77.618859][ T5242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.628767][ T5242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   77.639434][ T5242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.650772][ T5242] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.660370][ T2903] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.682857][ T2903] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.719383][ T5242] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.734210][ T5242] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.743639][ T5242] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.760177][ T5242] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.787598][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.810128][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.964947][ T2903] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.994201][ T2903] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.033525][ T2931] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.048236][ T5286] xt_connbytes: Forcing CT accounting to be enabled
[   78.048667][ T2931] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.090708][ T5286] Cannot find add_set index 0 as target
[   78.141111][   T54] Bluetooth: hci1: command tx timeout
[   78.146748][ T5230] Bluetooth: hci0: command tx timeout
[   78.194128][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.234921][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.270415][ T2931] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.280321][   T25] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   78.298461][ T2931] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.301414][ T5230] Bluetooth: hci2: command tx timeout
[   78.346209][ T2931] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.380547][ T5230] Bluetooth: hci3: command tx timeout
[   78.391196][ T2931] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.460438][ T5230] Bluetooth: hci4: command tx timeout
[   78.490143][   T25] usb 2-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4
[   78.510334][   T25] usb 2-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0
[   78.518587][   T25] usb 2-1: Manufacturer: syz
[   78.531990][   T25] usb 2-1: config 0 descriptor??
[   78.846445][ T5310] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   78.881309][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   78.956566][ T5284] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2'.
[   79.200473][   T29] audit: type=1326 audit(1726700231.772:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5323 comm="syz.0.12" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd430f7def9 code=0x0
[   79.222608][ T5288] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   79.252411][   T25] gs_usb 2-1:0.0: Couldn't get device config: (err=-121)
[   79.268638][   T25] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -121
[   79.284421][ T5326] input: syz0 as /devices/virtual/input/input5
[   79.381842][ T5288] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   79.393553][ T5288] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   79.405722][ T5288] usb 5-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[   79.415525][ T5288] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   79.427551][ T5288] usb 5-1: config 0 descriptor??
[   79.443626][ T5278] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   79.603699][ T5278] usb 3-1: Using ep0 maxpacket: 32
[   79.637060][ T5278] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   79.653987][ T5278] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   79.668219][ T5278] usb 3-1: New USB device found, idVendor=2133, idProduct=0018, bcdDevice= 0.00
[   79.678752][ T5278] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   79.691911][ T5278] usb 3-1: config 0 descriptor??
[   79.694085][ T5288] isku 0003:1E7D:319C.0001: unknown main item tag 0x0
[   79.724275][ T5288] isku 0003:1E7D:319C.0001: unbalanced collection at end of report description
[   79.736668][ T5288] isku 0003:1E7D:319C.0001: parse failed
[   79.774987][ T5288] isku 0003:1E7D:319C.0001: probe with driver isku failed with error -22
[   79.882929][ T1174] usb 5-1: USB disconnect, device number 2
[   79.905421][ T5333] netlink: 4 bytes leftover after parsing attributes in process `syz.3.14'.
[   79.974854][ T5334] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   80.005963][ T5334] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   80.171356][ T5339] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16'.
[   80.199787][ T5336] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.208638][ T5336] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.220126][ T5230] Bluetooth: hci0: command tx timeout
[   80.226610][   T54] Bluetooth: hci1: command tx timeout
[   80.299032][ T5278] viewsonic 0003:2133:0018.0002: hidraw0: USB HID v0.00 Device [HID 2133:0018] on usb-dummy_hcd.2-1/input0
[   80.311115][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   80.321841][ T5336] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.329270][ T5336] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.337643][ T5336] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.344880][ T5336] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.379652][ T5336] team0: Port device bridge0 added
[   80.380227][ T5230] Bluetooth: hci2: command tx timeout
[   80.409805][ T5343] syz.0.17 uses obsolete (PF_INET,SOCK_PACKET)
[   80.416438][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   80.421150][ T5343] syzkaller1: entered promiscuous mode
[   80.436793][ T5343] syzkaller1: entered allmulticast mode
[   80.451502][ T5322] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   80.463732][ T5230] Bluetooth: hci3: command tx timeout
[   80.501680][ T5322] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   80.540319][ T5230] Bluetooth: hci4: command tx timeout
[   80.638540][ T5278] usb 3-1: USB disconnect, device number 2
[   80.830187][  T940] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   80.910186][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   80.940279][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   80.948530][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   80.999952][  T940] usb 5-1: Using ep0 maxpacket: 8
[   81.028161][ T5279] usb 2-1: USB disconnect, device number 2
[   81.050349][  T940] usb 5-1: New USB device found, idVendor=0763, idProduct=2080, bcdDevice=d0.ab
[   81.080829][  T940] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   81.104256][ T5366] xt_l2tp: invalid flags combination: 0
[   81.110027][  T940] usb 5-1: Product: syz
[   81.129096][  T940] usb 5-1: Manufacturer: syz
[   81.142238][  T940] usb 5-1: SerialNumber: syz
[   81.153688][  T940] usb 5-1: config 0 descriptor??
[   81.407089][ T5348] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   81.460961][ T5348] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   81.479348][ T5374] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   81.481867][ T5348] mmap: syz.4.18 (5348) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   81.504675][ T5376] netlink: 8 bytes leftover after parsing attributes in process `syz.0.27'.
[   81.727699][  T940] usb 5-1: USB disconnect, device number 3
[   81.736135][ T5374] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1114316856 (2228633712 ns) > initial count (1959316166 ns). Using initial count to start timer.
[   81.807464][ T5234] udevd[5234]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   81.848231][ T5378] kvm: Disabled LAPIC found during irq injection
[   81.883659][ T5374] netlink: 182100 bytes leftover after parsing attributes in process `syz.3.26'.
[   81.916402][ T5374] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16)
[   81.930750][ T1564] cfg80211: failed to load regulatory.db
[   81.939245][ T5374] openvswitch: netlink: Either Ethernet header or EtherType is required.
[   82.360158][ T5279] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   82.543902][ T5279] usb 4-1: Using ep0 maxpacket: 8
[   82.560418][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   82.580425][ T5279] usb 4-1: New USB device found, idVendor=046d, idProduct=0900, bcdDevice=66.9e
[   82.630170][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   82.642100][ T5279] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   82.667216][ T5279] usb 4-1: Product: syz
[   82.686749][ T5279] usb 4-1: Manufacturer: syz
[   82.704705][ T5279] usb 4-1: SerialNumber: syz
[   82.730771][ T5279] usb 4-1: config 0 descriptor??
[   82.833690][ T5279] gspca_main: spca500-2.14.0 probing 046d:0900
[   83.060131][ T5279] gspca_spca500: reg write: error -71
[   83.084796][ T5279] gspca_spca500: reg write: error -71
[   83.097004][ T5279] gspca_spca500: reg write: error -71
[   83.120157][ T5279] gspca_spca500: reg write: error -71
[   83.138764][ T5279] gspca_spca500: reg write: error -71
[   83.153947][ T5408] netlink: 8 bytes leftover after parsing attributes in process `syz.0.35'.
[   83.170770][ T5279] gspca_spca500: reg write: error -71
[   83.195071][ T5279] gspca_spca500: reg write: error -71
[   83.204389][ T5410] binder: BINDER_SET_CONTEXT_MGR already set
[   83.211678][ T5410] binder: 5401:5410 ioctl 4018620d 20000180 returned -16
[   83.211808][ T5279] gspca_spca500: reg write: error -71
[   83.226998][ T5410] binder: 5401:5410 ioctl c0306201 200003c0 returned -22
[   83.234853][ T5279] gspca_spca500: reg write: error -71
[   83.245633][ T5279] gspca_spca500: reg write: error -71
[   83.257819][ T5279] gspca_spca500: reg write: error -71
[   83.278332][ T5279] gspca_spca500: reg write: error -71
[   83.294460][ T5411] dummy0: entered promiscuous mode
[   83.308250][ T5279] gspca_spca500: reg write: error -71
[   83.320310][ T5411] macsec1: entered allmulticast mode
[   83.320540][ T5279] gspca_spca500: reg write: error -71
[   83.338447][ T5411] dummy0: entered allmulticast mode
[   83.346365][ T5279] usb 4-1: USB disconnect, device number 2
[   83.390877][ T5411] dummy0: left allmulticast mode
[   83.418155][ T5411] dummy0: left promiscuous mode
[   83.921941][ T5424] team0: Port device macvlan2 added
[   84.034417][ T5275] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   84.067515][ T5429] netlink: 8 bytes leftover after parsing attributes in process `syz.3.41'.
[   84.150386][ T5278] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   84.205577][ T5435] netlink: 12 bytes leftover after parsing attributes in process `syz.3.43'.
[   84.219684][ T5275] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   84.235834][ T5275] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   84.248764][ T5275] usb 5-1: New USB device found, idVendor=046d, idProduct=c623, bcdDevice= 0.00
[   84.259373][ T5275] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   84.263754][ T5279] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   84.278862][ T5275] usb 5-1: config 0 descriptor??
[   84.330425][ T5278] usb 3-1: Using ep0 maxpacket: 16
[   84.351551][ T5278] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   84.383941][ T5278] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[   84.407743][ T5278] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[   84.447888][ T5278] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[   84.480951][ T5278] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[   84.496491][ T5278] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 25
[   84.510919][ T5279] usb 2-1: Using ep0 maxpacket: 8
[   84.519762][ T5279] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   84.542147][ T5279] usb 2-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[   84.557667][ T5278] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   84.573599][ T5279] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   84.589106][ T5278] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[   84.610444][ T5278] usb 3-1: SerialNumber: syz
[   84.618621][ T5279] usb 2-1: config 0 descriptor??
[   84.638816][ T5279] gspca_main: vc032x-2.14.0 probing 046d:0892
[   84.651261][ T5278] cdc_acm 3-1:1.0: Control and data interfaces are not separated!
[   84.662746][ T5278] cdc_acm 3-1:1.0: probe with driver cdc_acm failed with error -12
[   84.743500][ T5419] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   84.753644][ T5419] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   84.771663][ T5275] usbhid 5-1:0.0: can't add hid device: -71
[   84.777759][ T5275] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[   84.790716][ T5275] usb 5-1: USB disconnect, device number 4
[   84.804262][ T1564] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   84.857071][ T5404] batadv0: entered promiscuous mode
[   84.863774][ T5404] macsec1: entered promiscuous mode
[   84.877602][ T5404] batadv0: left promiscuous mode
[   84.942655][ T5278] usb 3-1: USB disconnect, device number 3
[   84.966492][ T1564] usb 1-1: config 0 has an invalid interface number: 186 but max is 1
[   84.976813][ T1564] usb 1-1: config 0 has no interface number 1
[   84.987303][ T1564] usb 1-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice=e5.83
[   84.996845][ T1564] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   85.005081][ T1564] usb 1-1: Product: syz
[   85.009618][ T1564] usb 1-1: Manufacturer: syz
[   85.014743][ T1564] usb 1-1: SerialNumber: syz
[   85.027734][ T1564] usb 1-1: config 0 descriptor??
[   85.043294][ T1564] hub 1-1:0.186: bad descriptor, ignoring hub
[   85.054772][ T1564] hub 1-1:0.186: probe with driver hub failed with error -5
[   85.264979][ T5426] kvm: pic: non byte write
[   85.274653][ T5445] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   85.290184][ T5445] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   85.344459][ T5279] gspca_vc032x: reg_w err -110
[   85.349363][ T5279] vc032x 2-1:0.0: probe with driver vc032x failed with error -110
[   85.481000][ T5278] usb 1-1: USB disconnect, device number 2
[   85.541971][   T46] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[   85.550558][    T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!!
[   85.680758][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   85.727236][   T46] usb 4-1: New USB device found, idVendor=2013, idProduct=025d, bcdDevice=f5.0f
[   85.763235][   T46] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   85.788780][   T46] usb 4-1: Product: syz
[   85.811297][   T46] usb 4-1: Manufacturer: syz
[   85.816016][   T46] usb 4-1: SerialNumber: syz
[   85.870185][   T46] usb 4-1: config 0 descriptor??
[   85.919503][ T5465] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   86.100361][ T5278] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   86.109448][ T5449] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   86.143457][ T5449] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   86.216132][   T46] dvb-usb: found a 'PCTV 2002e SE' in warm state.
[   86.237174][   T46] dvb-usb: will use the device's hardware PID filter (table count: 32).
[   86.247644][   T46] dvbdev: DVB: registering new adapter (PCTV 2002e SE)
[   86.255377][   T46] usb 4-1: media controller created
[   86.268882][   T46] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   86.270134][ T5278] usb 5-1: Using ep0 maxpacket: 32
[   86.282555][ T1564] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   86.301944][ T5278] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[   86.313604][ T5278] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[   86.325618][ T5278] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024
[   86.337271][ T5278] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[   86.347771][ T5278] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[   86.358000][ T5278] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[   86.369652][   T46] DVB: Unable to find symbol dib7000p_attach()
[   86.370772][ T5278] usb 5-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[   86.385788][   T46] dvb-usb: no frontend was attached by 'PCTV 2002e SE'
[   86.413821][   T46] dvb-usb: will use the device's hardware PID filter (table count: 32).
[   86.418285][ T5278] usb 5-1: New USB device found, idVendor=2040, idProduct=4901, bcdDevice=47.77
[   86.437313][ T5278] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   86.442109][   T46] dvbdev: DVB: registering new adapter (PCTV 2002e SE)
[   86.445710][ T5278] usb 5-1: Product: syz
[   86.456689][ T5278] usb 5-1: Manufacturer: syz
[   86.461187][ T1564] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   86.462115][ T5278] usb 5-1: SerialNumber: syz
[   86.485297][ T5278] usb 5-1: config 0 descriptor??
[   86.491717][   T46] usb 4-1: media controller created
[   86.497646][ T5462] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[   86.508855][ T5478] netlink: 8 bytes leftover after parsing attributes in process `syz.0.53'.
[   86.519632][ T1564] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   86.542244][   T46] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   86.558543][ T1564] usb 3-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00
[   86.570850][ T1564] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   86.599012][ T1564] usb 3-1: config 0 descriptor??
[   86.693011][   T46] DVB: Unable to find symbol dib7000p_attach()
[   86.705518][   T46] dvb-usb: no frontend was attached by 'PCTV 2002e SE'
[   86.722629][ T5278] hdpvr 5-1:0.0: unexpected answer of status request, len -71
[   86.745359][ T5278] hdpvr 5-1:0.0: device init failed
[   86.764198][ T5278] hdpvr 5-1:0.0: probe with driver hdpvr failed with error -12
[   86.784518][ T5484] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   86.802547][ T5278] usb 5-1: USB disconnect, device number 5
[   86.814061][ T5484] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   86.820082][   T46] rc_core: IR keymap rc-dib0700-rc5 not found
[   86.828416][   T46] Registered IR keymap rc-empty
[   86.845750][   T46] dvb-usb: could not initialize remote control.
[   86.869081][ T5484] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   86.871993][   T46] dvb-usb: PCTV 2002e SE successfully initialized and connected.
[   87.026995][ T1564] elo 0003:04E7:0030.0003: unknown main item tag 0xd
[   87.057198][ T1564] elo 0003:04E7:0030.0003: hidraw0: USB HID v0.00 Device [HID 04e7:0030] on usb-dummy_hcd.2-1/input0
[   87.123789][   T46] usb 2-1: USB disconnect, device number 3
[   87.251043][ T5275] usb 3-1: USB disconnect, device number 4
[   87.285388][ T5280] usb 4-1: USB disconnect, device number 3
[   87.351769][ T5280] dvb-usb: PCTV 2002e SE successfully deinitialized and disconnected.
[   87.450544][ T5499] netlink: 4 bytes leftover after parsing attributes in process `syz.4.58'.
[   87.471661][ T5499] netlink: 28 bytes leftover after parsing attributes in process `syz.4.58'.
[   87.512929][ T5499] batadv_slave_1: entered promiscuous mode
[   87.520865][ T5499] vlan2: entered promiscuous mode
[   87.548204][ T5499] batadv_slave_1: left promiscuous mode
[   88.059362][ T5513] capability: warning: `syz.3.62' uses 32-bit capabilities (legacy support in use)
[   88.215045][ T5521] netlink: 8 bytes leftover after parsing attributes in process `syz.2.64'.
[   88.236066][ T5521] netlink: 36 bytes leftover after parsing attributes in process `syz.2.64'.
[   88.843386][    T8] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   89.021649][    T8] usb 2-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config
[   89.055841][    T8] usb 2-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   89.092839][    T8] usb 2-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[   89.120098][    T8] usb 2-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[   89.149058][    T8] usb 2-1: Manufacturer: syz
[   89.169393][    T8] usb 2-1: SerialNumber: syz
[   89.242794][ T5548] netlink: 4 bytes leftover after parsing attributes in process `syz.3.70'.
[   89.255996][ T5548] netlink: 'syz.3.70': attribute type 15 has an invalid length.
[   89.309724][ T5548] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 256 - 0
[   89.319436][ T5548] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 256 - 0
[   89.328697][ T5548] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 256 - 0
[   89.338639][ T5548] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 256 - 0
[   89.365231][ T5548] vxlan0: entered promiscuous mode
[   89.498671][ T5555] binder: BINDER_SET_CONTEXT_MGR already set
[   89.501983][ T5554] binder_alloc: binder_alloc_mmap_handler: 5552 20ffd000-21000000 already mapped failed -16
[   89.511090][ T5555] binder: 5552:5555 ioctl 4018620d 20004a80 returned -16
[   89.521855][ T5554] binder_alloc: binder_alloc_mmap_handler: 5552 20ffd000-21000000 already mapped failed -16
[   89.555483][ T5555] binder: BINDER_SET_CONTEXT_MGR already set
[   89.575171][    T8] usbhid 2-1:36.0: couldn't find an input interrupt endpoint
[   89.591393][ T5555] binder: 5552:5555 ioctl 4018620d 20004a80 returned -16
[   89.610602][ T5280] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   89.618973][    T8] usb 2-1: USB disconnect, device number 4
[   89.770000][ T5280] usb 1-1: Using ep0 maxpacket: 16
[   89.779125][ T5280] usb 1-1: config index 0 descriptor too short (expected 3364, got 36)
[   89.797260][ T5280] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   89.814413][ T5280] usb 1-1: config 1 has no interfaces?
[   89.821434][ T5280] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1c1e, bcdDevice= 0.00
[   89.833657][ T5280] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   89.843516][ T5563] netlink: 60 bytes leftover after parsing attributes in process `syz.4.75'.
[   89.952764][ T5563] netlink: 172 bytes leftover after parsing attributes in process `syz.4.75'.
[   89.969808][ T5548] syz.3.70 (5548) used greatest stack depth: 18448 bytes left
[   90.362595][ T5578] netlink: 48 bytes leftover after parsing attributes in process `syz.4.77'.
[   90.410330][ T5280] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   90.507291][ T5582] netlink: 464 bytes leftover after parsing attributes in process `syz.0.72'.
[   90.570219][ T5582] netlink: 20 bytes leftover after parsing attributes in process `syz.0.72'.
[   90.580078][ T5280] usb 3-1: Using ep0 maxpacket: 8
[   90.598100][ T5280] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x99, changing to 0x89
[   90.622689][ T5280] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[   90.648768][ T5280] usb 3-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[   90.684472][ T5280] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   90.693212][ T5280] usb 3-1: Product: syz
[   90.697595][ T5280] usb 3-1: Manufacturer: syz
[   90.705233][ T5280] usb 3-1: SerialNumber: syz
[   90.710170][    T8] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   90.714334][ T5280] usb 3-1: config 0 descriptor??
[   90.735263][ T5280] streamzap 3-1:0.0: streamzap_probe: endpoint attributes don't match xfer 0204
[   90.879980][    T8] usb 2-1: Using ep0 maxpacket: 8
[   90.903625][    T8] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 246, changing to 11
[   90.947004][    T8] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[   90.999087][    T8] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[   91.045253][    T8] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   91.064167][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   91.088521][    T8] usb 2-1: Product: 챇ꋧꖓ烻鑔䕃�矒म֛䆶볡䦭ח∭嗊�鄫궣눿່펈�늅줻�ᅕꬠ앯骑⢥侉ᳫ分븯ᣈ瀱�䊿㰘쟖㇇ⶲ꤀껀ꖴ
[   91.138242][    T8] usb 2-1: Manufacturer: Л
[   91.168429][    T8] usb 2-1: SerialNumber: 麑챯ྤ�贲휽�궛䉾윌鶟癔ѥ�炗㒉헬㓎㓇η��维�裗�牔砺ࡎ禓鹾�핇녖蚗�Ķ�殲帻㤟怟䧀噴਺瑺�碕�･ᣚ��줥摺�Ｚ�䥙ടժ뵪﫼㥴群᷃㎅ᛅﷄ䋨陻멸訒悯ﻣ๺�柛릹'ꨪ꺴惖ᮕꦈ鵎藅��胛�ె如찷鉛罨觛扚욌
[   91.306495][ T5592] FAULT_INJECTION: forcing a failure.
[   91.306495][ T5592] name failslab, interval 1, probability 0, space 0, times 1
[   91.327048][ T5592] CPU: 1 UID: 0 PID: 5592 Comm: syz.4.84 Not tainted 6.11.0-syzkaller-04744-gbdf56c7580d2 #0
[   91.337341][ T5592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   91.347523][ T5592] Call Trace:
[   91.350857][ T5592]  <TASK>
[   91.353917][ T5592]  dump_stack_lvl+0x241/0x360
[   91.358662][ T5592]  ? __pfx_dump_stack_lvl+0x10/0x10
[   91.363920][ T5592]  ? __pfx__printk+0x10/0x10
[   91.368582][ T5592]  should_fail_ex+0x3b0/0x4e0
[   91.373319][ T5592]  ? dst_alloc+0x12b/0x190
[   91.377806][ T5592]  should_failslab+0xac/0x100
[   91.382539][ T5592]  ? dst_alloc+0x12b/0x190
[   91.387008][ T5592]  kmem_cache_alloc_noprof+0x6c/0x2a0
[   91.392447][ T5592]  ? __pfx_ip6_dst_gc+0x10/0x10
[   91.397342][ T5592]  dst_alloc+0x12b/0x190
[   91.401743][ T5592]  ip6_rt_cache_alloc+0x451/0xb40
[   91.401902][ T5592]  ? __pfx_ip6_rt_cache_alloc+0x10/0x10
[   91.401942][ T5592]  ip6_pol_route+0x12e2/0x15d0
[   91.417445][ T5592]  ? ip6_pol_route+0x198/0x15d0
[   91.422364][ T5592]  ? __pfx_ip6_pol_route+0x10/0x10
[   91.427645][ T5592]  fib6_rule_lookup+0x3c2/0x790
[   91.432567][ T5592]  ? __pfx_ip6_pol_route_output+0x10/0x10
[   91.438455][ T5592]  ? __pfx_fib6_rule_lookup+0x10/0x10
[   91.443886][ T5592]  ? __kernel_text_address+0xd/0x40
[   91.449147][ T5592]  ? mark_lock+0x9a/0x360
[   91.453546][ T5592]  ? __lock_acquire+0x1384/0x2050
[   91.458649][ T5592]  ? ip6_route_output_flags+0x30/0x610
[   91.464176][ T5592]  ip6_route_output_flags+0x38e/0x610
[   91.469630][ T5592]  ip6_dst_lookup_tail+0x290/0x14f0
[   91.471310][ T5230] Bluetooth: Unknown BR/EDR signaling command 0x0e
[   91.474871][ T5592]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   91.484607][ T5230] Bluetooth: Wrong link type (-22)
[   91.487830][ T5592]  ? __pfx_ip6_dst_lookup_tail+0x10/0x10
[   91.487881][ T5592]  ? rawv6_sendmsg+0x118c/0x23c0
[   91.487911][ T5592]  ? ip6_dst_lookup_flow+0x82/0x180
[   91.487948][ T5592]  ip6_dst_lookup_flow+0xb9/0x180
[   91.487977][ T5592]  ? mark_lock+0x9a/0x360
[   91.488014][ T5592]  ? __pfx_ip6_dst_lookup_flow+0x10/0x10
[   91.488042][ T5592]  ? fl6_update_dst+0x126/0x170
[   91.488079][ T5592]  rawv6_sendmsg+0x1283/0x23c0
[   91.488133][ T5592]  ? __pfx_rawv6_sendmsg+0x10/0x10
[   91.488183][ T5592]  ? aa_sk_perm+0x96d/0xab0
[   91.488224][ T5592]  ? __pfx_aa_sk_perm+0x10/0x10
[   91.488263][ T5592]  ? inet_sendmsg+0x330/0x390
[   91.488296][ T5592]  __sock_sendmsg+0x1a6/0x270
[   91.488325][ T5592]  sock_write_iter+0x2d7/0x3f0
[   91.488352][ T5592]  ? __pfx_sock_write_iter+0x10/0x10
[   91.488389][ T5592]  ? bpf_lsm_file_permission+0x9/0x10
[   91.488422][ T5592]  ? security_file_permission+0x74/0x280
[   91.488465][ T5592]  vfs_write+0xa6d/0xc90
[   91.488499][ T5592]  ? __pfx_sock_write_iter+0x10/0x10
[   91.488527][ T5592]  ? __pfx_vfs_write+0x10/0x10
[   91.488575][ T5592]  ? __fdget_pos+0x19a/0x320
[   91.488613][ T5592]  ksys_write+0x1a0/0x2c0
[   91.488648][ T5592]  ? __pfx_ksys_write+0x10/0x10
[   91.610183][ T5592]  ? do_syscall_64+0x100/0x230
[   91.615111][ T5592]  ? do_syscall_64+0xb6/0x230
[   91.619925][ T5592]  do_syscall_64+0xf3/0x230
[   91.624578][ T5592]  ? clear_bhb_loop+0x35/0x90
[   91.629315][ T5592]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.635307][ T5592] RIP: 0033:0x7f309837def9
[   91.639761][ T5592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   91.659488][ T5592] RSP: 002b:00007f30991a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   91.667962][ T5592] RAX: ffffffffffffffda RBX: 00007f3098535f80 RCX: 00007f309837def9
[   91.676001][ T5592] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000004
[   91.684038][ T5592] RBP: 00007f30991a8090 R08: 0000000000000000 R09: 0000000000000000
[   91.692109][ T5592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   91.700132][ T5592] R13: 0000000000000000 R14: 00007f3098535f80 R15: 00007f309865fa28
[   91.708478][ T5592]  </TASK>
[   91.768609][ T5597] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.80'.
[   91.820860][ T5581] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.80'.
[   91.848830][    T8] cdc_ncm 2-1:1.0: bind() failure
[   91.865108][    T8] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[   91.877713][    T8] cdc_ncm 2-1:1.1: bind() failure
[   91.911189][    T8] usb 2-1: USB disconnect, device number 5
[   92.191566][ T5275] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   92.220051][ T5280] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[   92.365907][ T5275] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   92.387773][ T5275] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   92.403140][ T5280] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   92.424707][ T5275] usb 4-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00
[   92.434338][ T5280] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[   92.452260][ T5275] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.464543][ T5280] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.483571][ T5275] usb 4-1: config 0 descriptor??
[   92.493169][    T8] usb 1-1: USB disconnect, device number 3
[   92.496579][ T5280] usb 5-1: config 0 descriptor??
[   92.521930][ T5603] netlink: 'syz.1.88': attribute type 10 has an invalid length.
[   92.574060][ T5280] pwc: Askey VC010 type 2 USB webcam detected.
[   92.617650][ T5603] bond0: (slave netdevsim0): no link monitoring support
[   92.631495][ T5603] bond0: (slave netdevsim0): MII and ETHTOOL support not available for slave, and arp_interval/arp_ip_target module parameters not specified, thus bonding will not detect link failures! see bonding.txt for details
[   92.659650][ T5603] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[   92.774664][ T5280] pwc: send_video_command error -71
[   92.795146][ T5280] pwc: Failed to set video mode CIF@30 fps; return code = -71
[   92.806242][ T5280] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -71
[   92.834125][ T5280] usb 5-1: USB disconnect, device number 6
[   92.900128][    T8] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   92.930324][ T5275] elo 0003:04E7:0030.0004: item fetching failed at offset 5/7
[   92.948804][ T5275] elo 0003:04E7:0030.0004: parse failed
[   92.955278][ T5275] elo 0003:04E7:0030.0004: probe with driver elo failed with error -22
[   93.070117][    T8] usb 1-1: Using ep0 maxpacket: 16
[   93.079774][    T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   93.107339][    T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   93.132179][ T5275] usb 3-1: USB disconnect, device number 5
[   93.143492][    T8] usb 1-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[   93.161025][ T1564] usb 4-1: USB disconnect, device number 4
[   93.185306][    T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   93.221203][    T8] usb 1-1: config 0 descriptor??
[   93.350065][ T5280] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[   93.467347][ T5230] Bluetooth: Unknown BR/EDR signaling command 0x00
[   93.474136][ T5230] Bluetooth: Wrong link type (-22)
[   93.522402][ T5280] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   93.541391][ T5280] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[   93.551129][ T5280] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   93.567838][ T5280] usb 5-1: config 0 descriptor??
[   93.587525][ T5280] pwc: Askey VC010 type 2 USB webcam detected.
[   93.630682][    T8] usbhid 1-1:0.0: can't add hid device: -71
[   93.655657][    T8] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[   93.763070][    T8] usb 1-1: USB disconnect, device number 4
[   93.996470][ T5280] pwc: recv_control_msg error -32 req 02 val 2b00
[   94.015447][ T5280] pwc: recv_control_msg error -32 req 02 val 2700
[   94.036634][ T5280] pwc: recv_control_msg error -32 req 02 val 2c00
[   94.046829][ T5280] pwc: recv_control_msg error -32 req 04 val 1000
[   94.073629][ T5280] pwc: recv_control_msg error -32 req 04 val 1300
[   94.081175][ T5632] netlink: 36 bytes leftover after parsing attributes in process `syz.1.95'.
[   94.081886][ T5280] pwc: recv_control_msg error -32 req 04 val 1400
[   94.125247][ T5280] pwc: recv_control_msg error -32 req 02 val 2000
[   94.174017][ T5280] pwc: recv_control_msg error -32 req 02 val 2100
[   94.202074][ T5280] pwc: recv_control_msg error -32 req 04 val 1500
[   94.218922][ T5280] pwc: recv_control_msg error -32 req 02 val 2500
[   94.247406][ T5280] pwc: recv_control_msg error -32 req 02 val 2400
[   94.280832][ T5280] pwc: recv_control_msg error -32 req 02 val 2600
[   94.283766][   T29] audit: type=1326 audit(1726700246.862:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5643 comm="syz.3.97" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1049f7def9 code=0x0
[   94.550864][ T5280] pwc: recv_control_msg error -71 req 02 val 2800
[   94.572331][ T5280] pwc: recv_control_msg error -71 req 04 val 1100
[   94.611755][ T5280] pwc: recv_control_msg error -71 req 04 val 1200
[   94.657085][ T5280] pwc: Registered as video71.
[   94.700785][ T5280] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input7
[   94.790906][ T5280] usb 5-1: USB disconnect, device number 7
[   95.078334][ T5654] netlink: 24 bytes leftover after parsing attributes in process `syz.3.99'.
[   95.111270][ T5661] netlink: 'syz.1.100': attribute type 6 has an invalid length.
[   95.123608][ T5661] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.100'.
[   95.139977][ T1564] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[   95.311641][ T1564] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   95.352493][ T1564] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[   95.374163][ T5671] FAULT_INJECTION: forcing a failure.
[   95.374163][ T5671] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   95.390121][ T1564] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[   95.402771][ T5671] CPU: 1 UID: 0 PID: 5671 Comm: syz.3.104 Not tainted 6.11.0-syzkaller-04744-gbdf56c7580d2 #0
[   95.409256][ T5670] binder: BINDER_SET_CONTEXT_MGR already set
[   95.413326][ T5671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   95.413370][ T5671] Call Trace:
[   95.413381][ T5671]  <TASK>
[   95.413391][ T5671]  dump_stack_lvl+0x241/0x360
[   95.413432][ T5671]  ? __pfx_dump_stack_lvl+0x10/0x10
[   95.413463][ T5671]  ? __pfx__printk+0x10/0x10
[   95.413496][ T5671]  ? __pfx_lock_release+0x10/0x10
[   95.413528][ T5671]  ? percpu_ref_get_many+0x19/0x140
[   95.413558][ T5671]  should_fail_ex+0x3b0/0x4e0
[   95.413592][ T5671]  _copy_from_iter+0x1ed/0x1d60
[   95.470482][ T5671]  ? rcu_is_watching+0x15/0xb0
[   95.475274][ T5671]  ? __mutex_lock+0x2ef/0xd70
[   95.480002][ T5671]  ? __pfx__copy_from_iter+0x10/0x10
[   95.485323][ T5671]  ? alloc_pages_mpol_noprof+0x417/0x680
[   95.490982][ T5671]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[   95.496983][ T5671]  ? page_copy_sane+0x46/0x260
[   95.501766][ T5671]  copy_page_from_iter+0x7a/0x100
[   95.506818][ T5671]  pipe_write+0x7f5/0x1a30
[   95.511296][ T5671]  ? __pfx_pipe_write+0x10/0x10
[   95.516188][ T5671]  do_iter_readv_writev+0x608/0x890
[   95.521410][ T5671]  ? __pfx_do_iter_readv_writev+0x10/0x10
[   95.527173][ T5671]  ? bpf_lsm_file_permission+0x9/0x10
[   95.532562][ T5671]  ? security_file_permission+0x74/0x280
[   95.538745][ T5671]  ? rw_verify_area+0x1c3/0x6f0
[   95.543635][ T5671]  vfs_writev+0x376/0xba0
[   95.547989][ T5671]  ? __pfx_vfs_writev+0x10/0x10
[   95.552855][ T5671]  ? vfs_write+0x7bf/0xc90
[   95.557316][ T5671]  ? __fdget_pos+0x19a/0x320
[   95.562191][ T5671]  do_writev+0x1b1/0x350
[   95.566717][ T5671]  ? __pfx_do_writev+0x10/0x10
[   95.571504][ T5671]  ? do_syscall_64+0x100/0x230
[   95.576289][ T5671]  ? do_syscall_64+0xb6/0x230
[   95.581005][ T5671]  do_syscall_64+0xf3/0x230
[   95.585539][ T5671]  ? clear_bhb_loop+0x35/0x90
[   95.590241][ T5671]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.596154][ T5671] RIP: 0033:0x7f1049f7def9
[   95.600585][ T5671] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   95.620205][ T5671] RSP: 002b:00007f104ad40038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   95.628641][ T5671] RAX: ffffffffffffffda RBX: 00007f104a135f80 RCX: 00007f1049f7def9
[   95.636631][ T5671] RDX: 0000000000000001 RSI: 0000000020000540 RDI: 0000000000000006
[   95.644611][ T5671] RBP: 00007f104ad40090 R08: 0000000000000000 R09: 0000000000000000
[   95.653389][ T5671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   95.661378][ T5671] R13: 0000000000000000 R14: 00007f104a135f80 R15: 00007f104a25fa28
[   95.669413][ T5671]  </TASK>
[   95.674837][ T1564] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[   95.686240][ T1564] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[   95.699733][ T5670] binder: 5664:5670 ioctl 4018620d 20000180 returned -16
[   95.735746][ T5672] binder: 5664:5672 ioctl c0306201 200003c0 returned -22
[   95.744644][ T1564] usb 3-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[   95.785095][ T1564] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[   95.795212][ T1564] usb 3-1: Product: syz
[   95.800462][ T1564] usb 3-1: Manufacturer: syz
[   95.805557][ T1564] usb 3-1: SerialNumber: syz
[   95.820420][ T5275] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[   95.841879][ T1564] usb 3-1: config 0 descriptor??
[   95.975884][ T5275] usb 1-1: unable to get BOS descriptor or descriptor too short
[   96.025838][ T5275] usb 1-1: not running at top speed; connect to a high speed hub
[   96.095916][ T5275] usb 1-1: config 3 has an invalid interface number: 1 but max is 0
[   96.125938][ T1564] radio-si470x 3-1:0.0: DeviceID=0x0000 ChipID=0x0000
[   96.153741][ T5275] usb 1-1: config 3 has no interface number 0
[   96.180695][ T1564] radio-si470x 3-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[   96.210015][ T5275] usb 1-1: config 3 interface 1 altsetting 6 has an invalid descriptor for endpoint zero, skipping
[   96.259418][ T5275] usb 1-1: config 3 interface 1 has no altsetting 0
[   96.294351][ T5275] usb 1-1: New USB device found, idVendor=d483, idProduct=d7be, bcdDevice=22.3d
[   96.314721][ T5275] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   96.324121][ T1564] radio-si470x 3-1:0.0: software version 0, hardware version 0
[   96.339790][ T1564] radio-si470x 3-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0.
[   96.353391][ T5275] usb 1-1: Product: syz
[   96.357629][ T5275] usb 1-1: Manufacturer: 痃밓瘑��៧내埂첲๙펩꠽ୃ�醦ആ�牢⧫鷬�ﬕ롪魢怔Გ�μ韚땩�瞲ᙾ栊蒈沞꯳繆醪╂�꫆쮃翌펳ꀧ㓴䫽윕⭜살ﱴ詠ﵓ࠷㎤�⧡缄�㒸唠䮳釛惻ꚱ�풟
[   96.386631][ T1564] radio-si470x 3-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[   96.401691][ T5275] usb 1-1: SerialNumber: syz
[   96.414775][ T5686] process 'syz.3.107' launched './file0' with NULL argv: empty string added
[   96.829461][ T1564] radio-si470x 3-1:0.0: si470x_set_report: usb_control_msg returned -71
[   96.859536][ T1564] radio-si470x 3-1:0.0: submitting int urb failed (-90)
[   96.872376][ T5275] usb 1-1: bad CDC descriptors
[   96.902245][ T1564] radio-si470x 3-1:0.0: si470x_set_report: usb_control_msg returned -71
[   96.911302][ T5275] usb 1-1: USB disconnect, device number 5
[   96.934614][ T1564] radio-si470x 3-1:0.0: probe with driver radio-si470x failed with error -22
[   96.981414][ T1564] usb 3-1: USB disconnect, device number 6
[   97.020179][  T940] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[   97.175811][  T940] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   97.197893][  T940] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   97.221282][ T5280] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[   97.223503][  T940] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[   97.259780][  T940] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.284670][  T940] usb 4-1: config 0 descriptor??
[   97.310346][ T5275] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   97.327051][ T5711] UHID_CREATE from different security context by process 45 (syz.2.114), this is not allowed.
[   97.434631][ T5280] usb 5-1: config 0 has an invalid interface number: 65 but max is 0
[   97.448311][ T5280] usb 5-1: config 0 has no interface number 0
[   97.466443][ T5280] usb 5-1: New USB device found, idVendor=050d, idProduct=0128, bcdDevice=bc.ae
[   97.476235][ T5275] usb 1-1: device descriptor read/64, error -71
[   97.488077][ T5280] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   97.501598][ T5280] usb 5-1: Product: syz
[   97.506261][ T5280] usb 5-1: Manufacturer: syz
[   97.513258][ T5280] usb 5-1: SerialNumber: syz
[   97.539225][ T5280] usb 5-1: config 0 descriptor??
[   97.557297][ T5716] netlink: 8 bytes leftover after parsing attributes in process `syz.2.116'.
[   97.558981][ T5280] ax88179_178a 5-1:0.65: probe with driver ax88179_178a failed with error -22
[   97.595056][   T29] audit: type=1326 audit(1726700250.162:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5719 comm="syz.1.117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53f717def9 code=0x7ffc0000
[   97.626380][   T29] audit: type=1326 audit(1726700250.162:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5719 comm="syz.1.117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53f717def9 code=0x7ffc0000
[   97.648521][    C0] vkms_vblank_simulate: vblank timer overrun
[   97.677167][   T29] audit: type=1326 audit(1726700250.172:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5719 comm="syz.1.117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f53f717def9 code=0x7ffc0000
[   97.699157][    C0] vkms_vblank_simulate: vblank timer overrun
[   97.750026][ T5275] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   97.779244][ T5725] netlink: 'syz.2.118': attribute type 1 has an invalid length.
[   97.808553][ T5725] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.118'.
[   97.819179][ T5725] netlink: 1 bytes leftover after parsing attributes in process `syz.2.118'.
[   97.824796][   T29] audit: type=1326 audit(1726700250.402:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5719 comm="syz.1.117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53f717def9 code=0x7ffc0000
[   97.859222][   T29] audit: type=1326 audit(1726700250.432:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5728 comm="syz.1.117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f53f7174ea7 code=0x7ffc0000
[   97.881224][    C0] vkms_vblank_simulate: vblank timer overrun
[   97.891732][   T29] audit: type=1326 audit(1726700250.432:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5728 comm="syz.1.117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f53f7119869 code=0x7ffc0000
[   97.913707][    C0] vkms_vblank_simulate: vblank timer overrun
[   97.922440][   T29] audit: type=1326 audit(1726700250.432:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5728 comm="syz.1.117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f53f71affe5 code=0x7ffc0000
[   97.927098][ T5275] usb 1-1: device descriptor read/64, error -71
[   97.944556][    C0] vkms_vblank_simulate: vblank timer overrun
[   97.948719][   T29] audit: type=1326 audit(1726700250.432:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5719 comm="syz.1.117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53f717def9 code=0x7ffc0000
[   97.980045][    C0] vkms_vblank_simulate: vblank timer overrun
[   98.022202][   T29] audit: type=1326 audit(1726700250.602:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5728 comm="syz.1.117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f53f717def9 code=0x7ffc0000
[   98.044276][    C0] vkms_vblank_simulate: vblank timer overrun
[   98.056243][ T5732] binder_alloc: binder_alloc_mmap_handler: 5731 20ffd000-20fff000 already mapped failed -16
[   98.100442][ T5275] usb usb1-port1: attempt power cycle
[   98.420077][    T8] usb 5-1: USB disconnect, device number 8
[   98.460319][ T5275] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[   98.520830][ T5275] usb 1-1: device descriptor read/8, error -71
[   98.540023][   T54] Bluetooth: hci3: command 0x0406 tx timeout
[   98.760015][ T5275] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[   98.790802][ T5275] usb 1-1: device descriptor read/8, error -71
[   98.903590][ T5275] usb usb1-port1: unable to enumerate USB device
[   98.910250][ T5280] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[   98.940290][    T8] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[   99.088985][ T5280] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   99.090119][    T8] usb 5-1: Using ep0 maxpacket: 8
[   99.107427][ T5280] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   99.112559][    T8] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   99.117513][ T5280] usb 3-1: New USB device found, idVendor=046d, idProduct=c623, bcdDevice= 0.00
[   99.128332][    T8] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   99.146945][    T8] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   99.152486][ T5280] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   99.158982][    T8] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   99.180389][    T8] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   99.201537][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   99.240861][ T5280] usb 3-1: config 0 descriptor??
[   99.448043][    T8] usb 5-1: GET_CAPABILITIES returned 0
[   99.455882][    T8] usbtmc 5-1:16.0: can't read capabilities
[   99.641665][ T5742] FAULT_INJECTION: forcing a failure.
[   99.641665][ T5742] name failslab, interval 1, probability 0, space 0, times 0
[   99.662794][ T5742] CPU: 0 UID: 0 PID: 5742 Comm: syz.1.123 Not tainted 6.11.0-syzkaller-04744-gbdf56c7580d2 #0
[   99.673143][ T5742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   99.683267][ T5742] Call Trace:
[   99.686606][ T5742]  <TASK>
[   99.689591][ T5742]  dump_stack_lvl+0x241/0x360
[   99.694344][ T5742]  ? __pfx_dump_stack_lvl+0x10/0x10
[   99.699610][ T5742]  ? __pfx__printk+0x10/0x10
[   99.704343][ T5742]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   99.710470][ T5742]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   99.716862][ T5742]  should_fail_ex+0x3b0/0x4e0
[   99.721694][ T5742]  ? skb_clone+0x20c/0x390
[   99.726406][ T5742]  should_failslab+0xac/0x100
[   99.731154][ T5742]  ? skb_clone+0x20c/0x390
[   99.735617][ T5742]  kmem_cache_alloc_noprof+0x6c/0x2a0
[   99.741040][ T5742]  skb_clone+0x20c/0x390
[   99.745325][ T5742]  __netlink_deliver_tap+0x3cc/0x7c0
[   99.751112][ T5742]  ? netlink_deliver_tap+0x2e/0x1b0
[   99.756361][ T5742]  netlink_deliver_tap+0x19d/0x1b0
[   99.761538][ T5742]  netlink_unicast+0x7c4/0x990
[   99.766450][ T5742]  ? __pfx_netlink_unicast+0x10/0x10
[   99.771902][ T5742]  ? __virt_addr_valid+0x183/0x530
[   99.777064][ T5742]  ? __check_object_size+0x49c/0x900
[   99.782394][ T5742]  netlink_sendmsg+0x8e4/0xcb0
[   99.787193][ T5742]  ? __pfx_netlink_sendmsg+0x10/0x10
[   99.792512][ T5742]  ? aa_sock_msg_perm+0x91/0x160
[   99.797469][ T5742]  ? __pfx_netlink_sendmsg+0x10/0x10
[   99.802839][ T5742]  __sock_sendmsg+0x221/0x270
[   99.807803][ T5742]  ____sys_sendmsg+0x52a/0x7e0
[   99.812597][ T5742]  ? __pfx_____sys_sendmsg+0x10/0x10
[   99.817916][ T5742]  __sys_sendmsg+0x2aa/0x390
[   99.822546][ T5742]  ? __pfx___sys_sendmsg+0x10/0x10
[   99.827699][ T5742]  ? vfs_write+0x7bf/0xc90
[   99.832174][ T5742]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   99.838559][ T5742]  ? do_syscall_64+0x100/0x230
[   99.843352][ T5742]  ? do_syscall_64+0xb6/0x230
[   99.848046][ T5742]  do_syscall_64+0xf3/0x230
[   99.852686][ T5742]  ? clear_bhb_loop+0x35/0x90
[   99.857389][ T5742]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.863303][ T5742] RIP: 0033:0x7f53f717def9
[   99.867739][ T5742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   99.887392][ T5742] RSP: 002b:00007f53f7ef4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   99.895833][ T5742] RAX: ffffffffffffffda RBX: 00007f53f7335f80 RCX: 00007f53f717def9
[   99.903852][ T5742] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003
[   99.911837][ T5742] RBP: 00007f53f7ef4090 R08: 0000000000000000 R09: 0000000000000000
[   99.919914][ T5742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   99.928538][ T5742] R13: 0000000000000000 R14: 00007f53f7335f80 R15: 00007f53f745fa28
[   99.936629][ T5742]  </TASK>
[   99.939880][    C0] vkms_vblank_simulate: vblank timer overrun
[   99.954775][ T5740] netlink: 40 bytes leftover after parsing attributes in process `syz.4.121'.
[   99.958774][ T5742] netlink: 8 bytes leftover after parsing attributes in process `syz.1.123'.
[   99.969121][ T5740] Zero length message leads to an empty skb
[  100.015968][ T5280] usbhid 3-1:0.0: can't add hid device: -71
[  100.027611][ T5280] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  100.061295][ T5280] usb 3-1: USB disconnect, device number 7
[  100.930201][    T8] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  101.095858][    T8] usb 3-1: Using ep0 maxpacket: 8
[  101.123368][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  101.136890][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  101.147676][    T8] usb 3-1: New USB device found, idVendor=0810, idProduct=0001, bcdDevice= 0.00
[  101.160778][ T5761] netlink: 'syz.0.129': attribute type 21 has an invalid length.
[  101.169495][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  101.185907][ T5761] netlink: 4 bytes leftover after parsing attributes in process `syz.0.129'.
[  101.210075][    T8] usb 3-1: config 0 descriptor??
[  101.635132][    T8] pantherlord 0003:0810:0001.0005: unbalanced collection at end of report description
[  101.713223][    T8] pantherlord 0003:0810:0001.0005: parse failed
[  101.795137][    T8] pantherlord 0003:0810:0001.0005: probe with driver pantherlord failed with error -22
[  102.261287][ T5278] usb 5-1: USB disconnect, device number 9
[  102.319981][    T8] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  103.207315][  T940] usbhid 4-1:0.0: can't add hid device: -32
[  103.280768][  T940] usbhid 4-1:0.0: probe with driver usbhid failed with error -32
[  103.725416][ T5278] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  103.828055][  T940] usb 3-1: USB disconnect, device number 8
[  103.932074][ T5278] usb 5-1: New USB device found, idVendor=0df6, idProduct=061c, bcdDevice=e4.e6
[  103.985301][ T5278] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  104.046314][ T5278] usb 5-1: Product: syz
[  104.081023][ T5278] usb 5-1: Manufacturer: syz
[  104.122769][ T5278] usb 5-1: SerialNumber: syz
[  104.156877][ T5278] usb 5-1: config 0 descriptor??
[  104.299676][ T5785] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  104.404321][ T5791] netlink: 31 bytes leftover after parsing attributes in process `syz.1.136'.
[  104.425770][ T5785] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  104.590178][    T8] usb 1-1: device descriptor read/64, error -71
[  104.860941][    T8] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  105.064401][    T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  106.649994][    T8] usb 1-1: New USB device found, idVendor=056a, idProduct=032a, bcdDevice= 0.00
[  107.721906][    T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  107.730891][  T940] usb 4-1: USB disconnect, device number 5
[  107.741819][ T5799] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  107.842282][    T8] usb 1-1: config 0 descriptor??
[  108.750321][ T5799] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  108.968324][    T8] usb 1-1: can't set config #0, error -71
[  109.550992][    T8] usb 1-1: USB disconnect, device number 11
[  110.850236][ T5278] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -110
[  110.973156][ T5278] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffff92
[  111.310279][ T5278] asix 5-1:0.0 eth1: register 'asix' at usb-dummy_hcd.4-1, ASIX AX88178 USB 2.0 Ethernet, 02:0d:96:66:af:53
[  111.480176][ T5278] usb 5-1: USB disconnect, device number 10
[  111.500178][ T5816] pimreg: entered allmulticast mode
[  111.560990][ T5278] asix 5-1:0.0 eth1: unregister 'asix' usb-dummy_hcd.4-1, ASIX AX88178 USB 2.0 Ethernet
[  111.653127][ T5819] binder: BINDER_SET_CONTEXT_MGR already set
[  111.682814][   T29] audit: type=1326 audit(1726700264.242:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5803 comm="syz.2.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f652db7def9 code=0x7ffc0000
[  111.865878][ T5819] binder: 5805:5819 ioctl 4018620d 20000180 returned -16
[  111.897744][   T29] audit: type=1326 audit(1726700264.242:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5803 comm="syz.2.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f652db7def9 code=0x7ffc0000
[  111.947007][ T5821] binder: 5805:5821 ioctl c0306201 200003c0 returned -22
[  112.030424][   T29] audit: type=1326 audit(1726700264.242:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5803 comm="syz.2.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f652db7def9 code=0x7ffc0000
[  112.129082][   T29] audit: type=1326 audit(1726700264.242:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5803 comm="syz.2.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f652db7def9 code=0x7ffc0000
[  112.217502][   T29] audit: type=1326 audit(1726700264.242:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5803 comm="syz.2.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f652db7def9 code=0x7ffc0000
[  112.260853][ T5820] pimreg: left allmulticast mode
[  112.311722][   T29] audit: type=1326 audit(1726700264.242:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5803 comm="syz.2.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f652db7def9 code=0x7ffc0000
[  112.362987][   T54] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  112.376338][   T54] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  112.386920][   T54] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  112.401218][   T54] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  112.409499][   T54] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  112.419266][   T54] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  112.491687][   T29] audit: type=1326 audit(1726700264.252:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5803 comm="syz.2.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f652db7c93c code=0x7ffc0000
[  112.563961][   T29] audit: type=1326 audit(1726700264.252:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5803 comm="syz.2.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f652db7def9 code=0x7ffc0000
[  112.596860][   T29] audit: type=1326 audit(1726700264.252:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5803 comm="syz.2.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f652db7def9 code=0x7ffc0000
[  112.657619][   T29] audit: type=1326 audit(1726700264.252:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5803 comm="syz.2.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f652db7def9 code=0x7ffc0000
[  113.479062][ T5824] chnl_net:caif_netlink_parms(): no params data found
[  113.779652][ T5824] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.797863][ T5824] bridge0: port 1(bridge_slave_0) entered disabled state
[  113.813942][ T5824] bridge_slave_0: entered allmulticast mode
[  113.826753][ T5824] bridge_slave_0: entered promiscuous mode
[  113.847636][ T5824] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.863271][ T5824] bridge0: port 2(bridge_slave_1) entered disabled state
[  113.875028][ T5824] bridge_slave_1: entered allmulticast mode
[  113.886557][ T5824] bridge_slave_1: entered promiscuous mode
[  114.155290][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  114.188184][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  114.324750][ T5824] team0: Port device team_slave_0 added
[  114.342153][ T5824] team0: Port device team_slave_1 added
[  114.445406][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0
[  114.452694][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  114.492871][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  114.516614][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1
[  114.532351][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  114.566228][ T5230] Bluetooth: hci5: command tx timeout
[  114.574920][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  114.857136][ T5824] hsr_slave_0: entered promiscuous mode
[  114.890637][ T5824] hsr_slave_1: entered promiscuous mode
[  114.909677][ T5824] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  114.919738][ T5824] Cannot create hsr debugfs directory
[  115.062860][  T940] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  115.230097][  T940] usb 1-1: Using ep0 maxpacket: 16
[  115.244658][  T940] usb 1-1: New USB device found, idVendor=054c, idProduct=003a, bcdDevice=16.f5
[  115.276003][  T940] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.304418][  T940] usb 1-1: Product: syz
[  115.319268][  T940] usb 1-1: Manufacturer: syz
[  115.329720][  T940] usb 1-1: SerialNumber: syz
[  115.362220][  T940] usb 1-1: config 0 descriptor??
[  115.556184][ T5824] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 256 - 0
[  115.589675][ T5824] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  115.667945][  T940] usb 1-1: USB disconnect, device number 12
[  116.446475][ T5836] fuse: Unknown parameter 'gÿÿßÿÿµé'
[  116.620099][ T5230] Bluetooth: hci5: command tx timeout
[  118.000132][ T5278] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  118.180088][ T5278] usb 5-1: Using ep0 maxpacket: 8
[  118.210524][ T5278] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  118.238079][ T5278] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  118.281816][ T5278] usb 5-1: config 0 descriptor??
[  118.700563][ T5230] Bluetooth: hci5: command tx timeout
[  118.860107][ T5279] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  119.040014][ T5279] usb 3-1: Using ep0 maxpacket: 8
[  119.065092][ T5279] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xAD, changing to 0x8D
[  119.088515][ T5279] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[  119.107004][ T5279] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0
[  119.125898][ T5279] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 23
[  119.154762][ T5279] usb 3-1: New USB device found, idVendor=0bfd, idProduct=0124, bcdDevice=3a.9f
[  119.174437][ T5279] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  119.193602][ T5279] usb 3-1: Product: syz
[  119.198292][ T5279] usb 3-1: Manufacturer: syz
[  119.215791][ T5279] usb 3-1: SerialNumber: syz
[  119.240708][ T5279] usb 3-1: config 0 descriptor??
[  119.251957][ T5855] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  119.274913][ T5279] kvaser_usb 3-1:0.0: error -EPROTO: Cannot get software info
[  119.293505][ T5279] kvaser_usb 3-1:0.0: probe with driver kvaser_usb failed with error -71
[  119.577869][  T940] usb 3-1: USB disconnect, device number 9
[  120.498137][ T5824] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 256 - 0
[  120.572806][ T5824] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  120.780375][ T5230] Bluetooth: hci5: command tx timeout
[  121.166650][ T5278] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  121.229935][ T5278] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9
[  121.310145][ T5278] asix 5-1:0.0: probe with driver asix failed with error -71
[  121.341081][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  121.351285][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  121.380268][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  121.389338][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  121.399428][   T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  121.408134][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  121.463588][ T5278] usb 5-1: USB disconnect, device number 11
[  121.799288][  T940] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  122.010006][  T940] usb 3-1: Using ep0 maxpacket: 32
[  122.041016][  T940] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  122.104052][  T940] usb 3-1: New USB device found, idVendor=08ca, idProduct=2060, bcdDevice=c6.58
[  122.133308][  T940] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  122.173917][  T940] usb 3-1: Product: syz
[  122.178157][  T940] usb 3-1: Manufacturer: syz
[  122.200014][ T5278] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  122.233538][  T940] usb 3-1: SerialNumber: syz
[  122.249567][ T5865] chnl_net:caif_netlink_parms(): no params data found
[  122.268957][  T940] usb 3-1: config 0 descriptor??
[  122.275639][   T54] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  122.285606][   T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  122.294374][   T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  122.309004][   T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  122.317215][   T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  122.324808][   T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  122.355534][  T940] gspca_main: sunplus-2.14.0 probing 08ca:2060
[  122.400243][ T5278] usb 5-1: Using ep0 maxpacket: 32
[  122.440897][ T5278] usb 5-1: config 0 has an invalid interface number: 35 but max is 0
[  122.480200][ T5278] usb 5-1: config 0 has no interface number 0
[  122.503065][ T5278] usb 5-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f
[  122.538302][ T5278] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  122.576987][ T5278] usb 5-1: Product: syz
[  122.592718][ T5278] usb 5-1: Manufacturer: syz
[  122.612978][ T5278] usb 5-1: SerialNumber: syz
[  122.650709][ T5278] usb 5-1: config 0 descriptor??
[  122.683721][ T5278] radio-si470x 5-1:0.35: could not find interrupt in endpoint
[  122.715496][ T5278] radio-si470x 5-1:0.35: probe with driver radio-si470x failed with error -5
[  122.900667][ T5278] radio-raremono 5-1:0.35: Thanko's Raremono connected: (10C4:818A)
[  122.954136][ T5865] bridge0: port 1(bridge_slave_0) entered blocking state
[  122.981935][ T5865] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.001065][ T5865] bridge_slave_0: entered allmulticast mode
[  123.023699][ T5865] bridge_slave_0: entered promiscuous mode
[  123.091734][ T5865] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.111254][ T5869] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  123.143386][ T5865] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.169820][ T5869] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  123.181220][ T5864] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  123.191871][  T940] gspca_sunplus: reg_r err -32
[  123.210450][ T5865] bridge_slave_1: entered allmulticast mode
[  123.242002][ T5865] bridge_slave_1: entered promiscuous mode
[  123.248971][ T5278] radio-raremono 5-1:0.35: V4L2 device registered as radio32
[  123.260291][ T5864] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  123.351373][ T5864] netlink: 20 bytes leftover after parsing attributes in process `syz.2.159'.
[  123.466572][ T1174] usb 5-1: USB disconnect, device number 12
[  123.491285][ T1174] radio-raremono 5-1:0.35: Thanko's Raremono disconnected
[  123.500734][ T5230] Bluetooth: hci1: command tx timeout
[  123.525324][ T5865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  123.618511][ T5865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  123.881671][ T5865] team0: Port device team_slave_0 added
[  123.926582][ T5865] team0: Port device team_slave_1 added
[  124.200387][  T940] sunplus 3-1:0.0: probe with driver sunplus failed with error -32
[  124.237984][  T940] usb 3-1: USB disconnect, device number 10
[  124.342611][ T5883] xt_l2tp: missing protocol rule (udp|l2tpip)
[  124.368109][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_0
[  124.380293][ T5230] Bluetooth: hci4: command tx timeout
[  124.398487][ T5883] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  124.410389][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  124.485585][ T5865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  124.541050][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_1
[  124.548076][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  124.638575][ T5865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  124.786958][ T5872] chnl_net:caif_netlink_parms(): no params data found
[  125.580578][ T5230] Bluetooth: hci1: command tx timeout
[  126.460360][ T5230] Bluetooth: hci4: command tx timeout
[  127.660077][ T5230] Bluetooth: hci1: command tx timeout
[  128.749953][ T5230] Bluetooth: hci4: command tx timeout
[  128.886738][ T5824] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 256 - 0
[  128.974302][ T5824] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  129.552039][ T5895] netlink: 8 bytes leftover after parsing attributes in process `syz.4.165'.
[  129.740075][ T5230] Bluetooth: hci1: command tx timeout
[  130.780046][ T5230] Bluetooth: hci4: command tx timeout
[  131.197101][ T5865] hsr_slave_0: entered promiscuous mode
[  131.331637][ T5865] hsr_slave_1: entered promiscuous mode
[  131.360044][ T5865] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  131.367868][ T5865] Cannot create hsr debugfs directory
[  131.411677][ T5892] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  131.541129][ T5900] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[  131.549638][ T5900] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  131.739291][ T5900] netlink: 36 bytes leftover after parsing attributes in process `syz.4.166'.
[  132.122576][ T5824] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 256 - 0
[  132.133824][ T5824] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.180213][    T8] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  132.343240][    T8] usb 3-1: Using ep0 maxpacket: 8
[  132.368895][    T8] usb 3-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  132.379224][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  132.399621][    T8] usb 3-1: Product: syz
[  132.411421][    T8] usb 3-1: Manufacturer: syz
[  132.425231][    T8] usb 3-1: SerialNumber: syz
[  132.453055][    T8] usb 3-1: config 0 descriptor??
[  132.475167][    T8] gspca_main: sq930x-2.14.0 probing 2770:930c
[  132.872678][ T5872] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.891860][ T5872] bridge0: port 1(bridge_slave_0) entered disabled state
[  132.912061][ T5872] bridge_slave_0: entered allmulticast mode
[  132.941220][    T8] gspca_sq930x: ucbus_write failed -71
[  132.965275][ T5872] bridge_slave_0: entered promiscuous mode
[  132.982018][    T8] sq930x 3-1:0.0: probe with driver sq930x failed with error -71
[  133.017601][ T5872] bridge0: port 2(bridge_slave_1) entered blocking state
[  133.040306][    T8] usb 3-1: USB disconnect, device number 11
[  133.055668][ T5872] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.095625][ T5872] bridge_slave_1: entered allmulticast mode
[  133.137899][ T5872] bridge_slave_1: entered promiscuous mode
[  133.150391][ T1271] ieee802154 phy0 wpan0: encryption failed: -22
[  133.157173][ T1271] ieee802154 phy1 wpan1: encryption failed: -22
[  133.591523][ T5872] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  133.857560][ T5872] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  134.135889][ T5872] team0: Port device team_slave_0 added
[  134.191036][ T5872] team0: Port device team_slave_1 added
[  134.650021][   T29] kauditd_printk_skb: 4 callbacks suppressed
[  134.650042][   T29] audit: type=1326 audit(1726700287.222:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5914 comm="syz.2.169" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f652db7def9 code=0x0
[  134.710264][ T5872] batman_adv: batadv0: Adding interface: batadv_slave_0
[  134.717377][ T5872] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  134.788551][ T5872] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  134.831911][ T5872] batman_adv: batadv0: Adding interface: batadv_slave_1
[  134.838925][ T5872] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  134.960166][ T5872] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  135.239462][ T5872] hsr_slave_0: entered promiscuous mode
[  135.266079][ T5872] hsr_slave_1: entered promiscuous mode
[  135.299076][ T5872] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  135.315768][ T5872] Cannot create hsr debugfs directory
[  137.892907][   T29] audit: type=1326 audit(1726700290.462:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5922 comm="syz.4.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f309837def9 code=0x7ffc0000
[  137.978219][ T5865] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.051517][   T29] audit: type=1326 audit(1726700290.462:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5922 comm="syz.4.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f309837def9 code=0x7ffc0000
[  138.127754][ T4042] bridge_slave_1: left allmulticast mode
[  138.322195][ T4042] bridge_slave_1: left promiscuous mode
[  138.329674][ T4042] bridge0: port 2(bridge_slave_1) entered disabled state
[  138.374439][   T29] audit: type=1326 audit(1726700290.552:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5922 comm="syz.4.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f309837def9 code=0x7ffc0000
[  140.320043][   T29] audit: type=1326 audit(1726700290.552:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5922 comm="syz.4.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f309837def9 code=0x7ffc0000
[  141.429749][ T4042] bridge_slave_0: left allmulticast mode
[  141.449951][   T29] audit: type=1326 audit(1726700290.682:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5922 comm="syz.4.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f309837def9 code=0x7ffc0000
[  141.473382][ T4042] bridge_slave_0: left promiscuous mode
[  141.479192][ T4042] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.534501][   T29] audit: type=1326 audit(1726700290.682:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5922 comm="syz.4.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f309837def9 code=0x7ffc0000
[  141.640036][   T29] audit: type=1326 audit(1726700290.682:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5922 comm="syz.4.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f309837def9 code=0x7ffc0000
[  141.737207][   T29] audit: type=1326 audit(1726700290.682:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5922 comm="syz.4.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f309837def9 code=0x7ffc0000
[  141.770062][   T29] audit: type=1326 audit(1726700290.722:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5922 comm="syz.4.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f309837def9 code=0x7ffc0000
[  141.837605][   T29] audit: type=1326 audit(1726700290.722:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5922 comm="syz.4.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f309837def9 code=0x7ffc0000
[  141.904838][   T29] audit: type=1326 audit(1726700290.722:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5922 comm="syz.4.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f309837def9 code=0x7ffc0000
[  142.040624][   T29] audit: type=1326 audit(1726700290.832:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5922 comm="syz.4.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f309837def9 code=0x7ffc0000
[  143.269913][   T29] audit: type=1326 audit(1726700290.832:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5922 comm="syz.4.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f309837def9 code=0x7ffc0000
[  145.778418][ T4042] team0: Port device bridge0 removed
[  146.224859][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  146.235607][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  146.244220][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  146.254976][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  146.263171][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  146.271483][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  148.310524][ T5230] Bluetooth: hci0: command tx timeout
[  148.983331][ T4042] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  149.140568][ T4042] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  149.280342][ T4042] bond0 (unregistering): Released all slaves
[  149.652373][ T5865] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.145421][ T5938] chnl_net:caif_netlink_parms(): no params data found
[  150.380736][ T5230] Bluetooth: hci0: command tx timeout
[  150.634483][ T5938] bridge0: port 1(bridge_slave_0) entered blocking state
[  150.650045][ T5938] bridge0: port 1(bridge_slave_0) entered disabled state
[  150.661111][ T5938] bridge_slave_0: entered allmulticast mode
[  150.668809][ T5938] bridge_slave_0: entered promiscuous mode
[  150.721072][ T5938] bridge0: port 2(bridge_slave_1) entered blocking state
[  150.740051][ T5938] bridge0: port 2(bridge_slave_1) entered disabled state
[  150.747772][ T5938] bridge_slave_1: entered allmulticast mode
[  150.769372][ T5938] bridge_slave_1: entered promiscuous mode
[  150.866776][ T5938] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  150.892004][ T5938] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  151.062784][ T5938] team0: Port device team_slave_0 added
[  151.087041][ T5938] team0: Port device team_slave_1 added
[  151.324073][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_0
[  151.342029][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  151.380766][ T5938] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  151.405898][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_1
[  151.422131][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  151.462482][ T5938] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  152.460039][ T5230] Bluetooth: hci0: command tx timeout
[  153.159262][ T5938] hsr_slave_0: entered promiscuous mode
[  153.172557][ T5938] hsr_slave_1: entered promiscuous mode
[  153.241075][ T5938] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  153.248807][ T5938] Cannot create hsr debugfs directory
[  154.425451][ T5865] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.540127][ T5230] Bluetooth: hci0: command tx timeout
[  158.241930][ T5955] input: syz0 as /devices/virtual/input/input9
[  158.254616][ T5865] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.007175][ T4042] hsr_slave_0: left promiscuous mode
[  160.149467][ T4042] hsr_slave_1: left promiscuous mode
[  160.185593][ T4042] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  160.200009][ T4042] batman_adv: batadv0: Removing interface: batadv_slave_0
[  160.231290][ T4042] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  160.238980][ T4042] batman_adv: batadv0: Removing interface: batadv_slave_1
[  160.395789][ T4042] veth1_macvtap: left promiscuous mode
[  160.416077][ T4042] veth0_macvtap: left promiscuous mode
[  160.431082][ T4042] veth1_vlan: left promiscuous mode
[  160.440958][ T4042] veth0_vlan: left promiscuous mode
[  162.200061][    T8] usb 5-1: new full-speed USB device number 13 using dummy_hcd
[  162.374111][    T8] usb 5-1: config 0 has no interfaces?
[  162.381944][    T8] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=49.5f
[  162.399498][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.411551][    T8] usb 5-1: Product: syz
[  162.415881][    T8] usb 5-1: Manufacturer: syz
[  162.438221][    T8] usb 5-1: SerialNumber: syz
[  162.460750][    T8] usb 5-1: config 0 descriptor??
[  175.172493][ T4042] team0 (unregistering): Port device team_slave_1 removed
[  188.523222][ T4042] team0 (unregistering): Port device team_slave_0 removed
[  189.191338][   T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  189.209137][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  189.217671][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  189.227399][   T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  189.235612][   T54] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  189.243403][   T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  189.610841][ T5230] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  189.621986][ T5230] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  189.631404][ T5230] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  189.644717][ T5230] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  189.652858][ T5230] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  189.661262][ T5230] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  189.726081][ T5230] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  189.736918][ T5230] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  189.747223][ T5230] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  189.755756][ T5230] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  189.766423][ T5230] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  189.774207][ T5230] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  189.892810][   T54] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  189.903358][   T54] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  189.912069][   T54] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  189.920827][   T54] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  189.930707][   T54] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  189.939304][   T54] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  191.340258][   T54] Bluetooth: hci2: command tx timeout
[  191.740727][   T54] Bluetooth: hci3: command tx timeout
[  191.829451][   T54] Bluetooth: hci6: command tx timeout
[  191.982595][   T54] Bluetooth: hci7: command tx timeout
[  193.420138][   T54] Bluetooth: hci2: command tx timeout
[  193.837126][   T54] Bluetooth: hci3: command tx timeout
[  193.900441][   T54] Bluetooth: hci6: command tx timeout
[  194.060080][   T54] Bluetooth: hci7: command tx timeout
[  194.548511][ T1271] ieee802154 phy0 wpan0: encryption failed: -22
[  194.555054][ T1271] ieee802154 phy1 wpan1: encryption failed: -22
[  195.188221][ T5872] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.499980][   T54] Bluetooth: hci2: command tx timeout
[  195.683827][ T5978] chnl_net:caif_netlink_parms(): no params data found
[  195.900297][   T54] Bluetooth: hci3: command tx timeout
[  195.979988][   T54] Bluetooth: hci6: command tx timeout
[  196.073976][ T5977] chnl_net:caif_netlink_parms(): no params data found
[  196.140296][   T54] Bluetooth: hci7: command tx timeout
[  196.181328][ T5974] chnl_net:caif_netlink_parms(): no params data found
[  196.212107][ T5978] bridge0: port 1(bridge_slave_0) entered blocking state
[  196.219316][ T5978] bridge0: port 1(bridge_slave_0) entered disabled state
[  196.253937][ T5978] bridge_slave_0: entered allmulticast mode
[  196.280645][ T5978] bridge_slave_0: entered promiscuous mode
[  196.310888][ T5978] bridge0: port 2(bridge_slave_1) entered blocking state
[  196.318120][ T5978] bridge0: port 2(bridge_slave_1) entered disabled state
[  196.340859][ T5978] bridge_slave_1: entered allmulticast mode
[  196.351698][ T5978] bridge_slave_1: entered promiscuous mode
[  196.387088][ T5980] chnl_net:caif_netlink_parms(): no params data found
[  196.737665][ T5978] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  196.859094][ T5978] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  197.599863][   T54] Bluetooth: hci2: command tx timeout
[  197.735302][ T5978] team0: Port device team_slave_0 added
[  197.751201][ T5974] bridge0: port 1(bridge_slave_0) entered blocking state
[  197.760247][ T5974] bridge0: port 1(bridge_slave_0) entered disabled state
[  197.776584][ T5974] bridge_slave_0: entered allmulticast mode
[  197.791528][ T5974] bridge_slave_0: entered promiscuous mode
[  197.955444][ T5977] bridge0: port 1(bridge_slave_0) entered blocking state
[  197.970044][ T5977] bridge0: port 1(bridge_slave_0) entered disabled state
[  197.977412][ T5977] bridge_slave_0: entered allmulticast mode
[  197.984327][   T54] Bluetooth: hci3: command tx timeout
[  198.001812][ T5977] bridge_slave_0: entered promiscuous mode
[  198.023756][ T5977] bridge0: port 2(bridge_slave_1) entered blocking state
[  198.040428][ T5977] bridge0: port 2(bridge_slave_1) entered disabled state
[  198.047802][ T5977] bridge_slave_1: entered allmulticast mode
[  198.070094][   T54] Bluetooth: hci6: command tx timeout
[  198.081601][ T5977] bridge_slave_1: entered promiscuous mode
[  198.157807][ T5978] team0: Port device team_slave_1 added
[  198.170382][ T5974] bridge0: port 2(bridge_slave_1) entered blocking state
[  198.180800][ T5974] bridge0: port 2(bridge_slave_1) entered disabled state
[  198.200800][ T5974] bridge_slave_1: entered allmulticast mode
[  198.230115][   T54] Bluetooth: hci7: command tx timeout
[  198.237478][ T5974] bridge_slave_1: entered promiscuous mode
[  198.816218][ T5977] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  198.846911][ T5978] batman_adv: batadv0: Adding interface: batadv_slave_0
[  198.864427][ T5978] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  198.899908][ T5978] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  198.922837][ T5980] bridge0: port 1(bridge_slave_0) entered blocking state
[  198.940009][ T5980] bridge0: port 1(bridge_slave_0) entered disabled state
[  198.947437][ T5980] bridge_slave_0: entered allmulticast mode
[  198.971014][ T5980] bridge_slave_0: entered promiscuous mode
[  198.993145][ T5980] bridge0: port 2(bridge_slave_1) entered blocking state
[  199.009995][ T5980] bridge0: port 2(bridge_slave_1) entered disabled state
[  199.017348][ T5980] bridge_slave_1: entered allmulticast mode
[  199.041622][ T5980] bridge_slave_1: entered promiscuous mode
[  199.068145][ T5974] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  199.093368][ T5974] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  199.113878][ T5977] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  199.399311][ T5978] batman_adv: batadv0: Adding interface: batadv_slave_1
[  199.414707][ T5978] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  199.475005][ T5978] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  199.865210][ T5974] team0: Port device team_slave_0 added
[  199.892376][ T5977] team0: Port device team_slave_0 added
[  200.018646][ T5980] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  200.042432][ T5974] team0: Port device team_slave_1 added
[  200.062890][ T5980] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  200.082199][ T5977] team0: Port device team_slave_1 added
[  200.821154][ T5978] hsr_slave_0: entered promiscuous mode
[  200.851339][ T5978] hsr_slave_1: entered promiscuous mode
[  200.926784][ T5978] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  200.939856][ T5978] Cannot create hsr debugfs directory
[  201.214154][ T5974] batman_adv: batadv0: Adding interface: batadv_slave_0
[  201.230171][ T5974] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  201.276629][ T5974] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  201.312341][ T5980] team0: Port device team_slave_0 added
[  201.330222][ T5977] batman_adv: batadv0: Adding interface: batadv_slave_0
[  201.337229][ T5977] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  201.385879][ T5977] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  201.544731][ T5974] batman_adv: batadv0: Adding interface: batadv_slave_1
[  201.559905][ T5974] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  201.618220][ T5974] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  201.660683][ T5980] team0: Port device team_slave_1 added
[  201.723029][ T5977] batman_adv: batadv0: Adding interface: batadv_slave_1
[  201.739906][ T5977] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  201.785463][ T5977] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  202.150102][ T5980] batman_adv: batadv0: Adding interface: batadv_slave_0
[  202.157201][ T5980] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  202.207658][ T5980] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  202.590397][ T5974] hsr_slave_0: entered promiscuous mode
[  202.601512][ T5974] hsr_slave_1: entered promiscuous mode
[  202.616684][ T5974] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  202.629865][ T5974] Cannot create hsr debugfs directory
[  202.682323][ T5980] batman_adv: batadv0: Adding interface: batadv_slave_1
[  202.689389][ T5980] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  202.750407][ T5980] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  203.078029][ T5977] hsr_slave_0: entered promiscuous mode
[  203.154767][ T5977] hsr_slave_1: entered promiscuous mode
[  203.250452][ T5977] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  203.258095][ T5977] Cannot create hsr debugfs directory
[  204.054737][ T5980] hsr_slave_0: entered promiscuous mode
[  204.127424][ T5980] hsr_slave_1: entered promiscuous mode
[  204.200590][ T5980] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  204.208242][ T5980] Cannot create hsr debugfs directory
[  205.229592][    T8] usb 5-1: USB disconnect, device number 13
[  207.060137][ T5230] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  207.076694][ T5230] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  207.085281][ T5230] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  207.094246][ T5230] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  207.103661][ T5230] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  207.111194][ T5230] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  207.486211][ T6011] chnl_net:caif_netlink_parms(): no params data found
[  207.712019][ T6011] bridge0: port 1(bridge_slave_0) entered blocking state
[  207.719266][ T6011] bridge0: port 1(bridge_slave_0) entered disabled state
[  207.748403][ T6011] bridge_slave_0: entered allmulticast mode
[  207.761774][ T6011] bridge_slave_0: entered promiscuous mode
[  207.782508][ T6011] bridge0: port 2(bridge_slave_1) entered blocking state
[  207.789660][ T6011] bridge0: port 2(bridge_slave_1) entered disabled state
[  207.810180][ T6011] bridge_slave_1: entered allmulticast mode
[  207.830142][ T6011] bridge_slave_1: entered promiscuous mode
[  208.023040][ T6011] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  208.043185][ T6011] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  208.351864][ T6011] team0: Port device team_slave_0 added
[  208.378357][ T6011] team0: Port device team_slave_1 added
[  208.873466][ T6011] batman_adv: batadv0: Adding interface: batadv_slave_0
[  208.898280][ T6011] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  208.925771][ T6011] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  208.960282][ T6011] batman_adv: batadv0: Adding interface: batadv_slave_1
[  208.967302][ T6011] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  209.018482][ T6011] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  209.180967][ T5230] Bluetooth: hci1: command tx timeout
[  209.258908][ T6011] hsr_slave_0: entered promiscuous mode
[  209.294563][ T6011] hsr_slave_1: entered promiscuous mode
[  209.371368][ T6011] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  209.379104][ T6011] Cannot create hsr debugfs directory
[  211.260314][ T5230] Bluetooth: hci1: command tx timeout
[  213.340643][ T5230] Bluetooth: hci1: command tx timeout
[  215.430051][ T5230] Bluetooth: hci1: command tx timeout
[  222.763791][ T5872] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.374308][ T4623] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  236.387791][ T4623] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  236.397219][ T4623] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  236.405815][ T4623] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  236.414123][ T4623] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3
[  236.422121][ T4623] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  236.823838][ T6023] chnl_net:caif_netlink_parms(): no params data found
[  237.580047][ T4623] Bluetooth: hci5: command 0x0406 tx timeout
[  237.745367][ T6023] bridge0: port 1(bridge_slave_0) entered blocking state
[  237.759953][ T6023] bridge0: port 1(bridge_slave_0) entered disabled state
[  237.767482][ T6023] bridge_slave_0: entered allmulticast mode
[  237.791461][ T6023] bridge_slave_0: entered promiscuous mode
[  237.812045][ T6023] bridge0: port 2(bridge_slave_1) entered blocking state
[  237.830025][ T6023] bridge0: port 2(bridge_slave_1) entered disabled state
[  237.837889][ T6023] bridge_slave_1: entered allmulticast mode
[  237.867108][ T6023] bridge_slave_1: entered promiscuous mode
[  238.075806][ T6023] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  238.112571][ T6023] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  238.460250][   T54] Bluetooth: hci8: command tx timeout
[  238.538950][ T6023] team0: Port device team_slave_0 added
[  238.573530][ T6023] team0: Port device team_slave_1 added
[  238.682991][ T6023] batman_adv: batadv0: Adding interface: batadv_slave_0
[  238.698221][ T6023] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  238.757268][ T6023] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  238.803692][ T6023] batman_adv: batadv0: Adding interface: batadv_slave_1
[  238.819918][ T6023] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  238.881129][ T6023] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  239.476983][ T6023] hsr_slave_0: entered promiscuous mode
[  239.513769][ T6023] hsr_slave_1: entered promiscuous mode
[  239.533734][ T6023] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  239.549966][ T6023] Cannot create hsr debugfs directory
[  240.540168][   T54] Bluetooth: hci8: command tx timeout
[  241.657522][ T5872] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.620280][   T54] Bluetooth: hci8: command tx timeout
[  244.708284][   T54] Bluetooth: hci8: command tx timeout
[  247.829996][   T54] Bluetooth: hci4: command 0x0406 tx timeout
[  248.550831][   T54] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  248.561423][   T54] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  248.569988][   T54] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  248.579360][   T54] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  248.590733][   T54] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3
[  248.600085][   T54] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  249.018940][ T6039] chnl_net:caif_netlink_parms(): no params data found
[  249.731486][   T54] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  249.742753][   T54] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  249.751740][   T54] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  249.765276][   T54] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  249.773295][   T54] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3
[  249.781780][   T54] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  249.907902][   T54] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  249.917612][   T54] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  249.929738][   T54] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  249.938218][   T54] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  249.946203][   T54] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3
[  249.954931][   T54] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  250.710084][   T54] Bluetooth: hci9: command tx timeout
[  251.200302][ T6039] bridge0: port 1(bridge_slave_0) entered blocking state
[  251.207557][ T6039] bridge0: port 1(bridge_slave_0) entered disabled state
[  251.229370][ T6039] bridge_slave_0: entered allmulticast mode
[  251.240026][ T6039] bridge_slave_0: entered promiscuous mode
[  251.264923][ T6039] bridge0: port 2(bridge_slave_1) entered blocking state
[  251.280148][ T6039] bridge0: port 2(bridge_slave_1) entered disabled state
[  251.287506][ T6039] bridge_slave_1: entered allmulticast mode
[  251.311379][ T6039] bridge_slave_1: entered promiscuous mode
[  251.646540][ T6039] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  251.683215][ T6039] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  251.830579][   T54] Bluetooth: hci10: command tx timeout
[  251.862394][ T6039] team0: Port device team_slave_0 added
[  251.926537][ T6039] team0: Port device team_slave_1 added
[  252.060867][   T54] Bluetooth: hci11: command tx timeout
[  252.790335][   T54] Bluetooth: hci9: command tx timeout
[  253.910252][   T54] Bluetooth: hci10: command tx timeout
[  254.140890][   T54] Bluetooth: hci11: command tx timeout
[  254.870859][   T54] Bluetooth: hci9: command tx timeout
[  255.992851][   T54] Bluetooth: hci10: command tx timeout
[  256.020352][ T1271] ieee802154 phy0 wpan0: encryption failed: -22
[  256.026730][ T1271] ieee802154 phy1 wpan1: encryption failed: -22
[  256.220655][   T54] Bluetooth: hci11: command tx timeout
[  256.950448][   T54] Bluetooth: hci9: command tx timeout
[  257.038182][ T6046] chnl_net:caif_netlink_parms(): no params data found
[  257.200930][ T6039] batman_adv: batadv0: Adding interface: batadv_slave_0
[  257.207948][ T6039] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  257.298743][ T6039] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  257.346090][ T6048] chnl_net:caif_netlink_parms(): no params data found
[  257.512097][ T6039] batman_adv: batadv0: Adding interface: batadv_slave_1
[  257.519117][ T6039] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  257.572761][ T6039] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  257.816593][ T6039] hsr_slave_0: entered promiscuous mode
[  257.832442][ T6039] hsr_slave_1: entered promiscuous mode
[  257.852036][ T6039] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  257.869837][ T6039] Cannot create hsr debugfs directory
[  257.989089][ T6046] bridge0: port 1(bridge_slave_0) entered blocking state
[  258.010593][ T6046] bridge0: port 1(bridge_slave_0) entered disabled state
[  258.017963][ T6046] bridge_slave_0: entered allmulticast mode
[  258.043450][ T6046] bridge_slave_0: entered promiscuous mode
[  258.060137][   T54] Bluetooth: hci10: command tx timeout
[  258.194498][ T6046] bridge0: port 2(bridge_slave_1) entered blocking state
[  258.210854][ T6046] bridge0: port 2(bridge_slave_1) entered disabled state
[  258.218236][ T6046] bridge_slave_1: entered allmulticast mode
[  258.242379][ T6046] bridge_slave_1: entered promiscuous mode
[  258.310902][   T54] Bluetooth: hci11: command tx timeout
[  258.605028][ T6046] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  258.644012][ T6046] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  259.004108][ T6046] team0: Port device team_slave_0 added
[  259.024335][ T6046] team0: Port device team_slave_1 added
[  259.091994][ T6048] bridge0: port 1(bridge_slave_0) entered blocking state
[  259.099593][ T6048] bridge0: port 1(bridge_slave_0) entered disabled state
[  259.110058][ T6048] bridge_slave_0: entered allmulticast mode
[  259.132732][ T6048] bridge_slave_0: entered promiscuous mode
[  259.253667][ T6048] bridge0: port 2(bridge_slave_1) entered blocking state
[  259.270053][ T6048] bridge0: port 2(bridge_slave_1) entered disabled state
[  259.277422][ T6048] bridge_slave_1: entered allmulticast mode
[  259.310192][ T6048] bridge_slave_1: entered promiscuous mode
[  259.332608][ T6046] batman_adv: batadv0: Adding interface: batadv_slave_0
[  259.339624][ T6046] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  259.396087][ T6046] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  259.432324][ T6046] batman_adv: batadv0: Adding interface: batadv_slave_1
[  259.439431][ T6046] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  259.499820][ T6046] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  260.132843][ T6048] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  260.163495][ T6048] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  260.280997][ T6046] hsr_slave_0: entered promiscuous mode
[  260.311676][ T6046] hsr_slave_1: entered promiscuous mode
[  260.331714][ T6046] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  260.339455][ T6046] Cannot create hsr debugfs directory
[  260.575407][ T6048] team0: Port device team_slave_0 added
[  260.676804][ T6048] team0: Port device team_slave_1 added
[  260.817397][ T6048] batman_adv: batadv0: Adding interface: batadv_slave_0
[  260.829818][ T6048] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  260.890149][ T6048] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  261.271481][ T6048] batman_adv: batadv0: Adding interface: batadv_slave_1
[  261.278500][ T6048] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  261.349822][ T6048] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  261.951293][ T6048] hsr_slave_0: entered promiscuous mode
[  262.016948][ T6048] hsr_slave_1: entered promiscuous mode
[  262.038248][ T6048] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  262.049825][ T6048] Cannot create hsr debugfs directory
[  267.821267][ T4623] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1
[  267.835453][ T4623] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9
[  267.844177][ T4623] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9
[  267.861973][ T4623] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4
[  267.873883][ T4623] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3
[  267.881553][ T4623] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2
[  268.305207][ T6067] chnl_net:caif_netlink_parms(): no params data found
[  268.760931][ T6067] bridge0: port 1(bridge_slave_0) entered blocking state
[  268.768214][ T6067] bridge0: port 1(bridge_slave_0) entered disabled state
[  268.784796][ T6067] bridge_slave_0: entered allmulticast mode
[  268.801417][ T6067] bridge_slave_0: entered promiscuous mode
[  268.823009][ T6067] bridge0: port 2(bridge_slave_1) entered blocking state
[  268.839961][ T6067] bridge0: port 2(bridge_slave_1) entered disabled state
[  268.860265][ T6067] bridge_slave_1: entered allmulticast mode
[  268.870452][ T6067] bridge_slave_1: entered promiscuous mode
[  269.003323][ T6067] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  269.030786][ T6067] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  269.172109][ T6067] team0: Port device team_slave_0 added
[  269.193121][ T6067] team0: Port device team_slave_1 added
[  269.559029][ T6067] batman_adv: batadv0: Adding interface: batadv_slave_0
[  269.569812][ T6067] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  269.629821][ T6067] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  269.660417][ T6067] batman_adv: batadv0: Adding interface: batadv_slave_1
[  269.670491][ T6067] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  269.729824][ T6067] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  269.980756][   T54] Bluetooth: hci12: command tx timeout
[  269.991871][ T6067] hsr_slave_0: entered promiscuous mode
[  270.011650][ T6067] hsr_slave_1: entered promiscuous mode
[  270.032435][ T6067] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  270.049914][ T6067] Cannot create hsr debugfs directory
[  272.060476][ T4623] Bluetooth: hci12: command tx timeout
[  273.420140][ T4623] Bluetooth: hci0: command 0x0406 tx timeout
[  274.140533][   T54] Bluetooth: hci12: command tx timeout
[  276.239908][   T54] Bluetooth: hci12: command tx timeout
[  284.040012][ T5872] bond0: (slave netdevsim0): Releasing backup interface
[  284.225821][ T5872] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  291.831251][   T30] INFO: task syz-executor:5824 blocked for more than 144 seconds.
[  291.839164][   T30]       Not tainted 6.11.0-syzkaller-04744-gbdf56c7580d2 #0
[  291.880007][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  291.933029][   T30] task:syz-executor    state:D stack:21728 pid:5824  tgid:5824  ppid:1      flags:0x00000004
[  291.990137][   T30] Call Trace:
[  291.993502][   T30]  <TASK>
[  291.996478][   T30]  __schedule+0x1800/0x4a60
[  292.115123][   T30]  ? __pfx___schedule+0x10/0x10
[  292.152373][   T30]  ? __pfx_lock_release+0x10/0x10
[  292.157543][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  292.207486][   T30]  ? schedule+0x90/0x320
[  292.229815][   T30]  schedule+0x14b/0x320
[  292.234069][   T30]  schedule_preempt_disabled+0x13/0x30
[  292.279860][   T30]  __mutex_lock+0x6a4/0xd70
[  292.284484][   T30]  ? __mutex_lock+0x527/0xd70
[  292.289224][   T30]  ? new_device_store+0x1b4/0x890
[  292.359864][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  292.365108][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  292.409841][   T30]  new_device_store+0x1b4/0x890
[  292.414808][   T30]  ? kernfs_fop_write_iter+0x1ea/0x500
[  292.469856][   T30]  ? __pfx_new_device_store+0x10/0x10
[  292.475336][   T30]  ? sysfs_kf_write+0x182/0x2a0
[  292.509817][   T30]  ? bus_attr_store+0x4f/0xa0
[  292.514608][   T30]  ? __pfx_sysfs_kf_write+0x10/0x10
[  292.529806][   T30]  kernfs_fop_write_iter+0x3a0/0x500
[  292.535300][   T30]  vfs_write+0xa6d/0xc90
[  292.539603][   T30]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  292.569824][   T30]  ? __pfx_vfs_write+0x10/0x10
[  292.574754][   T30]  ? __fdget_pos+0x265/0x320
[  292.579443][   T30]  ksys_write+0x1a0/0x2c0
[  292.598737][   T30]  ? __pfx_ksys_write+0x10/0x10
[  292.609818][   T30]  ? do_syscall_64+0x100/0x230
[  292.614692][   T30]  ? do_syscall_64+0xb6/0x230
[  292.619433][   T30]  do_syscall_64+0xf3/0x230
[  292.640540][   T30]  ? clear_bhb_loop+0x35/0x90
[  292.645338][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  292.662906][   T30] RIP: 0033:0x7f8c9217c9df
[  292.667414][   T30] RSP: 002b:00007f8c9245f220 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  292.690507][   T30] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f8c9217c9df
[  292.698569][   T30] RDX: 0000000000000003 RSI: 00007f8c9245f270 RDI: 0000000000000005
[  292.729809][   T30] RBP: 00007f8c921f1c39 R08: 0000000000000000 R09: 00007f8c9245f077
[  292.737877][   T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  292.770019][   T30] R13: 00007f8c9245f270 R14: 00007f8c92e64620 R15: 0000000000000003
[  292.778108][   T30]  </TASK>
[  292.789925][   T30] 
[  292.789925][   T30] Showing all locks held in the system:
[  292.797719][   T30] 5 locks held by kworker/1:0/25:
[  292.829810][   T30] 1 lock held by khungtaskd/30:
[  292.834743][   T30]  #0: ffffffff8e938aa0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[  292.854931][   T30] 2 locks held by kworker/1:1/46:
[  292.869844][   T30] 2 locks held by kworker/u8:8/2999:
[  292.885972][   T30] 5 locks held by kworker/u8:9/4042:
[  292.902269][   T30]  #0: ffff88801bae5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  292.960015][   T30]  #1: ffffc9000c6afd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  292.979971][   T30]  #2: ffffffff8fcb4d50 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[  292.989530][   T30]  #3: ffff888062289428 (&wg->device_update_lock){+.+.}-{3:3}, at: wg_destruct+0x110/0x2e0
[  293.020058][   T30]  #4: ffffffff8e93df00 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x4c/0x530
[  293.050134][   T30] 2 locks held by getty/4987:
[  293.055898][   T30]  #0: ffff88803228a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  293.080236][   T30]  #1: ffffc9000311b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00
[  293.099823][   T30] 4 locks held by syz-executor/5824:
[  293.105237][   T30]  #0: ffff88802dca8420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90
[  293.129993][   T30]  #1: ffff888025556c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500
[  293.152371][   T30]  #2: ffff888144731788 (kn->active#50){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500
[  293.180419][   T30]  #3: ffffffff8f55e5a8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: new_device_store+0x1b4/0x890
[  293.199932][   T30] 7 locks held by syz-executor/5872:
[  293.205291][   T30]  #0: ffff88802dca8420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90
[  293.230675][   T30]  #1: ffff888024402c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500
[  293.250130][   T30]  #2: ffff888144731878 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500
[  293.280089][   T30]  #3: ffffffff8f55e5a8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480
[  293.299810][   T30]  #4: ffff8880616910e8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0
[  293.319812][   T30]  #5: ffff888061692250 (&devlink->lock_key){+.+.}-{3:3}, at: nsim_drv_remove+0x50/0x160
[  293.341098][   T30]  #6: ffffffff8e93df00 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x4c/0x530
[  293.364501][   T30] 4 locks held by syz-executor/5938:
[  293.379958][   T30]  #0: ffff88802dca8420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90
[  293.389191][   T30]  #1: ffff888030c9d488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500
[  293.417876][   T30]  #2: ffff888144731878 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500
[  293.440676][   T30]  #3: ffffffff8f55e5a8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480
[  293.460119][   T30] 4 locks held by syz-executor/5974:
[  293.465496][   T30]  #0: ffff88802dca8420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90
[  293.495286][   T30]  #1: ffff88805ff87088 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500
[  293.520513][   T30]  #2: ffff888144731878 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500
[  293.539842][   T30]  #3: ffffffff8f55e5a8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480
[  293.559824][   T30] 4 locks held by syz-executor/5977:
[  293.565918][   T30]  #0: ffff88802dca8420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90
[  293.589994][   T30]  #1: ffff888054505888 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500
[  293.609809][   T30]  #2: ffff888144731878 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500
[  293.629801][   T30]  #3: ffffffff8f55e5a8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480
[  293.652260][   T30] 4 locks held by syz-executor/5978:
[  293.657629][   T30]  #0: ffff88802dca8420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90
[  293.689810][   T30]  #1: ffff88805c8cdc88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500
[  293.709810][   T30]  #2: ffff888144731878 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500
[  293.729799][   T30]  #3: ffffffff8f55e5a8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480
[  293.752333][   T30] 4 locks held by syz-executor/5980:
[  293.757698][   T30]  #0: ffff88802dca8420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90
[  293.790407][   T30]  #1: ffff888053dfe088 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500
[  293.809869][   T30]  #2: ffff888144731878 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500
[  293.827480][   T30]  #3: ffffffff8f55e5a8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480
[  293.850407][   T30] 4 locks held by syz-executor/6011:
[  293.855856][   T30]  #0: ffff88802dca8420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90
[  293.880038][   T30]  #1: ffff8880511db488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500
[  293.910789][   T30]  #2: ffff888144731878 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500
[  293.929917][   T30]  #3: ffffffff8f55e5a8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480
[  293.950167][   T30] 4 locks held by syz-executor/6023:
[  293.955545][   T30]  #0: ffff88802dca8420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90
[  293.980220][   T30]  #1: ffff8880522c2088 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500
[  293.999812][   T30]  #2: ffff888144731878 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500
[  294.020307][   T30]  #3: ffffffff8f55e5a8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480
[  294.050152][   T30] 4 locks held by syz-executor/6039:
[  294.055521][   T30]  #0: ffff88802dca8420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90
[  294.080676][   T30]  #1: ffff88802f471888 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500
[  294.099810][   T30]  #2: ffff888144731878 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500
[  294.120173][   T30]  #3: ffffffff8f55e5a8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480
[  294.140150][   T30] 4 locks held by syz-executor/6046:
[  294.145519][   T30]  #0: ffff88802dca8420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90
[  294.179819][   T30]  #1: ffff888056465c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500
[  294.199805][   T30]  #2: ffff888144731878 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500
[  294.219808][   T30]  #3: ffffffff8f55e5a8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480
[  294.250281][   T30] 4 locks held by syz-executor/6048:
[  294.255896][   T30]  #0: ffff88802dca8420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90
[  294.269797][   T30]  #1: ffff88805140f088 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500
[  294.289801][   T30]  #2: ffff888144731878 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500
[  294.309807][   T30]  #3: ffffffff8f55e5a8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480
[  294.339494][   T30] 4 locks held by syz-executor/6067:
[  294.345747][   T30]  #0: ffff88802dca8420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90
[  294.370532][   T30]  #1: ffff888053073888 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500
[  294.390097][   T30]  #2: ffff888144731878 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500
[  294.409810][   T30]  #3: ffffffff8f55e5a8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480
[  294.432751][   T30] 
[  294.435251][   T30] =============================================
[  294.435251][   T30] 
[  294.460718][   T30] NMI backtrace for cpu 0
[  294.465182][   T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-04744-gbdf56c7580d2 #0
[  294.475374][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  294.485470][   T30] Call Trace:
[  294.488780][   T30]  <TASK>
[  294.491744][   T30]  dump_stack_lvl+0x241/0x360
[  294.496477][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  294.501729][   T30]  ? __pfx__printk+0x10/0x10
[  294.506461][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[  294.511443][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  294.516939][   T30]  ? _printk+0xd5/0x120
[  294.521135][   T30]  ? __pfx__printk+0x10/0x10
[  294.525766][   T30]  ? __wake_up_klogd+0xcc/0x110
[  294.530663][   T30]  ? __pfx__printk+0x10/0x10
[  294.535299][   T30]  ? __rcu_read_unlock+0xa1/0x110
[  294.540429][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  294.546456][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[  294.552490][   T30]  watchdog+0xff4/0x1040
[  294.556772][   T30]  ? watchdog+0x1ea/0x1040
[  294.561232][   T30]  ? __pfx_watchdog+0x10/0x10
[  294.565949][   T30]  kthread+0x2f0/0x390
[  294.570061][   T30]  ? __pfx_watchdog+0x10/0x10
[  294.574787][   T30]  ? __pfx_kthread+0x10/0x10
[  294.579414][   T30]  ret_from_fork+0x4b/0x80
[  294.583876][   T30]  ? __pfx_kthread+0x10/0x10
[  294.588510][   T30]  ret_from_fork_asm+0x1a/0x30
[  294.593338][   T30]  </TASK>
[  294.597379][   T30] Sending NMI from CPU 0 to CPUs 1:
[  294.602845][    C1] NMI backtrace for cpu 1
[  294.602860][    C1] CPU: 1 UID: 0 PID: 5280 Comm: kworker/1:5 Not tainted 6.11.0-syzkaller-04744-gbdf56c7580d2 #0
[  294.602881][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  294.602893][    C1] Workqueue: events nsim_dev_trap_report_work
[  294.602926][    C1] RIP: 0010:unwind_next_frame+0x6b1/0x22d0
[  294.602957][    C1] Code: 42 80 3c 20 00 74 08 4c 89 f7 e8 aa e9 b9 00 49 8b 2e e9 32 02 00 00 4d 89 ec 4d 89 ee 48 89 e8 4c 29 f0 48 89 c1 48 c1 f9 02 <48> c1 e8 3f 48 01 c8 48 83 e0 fe 49 8d 1c 46 48 89 d8 48 c1 e8 03
[  294.602973][    C1] RSP: 0018:ffffc90000a17eb0 EFLAGS: 00000202
[  294.602988][    C1] RAX: 0000000000000004 RBX: ffffffff902b8860 RCX: 0000000000000001
[  294.603000][    C1] RDX: 00000000000b0001 RSI: ffffffff90a04cec RDI: 0000000000000001
[  294.603013][    C1] RBP: ffffffff902b8868 R08: 0000000000000018 R09: ffffc90000a18070
[  294.603026][    C1] R10: ffffc90000a17fd0 R11: ffffffff817f8970 R12: ffffffff902b8860
[  294.603040][    C1] R13: ffffffff902b8828 R14: ffffffff902b8864 R15: ffffffff8135cf9a
[  294.603054][    C1] FS:  0000000000000000(0000) GS:ffff8880b8900000(0000) knlGS:0000000000000000
[  294.603070][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  294.603083][    C1] CR2: 00007f4362f13c4d CR3: 000000000e734000 CR4: 00000000003506f0
[  294.603101][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  294.603112][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  294.603123][    C1] Call Trace:
[  294.603130][    C1]  <NMI>
[  294.603137][    C1]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[  294.603156][    C1]  ? __pfx_lock_acquire+0x10/0x10
[  294.603183][    C1]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  294.603200][    C1]  ? nmi_handle+0x2a/0x5a0
[  294.603225][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  294.603249][    C1]  ? nmi_handle+0x14f/0x5a0
[  294.603266][    C1]  ? nmi_handle+0x2a/0x5a0
[  294.603283][    C1]  ? unwind_next_frame+0x6b1/0x22d0
[  294.603310][    C1]  ? default_do_nmi+0x63/0x160
[  294.603329][    C1]  ? exc_nmi+0x123/0x1f0
[  294.603346][    C1]  ? end_repeat_nmi+0xf/0x53
[  294.603369][    C1]  ? ret_from_fork+0x4a/0x80
[  294.603396][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  294.603425][    C1]  ? unwind_next_frame+0x6b1/0x22d0
[  294.603452][    C1]  ? unwind_next_frame+0x6b1/0x22d0
[  294.603480][    C1]  ? unwind_next_frame+0x6b1/0x22d0
[  294.603507][    C1]  </NMI>
[  294.603513][    C1]  <IRQ>
[  294.603524][    C1]  ? ret_from_fork+0x4b/0x80
[  294.603550][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  294.603577][    C1]  arch_stack_walk+0x11c/0x150
[  294.603597][    C1]  ? ret_from_fork+0x4b/0x80
[  294.603625][    C1]  stack_trace_save+0x118/0x1d0
[  294.603651][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  294.603678][    C1]  ? __lock_acquire+0x1384/0x2050
[  294.603705][    C1]  ? __pfx_slab_free_after_rcu_debug+0x10/0x10
[  294.603724][    C1]  kasan_save_stack+0x3f/0x60
[  294.603751][    C1]  ? kasan_save_stack+0x3f/0x60
[  294.603777][    C1]  ? __kasan_record_aux_stack+0xac/0xc0
[  294.603801][    C1]  ? call_rcu+0x167/0xa70
[  294.603818][    C1]  ? kmem_cache_free+0x2fd/0x420
[  294.603846][    C1]  ? nf_conntrack_free+0x2fd/0x390
[  294.603867][    C1]  ? nf_conntrack_in+0xb51/0x1890
[  294.603902][    C1]  ? nf_hook_slow+0xc3/0x220
[  294.603919][    C1]  ? NF_HOOK+0x29e/0x450
[  294.603944][    C1]  ? __netif_receive_skb+0x2bf/0x650
[  294.603961][    C1]  ? process_backlog+0x662/0x15b0
[  294.603979][    C1]  ? __napi_poll+0xcb/0x490
[  294.603994][    C1]  ? net_rx_action+0x89b/0x1240
[  294.604012][    C1]  ? handle_softirqs+0x2c5/0x980
[  294.604033][    C1]  ? __irq_exit_rcu+0xf4/0x1c0
[  294.604054][    C1]  ? irq_exit_rcu+0x9/0x30
[  294.604074][    C1]  ? sysvec_apic_timer_interrupt+0xa6/0xc0
[  294.604095][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  294.604118][    C1]  ? crng_make_state+0x5dc/0xa80
[  294.604141][    C1]  ? _get_random_bytes+0xd7/0x2c0
[  294.604161][    C1]  ? nsim_dev_trap_report_work+0x301/0xaa0
[  294.604186][    C1]  ? process_scheduled_works+0xa63/0x1850
[  294.604209][    C1]  ? worker_thread+0x870/0xd30
[  294.604232][    C1]  ? kthread+0x2f0/0x390
[  294.604246][    C1]  ? ret_from_fork+0x4b/0x80
[  294.604283][    C1]  ? __phys_addr+0xba/0x170
[  294.604300][    C1]  __kasan_record_aux_stack+0xac/0xc0
[  294.604325][    C1]  call_rcu+0x167/0xa70
[  294.604346][    C1]  ? __pfx_call_rcu+0x10/0x10
[  294.604366][    C1]  ? __phys_addr+0xba/0x170
[  294.604384][    C1]  kmem_cache_free+0x2fd/0x420
[  294.604405][    C1]  ? __pfx___nf_conntrack_find_get+0x10/0x10
[  294.604426][    C1]  ? nf_conntrack_free+0x2fd/0x390
[  294.604449][    C1]  nf_conntrack_free+0x2fd/0x390
[  294.604471][    C1]  nf_conntrack_in+0xb51/0x1890
[  294.604504][    C1]  ? __pfx_nf_conntrack_in+0x10/0x10
[  294.604531][    C1]  ? ipt_do_table+0x312/0x1860
[  294.604553][    C1]  ? __pfx_ipt_do_table+0x10/0x10
[  294.604577][    C1]  ? ipv4_conntrack_defrag+0x2a2/0x5a0
[  294.604595][    C1]  ? ip_sabotage_in+0x55/0x290
[  294.604621][    C1]  ? __pfx_ipv4_conntrack_in+0x10/0x10
[  294.604640][    C1]  nf_hook_slow+0xc3/0x220
[  294.604659][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[  294.604674][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[  294.604689][    C1]  NF_HOOK+0x29e/0x450
[  294.604714][    C1]  ? __lock_acquire+0x1384/0x2050
[  294.604739][    C1]  ? NF_HOOK+0x9a/0x450
[  294.604764][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[  294.604789][    C1]  ? ip_rcv_core+0x801/0xd10
[  294.604824][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[  294.604848][    C1]  ? __pfx_ip_rcv+0x10/0x10
[  294.604875][    C1]  __netif_receive_skb+0x2bf/0x650
[  294.604894][    C1]  ? __pfx_lock_acquire+0x10/0x10
[  294.604919][    C1]  ? __pfx___netif_receive_skb+0x10/0x10
[  294.604937][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  294.604961][    C1]  ? __pfx_lock_release+0x10/0x10
[  294.604987][    C1]  ? _raw_spin_lock_irq+0xdf/0x120
[  294.605014][    C1]  process_backlog+0x662/0x15b0
[  294.605035][    C1]  ? process_backlog+0x33b/0x15b0
[  294.605059][    C1]  ? __pfx_process_backlog+0x10/0x10
[  294.605078][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  294.605105][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  294.605133][    C1]  __napi_poll+0xcb/0x490
[  294.605153][    C1]  net_rx_action+0x89b/0x1240
[  294.605182][    C1]  ? __pfx_net_rx_action+0x10/0x10
[  294.605203][    C1]  ? __pfx_tmigr_handle_remote+0x10/0x10
[  294.605238][    C1]  handle_softirqs+0x2c5/0x980
[  294.605265][    C1]  ? __irq_exit_rcu+0xf4/0x1c0
[  294.605289][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  294.605314][    C1]  ? irqtime_account_irq+0xd4/0x1e0
[  294.605342][    C1]  __irq_exit_rcu+0xf4/0x1c0
[  294.605365][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  294.605393][    C1]  irq_exit_rcu+0x9/0x30
[  294.605414][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  294.605436][    C1]  </IRQ>
[  294.605442][    C1]  <TASK>
[  294.605448][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  294.605472][    C1] RIP: 0010:crng_make_state+0x5dc/0xa80
[  294.605497][    C1] Code: 5a ca 80 06 e9 01 fd ff ff e8 00 da 4c fc e8 ab ac 76 06 48 83 7c 24 28 00 74 87 e8 ee d9 4c fc fb 48 c7 44 24 40 0e 36 e0 45 <48> b8 00 00 00 00 00 fc ff df 48 8b 4c 24 38 c7 04 08 00 00 00 00
[  294.605512][    C1] RSP: 0018:ffffc9000404f7c0 EFLAGS: 00000293
[  294.605527][    C1] RAX: ffffffff8546eda2 RBX: 0000000000000000 RCX: ffff88802ce1da00
[  294.605540][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  294.605551][    C1] RBP: ffffc9000404f970 R08: ffffffff8546ed12 R09: 1ffffffff284892d
[  294.605565][    C1] R10: dffffc0000000000 R11: fffffbfff284892e R12: 000000000000000f
[  294.605577][    C1] R13: 1ffff1101712752e R14: 0000000000000046 R15: ffff8880b893a978
[  294.605594][    C1]  ? crng_make_state+0x542/0xa80
[  294.605617][    C1]  ? crng_make_state+0x5d2/0xa80
[  294.605645][    C1]  ? crng_make_state+0x196/0xa80
[  294.605669][    C1]  ? __pfx_crng_make_state+0x10/0x10
[  294.605708][    C1]  _get_random_bytes+0xd7/0x2c0
[  294.605732][    C1]  ? __pfx__get_random_bytes+0x10/0x10
[  294.605757][    C1]  ? kasan_quarantine_put+0xdc/0x230
[  294.605788][    C1]  ? nsim_dev_trap_report_work+0x750/0xaa0
[  294.605815][    C1]  ? skb_put+0x114/0x1f0
[  294.605846][    C1]  nsim_dev_trap_report_work+0x301/0xaa0
[  294.605880][    C1]  ? process_scheduled_works+0x976/0x1850
[  294.605904][    C1]  process_scheduled_works+0xa63/0x1850
[  294.605941][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  294.605969][    C1]  ? assign_work+0x364/0x3d0
[  294.605994][    C1]  worker_thread+0x870/0xd30
[  294.606023][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  294.606046][    C1]  ? __kthread_parkme+0x169/0x1d0
[  294.606073][    C1]  ? __pfx_worker_thread+0x10/0x10
[  294.606099][    C1]  kthread+0x2f0/0x390
[  294.606115][    C1]  ? __pfx_worker_thread+0x10/0x10
[  294.606139][    C1]  ? __pfx_kthread+0x10/0x10
[  294.606156][    C1]  ret_from_fork+0x4b/0x80
[  294.606181][    C1]  ? __pfx_kthread+0x10/0x10
[  294.606197][    C1]  ret_from_fork_asm+0x1a/0x30
[  294.606230][    C1]  </TASK>
[  295.530599][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  295.537520][   T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-04744-gbdf56c7580d2 #0
[  295.547712][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  295.557808][   T30] Call Trace:
[  295.561118][   T30]  <TASK>
[  295.564077][   T30]  dump_stack_lvl+0x241/0x360
[  295.568808][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  295.574050][   T30]  ? __pfx__printk+0x10/0x10
[  295.578677][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  295.584706][   T30]  ? vscnprintf+0x5d/0x90
[  295.589158][   T30]  panic+0x349/0x870
[  295.593121][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  295.599311][   T30]  ? __pfx_panic+0x10/0x10
[  295.603765][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[  295.609186][   T30]  ? __irq_work_queue_local+0x137/0x410
[  295.614782][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  295.620197][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  295.626385][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[  295.632584][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[  295.638777][   T30]  watchdog+0x1033/0x1040
[  295.643160][   T30]  ? watchdog+0x1ea/0x1040
[  295.647703][   T30]  ? __pfx_watchdog+0x10/0x10
[  295.652411][   T30]  kthread+0x2f0/0x390
[  295.656517][   T30]  ? __pfx_watchdog+0x10/0x10
[  295.661313][   T30]  ? __pfx_kthread+0x10/0x10
[  295.665938][   T30]  ret_from_fork+0x4b/0x80
[  295.670395][   T30]  ? __pfx_kthread+0x10/0x10
[  295.675015][   T30]  ret_from_fork_asm+0x1a/0x30
[  295.679858][   T30]  </TASK>
[  295.683150][   T30] Kernel Offset: disabled
[  295.687483][   T30] Rebooting in 86400 seconds..