last executing test programs:

11m38.447306827s ago: executing program 4 (id=314):
openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x40100, 0x0)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, 0x0)
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0xa80, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x4d, 0x5, 0x1000004a, 0x2, 0x80, 0x4000000003, 0x5, 0x100000008, 0x0, 0xdf37}, 0x0)
io_setup(0x8, &(0x7f0000000040)=<r4=>0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000300)={<r5=>0x0, @multicast2, @empty}, &(0x7f0000000400)=0xc)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000500)={'gre0\x00', &(0x7f0000000440)={'erspan0\x00', r5, 0x10, 0x80, 0x5, 0x7, {{0x1f, 0x4, 0x0, 0x0, 0x7c, 0x65, 0x0, 0x7f, 0x29, 0x0, @multicast1, @broadcast, {[@timestamp_addr={0x44, 0x14, 0xdd, 0x1, 0x5, [{@rand_addr=0x64010102, 0x9}, {@local, 0xffff}]}, @ssrr={0x89, 0xb, 0xbc, [@empty, @rand_addr=0x64010101]}, @lsrr={0x83, 0xb, 0xc0, [@loopback, @dev={0xac, 0x14, 0x14, 0x17}]}, @rr={0x7, 0x2b, 0xe2, [@remote, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, @broadcast, @broadcast, @multicast2, @remote, @private=0xa010102]}, @noop, @timestamp={0x44, 0x10, 0xf6, 0x0, 0x6, [0x6, 0x4, 0x3]}]}}}}})
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r1, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r6, 0x8, 0x70bd27, 0x25dfdbff, {{}, {@void, @void, @void}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x14}}, 0x800)
r7 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r7, 0xc0285700, &(0x7f0000000100)={0x3, "421ae3753785259249154c944c28ad063ff47d3bd7a8a45d6bb4c78a3ab4c981"})
io_submit(r4, 0x1, &(0x7f00000003c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0, 0x0, 0xfffffffffffffff8}])
ioctl$SW_SYNC_IOC_INC(r7, 0x40045701, &(0x7f0000000080)=0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r8 = socket$can_j1939(0x1d, 0x2, 0x7)
r9 = syz_open_dev$usbfs(&(0x7f0000000140), 0xee6, 0x101301)
ioctl$USBDEVFS_CLAIMINTERFACE(r9, 0x8004550f, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
bind$can_j1939(r8, 0x0, 0x0)
r10 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r10, 0x0, 0xca, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x0, @vifc_lcl_addr=@remote, @private}, 0x10)
symlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000380)='./file0\x00')
unshare(0x60040400)

11m32.330901685s ago: executing program 4 (id=333):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_emit_vhci(0x0, 0x7)
openat$ptp0(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
sendmsg$NFNL_MSG_ACCT_NEW(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="20000000000701030000000000000000000000000900010073797a300000000016dd219122e21b5d67cfa5122c9b83e46378c204ca56b26a094bcf8b718fc8e317bc79cce5352f0778"], 0x20}}, 0x0)
sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000002040), &(0x7f00000020c0)='./file0\x00', 0x8402, &(0x7f00000021c0)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x9)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f0000002080)={0x30, 0x5, 0x0, {0x0, 0x1, 0x0, 0x10001}}, 0x30)

11m29.814430485s ago: executing program 4 (id=342):
unshare(0x28000600)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
unshare(0x20000400)
getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x4, 0x0, &(0x7f00000005c0))

11m29.657441347s ago: executing program 4 (id=345):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x22180, 0x0)
pread64(r0, &(0x7f0000000240)=""/92, 0x5c, 0x4)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$fuseblk(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24000, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000140))
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000380)={{0x12, 0x1, 0x250, 0x48, 0x3d, 0x2c, 0x20, 0x403, 0xf850, 0x22cd, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0xe, 0x1, 0x20, 0x5, [{{0x9, 0x4, 0x78, 0x2, 0x0, 0x55, 0x31, 0x29, 0x8}}]}}]}}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_PIT(r4, 0x8048ae66, &(0x7f00000001c0)={[{0xb, 0x7, 0x0, 0x1c, 0x5, 0x3, 0x4b, 0x0, 0xf9, 0x4, 0x80, 0x9, 0x8000000000000000}, {0x6, 0x80, 0x4, 0xc4, 0x4, 0x1, 0x6, 0x3, 0x7, 0xf9, 0x0, 0x7d}, {0xe2a5, 0xd, 0x1, 0x9, 0x2, 0x10, 0xd, 0x6, 0xff, 0x6, 0x56, 0x7}]})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x7ffffffffffffffe, 0x1, 0x0, 0x100000000004, 0x0, 0x0, 0x0, 0x7fffffff], 0x80a0000})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xa4c81, 0x0)
r8 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$UI_DEV_SETUP(r8, 0x405c5503, &(0x7f0000000080)={{0x0, 0x4}, 'syz1\x00', 0x4b})
writev(r7, &(0x7f0000000400)=[{&(0x7f0000001580)="03", 0x1}], 0x1)
getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r7, 0x84, 0x8, &(0x7f0000000040), &(0x7f0000000140)=0x4)
sendmsg$nl_xfrm(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=@delsa={0x34, 0x12, 0x1, 0x0, 0x0, {@in=@multicast2, 0x4d5}, [@mark={0xc}]}, 0x34}}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
mbind(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x6002, &(0x7f0000000000)=0x3, 0xf, 0x0)
set_mempolicy_home_node(&(0x7f0000ffc000/0x4000)=nil, 0x403f, 0x0, 0x0)

11m26.211713319s ago: executing program 4 (id=357):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="180000000003000000"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='io_uring_complete\x00', r2}, 0x18)
r3 = io_uring_setup(0x3c46, 0x0)
ioctl$LOOP_SET_CAPACITY(0xffffffffffffffff, 0x4c07)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x6, 0x3, &(0x7f0000000540)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8a8e}}, &(0x7f0000000580)='syzkaller\x00', 0x7, 0x1000, &(0x7f0000001740)=""/4096, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x0, 0x3}, 0x8, 0x10, &(0x7f0000000700)={0x2, 0x7, 0xb3d4, 0x81}, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000740), 0x10, 0x7}, 0x94)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r3, 0xd, &(0x7f0000000140)={0x7, 0x0, 0x0, 0x0}, 0x20)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r3, 0xe, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000100)=[{0x0}], &(0x7f0000000080)=[0x3fffffffffff], 0x1}, 0x20)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r3, 0xe, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x0, 0x1}, 0x20)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0x7, 0x2, 0x2, 0x0, 0xc6})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24000000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="d40000001200010700000000000000000a0000000c0002006e6c383032313100474d7bb9ff65fef95644f113aa62c8cd9baed9402e18da0f463e4fa0db551742a00deed2f5f764ec01c458481238a73e4f7d3b0cca50f398a1cf0f9f44756b3e71a2c522c5106f72f096444fc13b88eb47805f3d77142b71461b2626a21b95c01652e76c38db428eb1ebc3cb86aef2a60ad5416aefb3eaad7a88c207ad0e978198231db3a67c54ec2a2036988a25e203e521bc5e9d7422279d7d3f0e2c4116567664c2ffe8836cf9fc3a0d52b6d83ab447ea5600d69f07977d263b50241d3cce0acbf34b650eb3af888fed702ed847994be7b3bf1c1f3fc7b1ecda444b95468f8c6bf5f4b06afc6fc879185c51228590742abf94fbc2e7594b"], 0xd4}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=ANY=[@ANYBLOB="380000001800010000000000fedbdf2502bfecb398cf9b7326b9f2eee0370000000001c809002e000006002c000200000014001680100008800c0003800800020000000040"], 0x38}}, 0x0)
r7 = accept4(r5, 0x0, 0x0, 0x800)
socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r8, 0x0, 0x2a, &(0x7f0000000000)={0x3, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_JOIN_GROUP(r8, 0x0, 0x2a, &(0x7f0000001040)={0x3, {{0x2, 0x0, @multicast1}}}, 0x88)
sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed88", 0x3a}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)

11m25.781931501s ago: executing program 4 (id=360):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
syz_pidfd_open(r1, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0)
poll(0x0, 0x0, 0xffffffffffbffff8)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0xa002, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
process_mrelease(0xffffffffffffffff, 0x0)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
pselect6(0x40, &(0x7f0000000600)={0x11, 0xff7ffffffffffffd, 0x2, 0xffffffffffffffff, 0xfffffffffffffffe, 0x9, 0x2, 0x8}, 0x0, &(0x7f0000000400)={0x7fc, 0x2, 0x800000, 0x0, 0x0, 0xc3ad, 0x0, 0xc2c5}, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000600)={0x6, 0x0, 0x0, 0x40, 0x2, 0x5e51, 0x0, 0x7}, 0x0, &(0x7f0000000680)={0x7ff, 0x4000007, 0x9, 0x7, 0x4, 0x0, 0x5, 0x5}, 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000052e8e510b1134200c4dc010203010902"], 0x0)
read$FUSE(r4, &(0x7f0000001d40)={0x2020}, 0x2020)
mount$fuse(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[])
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
geteuid()
ioctl$FBIOGETCMAP(r2, 0x4604, &(0x7f00000001c0)={0x6, 0xa, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0]})
stat(0x0, 0x0)
lstat(&(0x7f0000003f80)='./file0\x00', &(0x7f0000003fc0))
close_range(r0, 0xffffffffffffffff, 0x0)

11m24.921831111s ago: executing program 32 (id=360):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
syz_pidfd_open(r1, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0)
poll(0x0, 0x0, 0xffffffffffbffff8)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0xa002, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
process_mrelease(0xffffffffffffffff, 0x0)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
pselect6(0x40, &(0x7f0000000600)={0x11, 0xff7ffffffffffffd, 0x2, 0xffffffffffffffff, 0xfffffffffffffffe, 0x9, 0x2, 0x8}, 0x0, &(0x7f0000000400)={0x7fc, 0x2, 0x800000, 0x0, 0x0, 0xc3ad, 0x0, 0xc2c5}, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000600)={0x6, 0x0, 0x0, 0x40, 0x2, 0x5e51, 0x0, 0x7}, 0x0, &(0x7f0000000680)={0x7ff, 0x4000007, 0x9, 0x7, 0x4, 0x0, 0x5, 0x5}, 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000052e8e510b1134200c4dc010203010902"], 0x0)
read$FUSE(r4, &(0x7f0000001d40)={0x2020}, 0x2020)
mount$fuse(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[])
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
geteuid()
ioctl$FBIOGETCMAP(r2, 0x4604, &(0x7f00000001c0)={0x6, 0xa, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0]})
stat(0x0, 0x0)
lstat(&(0x7f0000003f80)='./file0\x00', &(0x7f0000003fc0))
close_range(r0, 0xffffffffffffffff, 0x0)

11m21.798151105s ago: executing program 2 (id=375):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000020b11837000000000000010902240001000000000904004a0103000200092100000d0122030009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000)
mbind(&(0x7f00001d8000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x7, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1a1000, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xed)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, 0x0, &(0x7f0000002100))
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x85, 0x0, &(0x7f0000000140))
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$unix(0x1, 0x2, 0x0)
r7 = syz_io_uring_setup(0x837, &(0x7f0000000180)={0x0, 0x679a, 0x80, 0x4, 0x3cc}, &(0x7f0000000040)=<r8=>0x0, &(0x7f0000000140)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r10 = socket$inet_sctp(0x2, 0x5, 0x84)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, r10, 0x0, 0x0})
io_uring_enter(r7, 0x3516, 0x0, 0x0, 0x0, 0x0)
r11 = openat$adsp1(0xffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$SNDCTL_DSP_GETOSPACE(r11, 0x8010500c, &(0x7f0000000200))
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
r13 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r13, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x94, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r12, {0xb, 0xfff2}, {}, {0x7}}, [@filter_kind_options=@f_basic={{0xa}, {0x64, 0x2, [@TCA_BASIC_ACT={0x60, 0x3, [@m_mpls={0x5c, 0x1, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_MPLS_LABEL={0x8, 0x5, 0xe42ef}, @TCA_MPLS_TC={0x5, 0x6, 0x6}, @TCA_MPLS_PARMS={0x1c, 0x2, {{0x204, 0xffff, 0x6, 0x2, 0x6}, 0x3}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0x10}, 0x4)
r14 = openat$sequencer2(0xffffff9c, &(0x7f00000000c0), 0x42000, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r14, 0x40085112, &(0x7f0000000180)=@s={0x5, @generic=0x4, 0x7, 0x60})
syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="003905"], 0x0, 0x0, 0x0}, 0x0)

11m16.682037674s ago: executing program 2 (id=383):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0xd2, 0xe4, 0x2d, 0x20, 0x5fc9, 0x63, 0x3048, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xd5, 0xaf, 0x53, 0x0, [], [{{0x9, 0x5, 0x9}}]}}]}}]}}, 0x0) (async)
timer_create(0x0, 0x0, &(0x7f0000000180)=<r0=>0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) (async)
syz_usbip_server_init(0x6ad5158a42b9cee1)

11m16.214308487s ago: executing program 2 (id=384):
syz_open_dev$vim2m(0x0, 0x1, 0x2)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes-generic)\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000002c0)="ad56b6c5820fae9d6dcdb292ea54c7be", 0x10)
sendto$inet6(r1, &(0x7f0000000080)="255b2a20f709b4a43a1307c620044218fe1f90c892edda55948fc95472faf24df297a8e4228b32dcc11a0a004c287b035078ff", 0x33, 0x800, 0x0, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r2, 0xc0481273, 0x0)
ioctl$BLKTRACESTART(r2, 0x1274, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="24000000210001000095860000000000000002000000000000010000000008000b00e20b00005a2ec11f6b2aec5ac3f1bf02dbc9280934db24e4dcc0a8ea0e00ebe4432237434e0f019306756edab982647eaaaebbee175e456afdd6087a04c3c97e44c292f6d097512b298532e707747cea46ee554ce10f51292da190db40fbf65d90eecccfc8207aa2bcd1d47866e6dda049c421f9251804563aed255ac48b6149b94d080bcdab0cef86cab67ce048826f571f328a673a8b5f08494f2ba93e75c82ab72f18f5e27c840a5470f041da545d01eafb7d34fd679079eb35fc2fffc7439b53da294e9de1b4ef"], 0x24}, 0x1, 0x0, 0x0, 0x240080c5}, 0x800)
sigaltstack(&(0x7f0000000000)={0xffffffffffffffff}, &(0x7f0000000080)={&(0x7f0000000040)=""/2, 0x0, 0x2})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000fc0)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="50000000480011012abd7000fedbdf250a006000", @ANYRES32=0x0, @ANYBLOB="02000000080002000700000008000200070000000800020003000100080002000000000014000100ff"], 0x50}, 0x1, 0x0, 0x0, 0x20000040}, 0x10)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r3, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be53", 0x9f, 0x840, 0x0, 0x0)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000100)=0x40)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, 0x0, &(0x7f0000000540))
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
r5 = syz_usb_connect$hid(0x2, 0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000400b060a70000002000001090224000100000000090400000103000000092100000001220500090581030000"], 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io(r5, &(0x7f00000003c0)={0x2c, &(0x7f0000000680)=ANY=[@ANYBLOB="0000570000005700a7ea3163fd3bc518194b120c1e73d54cfc4ad2841ef4f6a3fd7c59ccb785025f2e7b"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82)
syz_open_dev$sg(&(0x7f0000000280), 0x5, 0x840)
syz_open_dev$hidraw(&(0x7f0000000100), 0x0, 0x200)
syz_open_dev$hidraw(&(0x7f0000001580), 0xffffff77, 0x1df603)
socket$nl_netfilter(0x10, 0x3, 0xc)

11m13.882360702s ago: executing program 2 (id=389):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x3)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000180)={{0x1, 0x1, 0x18, <r1=>0xffffffffffffffff}, '\x00'})
ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', r2, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000080)='./file0/../file0/../file0/../file0/file0\x00')
ioctl$PPPIOCGFLAGS1(0xffffffffffffffff, 0x4020744f, &(0x7f00000019c0))
r4 = openat$incfs(r1, &(0x7f0000000040)='.pending_reads\x00', 0x42000, 0x2e)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$LOOP_SET_FD(r4, 0x4c00, r5)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r6 = io_uring_setup(0x1694, &(0x7f0000000080))
io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r6, 0x10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000002700)=""/4096, 0x1a00}], 0x0, 0x11a}, 0x20)
mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0xc012, r1, 0x80000000)

11m13.124950831s ago: executing program 2 (id=390):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x8800)
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, &(0x7f0000000200)=@name={0x1e, 0x2, 0x0, {{0x2, 0x1}, 0x200000}}, 0x10)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000001000000fe8000000000000000000000000000bbac1414bb00000000000000000000000000000400100000000200002000000000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100020000000000000000000000004000"], 0xb8}}, 0x0)
ioctl$VIDIOC_DBG_G_CHIP_INFO(0xffffffffffffffff, 0xc0c85666, &(0x7f00000005c0)={{0x1, @addr=0x1}, "522ec2c4dfdea0e049be106158e4f5aa2e9a2a24b978bb029b829364f1d8fecd", 0x1})
sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)=ANY=[], 0x188}}, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
symlink(&(0x7f0000002040)='./file0\x00', &(0x7f0000000080)='./file0\x00')
r4 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000180)={0x2d6}, 0x10)
write(r4, &(0x7f00000001c0)="240000001a005f0400f9f407000904018000200000000010000000000800010000000000", 0x24)
rename(&(0x7f0000000580)='./file0\x00', &(0x7f0000000780)='./file2\x00')
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00')
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r5, 0xc004743e, 0x110e22fff6)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1980, 0x0)
close(r6)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x2060c0, 0x0)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
syz_open_dev$vim2m(&(0x7f00000000c0), 0x6, 0x2)

11m12.612122079s ago: executing program 2 (id=391):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)

11m12.256933018s ago: executing program 33 (id=391):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)

3.560106352s ago: executing program 0 (id=3469):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f0000002980)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000880)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c42200fd9232f5aa6a361816bf21af", 0x80}], 0x1}}, {{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001040)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f0f1b6fc9adf8", 0x6e}], 0x1}}], 0x2, 0x480e0)

3.354402982s ago: executing program 0 (id=3472):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='highspeed', 0x9)
write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d)

3.230648426s ago: executing program 6 (id=3474):
r0 = socket$rxrpc(0x21, 0x2, 0xa)
accept4(r0, 0x0, 0x0, 0x800)

2.942549548s ago: executing program 6 (id=3476):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
r0 = creat(&(0x7f0000000080)='./file0/file1\x00', 0xb)
write$cgroup_type(r0, &(0x7f00000009c0), 0xd4ba0ff)
unlink(&(0x7f0000000100)='./file0/file1\x00')
rmdir(&(0x7f0000000000)='./file0\x00')

1.727914939s ago: executing program 0 (id=3480):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r1=>0x0})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x88, r0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x4c, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x2d, 0x1a, {0x300, 0x1, 0x4, 0x0, {0x5, 0x0, 0x0, 0x8, 0x0, 0x1}, 0x300, 0x3, 0x1}}, @void, @void, @val={0x76, 0x6, {0x4, 0x80, 0x7, 0x6}}}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x88}, 0x1, 0x0, 0x0, 0x40005}, 0x0)

1.692941271s ago: executing program 1 (id=3481):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000100)=0x1b11, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000280)="a6f7687d648a4cc7b58414ff8c916fc436cdbe2d", 0x14, 0x24000041, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4)
ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0))

1.578677957s ago: executing program 0 (id=3482):
openat$rfkill(0xffffffffffffff9c, 0x0, 0x101800, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0))
sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0x1, 0x200000000002, 0x7, 0x8, 0x5}, 0x0)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, 0x0, 0x0}, 0x94)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
ptrace(0x10, r0)
ptrace$peeksig(0x4209, r0, &(0x7f0000000140)={0x0, 0x0, 0x4e}, &(0x7f0000000fc0))

1.491002525s ago: executing program 1 (id=3483):
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x4, 0x874fd42a7836ef68, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

1.486130569s ago: executing program 3 (id=3484):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x48e02, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'pimreg0\x00', 0x1})
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000300)={0x0, 0x1, 0x0, &(0x7f0000000000)=""/24, 0x0, 0x8000000})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680))
r2 = syz_open_procfs(0x0, &(0x7f0000000080)='oom_score\x00')
dup3(r0, r2, 0x80000)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f00000000c0)={0x0, r2})
close(0x4)

1.426482247s ago: executing program 6 (id=3485):
creat(&(0x7f00000003c0)='./file1\x00', 0x192)
r0 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00')
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f00000000c0))
splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x402000784853bb, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000040)='d', 0x1}], 0x1, 0xa)

1.286199551s ago: executing program 1 (id=3486):
r0 = syz_open_dev$dri(&(0x7f0000000440), 0x6, 0x3e6d01)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.idle_time\x00', 0x26e1, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc})
sendmmsg$inet6(r1, &(0x7f0000002ec0)=[{{&(0x7f0000000240)={0xa, 0x4e24, 0x1, @local, 0x5}, 0x1c, &(0x7f0000000480)=[{&(0x7f0000000280)="2412ad2f2267a3f1c94c67e548781db7dc33659abb958fc7eb5409e320d42509b9ad47a3a92c4a4228e14fa18a49f633900f8e30fc1736", 0x37}, {&(0x7f0000000500)="fd773f1ab12fb54cf321448f678f1ac9be5ebf864eeca1481c08a37aaed83d73ec3401682fe0536c78023d4e79b45848538f8450cdbc3b129917410d0793a8abd15d8819c0fbd86612a0d70773047a65b11014df76c3847a98b064ce99da79c2f00356133b5a4be027440ef256392cd5bbfd4deb22d145e62240ef339b27118329b3e0597601b43573605ce66dc54ac36b377d7a68684015334608c2ebbee00c78f3634999681788e658236cdef6aff32333c7fce44c2847236c9e6ab4e89b0ae9c7ee82fa3d84788c681281b275311297e3bee4b0b4ef386d1ff939385f3f6274d73f2a2c0de7d261f5396771635e3f5ab72343d21380709cf136e62d0b87384a1566326d6e17fe3aa98f55fba5fd02a4b8feb2a36a22af4f7770c40c4147da80d2578d57851e293b5446ad79c87204cb039b1b09ab7ae54239b7bbda0a458d0f96faca85e1136dcd8ca10656233d484abd539bd683c9d23a2c98c14e6d60a14d44586f86583e368f058c3b5ac399d6cec60c8d26099e7c1843a31242c0e8035b98b3f28ad5f8199dbf94a92ef00396e61dc3b1aae404765a532a559b8fb7f0de32e6376eae5a22005343e4695242a3f6ef8dd09568bfc5839551afc28c309807b74f082b654158c8ee915162a3c32234b918c32abaef0331ed6a9e260ab92dda29c5ad05a42d48a5573ddf4a3afee83bf86340bbe517900b92dc344f4b6285ecea34993e54899af8917c3e632a5d755d95d065bef60421d513e90c16277fdf8651c48ce9c77dcfdf72de14b5d68daebfc84a744434b884c4f7e9d574641d7be7ecd8c024c359c288ec6502fd03ec942f99dff0fe16f0a29dc9a3d83526543bc089d705ca8bcfbdf37fbbff5168361fff0ccba65c27a15b3e327f3b149737850bcf2e3b6d7a75167e55911dc79b093b92dfe880aec6e79131decc9b3dd69bd5f36f3684ad824a1716315a9e5916f46900f2115dfaf329f3d26522ddbfe31532a64d02c82ae149e60a9187a7e8ee61ec9555a372da704c6498b8212c787326edd615128ec4dff062638dd3d86370cd246458a42e1545ba618ead1a289d2b4777dc9f41fda9d26dfee82efeba2bfe3e86b9b4e619e5669cad0797fc3126fe34473c4c17cba2436f9189e8949c82483a17c344367440d900eaefd8ab1774f4380286fff377822b071a7afd5f5b39d3a478330b2faad4a533f5b3bed2930d843b36aa95cc4d5f15152b4b2c1f9f7e3328f9f4bf3b7a70ed3b1f346443c8409842b7f15799222b7b51ddaf85dff904869c0289a7eb38e6e85fb84f36106c270c2918d28caa6e62c233b41ed3e523be7a1fe592470a0c0776558543aef3a90bb9b842ae596297b53929b8f85fa17ca158bae3f9b2da29d2c85d6229ada3ca68d1f1bd8449472d47d28ae9232c614f1c7c0a0d0a9ac6bd73c9554ab68ee26f671b61ac564a8f13dc7068bbb4d291847bdfce3e66696fd7666897f0933adec0475c96463e08bd117e26bf649c98e95fd5ea216901551041859247a17ef486bba63c75144188f13b196d21a5422cb8f55273dd74faea40ae5c9abb12ac5632afa69c58906267a46eff5e402c8730fc35be6bfa98cb7bfa8b446436ea3e353936c6fe12ae4bb84b2542edbc1a911379f89ece4702803cccde56e4ff15d4985b545d210283ef61670ffb40aae8a5b5380d6f13a158b2b27ca8845264d07ec1ab1b4913b6e06f6a4dd598d7344804ffae441242d8b84e79ffbfbf569468eb789bb614d8dec5b328ee48a348dfdbb7bbca6b66710d849d6dcaf6f42f64bbc8efc89e26b852fe7c401e743fbee16b7c112c3c865c84619e67a78a0605633b21d6af51679112748b69319ab8b04ea2821be1c7afa9482c9be17a9782ca8b571cbdc462d3fbd7f77e13e3d52076f5ab2e51cce92b7460da6ce5b60780d4ceb0525c55552099eab9133ce7e981ca98a440ab115dade5221145498089d49b0c47c383622334f3b336e5e3469dceb3f5bfd2d3d1bb7e0115d5f3812d8bfe42d8abf33d2aededd7d1ce0274b44f095dfe7a1334f49428029a358e1f0c3cb52f355ea778494692aa4a4ced7fffdbbd9a7eb0fc9e612a4e720caa9faae4bec2d3f668ad48c8efdc55faca10e89c2b3a113343edcb719f3cb0db676c9e60d53003002e11c827f2778f8adf1147db2cb927e4828fae128719469ee545874d25ea9444241a6fbb38f53e9e32ba01ff5dc430be5b9bc25350a921750b27659304621512784f26e54a98a166cd75e30fc2690db4ae847e0de1dedd09e19145d0579f76c0ab3911c134058c21b724fcf89377e98f8382e4e0d135efd7512383134e5119ba2cde1f6c59ba442b601a025bfeb09300a8dface2370e555cb48bf625cc2f155473b3588e78f7f415575ee4bc46f820e81bd8ab327c60ca4bccb8422310e9c56fabd046e39a308093fd9c338d0b9bf55bbc8fa3ae07b28c4316c7e80a4340f384bce536d4272860205762ead027ab7eed887c264066be24587b07dcc6f3103a2708dc4820cfc13e34cac8d4ae5c15dbeba6e44ad6960519e83c918eef607f1ef762433ac95c9ad0260d4f935ce5fc1fdd4924c9b3cd7bcef7edacbac0beb35898a9d43678682987e7283315ad364c41f1ca3319914bbca625033b3fda03f1cdc97d9e4c1d349931db8622afb9101580e13dbd664d47908aeec01ecc87ff99da24b05a32354762476362bb551dccfea0bb3d47c0e61b020271c6429599ddc93beb1c65a40eb533e64cdac86fcb464324c183c58042baed58ce823c14ec3d1bc7d03b772d0153164b845f08a02ba4da8169b056e2a4917f5392d8461cbd62a7a73c1e40f1c7e2fb65c328f90e85d9f735b35690b7f253293e3614d89075ce6a842ae1c5a6132d3e8ff25aefbb2bd0510fb43a3dd0dd48d25b74c3e9d410638b4a39921e2d9069405065d5bc906aadfafdcef401a46518cea67ac6b834511eb8f3878a91ecb89022759807d548e6fbcfe79b857545d5b51804ef53c794eade3a4d7003925a0b09db4685374b166c932ad550582bb0d3377a3816210e6fd5a4a55aa5fcac789f43862ebda9c11e294b2f5736bf73ae82df69d7528bc84e597fe210180a632c0a7fbc69d0e7aa515703eb7dea6f9b7385ed933dc8de2099c76abc04d0fa9586b447460e0ff37e35a76326aa4b521f57fe3643ed9ca7e21cee7dbd95ad48d0c23b5ed6abb4acdaa11b6df5a74f1cca2329d637571a4f1f1edbb5ef4ca867af1e2fea473e9594f995d76eef529f028df82374f7895bab9c12cb1596c1bb8581216a0ec9655810f677e0ac59e707c836cc3542f584662cbec6d4aaa17fbab32ad6cc8d79eefeddb0885cfd9da67b03b0d15376b57af09fe49c3bf736f6ef77ce951596f44ccfb82876f000b925f3554d69f11122c38316c53b77ebb122389393f50c6e07a14566b46a55d1c382a3c9c560451a117e1c696382dddda3c7010af5ec16ac67500086a17585a5c1d3da4b24f578c625e26d0b27845448d1b4fa88bcb8a71f1e6ec3ea8ed9aadceb9e418d61e3ce44d235ce2ec00535413e4a5ba684559f617ea65058fcffe9ec1d78d3f508b6de3e614871f641737fe4a9e1c4b5c0d9d85cbc8432e3bfea651ed9b0d06ee7f2d81d4216c1d2a9e5d2f236bf8d17308e4c39bf7ce9634bc8b7a6970071116825b3ea615b3d9e2db3d98753950647bafeae30a8b9ac5f3b449fccdf54d64a6a1c29f5cbaf03d76d2657c681c88841aac4fe9105a8d5e05a106d8c06eb312d47abdde7f1680fb98d38da7c4af2b81182ded2326187993fa72fe872e97f173938f80dda148267fe9b05890ec54b0d34b67ef1688faa85f2b24a7dadc43f4d7650cba22eb156a4c81a8c54bff232d76da630fe530daa19b82293177f1e210c263990ef2257348fd25a637e4f37909bee05002655738fde8f4ce9516498750acf5407340839d13219a6557fcbfc3583362113369aa8322f1c4899776b6193515f2946c66c9a8463537d86552123a9aa65f59b3a1f2b520a3f075049f99d8212ad6f2fc48f275c23cb803945753c454842d4a4838995160818404821cf2fa3b2d06ae3d4e688c309cb7e16f98f1888bc85689a0671346144fc6c4595461921ca1539ce38f61b605371f22625034dc171b24eb2b9a64c4a7906316de5336452bbefdeb720c8b6c8b357067cda89f1a3334210048586c913601887f70227b5404fbd0609f5a6e2804a698eee41b3a4b4b71c0b6661977b810ecc3e0b8c0de5e58724d69841201691c1dff39a7fc9a256b4a01b46fef7c39d9b443caf3541d2da59614f4b1a38d38ff9421229c6f52c998000bc6ab49c593a57d38e2cfa419fd781a72c9ada5b7d153e56a09ce2481f5c1c0d17d065e4da5d6ef12c276340c064370c49c4e00c55f980ca453d918744f92897020e90433677b41fcb692563ee0f3a51f9b2e3e4d1070c498cc02ccab0f35873aa4340916bbba6c9b6e435d33fe8f6a37841b74988f533ede13f37cc05a739fba38507f77304c49e3aaacdbc04bfd3d9d8019c1b028ae9a6b90af538c96a9975ee8de7c9816327ee9ba648b9dec7ed9e5f39fa5136cdeace3edebd84ef3d82f981059bfb4eb760a579fc7b489fd5e1ffc7e94d53ff8b3a9b051888d7ff9ef70a02a8caa3a7afd1690edb0d6849b990ed98292112792a9b3649c6befb8cdf0f0fdf40b3aae35981ac8c8fd68b347910d1cb5e9965f2fd02715fe3ebec74764528d72aede80696cd60eab81c00692c82559d07f2bc196a2fc955aa779ad05b533c0c7019549c3389cdb496a12afd4ec87c9f3717ca1468915b754a34229971465b642f4d8b16012354e3032b8e5e015281b970afda15ce0e244f0c05587dea4eec3fb261e39b92353b3e2a38d44e1754a82a68152f5496d044d7801f09014c02a87d5b8b32310aa229eedada24db7b3b0458c273708c8b2fa605953560419a4d563866ab2fb27ac95613d424d7a6ba52bbc8bafbb65ba22952cc9fffc80910882fb281909a9d78916b09ea4cec29ba8ed5c12370806c5b07d7e6e965fe0c7dfba0f21eafeb26d942222d4ced733cdb9d1519d4e7962a2ec3109acd437a3fec951c372cf514e601c9417debf0d1d2fc9b1bc0194b0379c876c0fb6a82be571dcc9e9b9bffb65ab5ae6c798bec4a752abca28827a8ede495759cf77a8ccdc47e4e85e653d371046b3b20876f8cd4fa1a1972f53e8bcba05458c3f1c54b4beb7b0f6a521f558a3884c03a4bb34dc5bcb4f697b01fbeb6dc1c5c7b78d0b27dcd76af57b6bbab4ba708b69baefde30e183c9efb5b61405c393e542fea1ba58a1734eee5489953de2b3354e58a3a697549383ec598efaf3325e567aa964aa02a7edfb5f641d0b16fbb204063fd995c0388dde960314e9d9325871f4a76fe221557c3307c62a9ecf2e4944aa37e2ea244c6f91b5adaec6fe6b810a88101ebd0ddb0bed51f1ab4cf364e8ad33c0c1515e25020eb5d068580f59f219dcf5a06c2ef70c9069ec48abdf3b34b32859c08d2cb77e80b65c7bdae78e0f6ebf8333786792a843a9ce33bd18c466641022bce06c047d54f1ae37fb8c66e06dd9b03735c004a3f42f19de32792616eb5427c0ec6b4786dd0ac7245dc6ff4684d15e5c34e1d2110f10307c9745be966e9101119fab0cc96f34e8ece85bfb338632be6e21f7c7f5f98022ba8ec575e5c92373216aa038c6ab5a856f77369ad3957a4f29092e75f97247d78f9d24bc65a21a5d5cf1fef42d287df5e56ff05058b6517e41da35d508a8567bcbc81ce9dc8b00e", 0x1000}, {&(0x7f00000002c0)="fe9092c7883fd619797d133a4f39b38fe4df145053c1851c22608167bb5626c2769703", 0x23}, {&(0x7f0000000300)="166a2bd878dda0dc0cde1ff2d9509ddf971f1e6e308da7b9a6f2ecaafe9fc7c1350b294eba23196e0207de487388fd8377a8d4522319194420aac254c7995370cbd2fbba0976dcd06f4945acddf18647d9949fc838485a86f3442efce65b020ae9e7a05bd82fb1acfecc1dd2440c6c4871fb3624a3d4c7a0d10dc348ddb2792ab0b658f05f02e18b9ee7bf2e1a1bd9a1623f892aef58ea9b72b6199799d18e41b6738cacb62084fd7d61957e9cd508c7ab81abee6d74a3573f564f9b562fd49d36afaf6723d69975884cec66f12a3e9a0aa2a60ebb261314c7", 0xd9}, {&(0x7f0000001500)="ee86e0c8fc19ba0cf1f79b29cadb3b327f78102293b544acd2f9c58aa228d91c1ddae84370b94108c82cfe05f65140564df9bb6e8b85254c19dcda39381067fddc3a81ec7c2a44a58d7a03a6dcbb4aafda7a0271ae28efbd995ea1471046ced863ce63eaf35d60e5faa41a0514fe5b802ae7b407400220858e4683f1e6529a66983bf70cc7cf33c06607a26049e2b4f80284208dc8dc9aeb8e5d", 0x9a}], 0x5, &(0x7f00000015c0)=[@rthdr_2292={{0x54, 0x29, 0x39, {0x16, 0x8, 0x2, 0x5, 0x0, [@empty, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @loopback, @mcast2]}}}, @hoplimit_2292={{0x10, 0x29, 0x8, 0x401}}], 0x64}}, {{&(0x7f0000001640)={0xa, 0x4e24, 0x922, @private0, 0x9}, 0x1c, &(0x7f0000001780)=[{&(0x7f0000001680)="d9034f49474da31b76133c825966a55d775f8d59369e119199165134e7b3703818835940b90c20c956df72e70df63444ab1b", 0x32}, {0x0}], 0x2, &(0x7f00000017c0)=[@hopopts_2292={{0x54, 0x29, 0x36, {0x3c, 0x8, '\x00', [@ra={0x5, 0x2, 0x3}, @pad1, @hao={0xc9, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @hao={0xc9, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @pad1, @hao={0xc9, 0x10, @mcast1}]}}}, @pktinfo={{0x20, 0x29, 0x32, {@mcast2}}}, @dstopts_2292={{0x1c, 0x29, 0x4, {0x6c, 0x0, '\x00', [@enc_lim={0x4, 0x1, 0x2}]}}}, @tclass={{0x10, 0x29, 0x43, 0x1}}], 0xa0}}, {{&(0x7f0000001880)={0xa, 0x4e20, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c, &(0x7f0000001a80)=[{&(0x7f00000018c0)="e11c4ca9f445375d827fad4edc44ecc03368fc41002d382427a613694c047af0f07a8941eacff2a7cd2aac6c25dea015398991", 0x33}, {&(0x7f0000001900)="72c3e38919114c853e1cc762b4149f46d8c546872399305078630cf3572857b903f1c5692f040ccc5487854c8ecfd578fcbd73397eb01143bd10fb00a2481d850d4bbbf19208e1e258b5374c4f98b9f4743d685aa1370221ae392297b9708acbdf51b39c049ee6672d9a3cf47e88b0c4b3b0efdc1490367686f1c520a732b137a3602ef4260569cae696dd2b64a87c864cb80017f0933ea4487d1043a822ba57ee7bc4", 0xa3}, {&(0x7f00000019c0)="1f726bd56a5e34f3f5330bf5cd2564a3e7e2c8e2e688a224074fb5f0024a76abb127cea8bd7f245227b55a48e352e4cac3e3689d8d3c45fa39fdd093bb7af3aea8b6ce5b319cb1d23c6227d5b6ebd8ed6d9c4dc23e9495", 0x57}, {&(0x7f0000001a40)}], 0x4}}, {{0x0, 0x0, &(0x7f0000001d00)=[{&(0x7f0000001ac0)="cf40f7e32da39a3797aaf5f4238f1a49f14ed9eee71390c3062152de0ff211bc22e547f30f18e0d7261cbf0fb0c8a5ddda496a25343545f002298565a47790e2817de1677ea67c", 0x47}, {&(0x7f0000001b40)="5dcae774c71c248ba8ad4b05c6d139725e2e15dacb366514feed9da1f67fbc646493a76050973f40dfb56f48d11d3607f6da620c3c29e6860865afc31892be0ab83db12a03505f4904dad6c38f83775b76bcf62db854df234c789519ac3416aa93fdb80b44761b595cc58ce6dc2af0d649e8e4777b3637e11260", 0x7a}, {&(0x7f0000001bc0)="a163965d9364b48aa556806675cc7015ccdd0b7c59df7a866ed51a3e2a767881dc2d78debabbbd09b59e23f6a897e0", 0x2f}, {&(0x7f0000001c40)="fce8e5c168179883d7e0c5580ad79832f224ac5bdcd7127cba7d2121306bbc58df2152a2e87298cfb9393a81d22de8d581841ccfe550330297f19c886620848377e27c306f29157c1453eb224aa98f33fe619fbc1acaf3b0e85034b51c1ecae9082058b52ffdf9c6adb3b2655a184cc8b67826375279a6a98c0024fdb4c9b2d71fb9eee2678217d5eb0617c6ada68940b29ee1902adbe46fedf2a2a615c6a4d77069941fc7f8271f9df08fcf8d243e13b5c0d50232fdc2e87d9a898b5b42f2", 0xbf}], 0x4}}, {{&(0x7f0000001d40)={0xa, 0x4e23, 0x7, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x1c, &(0x7f0000002040)=[{&(0x7f0000001d80)}, {&(0x7f0000001e80)="af2ed157155e97c20d785f6f82d335500624f9f47e513cd0d1bf7813b45d001348c69f64621fd1754c152a7ccb8cf8bdfccec29d6548d9f405d621520092bcb1feb539180b246813b5b291f4b148e11a9051dd7e03a087cabbadcef145b1deb79a3ca51ff1bfe7c28a", 0x69}, {&(0x7f0000001f00)="261851d1aafe339391af82c9baa31a667b5060d8dafdfe6c53af313834a60a5ebe36279d744c28822dcba509525ff6918ec6b1b5264b48823aad306f5a9d73d8e512b26352a5b7ca957d8b0576fd87805f", 0x51}, {&(0x7f0000001f80)="43dc3fd58e30f277481582ac6746cdd617473500bb4152c9d8b56a9f10f2cd3d08668ec288460ebe62a026214faef3819b6b9dd31c402b3b13cce4e3ed76df47a0e3662d8e6c7c9ae204b88a540cca19f348f8f7cb8d5a068d146dc3532e15f6f12f3bf792fee261e4c413956f43ef898b92e7674b2de402aaa3a05c4fdeb0fcd97c4ad158edd9677f0a1f206aa341b33c8b90af00ef07995b5224c80061e394a17649844cbb327f56", 0xa9}], 0x4, &(0x7f0000002080)=[@hoplimit_2292={{0x10, 0x29, 0x8, 0x4}}], 0x10}}, {{&(0x7f00000020c0)={0xa, 0x4e23, 0x92, @mcast2, 0x8}, 0x1c, &(0x7f0000002100)}}, {{&(0x7f0000002140)={0xa, 0x4e20, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}, 0x1c, &(0x7f0000002340)=[{&(0x7f0000002180)="a7770cc9b3d9771d1e75cd8df3bad68b93c607ff0525e225f9045678c90346bfe6d8ddfa5bd7ac2fcfd65fd4a16364d2164247a05ade0eee4343c047f331acd0bdbd80f50f8ba315c8a19be901ea80e05d5b3b0652b2395adbb78c4c40feb0fcc645883ece3fda9a34d289248836fb58e10d99d16e55a28d32241ee91592ce1dd3a5bd3f0c0dbf9908834858f0d34c2f9ce3c918f9bde0f986a1955c9ed65860b1d874f871ad76730a51dcb9532c222a6ea304139fbce01185fc04a4645ef01be222f188", 0xc4}, {&(0x7f0000002280)="59e1b7a1c64fd8b3f07b251eca6a668a3ffa12bc6fa3bf8bc536382fbe5c0df2300f1f888248d3ea18513df8fdfc39aff27f18", 0x33}, {&(0x7f00000022c0)="e2d8d23cb61aefb38106e0ba802a42be9b2d56cddc679153b9e884e57a1b24664ae0eedd6571053399b792a7c2bef992307f961fbeb2dbf9c72b5c60070a05de00219bf9b3b693c9dd0bda934d961f3e84bf738273e3cb3d92c5504638fc", 0x5e}], 0x3, &(0x7f0000002380)=[@dstopts_2292={{0x9c, 0x29, 0x4, {0x2e, 0x11, '\x00', [@calipso={0x7, 0x40, {0x0, 0xe, 0x4, 0x8, [0x7, 0x3, 0x8, 0xe, 0x6, 0x1, 0x9765]}}, @hao={0xc9, 0x10, @loopback}, @hao={0xc9, 0x10, @private1={0xfc, 0x1, '\x00', 0x1}}, @jumbo={0xc2, 0x4, 0xfffff8f8}, @padn={0x1, 0x2, [0x0, 0x0]}, @pad1, @calipso={0x7, 0x10, {0x3, 0x2, 0x8, 0x6, [0xba0a]}}, @pad1]}}}, @dontfrag={{0x10, 0x29, 0x3e, 0x1ff}}, @hoplimit={{0x10, 0x29, 0x34, 0x34f}}], 0xbc}}, {{&(0x7f0000002480)={0xa, 0x4e20, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x401}, 0x1c, &(0x7f0000002500)=[{&(0x7f00000024c0)="6a23715e63a03deceb7e10c8f070667c3424607e1b519616a857030576fdf11b84b3fae085439ead241e021d48f37a8263e383b65a8f4ff2248936", 0x3b}], 0x1, &(0x7f0000002540)=[@dontfrag={{0x10, 0x29, 0x3e, 0x8}}], 0x10}}, {{&(0x7f0000002580)={0xa, 0x4e21, 0x8000, @dev={0xfe, 0x80, '\x00', 0x3c}, 0xec27}, 0x1c, &(0x7f00000029c0)=[{&(0x7f00000025c0)="eff43365645a9ac0b206a04241ba3c58f78e197f44b3296ef44cb1a5b8f3d648497bba4dc486b50413e0272a6ffd96af180bd6391a6353335459d5ee13689b8047bb1edeef0a0cc957cc00481a34f170b5b04cc7d8b1b5d48aa148ec29e9df9507a12127a712c9f89caec2f708f778660862ffdc3822ec8ef25276d81fa8d0749f071161d67b7da8b44bef5475b7683e18def5e7730eddcf062b137f141c8914440c924ca90d2784fe1f804f72e782b42c4e60815e5615e9a93b85f0f75ff8ca544fb0e197", 0xc5}, {&(0x7f00000026c0)="4bebcedea836da71c0087e3fb99c134112688280014411b9a01deda842aaaa9bb485b1140baf6c71801dd8ccdf522bba28fbb8c8c75d419c006bd104174252208f508e3a955de1372c39d52142cacba0f34cbd32ea037936eb280eb09f03660467bb770d05c0fedc264a9c5546783d48cdf1eb02bebd93b6ee9dca49bb8d471e71e71f26344c64d5dd218bb270b0b8ec877514b72ffb627c43750f27124c4a2ad9ff8a66639d91f6ea824e64950bcbcb11d8da7ccc701c539071bfa5af7667bbc0cb9d3d", 0xc4}, {0x0}, {&(0x7f00000028c0)="72a5cf13eb4b0fdfab390349796320345e67aad90903a9bc1496b9b1a57336355c317b89c93d64d86371eaa5a0ab09e1cb28a9c912c9de54e287454a13b51aa3955c3c7ba944c8d72f685ffd4b2155e3b5e5c8ea009d3d2fac16c171534988ad32a0e760c313cf18acc1fa509c19cac7c1042f3ec2855f37bdf39f866ab67079febc0e0165f338072dbc41e48515d0a4ab4369f96306297a8391af08c01795b7074ad21efe89d66fc2330ca7e933093c33a9e675d41807938eb2c44026ccdafce026235b250cd97036b99c53bdf8676257b4eccb8a91cb16b2b47d", 0xdb}], 0x4, &(0x7f0000002a00)=[@rthdr={{0xa4, 0x29, 0x39, {0x6c, 0x12, 0x2, 0x3, 0x0, [@dev={0xfe, 0x80, '\x00', 0x43}, @loopback, @ipv4={'\x00', '\xff\xff', @empty}, @local, @local, @empty, @local, @rand_addr=' \x01\x00', @empty]}}}, @dstopts={{0x44, 0x29, 0x37, {0x89, 0x5, '\x00', [@ra={0x5, 0x2, 0x8}, @hao={0xc9, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @ra={0x5, 0x2, 0x8}, @hao={0xc9, 0x10, @private1={0xfc, 0x1, '\x00', 0x1}}]}}}, @rthdr={{0x14, 0x29, 0x39, {0x21, 0x0, 0x1, 0xfe}}}], 0xfc}}, {{0x0, 0x0, &(0x7f0000002d80), 0x0, &(0x7f0000002dc0)=[@flowinfo={{0x10, 0x29, 0xb, 0x11}}, @rthdr_2292={{0x34, 0x29, 0x39, {0x4, 0x4, 0x0, 0x9, 0x0, [@dev={0xfe, 0x80, '\x00', 0x34}, @private2={0xfc, 0x2, '\x00', 0x1}]}}}, @hopopts={{0x2c, 0x29, 0x36, {0x88, 0x2, '\x00', [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}}}, @hopopts={{0x24, 0x29, 0x36, {0x32, 0x1, '\x00', [@pad1, @jumbo]}}}], 0x94}}], 0xa, 0x0)
ioctl$VIDIOC_STREAMON(r1, 0x40045612, &(0x7f0000000080)=0x8)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x2404c050, &(0x7f00000000c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x2e}}, 0x10)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x38, 0x0, 0x200, 0x70bd28, 0x25dfdbfd, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x40}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x5}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x81}, @SEG6_ATTR_SECRET={0xc, 0x4, [0x1ff, 0x9c]}]}, 0x38}}, 0x41)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r5, 0x5393, &(0x7f0000000000))
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000080)={&(0x7f0000000100)=[<r6=>0x0], 0x1})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x40841}, 0x8010)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000040)={0x12})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r6], &(0x7f0000000180), &(0x7f0000000200), &(0x7f0000000040)})

1.262352223s ago: executing program 6 (id=3487):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
r0 = userfaultfd(0x80001)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
socket$xdp(0x2c, 0x3, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000013000/0x4000)=nil, 0x3000, 0x3})
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
preadv2(r1, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0xffe00}], 0x2, 0x0, 0x0, 0x0)

1.166642693s ago: executing program 3 (id=3488):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000280)={@in6={{0xa, 0x4e23, 0x7, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x11}}, 0x9}}, 0x0, 0x0, 0x3, 0x0, "b25dd300350731437df94f0a338977934d6d51cdd6c61e31cc7172c856b141e3f4e87e6ab615ea379a12c5a6f5c6e8f89f3e47f8090000c30a1c48cdff030000fad4624800"}, 0xd8)
bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
syz_emit_ethernet(0x36, &(0x7f00000014c0)={@local, @random="e462e98700", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x23, 0x28, 0x64, 0x0, 0x3, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x7, 0x0, 0xe7}}}}}}, 0x0)

1.083298669s ago: executing program 1 (id=3489):
r0 = socket(0xa, 0x5, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000100), 0x0)
setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000080)={0x7ff, 0x10, 0x8, 0x2}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000001080)={0x0, 0x4}, 0x8)
sendto$inet6(r0, &(0x7f00000000c0)='H', 0x1a000, 0x44004, &(0x7f0000000040)={0xa, 0x4e24, 0x7, @loopback, 0xc5f}, 0x1c)

1.065082164s ago: executing program 3 (id=3490):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='highspeed', 0x9)
write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d)

958.343721ms ago: executing program 3 (id=3491):
r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000140)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
ioctl$EVIOCSKEYCODE_V2(r1, 0x40284504, &(0x7f0000000080)={0x73, 0x18, 0x4, 0x0, "d80004000000000000957f00003d4a100a000000000020020661e6e66b8b37ff"})

802.533658ms ago: executing program 5 (id=3492):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r1=>0x0})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x88, r0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x4c, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x2d, 0x1a, {0x300, 0x1, 0x4, 0x0, {0x5, 0x0, 0x0, 0x8, 0x0, 0x1}, 0x300, 0x3, 0x1}}, @void, @void, @val={0x76, 0x6, {0x4, 0x80, 0x7, 0x6}}}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x88}, 0x1, 0x0, 0x0, 0x40005}, 0x0)

758.050135ms ago: executing program 5 (id=3493):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="94000000", @ANYRES16=r2, @ANYRES32=r1, @ANYBLOB="700033008020"], 0x94}, 0x1, 0x0, 0x0, 0xe0}, 0x0)

714.570152ms ago: executing program 6 (id=3494):
socket$kcm(0xa, 0x3, 0x87)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd010000120000140000006000000000058700fe88a43de1a400000000000000007d01ff020000000000000000000000000001"], 0xfdef)

693.808017ms ago: executing program 5 (id=3495):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="94000000", @ANYRES16=r1, @ANYBLOB="010026bd7000fbdbdf253b00000008000300", @ANYRES32, @ANYBLOB="70003300802009000802110000000802110000005050505050505f00ffffffffffffffff6400001001000602fc0105031a00041601000000000000007b0047001100000000007107690001ff010720dd06a9b8e8b2e88108005700720a0000"], 0x94}, 0x1, 0x0, 0x0, 0xe0}, 0x0)

603.260665ms ago: executing program 5 (id=3496):
rt_sigaction(0xd, 0x0, 0x0, 0x8, &(0x7f0000000300))
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x4, 0x874fd42a7836ef68, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

560.097834ms ago: executing program 0 (id=3497):
creat(&(0x7f00000003c0)='./file1\x00', 0x192)
r0 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00')
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f00000000c0))
splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x402000784853bb, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000040)='d', 0x1}], 0x1, 0xa)

559.029064ms ago: executing program 6 (id=3498):
r0 = socket$netlink(0x10, 0x3, 0x10)
setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000000), 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r3 = io_uring_setup(0x3450, &(0x7f0000000080))
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r3, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000002700)=""/4096, 0x1000}], 0x0, 0x1}, 0x20)
openat$mixer(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'bond0\x00', <r6=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r1, 0x89f8, &(0x7f00000001c0)={'tunl0\x00', &(0x7f0000000140)={'syztnl0\x00', <r7=>r6, 0x10, 0x8000, 0x6, 0x9, {{0xe, 0x4, 0x3, 0x8, 0x38, 0x66, 0x0, 0xe, 0x2f, 0x0, @empty, @local, {[@timestamp_addr={0x44, 0x1c, 0x7a, 0x1, 0x6, [{@loopback, 0x6}, {@multicast2}, {@empty, 0xb4b}]}, @rr={0x7, 0x7, 0x8e, [@multicast2]}]}}}}})
r8 = socket$rxrpc(0x21, 0x2, 0xa)
write$P9_RRENAME(r8, 0x0, 0x0)
connect$rxrpc(r8, &(0x7f0000000000)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @mcast1}}, 0x24)
sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@newqdisc={0x48, 0x24, 0x2, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0x7}, {0xbb03989efb29e3c3, 0xe}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x7f, '\x00', 0x0, 0x0, 0xffffffff}}}}]}, 0x48}}, 0x0)

462.758275ms ago: executing program 0 (id=3499):
r0 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000ec0)='./binderfs/binder-control\x00', 0x800, 0x0)
ioctl$BINDER_CTL_ADD(r0, 0xc1086201, &(0x7f0000000f00)={'custom1\x00'})
socket$can_j1939(0x1d, 0x2, 0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r4)
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f0000000400)={0x98, r5, 0x400, 0x70bd28, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DEST={0x48, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@remote}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x8}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x101}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x1ff}]}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x64010101}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7ec}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x808}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}]}, 0x98}, 0x1, 0x0, 0x0, 0x2000000}, 0x20010815)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
write$binfmt_misc(r7, &(0x7f0000000000), 0xfffffecc)
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r8=>0xffffffffffffffff})
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000280)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="cf0400000000000000001300000008000300", @ANYRES32=r10, @ANYBLOB="040013000a00060008021100000100000600100080050000060012"], 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_NEW_STATION(r11, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000280)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

461.855672ms ago: executing program 5 (id=3500):
r0 = syz_open_dev$dri(&(0x7f0000000440), 0x6, 0x3e6d01)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.idle_time\x00', 0x26e1, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc})
sendmmsg$inet6(r1, &(0x7f0000002ec0)=[{{&(0x7f0000000240)={0xa, 0x4e24, 0x1, @local, 0x5}, 0x1c, &(0x7f0000000480)=[{&(0x7f0000000280)="2412ad2f2267a3f1c94c67e548781db7dc33659abb958fc7eb5409e320d42509b9ad47a3a92c4a4228e14fa18a49f633900f8e30fc1736", 0x37}, {&(0x7f0000000500)="fd773f1ab12fb54cf321448f678f1ac9be5ebf864eeca1481c08a37aaed83d73ec3401682fe0536c78023d4e79b45848538f8450cdbc3b129917410d0793a8abd15d8819c0fbd86612a0d70773047a65b11014df76c3847a98b064ce99da79c2f00356133b5a4be027440ef256392cd5bbfd4deb22d145e62240ef339b27118329b3e0597601b43573605ce66dc54ac36b377d7a68684015334608c2ebbee00c78f3634999681788e658236cdef6aff32333c7fce44c2847236c9e6ab4e89b0ae9c7ee82fa3d84788c681281b275311297e3bee4b0b4ef386d1ff939385f3f6274d73f2a2c0de7d261f5396771635e3f5ab72343d21380709cf136e62d0b87384a1566326d6e17fe3aa98f55fba5fd02a4b8feb2a36a22af4f7770c40c4147da80d2578d57851e293b5446ad79c87204cb039b1b09ab7ae54239b7bbda0a458d0f96faca85e1136dcd8ca10656233d484abd539bd683c9d23a2c98c14e6d60a14d44586f86583e368f058c3b5ac399d6cec60c8d26099e7c1843a31242c0e8035b98b3f28ad5f8199dbf94a92ef00396e61dc3b1aae404765a532a559b8fb7f0de32e6376eae5a22005343e4695242a3f6ef8dd09568bfc5839551afc28c309807b74f082b654158c8ee915162a3c32234b918c32abaef0331ed6a9e260ab92dda29c5ad05a42d48a5573ddf4a3afee83bf86340bbe517900b92dc344f4b6285ecea34993e54899af8917c3e632a5d755d95d065bef60421d513e90c16277fdf8651c48ce9c77dcfdf72de14b5d68daebfc84a744434b884c4f7e9d574641d7be7ecd8c024c359c288ec6502fd03ec942f99dff0fe16f0a29dc9a3d83526543bc089d705ca8bcfbdf37fbbff5168361fff0ccba65c27a15b3e327f3b149737850bcf2e3b6d7a75167e55911dc79b093b92dfe880aec6e79131decc9b3dd69bd5f36f3684ad824a1716315a9e5916f46900f2115dfaf329f3d26522ddbfe31532a64d02c82ae149e60a9187a7e8ee61ec9555a372da704c6498b8212c787326edd615128ec4dff062638dd3d86370cd246458a42e1545ba618ead1a289d2b4777dc9f41fda9d26dfee82efeba2bfe3e86b9b4e619e5669cad0797fc3126fe34473c4c17cba2436f9189e8949c82483a17c344367440d900eaefd8ab1774f4380286fff377822b071a7afd5f5b39d3a478330b2faad4a533f5b3bed2930d843b36aa95cc4d5f15152b4b2c1f9f7e3328f9f4bf3b7a70ed3b1f346443c8409842b7f15799222b7b51ddaf85dff904869c0289a7eb38e6e85fb84f36106c270c2918d28caa6e62c233b41ed3e523be7a1fe592470a0c0776558543aef3a90bb9b842ae596297b53929b8f85fa17ca158bae3f9b2da29d2c85d6229ada3ca68d1f1bd8449472d47d28ae9232c614f1c7c0a0d0a9ac6bd73c9554ab68ee26f671b61ac564a8f13dc7068bbb4d291847bdfce3e66696fd7666897f0933adec0475c96463e08bd117e26bf649c98e95fd5ea216901551041859247a17ef486bba63c75144188f13b196d21a5422cb8f55273dd74faea40ae5c9abb12ac5632afa69c58906267a46eff5e402c8730fc35be6bfa98cb7bfa8b446436ea3e353936c6fe12ae4bb84b2542edbc1a911379f89ece4702803cccde56e4ff15d4985b545d210283ef61670ffb40aae8a5b5380d6f13a158b2b27ca8845264d07ec1ab1b4913b6e06f6a4dd598d7344804ffae441242d8b84e79ffbfbf569468eb789bb614d8dec5b328ee48a348dfdbb7bbca6b66710d849d6dcaf6f42f64bbc8efc89e26b852fe7c401e743fbee16b7c112c3c865c84619e67a78a0605633b21d6af51679112748b69319ab8b04ea2821be1c7afa9482c9be17a9782ca8b571cbdc462d3fbd7f77e13e3d52076f5ab2e51cce92b7460da6ce5b60780d4ceb0525c55552099eab9133ce7e981ca98a440ab115dade5221145498089d49b0c47c383622334f3b336e5e3469dceb3f5bfd2d3d1bb7e0115d5f3812d8bfe42d8abf33d2aededd7d1ce0274b44f095dfe7a1334f49428029a358e1f0c3cb52f355ea778494692aa4a4ced7fffdbbd9a7eb0fc9e612a4e720caa9faae4bec2d3f668ad48c8efdc55faca10e89c2b3a113343edcb719f3cb0db676c9e60d53003002e11c827f2778f8adf1147db2cb927e4828fae128719469ee545874d25ea9444241a6fbb38f53e9e32ba01ff5dc430be5b9bc25350a921750b27659304621512784f26e54a98a166cd75e30fc2690db4ae847e0de1dedd09e19145d0579f76c0ab3911c134058c21b724fcf89377e98f8382e4e0d135efd7512383134e5119ba2cde1f6c59ba442b601a025bfeb09300a8dface2370e555cb48bf625cc2f155473b3588e78f7f415575ee4bc46f820e81bd8ab327c60ca4bccb8422310e9c56fabd046e39a308093fd9c338d0b9bf55bbc8fa3ae07b28c4316c7e80a4340f384bce536d4272860205762ead027ab7eed887c264066be24587b07dcc6f3103a2708dc4820cfc13e34cac8d4ae5c15dbeba6e44ad6960519e83c918eef607f1ef762433ac95c9ad0260d4f935ce5fc1fdd4924c9b3cd7bcef7edacbac0beb35898a9d43678682987e7283315ad364c41f1ca3319914bbca625033b3fda03f1cdc97d9e4c1d349931db8622afb9101580e13dbd664d47908aeec01ecc87ff99da24b05a32354762476362bb551dccfea0bb3d47c0e61b020271c6429599ddc93beb1c65a40eb533e64cdac86fcb464324c183c58042baed58ce823c14ec3d1bc7d03b772d0153164b845f08a02ba4da8169b056e2a4917f5392d8461cbd62a7a73c1e40f1c7e2fb65c328f90e85d9f735b35690b7f253293e3614d89075ce6a842ae1c5a6132d3e8ff25aefbb2bd0510fb43a3dd0dd48d25b74c3e9d410638b4a39921e2d9069405065d5bc906aadfafdcef401a46518cea67ac6b834511eb8f3878a91ecb89022759807d548e6fbcfe79b857545d5b51804ef53c794eade3a4d7003925a0b09db4685374b166c932ad550582bb0d3377a3816210e6fd5a4a55aa5fcac789f43862ebda9c11e294b2f5736bf73ae82df69d7528bc84e597fe210180a632c0a7fbc69d0e7aa515703eb7dea6f9b7385ed933dc8de2099c76abc04d0fa9586b447460e0ff37e35a76326aa4b521f57fe3643ed9ca7e21cee7dbd95ad48d0c23b5ed6abb4acdaa11b6df5a74f1cca2329d637571a4f1f1edbb5ef4ca867af1e2fea473e9594f995d76eef529f028df82374f7895bab9c12cb1596c1bb8581216a0ec9655810f677e0ac59e707c836cc3542f584662cbec6d4aaa17fbab32ad6cc8d79eefeddb0885cfd9da67b03b0d15376b57af09fe49c3bf736f6ef77ce951596f44ccfb82876f000b925f3554d69f11122c38316c53b77ebb122389393f50c6e07a14566b46a55d1c382a3c9c560451a117e1c696382dddda3c7010af5ec16ac67500086a17585a5c1d3da4b24f578c625e26d0b27845448d1b4fa88bcb8a71f1e6ec3ea8ed9aadceb9e418d61e3ce44d235ce2ec00535413e4a5ba684559f617ea65058fcffe9ec1d78d3f508b6de3e614871f641737fe4a9e1c4b5c0d9d85cbc8432e3bfea651ed9b0d06ee7f2d81d4216c1d2a9e5d2f236bf8d17308e4c39bf7ce9634bc8b7a6970071116825b3ea615b3d9e2db3d98753950647bafeae30a8b9ac5f3b449fccdf54d64a6a1c29f5cbaf03d76d2657c681c88841aac4fe9105a8d5e05a106d8c06eb312d47abdde7f1680fb98d38da7c4af2b81182ded2326187993fa72fe872e97f173938f80dda148267fe9b05890ec54b0d34b67ef1688faa85f2b24a7dadc43f4d7650cba22eb156a4c81a8c54bff232d76da630fe530daa19b82293177f1e210c263990ef2257348fd25a637e4f37909bee05002655738fde8f4ce9516498750acf5407340839d13219a6557fcbfc3583362113369aa8322f1c4899776b6193515f2946c66c9a8463537d86552123a9aa65f59b3a1f2b520a3f075049f99d8212ad6f2fc48f275c23cb803945753c454842d4a4838995160818404821cf2fa3b2d06ae3d4e688c309cb7e16f98f1888bc85689a0671346144fc6c4595461921ca1539ce38f61b605371f22625034dc171b24eb2b9a64c4a7906316de5336452bbefdeb720c8b6c8b357067cda89f1a3334210048586c913601887f70227b5404fbd0609f5a6e2804a698eee41b3a4b4b71c0b6661977b810ecc3e0b8c0de5e58724d69841201691c1dff39a7fc9a256b4a01b46fef7c39d9b443caf3541d2da59614f4b1a38d38ff9421229c6f52c998000bc6ab49c593a57d38e2cfa419fd781a72c9ada5b7d153e56a09ce2481f5c1c0d17d065e4da5d6ef12c276340c064370c49c4e00c55f980ca453d918744f92897020e90433677b41fcb692563ee0f3a51f9b2e3e4d1070c498cc02ccab0f35873aa4340916bbba6c9b6e435d33fe8f6a37841b74988f533ede13f37cc05a739fba38507f77304c49e3aaacdbc04bfd3d9d8019c1b028ae9a6b90af538c96a9975ee8de7c9816327ee9ba648b9dec7ed9e5f39fa5136cdeace3edebd84ef3d82f981059bfb4eb760a579fc7b489fd5e1ffc7e94d53ff8b3a9b051888d7ff9ef70a02a8caa3a7afd1690edb0d6849b990ed98292112792a9b3649c6befb8cdf0f0fdf40b3aae35981ac8c8fd68b347910d1cb5e9965f2fd02715fe3ebec74764528d72aede80696cd60eab81c00692c82559d07f2bc196a2fc955aa779ad05b533c0c7019549c3389cdb496a12afd4ec87c9f3717ca1468915b754a34229971465b642f4d8b16012354e3032b8e5e015281b970afda15ce0e244f0c05587dea4eec3fb261e39b92353b3e2a38d44e1754a82a68152f5496d044d7801f09014c02a87d5b8b32310aa229eedada24db7b3b0458c273708c8b2fa605953560419a4d563866ab2fb27ac95613d424d7a6ba52bbc8bafbb65ba22952cc9fffc80910882fb281909a9d78916b09ea4cec29ba8ed5c12370806c5b07d7e6e965fe0c7dfba0f21eafeb26d942222d4ced733cdb9d1519d4e7962a2ec3109acd437a3fec951c372cf514e601c9417debf0d1d2fc9b1bc0194b0379c876c0fb6a82be571dcc9e9b9bffb65ab5ae6c798bec4a752abca28827a8ede495759cf77a8ccdc47e4e85e653d371046b3b20876f8cd4fa1a1972f53e8bcba05458c3f1c54b4beb7b0f6a521f558a3884c03a4bb34dc5bcb4f697b01fbeb6dc1c5c7b78d0b27dcd76af57b6bbab4ba708b69baefde30e183c9efb5b61405c393e542fea1ba58a1734eee5489953de2b3354e58a3a697549383ec598efaf3325e567aa964aa02a7edfb5f641d0b16fbb204063fd995c0388dde960314e9d9325871f4a76fe221557c3307c62a9ecf2e4944aa37e2ea244c6f91b5adaec6fe6b810a88101ebd0ddb0bed51f1ab4cf364e8ad33c0c1515e25020eb5d068580f59f219dcf5a06c2ef70c9069ec48abdf3b34b32859c08d2cb77e80b65c7bdae78e0f6ebf8333786792a843a9ce33bd18c466641022bce06c047d54f1ae37fb8c66e06dd9b03735c004a3f42f19de32792616eb5427c0ec6b4786dd0ac7245dc6ff4684d15e5c34e1d2110f10307c9745be966e9101119fab0cc96f34e8ece85bfb338632be6e21f7c7f5f98022ba8ec575e5c92373216aa038c6ab5a856f77369ad3957a4f29092e75f97247d78f9d24bc65a21a5d5cf1fef42d287df5e56ff05058b6517e41da35d508a8567bcbc81ce9dc8b00e", 0x1000}, {&(0x7f00000002c0)="fe9092c7883fd619797d133a4f39b38fe4df145053c1851c22608167bb5626c2769703", 0x23}, {&(0x7f0000000300)="166a2bd878dda0dc0cde1ff2d9509ddf971f1e6e308da7b9a6f2ecaafe9fc7c1350b294eba23196e0207de487388fd8377a8d4522319194420aac254c7995370cbd2fbba0976dcd06f4945acddf18647d9949fc838485a86f3442efce65b020ae9e7a05bd82fb1acfecc1dd2440c6c4871fb3624a3d4c7a0d10dc348ddb2792ab0b658f05f02e18b9ee7bf2e1a1bd9a1623f892aef58ea9b72b6199799d18e41b6738cacb62084fd7d61957e9cd508c7ab81abee6d74a3573f564f9b562fd49d36afaf6723d69975884cec66f12a3e9a0aa2a60ebb261314c7", 0xd9}, {&(0x7f0000001500)="ee86e0c8fc19ba0cf1f79b29cadb3b327f78102293b544acd2f9c58aa228d91c1ddae84370b94108c82cfe05f65140564df9bb6e8b85254c19dcda39381067fddc3a81ec7c2a44a58d7a03a6dcbb4aafda7a0271ae28efbd995ea1471046ced863ce63eaf35d60e5faa41a0514fe5b802ae7b407400220858e4683f1e6529a66983bf70cc7cf33c06607a26049e2b4f80284208dc8dc9aeb8e5d", 0x9a}], 0x5, &(0x7f00000015c0)=[@rthdr_2292={{0x54, 0x29, 0x39, {0x16, 0x8, 0x2, 0x5, 0x0, [@empty, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @loopback, @mcast2]}}}, @hoplimit_2292={{0x10, 0x29, 0x8, 0x401}}], 0x64}}, {{&(0x7f0000001640)={0xa, 0x4e24, 0x922, @private0, 0x9}, 0x1c, &(0x7f0000001780)=[{&(0x7f0000001680)="d9034f49474da31b76133c825966a55d775f8d59369e119199165134e7b3703818835940b90c20c956df72e70df63444ab1b", 0x32}, {&(0x7f00000016c0)}], 0x2, &(0x7f00000017c0)=[@hopopts_2292={{0x54, 0x29, 0x36, {0x3c, 0x8, '\x00', [@ra={0x5, 0x2, 0x3}, @pad1, @hao={0xc9, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @hao={0xc9, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @pad1, @hao={0xc9, 0x10, @mcast1}]}}}, @pktinfo={{0x20, 0x29, 0x32, {@mcast2}}}, @dstopts_2292={{0x1c, 0x29, 0x4, {0x6c, 0x0, '\x00', [@enc_lim={0x4, 0x1, 0x2}]}}}, @tclass={{0x10, 0x29, 0x43, 0x1}}], 0xa0}}, {{&(0x7f0000001880)={0xa, 0x4e20, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c, &(0x7f0000001a80)=[{&(0x7f00000018c0)="e11c4ca9f445375d827fad4edc44ecc03368fc41002d382427a613694c047af0f07a8941eacff2a7cd2aac6c25dea015398991", 0x33}, {&(0x7f0000001900)="72c3e38919114c853e1cc762b4149f46d8c546872399305078630cf3572857b903f1c5692f040ccc5487854c8ecfd578fcbd73397eb01143bd10fb00a2481d850d4bbbf19208e1e258b5374c4f98b9f4743d685aa1370221ae392297b9708acbdf51b39c049ee6672d9a3cf47e88b0c4b3b0efdc1490367686f1c520a732b137a3602ef4260569cae696dd2b64a87c864cb80017f0933ea4487d1043a822ba57ee7bc4", 0xa3}, {&(0x7f00000019c0)="1f726bd56a5e34f3f5330bf5cd2564a3e7e2c8e2e688a224074fb5f0024a76abb127cea8bd7f245227b55a48e352e4cac3e3689d8d3c45fa39fdd093bb7af3aea8b6ce5b319cb1d23c6227d5b6ebd8ed6d9c4dc23e9495", 0x57}, {&(0x7f0000001a40)}], 0x4}}, {{0x0, 0x0, &(0x7f0000001d00)=[{&(0x7f0000001ac0)="cf40f7e32da39a3797aaf5f4238f1a49f14ed9eee71390c3062152de0ff211bc22e547f30f18e0d7261cbf0fb0c8a5ddda496a25343545f002298565a47790e2817de1677ea67c", 0x47}, {&(0x7f0000001b40)="5dcae774c71c248ba8ad4b05c6d139725e2e15dacb366514feed9da1f67fbc646493a76050973f40dfb56f48d11d3607f6da620c3c29e6860865afc31892be0ab83db12a03505f4904dad6c38f83775b76bcf62db854df234c789519ac3416aa93fdb80b44761b595cc58ce6dc2af0d649e8e4777b3637e11260", 0x7a}, {&(0x7f0000001bc0)="a163965d9364b48aa556806675cc7015ccdd0b7c59df7a866ed51a3e2a767881dc2d78debabbbd09b59e23f6a897e0", 0x2f}, {&(0x7f0000001c40)="fce8e5c168179883d7e0c5580ad79832f224ac5bdcd7127cba7d2121306bbc58df2152a2e87298cfb9393a81d22de8d581841ccfe550330297f19c886620848377e27c306f29157c1453eb224aa98f33fe619fbc1acaf3b0e85034b51c1ecae9082058b52ffdf9c6adb3b2655a184cc8b67826375279a6a98c0024fdb4c9b2d71fb9eee2678217d5eb0617c6ada68940b29ee1902adbe46fedf2a2a615c6a4d77069941fc7f8271f9df08fcf8d243e13b5c0d50232fdc2e87d9a898b5b42f2", 0xbf}], 0x4}}, {{&(0x7f0000001d40)={0xa, 0x4e23, 0x7, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x1c, &(0x7f0000002040)=[{&(0x7f0000001d80)}, {&(0x7f0000001e80)="af2ed157155e97c20d785f6f82d335500624f9f47e513cd0d1bf7813b45d001348c69f64621fd1754c152a7ccb8cf8bdfccec29d6548d9f405d621520092bcb1feb539180b246813b5b291f4b148e11a9051dd7e03a087cabbadcef145b1deb79a3ca51ff1bfe7c28a", 0x69}, {&(0x7f0000001f00)="261851d1aafe339391af82c9baa31a667b5060d8dafdfe6c53af313834a60a5ebe36279d744c28822dcba509525ff6918ec6b1b5264b48823aad306f5a9d73d8e512b26352a5b7ca957d8b0576fd87805f", 0x51}, {&(0x7f0000001f80)="43dc3fd58e30f277481582ac6746cdd617473500bb4152c9d8b56a9f10f2cd3d08668ec288460ebe62a026214faef3819b6b9dd31c402b3b13cce4e3ed76df47a0e3662d8e6c7c9ae204b88a540cca19f348f8f7cb8d5a068d146dc3532e15f6f12f3bf792fee261e4c413956f43ef898b92e7674b2de402aaa3a05c4fdeb0fcd97c4ad158edd9677f0a1f206aa341b33c8b90af00ef07995b5224c80061e394a17649844cbb327f56", 0xa9}], 0x4, &(0x7f0000002080)=[@hoplimit_2292={{0x10, 0x29, 0x8, 0x4}}], 0x10}}, {{&(0x7f00000020c0)={0xa, 0x4e23, 0x92, @mcast2, 0x8}, 0x1c, &(0x7f0000002100)}}, {{&(0x7f0000002140)={0xa, 0x4e20, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}, 0x1c, &(0x7f0000002340)=[{&(0x7f0000002180)="a7770cc9b3d9771d1e75cd8df3bad68b93c607ff0525e225f9045678c90346bfe6d8ddfa5bd7ac2fcfd65fd4a16364d2164247a05ade0eee4343c047f331acd0bdbd80f50f8ba315c8a19be901ea80e05d5b3b0652b2395adbb78c4c40feb0fcc645883ece3fda9a34d289248836fb58e10d99d16e55a28d32241ee91592ce1dd3a5bd3f0c0dbf9908834858f0d34c2f9ce3c918f9bde0f986a1955c9ed65860b1d874f871ad76730a51dcb9532c222a6ea304139fbce01185fc04a4645ef01be222f188", 0xc4}, {&(0x7f0000002280)="59e1b7a1c64fd8b3f07b251eca6a668a3ffa12bc6fa3bf8bc536382fbe5c0df2300f1f888248d3ea18513df8fdfc39aff27f18", 0x33}, {&(0x7f00000022c0)="e2d8d23cb61aefb38106e0ba802a42be9b2d56cddc679153b9e884e57a1b24664ae0eedd6571053399b792a7c2bef992307f961fbeb2dbf9c72b5c60070a05de00219bf9b3b693c9dd0bda934d961f3e84bf738273e3cb3d92c5504638fc", 0x5e}], 0x3, &(0x7f0000002380)=[@dstopts_2292={{0x9c, 0x29, 0x4, {0x2e, 0x11, '\x00', [@calipso={0x7, 0x40, {0x0, 0xe, 0x4, 0x8, [0x7, 0x3, 0x8, 0xe, 0x6, 0x1, 0x9765]}}, @hao={0xc9, 0x10, @loopback}, @hao={0xc9, 0x10, @private1={0xfc, 0x1, '\x00', 0x1}}, @jumbo={0xc2, 0x4, 0xfffff8f8}, @padn={0x1, 0x2, [0x0, 0x0]}, @pad1, @calipso={0x7, 0x10, {0x3, 0x2, 0x8, 0x6, [0xba0a]}}, @pad1]}}}, @dontfrag={{0x10, 0x29, 0x3e, 0x1ff}}, @hoplimit={{0x10, 0x29, 0x34, 0x34f}}], 0xbc}}, {{&(0x7f0000002480)={0xa, 0x4e20, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x401}, 0x1c, &(0x7f0000002500)=[{&(0x7f00000024c0)="6a23715e63a03deceb7e10c8f070667c3424607e1b519616a857030576fdf11b84b3fae085439ead241e021d48f37a8263e383b65a8f4ff2248936", 0x3b}], 0x1, &(0x7f0000002540)=[@dontfrag={{0x10, 0x29, 0x3e, 0x8}}], 0x10}}, {{&(0x7f0000002580)={0xa, 0x4e21, 0x8000, @dev={0xfe, 0x80, '\x00', 0x3c}, 0xec27}, 0x1c, &(0x7f00000029c0)=[{&(0x7f00000025c0)="eff43365645a9ac0b206a04241ba3c58f78e197f44b3296ef44cb1a5b8f3d648497bba4dc486b50413e0272a6ffd96af180bd6391a6353335459d5ee13689b8047bb1edeef0a0cc957cc00481a34f170b5b04cc7d8b1b5d48aa148ec29e9df9507a12127a712c9f89caec2f708f778660862ffdc3822ec8ef25276d81fa8d0749f071161d67b7da8b44bef5475b7683e18def5e7730eddcf062b137f141c8914440c924ca90d2784fe1f804f72e782b42c4e60815e5615e9a93b85f0f75ff8ca544fb0e197", 0xc5}, {&(0x7f00000026c0)="4bebcedea836da71c0087e3fb99c134112688280014411b9a01deda842aaaa9bb485b1140baf6c71801dd8ccdf522bba28fbb8c8c75d419c006bd104174252208f508e3a955de1372c39d52142cacba0f34cbd32ea037936eb280eb09f03660467bb770d05c0fedc264a9c5546783d48cdf1eb02bebd93b6ee9dca49bb8d471e71e71f26344c64d5dd218bb270b0b8ec877514b72ffb627c43750f27124c4a2ad9ff8a66639d91f6ea824e64950bcbcb11d8da7ccc701c539071bfa5af7667bbc0cb9d3d", 0xc4}, {0x0}, {&(0x7f00000028c0)="72a5cf13eb4b0fdfab390349796320345e67aad90903a9bc1496b9b1a57336355c317b89c93d64d86371eaa5a0ab09e1cb28a9c912c9de54e287454a13b51aa3955c3c7ba944c8d72f685ffd4b2155e3b5e5c8ea009d3d2fac16c171534988ad32a0e760c313cf18acc1fa509c19cac7c1042f3ec2855f37bdf39f866ab67079febc0e0165f338072dbc41e48515d0a4ab4369f96306297a8391af08c01795b7074ad21efe89d66fc2330ca7e933093c33a9e675d41807938eb2c44026ccdafce026235b250cd97036b99c53bdf8676257b4eccb8a91cb16b2b47d", 0xdb}], 0x4, &(0x7f0000002a00)=[@rthdr={{0xa4, 0x29, 0x39, {0x6c, 0x12, 0x2, 0x3, 0x0, [@dev={0xfe, 0x80, '\x00', 0x43}, @loopback, @ipv4={'\x00', '\xff\xff', @empty}, @local, @local, @empty, @local, @rand_addr=' \x01\x00', @empty]}}}, @dstopts={{0x44, 0x29, 0x37, {0x89, 0x5, '\x00', [@ra={0x5, 0x2, 0x8}, @hao={0xc9, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @ra={0x5, 0x2, 0x8}, @hao={0xc9, 0x10, @private1={0xfc, 0x1, '\x00', 0x1}}]}}}, @rthdr={{0x14, 0x29, 0x39, {0x21, 0x0, 0x1, 0xfe}}}], 0xfc}}, {{0x0, 0x0, &(0x7f0000002d80), 0x0, &(0x7f0000002dc0)=[@flowinfo={{0x10, 0x29, 0xb, 0x11}}, @rthdr_2292={{0x34, 0x29, 0x39, {0x4, 0x4, 0x0, 0x9, 0x0, [@dev={0xfe, 0x80, '\x00', 0x34}, @private2={0xfc, 0x2, '\x00', 0x1}]}}}, @hopopts={{0x2c, 0x29, 0x36, {0x88, 0x2, '\x00', [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}}}, @hopopts={{0x24, 0x29, 0x36, {0x32, 0x1, '\x00', [@pad1, @jumbo]}}}], 0x94}}], 0xa, 0x0)
ioctl$VIDIOC_STREAMON(r1, 0x40045612, &(0x7f0000000080)=0x8)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x2404c050, &(0x7f00000000c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x2e}}, 0x10)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x38, 0x0, 0x200, 0x70bd28, 0x25dfdbfd, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x40}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x5}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x81}, @SEG6_ATTR_SECRET={0xc, 0x4, [0x1ff, 0x9c]}]}, 0x38}}, 0x41)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r5, 0x5393, &(0x7f0000000000))
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000080)={&(0x7f0000000100)=[<r6=>0x0], 0x1})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x40841}, 0x8010)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000040)={0x12})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r6], &(0x7f0000000180), &(0x7f0000000200), &(0x7f0000000040)})

290.447161ms ago: executing program 3 (id=3501):
r0 = socket(0x18, 0x4, 0x0)
connect$pppoe(r0, &(0x7f0000000100)={0x18, 0x0, {0x2, @multicast, 'vcan0\x00'}}, 0x1e)
sendmsg$IPVS_CMD_DEL_SERVICE(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48810}, 0x0)

289.941338ms ago: executing program 5 (id=3502):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x0, 0xfffffffe, 0x4}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
sendmsg$nl_route_sched(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ac0)=@newtfilter={0x34, 0x2c, 0xd27, 0x1070bd28, 0xfffff003, {0x0, 0x0, 0x0, 0x0, {0xf000, 0x10}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x8084}, 0x200c8000)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x6c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0x3}, {}, {0x2, 0xfff1}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x3c, 0x2, [@TCA_GRED_PARMS={0x38, 0x1, {0x80000001, 0x3, 0x8, 0xb, 0x101, 0xffffcbef, 0x183, 0x5, 0x7, 0x1, 0x14, 0xb, 0x1a, 0x3, 0xd0b, 0x38f4}}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40098}, 0x4000000)

91.594363ms ago: executing program 1 (id=3503):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x88, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x4c, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x2d, 0x1a, {0x300, 0x1, 0x4, 0x0, {0x5, 0x0, 0x0, 0x8, 0x0, 0x1}, 0x300, 0x3, 0x1}}, @void, @void, @val={0x76, 0x6, {0x4, 0x80, 0x7, 0x6}}}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x88}, 0x1, 0x0, 0x0, 0x40005}, 0x0)

30.070641ms ago: executing program 3 (id=3504):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
r0 = userfaultfd(0x80001)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
socket$xdp(0x2c, 0x3, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000013000/0x4000)=nil, 0x3000, 0x3})
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
preadv2(r1, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0xffe00}], 0x2, 0x0, 0x0, 0x0)

0s ago: executing program 1 (id=3505):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='highspeed', 0x9)
write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d)

kernel console output (not intermixed with test programs):

767.335747][ T5921] usb 46-1: SetAddress Request (6) to port 0
[  767.341878][ T5921] usb 46-1: new SuperSpeed USB device number 6 using vhci_hcd
[  767.342191][T17033] vhci_hcd: connection closed
[  767.361726][T15321] vhci_hcd: stop threads
[  767.382688][T15321] vhci_hcd: release socket
[  767.396630][T15321] vhci_hcd: disconnect device
[  767.634037][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  767.641303][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  767.717948][T17003] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  767.724235][ T5148] Bluetooth: hci2: command 0x0406 tx timeout
[  767.730251][ T5148] Bluetooth: hci1: command 0x0405 tx timeout
[  768.286011][T17003] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  768.292546][T17003] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  768.303012][T17003] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  768.314404][T17003] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  768.684731][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  768.691906][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  769.714036][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  769.721213][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  769.794305][ T5148] Bluetooth: hci0: command 0x0406 tx timeout
[  769.836311][T17085] xt_CT: You must specify a L4 protocol and not use inversions on it
[  770.196722][ T5837] usb 4-1: new high-speed USB device number 91 using dummy_hcd
[  770.357960][ T5148] Bluetooth: hci1: command 0x0405 tx timeout
[  770.364230][T11937] Bluetooth: hci3: command 0x0406 tx timeout
[  770.370754][ T5841] Bluetooth: hci4: command 0x0c1a tx timeout
[  770.392165][ T5837] usb 4-1: too many configurations: 9, using maximum allowed: 8
[  770.426006][ T5837] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  770.454252][ T5837] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  770.467192][ T5837] usb 4-1: config 0 interface 0 has no altsetting 0
[  770.477107][ T5837] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  770.486462][ T5837] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  770.498830][ T5837] usb 4-1: config 0 interface 0 has no altsetting 0
[  770.507075][ T5837] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  770.519592][ T5837] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  770.530897][ T5837] usb 4-1: config 0 interface 0 has no altsetting 0
[  770.539246][ T5837] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  770.553935][ T5837] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  770.568934][ T5837] usb 4-1: config 0 interface 0 has no altsetting 0
[  770.577314][ T5837] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  770.588557][ T5837] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  770.601610][ T5837] usb 4-1: config 0 interface 0 has no altsetting 0
[  770.612598][ T5837] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  770.622580][ T5837] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  770.637220][ T5837] usb 4-1: config 0 interface 0 has no altsetting 0
[  770.656411][ T5837] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  770.674145][ T5837] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  770.693610][ T5837] usb 4-1: config 0 interface 0 has no altsetting 0
[  770.705744][ T5837] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  770.720219][ T5837] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  770.745454][ T5837] usb 4-1: config 0 interface 0 has no altsetting 0
[  770.754410][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  770.755513][ T5837] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  770.761660][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  770.779431][ T5837] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  770.793957][ T5837] usb 4-1: Product: syz
[  770.804037][ T5837] usb 4-1: Manufacturer: syz
[  770.814967][ T5837] usb 4-1: SerialNumber: syz
[  770.831005][ T5837] usb 4-1: config 0 descriptor??
[  770.856029][ T5837] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0
[  771.659686][T17133] input input59: cannot allocate more than FF_MAX_EFFECTS effects
[  771.794033][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  771.801235][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  772.054372][ T5841] Bluetooth: hci1: unexpected event for opcode 0x0419
[  772.330525][T17138] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  772.436999][ T5921] usb 46-1: device descriptor read/8, error -110
[  772.723987][ T5837] usb 6-1: new high-speed USB device number 71 using dummy_hcd
[  772.834445][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  772.836112][ T5921] usb usb46-port1: attempt power cycle
[  772.841674][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  772.928099][    C1] usb 4-1: yurex_control_callback - control failed: -2
[  772.953948][ T5837] usb 6-1: Using ep0 maxpacket: 8
[  772.965001][ T5837] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  773.021666][ T5898] usb 4-1: USB disconnect, device number 91
[  773.052746][ T5898] yurex 4-1:0.0: USB YUREX #0 now disconnected
[  773.113892][ T5837] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  773.151436][ T5837] usb 6-1: config 0 interface 0 has no altsetting 0
[  773.194260][ T5837] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  773.317926][ T5837] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  773.379461][ T5837] usb 6-1: config 0 descriptor??
[  773.483608][ T5921] usb usb46-port1: unable to enumerate USB device
[  773.831997][ T5837] hid_parser_main: 8 callbacks suppressed
[  773.832023][ T5837] mcp2221 0003:04D8:00DD.0034: unknown main item tag 0x0
[  773.874063][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  773.878209][ T5837] mcp2221 0003:04D8:00DD.0034: unknown main item tag 0x0
[  773.881392][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  773.914068][ T5837] mcp2221 0003:04D8:00DD.0034: unknown main item tag 0x0
[  773.921209][ T5837] mcp2221 0003:04D8:00DD.0034: unknown main item tag 0x0
[  773.961291][ T5837] mcp2221 0003:04D8:00DD.0034: unknown main item tag 0x0
[  773.985833][ T5837] mcp2221 0003:04D8:00DD.0034: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0
[  774.102636][ T5837] usb 6-1: USB disconnect, device number 71
[  774.244042][   T43] usb 7-1: new high-speed USB device number 70 using dummy_hcd
[  774.427258][   T43] usb 7-1: Using ep0 maxpacket: 8
[  774.436335][   T43] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  774.476781][   T43] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  774.596160][   T43] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  774.645065][   T43] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  774.700740][   T43] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  774.754121][   T43] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  774.768371][   T43] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  774.914449][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  774.921699][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  775.016599][   T43] usb 7-1: usb_control_msg returned -32
[  775.032713][   T43] usbtmc 7-1:16.0: can't read capabilities
[  775.371928][T17189] usbtmc 7-1:16.0: usb_control_msg returned -32
[  775.392995][ T5898] usb 7-1: USB disconnect, device number 70
[  775.954053][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  775.961267][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  776.117149][ T5841] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  776.127156][ T5841] Bluetooth: hci1: Injecting HCI hardware error event
[  776.136608][ T5148] Bluetooth: hci1: hardware error 0x00
[  776.550251][T17216] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2800'.
[  776.882635][T17216] bond0 (unregistering): (slave syz_tun): Releasing backup interface
[  776.964190][T17216] bond0 (unregistering): Released all slaves
[  776.994680][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  777.001888][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  777.915810][T17256] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  778.034133][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  778.041228][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  778.193994][ T5148] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  779.074819][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  779.082008][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  780.114016][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  780.121182][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  780.219746][ T5841] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  780.230562][ T5841] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  780.245000][ T5841] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  780.255312][ T5841] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  780.268284][ T5841] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  780.689610][T15321] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  781.136664][T15321] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  781.154484][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  781.154674][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  781.301738][T15321] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  781.686328][T15321] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  782.194031][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  782.201201][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  782.354787][ T5841] Bluetooth: hci5: command tx timeout
[  782.514656][T17300] chnl_net:caif_netlink_parms(): no params data found
[  782.597957][T15321] bond_slave_0: left promiscuous mode
[  782.606297][T15321] bond_slave_1: left promiscuous mode
[  782.619941][T15321] dummy0: left promiscuous mode
[  783.234504][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  783.241795][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  783.420698][T15321] dvmrp0 (unregistering): left allmulticast mode
[  784.018639][T15321] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  784.031523][T15321] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  784.045532][T15321] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  784.060690][T15321] bond0 (unregistering): Released all slaves
[  784.279858][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  784.287071][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  784.297038][T15321] bond1 (unregistering): Released all slaves
[  784.436614][ T5841] Bluetooth: hci0: command 0x0406 tx timeout
[  784.437046][ T5148] Bluetooth: hci5: command tx timeout
[  784.501258][T15321] bond2 (unregistering): Released all slaves
[  784.648579][ T5837] usb 7-1: new high-speed USB device number 71 using dummy_hcd
[  784.673032][T15321] : left promiscuous mode
[  784.844502][ T5837] usb 7-1: Using ep0 maxpacket: 32
[  784.919044][T17300] bridge0: port 1(bridge_slave_0) entered blocking state
[  784.928064][T17300] bridge0: port 1(bridge_slave_0) entered disabled state
[  784.937427][ T5837] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  784.952501][T17300] bridge_slave_0: entered allmulticast mode
[  785.036297][T17300] bridge_slave_0: entered promiscuous mode
[  785.043944][T15321] tipc: Left network mode
[  785.049177][T17300] bridge0: port 2(bridge_slave_1) entered blocking state
[  785.056657][T17300] bridge0: port 2(bridge_slave_1) entered disabled state
[  785.063996][T17300] bridge_slave_1: entered allmulticast mode
[  785.071807][T17300] bridge_slave_1: entered promiscuous mode
[  785.198475][T17300] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  785.314434][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  785.321540][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  785.370444][ T5837] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  785.419174][ T5837] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  785.448904][T17300] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  785.453883][ T5837] usb 7-1: Product: syz
[  785.489908][ T5837] usb 7-1: Manufacturer: syz
[  785.542945][ T5837] usb 7-1: SerialNumber: syz
[  785.573776][ T5837] usb 7-1: config 0 descriptor??
[  785.746162][T17300] team0: Port device team_slave_0 added
[  785.774381][T17300] team0: Port device team_slave_1 added
[  785.841947][  T981] usb 7-1: USB disconnect, device number 71
[  786.028523][T17300] batman_adv: batadv0: Adding interface: batadv_slave_0
[  786.047798][T17300] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  786.086018][T17300] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  786.099080][T17300] batman_adv: batadv0: Adding interface: batadv_slave_1
[  786.107208][T17300] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  786.150833][T17300] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  786.183218][T17424] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  786.189891][T17424] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  786.198423][T17424] vhci_hcd vhci_hcd.0: Device attached
[  786.347207][T17424] fuse: Bad value for 'fd'
[  786.354017][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  786.361119][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  786.515504][ T5837] usb 36-1: SetAddress Request (2) to port 0
[  786.519646][ T5148] Bluetooth: hci5: command tx timeout
[  786.527404][ T5837] usb 36-1: new SuperSpeed USB device number 2 using vhci_hcd
[  786.608400][T17425] vhci_hcd: connection reset by peer
[  786.618761][   T50] vhci_hcd: stop threads
[  786.623061][   T50] vhci_hcd: release socket
[  786.631207][   T50] vhci_hcd: disconnect device
[  786.675286][T17300] hsr_slave_0: entered promiscuous mode
[  786.689915][T17418] ebtables: wrong size: *len 264, entries_size 144, replsz 144
[  786.700628][T17300] hsr_slave_1: entered promiscuous mode
[  786.720969][T17300] debugfs: 'hsr0' already exists in 'hsr'
[  786.738767][T17300] Cannot create hsr debugfs directory
[  787.118613][T17441] netlink: 'syz.5.2871': attribute type 10 has an invalid length.
[  787.394493][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  787.401597][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  787.614808][T15321] hsr_slave_0: left promiscuous mode
[  787.648075][T15321] hsr_slave_1: left promiscuous mode
[  787.665529][T15321] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  787.694095][T15321] batman_adv: batadv0: Removing interface: batadv_slave_0
[  787.739128][T15321] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  787.779045][T15321] batman_adv: batadv0: Removing interface: batadv_slave_1
[  788.232559][T15321] veth1_macvtap: left promiscuous mode
[  788.244258][T15321] veth0_macvtap: left promiscuous mode
[  788.434020][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  788.441223][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  788.597113][ T5148] Bluetooth: hci5: command tx timeout
[  789.027161][T15321] hsr0 (unregistering): left allmulticast mode
[  789.470891][T15321] team_slave_1 (unregistering): left promiscuous mode
[  789.478197][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  789.478337][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  789.495407][T15321] team0 (unregistering): Port device team_slave_1 removed
[  789.573404][T15321] team_slave_0 (unregistering): left promiscuous mode
[  789.593613][T15321] team0 (unregistering): Port device team_slave_0 removed
[  790.462700][T17480] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2879'.
[  790.514026][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  790.521154][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  790.963214][T15321] IPVS: stop unused estimator thread 0...
[  791.164238][ T5921] usb 7-1: new high-speed USB device number 72 using dummy_hcd
[  791.438673][T17300] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  791.475987][ T5921] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  791.490941][ T5921] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  791.491461][T17300] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  791.509607][ T5921] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  791.534788][ T5921] usb 7-1: config 0 descriptor??
[  791.554333][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  791.561484][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  791.594143][T17300] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  791.625440][ T5921] pwc: Askey VC010 type 2 USB webcam detected.
[  791.628644][T17300] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  791.644007][ T5837] usb 36-1: device descriptor read/8, error -110
[  791.912075][T17300] 8021q: adding VLAN 0 to HW filter on device bond0
[  792.075406][ T5837] usb usb36-port1: attempt power cycle
[  792.117774][T17300] 8021q: adding VLAN 0 to HW filter on device team0
[  792.231996][ T1090] bridge0: port 1(bridge_slave_0) entered blocking state
[  792.239264][ T1090] bridge0: port 1(bridge_slave_0) entered forwarding state
[  792.451165][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state
[  792.458427][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state
[  792.594091][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  792.601292][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  792.716041][ T5837] usb usb36-port1: unable to enumerate USB device
[  792.888681][T17300] 8021q: adding VLAN 0 to HW filter on device batadv0
[  793.015726][T17535] syzkaller0: entered promiscuous mode
[  793.021446][T17535] syzkaller0: entered allmulticast mode
[  793.148320][T17300] veth0_vlan: entered promiscuous mode
[  793.242256][T17539] fuse: Unknown parameter '00000000000000000000'
[  793.383410][T17300] veth1_vlan: entered promiscuous mode
[  793.582919][T17300] veth0_macvtap: entered promiscuous mode
[  793.634596][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  793.641756][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  793.655274][T17300] veth1_macvtap: entered promiscuous mode
[  793.759476][T17300] batman_adv: batadv0: Interface activated: batadv_slave_0
[  793.795709][T17300] batman_adv: batadv0: Interface activated: batadv_slave_1
[  793.838629][T15321] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  793.887668][T15321] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  793.935217][T15321] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  793.965366][ T1105] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  794.325790][T15321] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  794.369950][T15321] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  794.528446][ T9101] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  794.554837][ T9101] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  794.674120][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  794.681278][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  795.325102][ T5943] usb 6-1: new high-speed USB device number 72 using dummy_hcd
[  795.513945][ T5943] usb 6-1: Using ep0 maxpacket: 8
[  795.525860][ T5943] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  795.525894][ T5943] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  795.525948][ T5943] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  795.525983][ T5943] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  795.526030][ T5943] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  795.526057][ T5943] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  795.717335][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  795.717535][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  795.737380][ T5943] usb 6-1: GET_CAPABILITIES returned 0
[  795.737461][ T5943] usbtmc 6-1:16.0: can't read capabilities
[  795.945104][    C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  795.948170][   T43] usb 6-1: USB disconnect, device number 72
[  796.001286][ T5921] pwc: recv_control_msg error -71 req 02 val 2b00
[  796.002892][ T5921] pwc: recv_control_msg error -71 req 02 val 2700
[  796.005317][ T5921] pwc: recv_control_msg error -71 req 02 val 2c00
[  796.008438][ T5921] pwc: recv_control_msg error -71 req 04 val 1000
[  796.010476][ T5921] pwc: recv_control_msg error -71 req 04 val 1300
[  796.012287][ T5921] pwc: recv_control_msg error -71 req 04 val 1400
[  796.013446][ T5921] pwc: recv_control_msg error -71 req 02 val 2000
[  796.023345][ T5921] pwc: recv_control_msg error -71 req 02 val 2100
[  796.026418][ T5921] pwc: recv_control_msg error -71 req 04 val 1500
[  796.028631][ T5921] pwc: recv_control_msg error -71 req 02 val 2500
[  796.029388][ T5921] pwc: recv_control_msg error -71 req 02 val 2400
[  796.032209][ T5921] pwc: recv_control_msg error -71 req 02 val 2600
[  796.035323][ T5921] pwc: recv_control_msg error -71 req 02 val 2900
[  796.036713][ T5841] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  796.040725][ T5921] pwc: recv_control_msg error -71 req 02 val 2800
[  796.047353][ T5921] pwc: recv_control_msg error -71 req 04 val 1100
[  796.054583][ T5921] pwc: recv_control_msg error -71 req 04 val 1200
[  796.058712][ T5841] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  796.060178][ T5841] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  796.068340][ T5841] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  796.070260][ T5841] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  796.082075][ T5921] pwc: Registered as video103.
[  796.084723][ T5921] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input60
[  796.508215][ T5921] usb 7-1: USB disconnect, device number 72
[  796.754164][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  796.761390][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  796.823577][T17610] warn_alloc: 1 callbacks suppressed
[  796.823593][T17610] syz.3.2907: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  796.848075][T17610] CPU: 1 UID: 0 PID: 17610 Comm: syz.3.2907 Not tainted syzkaller #0 PREEMPT(full) 
[  796.848104][T17610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  796.848118][T17610] Call Trace:
[  796.848127][T17610]  <TASK>
[  796.848137][T17610]  dump_stack_lvl+0x189/0x250
[  796.848176][T17610]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  796.848209][T17610]  ? __pfx_dump_stack_lvl+0x10/0x10
[  796.848232][T17610]  ? __pfx__printk+0x10/0x10
[  796.848249][T17610]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  796.848271][T17610]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  796.848299][T17610]  warn_alloc+0x214/0x310
[  796.848324][T17610]  ? stack_depot_save_flags+0x40/0x860
[  796.848352][T17610]  ? __pfx_warn_alloc+0x10/0x10
[  796.848377][T17610]  ? kasan_save_track+0x3e/0x80
[  796.848398][T17610]  ? __kasan_kmalloc+0x93/0xb0
[  796.848422][T17610]  ? xsk_setsockopt+0x57b/0x8d0
[  796.848438][T17610]  ? do_sock_setsockopt+0x17c/0x1b0
[  796.848452][T17610]  ? __ia32_sys_setsockopt+0x13f/0x1b0
[  796.848466][T17610]  ? __do_fast_syscall_32+0xb6/0x2b0
[  796.848487][T17610]  ? do_fast_syscall_32+0x34/0x80
[  796.848508][T17610]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  796.848534][T17610]  __vmalloc_node_range_noprof+0x125/0x12d0
[  796.848581][T17610]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  796.848607][T17610]  ? __kasan_kmalloc+0x93/0xb0
[  796.848635][T17610]  vmalloc_user_noprof+0xad/0xf0
[  796.848658][T17610]  ? xskq_create+0xbf/0x170
[  796.848677][T17610]  xskq_create+0xbf/0x170
[  796.848698][T17610]  xsk_init_queue+0xb0/0x110
[  796.848718][T17610]  xsk_setsockopt+0x57b/0x8d0
[  796.848738][T17610]  ? __pfx_xsk_setsockopt+0x10/0x10
[  796.848783][T17610]  ? __pfx_aa_sk_perm+0x10/0x10
[  796.848808][T17610]  ? __fget_files+0x2a/0x420
[  796.848821][T17610]  ? aa_sock_opt_perm+0xff/0x1b0
[  796.848848][T17610]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  796.848865][T17610]  ? __pfx_xsk_setsockopt+0x10/0x10
[  796.848883][T17610]  do_sock_setsockopt+0x17c/0x1b0
[  796.848902][T17610]  __ia32_sys_setsockopt+0x13f/0x1b0
[  796.848921][T17610]  __do_fast_syscall_32+0xb6/0x2b0
[  796.848949][T17610]  do_fast_syscall_32+0x34/0x80
[  796.848971][T17610]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  796.848989][T17610] RIP: 0023:0xf7fa5539
[  796.849010][T17610] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  796.849024][T17610] RSP: 002b:00000000f547555c EFLAGS: 00000206 ORIG_RAX: 000000000000016e
[  796.849042][T17610] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000000011b
[  796.849053][T17610] RDX: 0000000000000002 RSI: 0000000080000900 RDI: 0000000000000004
[  796.849063][T17610] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  796.849073][T17610] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  796.849082][T17610] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  796.849106][T17610]  </TASK>
[  796.849113][T17610] Mem-Info:
[  797.234197][T17610] active_anon:11521 inactive_anon:0 isolated_anon:0
[  797.234197][T17610]  active_file:18457 inactive_file:40192 isolated_file:0
[  797.234197][T17610]  unevictable:1792 dirty:34 writeback:0
[  797.234197][T17610]  slab_reclaimable:11295 slab_unreclaimable:99701
[  797.234197][T17610]  mapped:30545 shmem:7459 pagetables:1495
[  797.234197][T17610]  sec_pagetables:0 bounce:0
[  797.234197][T17610]  kernel_misc_reclaimable:0
[  797.234197][T17610]  free:1278324 free_pcp:22535 free_cma:0
[  797.287448][T17610] Node 0 active_anon:46184kB inactive_anon:0kB active_file:73784kB inactive_file:160560kB unevictable:5632kB isolated(anon):0kB isolated(file):0kB mapped:122144kB dirty:136kB writeback:0kB shmem:28300kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12648kB pagetables:5740kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  797.370215][T17610] Node 1 active_anon:0kB inactive_anon:0kB active_file:44kB inactive_file:208kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:36kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  797.400368][    C0] vkms_vblank_simulate: vblank timer overrun
[  797.447807][T15321] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  797.460644][T17610] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  797.491793][T17610] lowmem_reserve[]: 0 2505 2505 2505 2505
[  797.513741][T17610] Node 0 DMA32 free:1217184kB boost:0kB min:34308kB low:42884kB high:51460kB reserved_highatomic:0KB free_highatomic:0KB active_anon:46084kB inactive_anon:0kB active_file:73784kB inactive_file:160560kB unevictable:5632kB writepending:136kB zspages:0kB present:3129332kB managed:2565192kB mlocked:0kB bounce:0kB free_pcp:57384kB local_pcp:21172kB free_cma:0kB
[  797.605948][T17610] lowmem_reserve[]: 0 0 0 0 0
[  797.611861][T17610] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  797.686723][T17610] lowmem_reserve[]: 0 0 0 0 0
[  797.712886][T17610] Node 1 Normal free:3880752kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:44kB inactive_file:208kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:32080kB local_pcp:14864kB free_cma:0kB
[  797.770269][T17610] lowmem_reserve[]: 0 0 0 0 0
[  797.795178][T17610] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  797.819718][T17610] Node 0 DMA32: 2112*4kB (UME) 526*8kB (UME) 105*16kB (UME) 91*32kB (UME) 140*64kB (UM) 57*128kB (UM) 44*256kB (UM) 33*512kB (UM) 12*1024kB (UME) 2*2048kB (ME) 278*4096kB (UM) = 1216736kB
[  797.943185][T17610] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  797.955983][T17610] Node 1 Normal: 182*4kB (UME) 57*8kB (UME) 35*16kB (UE) 181*32kB (UME) 53*64kB (UME) 9*128kB (UME) 6*256kB (UME) 3*512kB (UME) 1*1024kB (M) 1*2048kB (E) 943*4096kB (M) = 3880752kB
[  797.974652][T17610] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  797.987368][T17610] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=2 hugepages_size=2048kB
[  798.000887][T15321] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  798.014196][T17610] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  798.099678][T17610] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  798.115279][ T5841] Bluetooth: hci3: command tx timeout
[  798.284311][T17610] 66947 total pagecache pages
[  798.323541][T17610] 0 pages in swap cache
[  798.350581][T17610] Free swap  = 124996kB
[  798.380835][T17610] Total swap = 124996kB
[  798.405021][T17610] 2097051 pages RAM
[  798.408893][T17610] 0 pages HighMem/MovableOnly
[  798.458753][T17610] 424111 pages reserved
[  798.474107][T17610] 0 pages cma reserved
[  798.617842][T15321] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  798.639467][   T30] audit: type=1326 audit(1761206417.154:1266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17648 comm="syz.6.2919" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d539 code=0x7ffc0000
[  798.661683][    C0] vkms_vblank_simulate: vblank timer overrun
[  798.708959][   T30] audit: type=1326 audit(1761206417.184:1267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17648 comm="syz.6.2919" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d539 code=0x7ffc0000
[  798.771303][   T30] audit: type=1326 audit(1761206417.184:1268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17648 comm="syz.6.2919" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d539 code=0x7ffc0000
[  798.846263][   T30] audit: type=1326 audit(1761206417.184:1269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17648 comm="syz.6.2919" exe="/root/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf709d539 code=0x7ffc0000
[  798.852089][T17658] input: syz1 as /devices/virtual/input/input61
[  798.868729][   T30] audit: type=1326 audit(1761206417.184:1270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17648 comm="syz.6.2919" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d539 code=0x7ffc0000
[  798.897926][   T30] audit: type=1326 audit(1761206417.184:1271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17648 comm="syz.6.2919" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d539 code=0x7ffc0000
[  798.934111][   T30] audit: type=1326 audit(1761206417.184:1272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17648 comm="syz.6.2919" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d539 code=0x7ffc0000
[  798.934171][   T30] audit: type=1326 audit(1761206417.184:1273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17648 comm="syz.6.2919" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d539 code=0x7ffc0000
[  798.934223][   T30] audit: type=1326 audit(1761206417.184:1274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17648 comm="syz.6.2919" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf709d539 code=0x7ffc0000
[  798.934270][   T30] audit: type=1326 audit(1761206417.184:1275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17648 comm="syz.6.2919" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d539 code=0x7ffc0000
[  798.985746][T15321] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  799.042042][ T5921] usb 4-1: new high-speed USB device number 92 using dummy_hcd
[  799.193957][ T5921] usb 4-1: Using ep0 maxpacket: 8
[  799.222281][ T5921] usb 4-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  799.244076][ T5921] usb 4-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  799.294419][ T5921] usb 4-1: config 0 interface 0 has no altsetting 0
[  799.301126][ T5921] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  799.356533][ T5921] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  799.412837][T17599] chnl_net:caif_netlink_parms(): no params data found
[  799.455826][ T5921] usb 4-1: config 0 descriptor??
[  799.840540][T15321] bond2: left allmulticast mode
[  799.868462][T15321] bridge0: port 1(bond2) entered disabled state
[  799.958232][ T5921] mcp2221 0003:04D8:00DD.0035: unknown main item tag 0x0
[  799.997433][ T5921] mcp2221 0003:04D8:00DD.0035: unknown main item tag 0x0
[  800.040195][ T5921] mcp2221 0003:04D8:00DD.0035: unknown main item tag 0x0
[  800.072547][ T5921] mcp2221 0003:04D8:00DD.0035: unknown main item tag 0x0
[  800.130677][ T5921] mcp2221 0003:04D8:00DD.0035: unknown main item tag 0x0
[  800.161706][ T5921] mcp2221 0003:04D8:00DD.0035: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0
[  800.194482][ T5841] Bluetooth: hci3: command tx timeout
[  800.939046][T15321] bond3 (unregistering): (slave gretap1): Releasing active interface
[  801.165546][T15321] dvmrp0 (unregistering): left allmulticast mode
[  801.590866][T17503] usb 4-1: reset high-speed USB device number 92 using dummy_hcd
[  801.897925][ T5841] Bluetooth: hci5: Malformed Event: 0x13
[  802.273952][ T5841] Bluetooth: hci3: command tx timeout
[  802.378080][T15321] bond1 (unregistering): Released all slaves
[  802.575241][ T5921] usb 4-1: USB disconnect, device number 92
[  802.613678][T15321] bond2 (unregistering): Released all slaves
[  802.806397][T15321] bond3 (unregistering): Released all slaves
[  802.871965][T17734] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2932'.
[  803.007374][T17687] syzkaller0: entered promiscuous mode
[  803.013762][T17687] syzkaller0: entered allmulticast mode
[  803.049178][T17706] bridge2: entered promiscuous mode
[  803.055944][T17706] bridge2: entered allmulticast mode
[  804.354979][ T5841] Bluetooth: hci3: command tx timeout
[  805.058311][T17734] bridge_slave_1: left allmulticast mode
[  805.064397][T17734] bridge_slave_1: left promiscuous mode
[  805.070317][T17734] bridge0: port 2(bridge_slave_1) entered disabled state
[  805.081088][T17734] bridge_slave_0: left allmulticast mode
[  805.087888][T17734] bridge_slave_0: left promiscuous mode
[  805.093896][T17734] bridge0: port 1(bridge_slave_0) entered disabled state
[  805.219355][T15321] tipc: Disabling bearer <udp:syz2>
[  805.233126][T15321] tipc: Disabling bearer <eth:batadv0>
[  805.242167][T15321] tipc: Left network mode
[  805.274119][T17599] bridge0: port 1(bridge_slave_0) entered blocking state
[  805.281335][T17599] bridge0: port 1(bridge_slave_0) entered disabled state
[  805.324162][T17599] bridge_slave_0: entered allmulticast mode
[  805.333033][T17599] bridge_slave_0: entered promiscuous mode
[  805.369621][T17599] bridge0: port 2(bridge_slave_1) entered blocking state
[  805.389595][T17599] bridge0: port 2(bridge_slave_1) entered disabled state
[  805.401423][T15321] IPVS: stopping backup sync thread 10523 ...
[  805.414082][T17599] bridge_slave_1: entered allmulticast mode
[  805.426635][T17599] bridge_slave_1: entered promiscuous mode
[  805.919552][T17599] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  806.056800][T17599] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  806.453306][T15321] hsr_slave_0: left promiscuous mode
[  806.677602][T15321] hsr_slave_1: left promiscuous mode
[  806.918490][T15321] veth1_macvtap: left promiscuous mode
[  806.946214][T15321] veth0_macvtap: left promiscuous mode
[  808.652833][T17806] netlink: 'syz.0.2951': attribute type 12 has an invalid length.
[  808.768250][T17599] team0: Port device team_slave_0 added
[  808.820937][T17599] team0: Port device team_slave_1 added
[  809.112865][T17599] batman_adv: batadv0: Adding interface: batadv_slave_0
[  809.167561][T17599] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  809.445122][T17599] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  809.486678][T17599] batman_adv: batadv0: Adding interface: batadv_slave_1
[  809.504008][T17599] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  809.686834][T17599] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  809.899609][T15321] IPVS: stop unused estimator thread 0...
[  809.955676][T17599] hsr_slave_0: entered promiscuous mode
[  809.976582][T17599] hsr_slave_1: entered promiscuous mode
[  810.005450][T17599] debugfs: 'hsr0' already exists in 'hsr'
[  810.011345][T17599] Cannot create hsr debugfs directory
[  810.156394][ T5905] usb 7-1: new high-speed USB device number 73 using dummy_hcd
[  810.305140][   T30] kauditd_printk_skb: 35 callbacks suppressed
[  810.305162][   T30] audit: type=1326 audit(1761206428.814:1311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17848 comm="syz.0.2964" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70cd539 code=0x0
[  810.373886][ T5905] usb 7-1: Using ep0 maxpacket: 8
[  810.395467][ T5905] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  810.465688][ T5905] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  810.485493][   T43] usb 4-1: new high-speed USB device number 93 using dummy_hcd
[  810.488814][ T5905] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  810.570050][T17858] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  810.576640][T17858] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  810.594213][ T5905] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  810.643869][T17858] vhci_hcd vhci_hcd.0: Device attached
[  810.658474][ T5905] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  810.743222][ T5905] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  810.780309][   T43] usb 4-1: Using ep0 maxpacket: 8
[  810.828828][   T43] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  810.894210][ T5921] usb 33-1: new high-speed USB device number 3 using vhci_hcd
[  810.913635][T17865] syz.5.2967: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  810.928955][   T43] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  810.939589][   T43] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  810.949700][   T43] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  810.960049][   T43] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  810.973397][   T43] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  810.982820][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  810.990460][ T5905] usb 7-1: GET_CAPABILITIES returned 0
[  810.995086][T17865] CPU: 1 UID: 0 PID: 17865 Comm: syz.5.2967 Not tainted syzkaller #0 PREEMPT(full) 
[  810.995124][T17865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  810.995149][T17865] Call Trace:
[  810.995161][T17865]  <TASK>
[  810.995172][T17865]  dump_stack_lvl+0x189/0x250
[  810.995221][T17865]  ? __pfx_dump_stack_lvl+0x10/0x10
[  810.995258][T17865]  ? __pfx__printk+0x10/0x10
[  810.995288][T17865]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  810.995324][T17865]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  810.995363][T17865]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  810.995403][T17865]  warn_alloc+0x214/0x310
[  810.995443][T17865]  ? stack_depot_save_flags+0x40/0x860
[  810.995498][T17865]  ? __pfx_warn_alloc+0x10/0x10
[  810.995538][T17865]  ? kasan_save_track+0x3e/0x80
[  810.995573][T17865]  ? __kasan_kmalloc+0x93/0xb0
[  810.995614][T17865]  ? xsk_setsockopt+0x4dc/0x8d0
[  810.995642][T17865]  ? do_sock_setsockopt+0x17c/0x1b0
[  810.995664][T17865]  ? __ia32_sys_setsockopt+0x13f/0x1b0
[  810.995688][T17865]  ? __do_fast_syscall_32+0xb6/0x2b0
[  810.995721][T17865]  ? do_fast_syscall_32+0x34/0x80
[  810.995753][T17865]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  810.995796][T17865]  __vmalloc_node_range_noprof+0x125/0x12d0
[  810.995869][T17865]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  810.995911][T17865]  ? __kasan_kmalloc+0x93/0xb0
[  810.995957][T17865]  vmalloc_user_noprof+0xad/0xf0
[  810.995996][T17865]  ? xskq_create+0xbf/0x170
[  810.996040][T17865]  xskq_create+0xbf/0x170
[  810.996076][T17865]  xsk_init_queue+0xb0/0x110
[  810.996108][T17865]  xsk_setsockopt+0x4dc/0x8d0
[  810.996141][T17865]  ? __pfx_xsk_setsockopt+0x10/0x10
[  810.996170][T17865]  ? __pfx_aa_sk_perm+0x10/0x10
[  810.996212][T17865]  ? aa_sock_opt_perm+0xff/0x1b0
[  810.996253][T17865]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  810.996279][T17865]  ? __pfx_xsk_setsockopt+0x10/0x10
[  810.996309][T17865]  do_sock_setsockopt+0x17c/0x1b0
[  810.996336][T17865]  __ia32_sys_setsockopt+0x13f/0x1b0
[  810.996362][T17865]  __do_fast_syscall_32+0xb6/0x2b0
[  810.996401][T17865]  do_fast_syscall_32+0x34/0x80
[  810.996432][T17865]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  810.996458][T17865] RIP: 0023:0xf7ff7539
[  810.996486][T17865] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  810.996505][T17865] RSP: 002b:00000000f54e655c EFLAGS: 00000206 ORIG_RAX: 000000000000016e
[  810.996533][T17865] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000011b
[  810.996550][T17865] RDX: 0000000000000006 RSI: 0000000080000000 RDI: 0000000000000004
[  810.996568][T17865] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  810.996585][T17865] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  810.996602][T17865] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  810.996643][T17865]  </TASK>
[  810.996714][T17865] Mem-Info:
[  811.302758][ T5905] usbtmc 7-1:16.0: can't read capabilities
[  811.309880][T17865] active_anon:11643 inactive_anon:0 isolated_anon:0
[  811.309880][T17865]  active_file:18457 inactive_file:40198 isolated_file:0
[  811.309880][T17865]  unevictable:1792 dirty:45 writeback:0
[  811.309880][T17865]  slab_reclaimable:11202 slab_unreclaimable:98957
[  811.309880][T17865]  mapped:31580 shmem:7463 pagetables:1552
[  811.309880][T17865]  sec_pagetables:0 bounce:0
[  811.309880][T17865]  kernel_misc_reclaimable:0
[  811.309880][T17865]  free:1284456 free_pcp:18474 free_cma:0
[  811.386020][T17865] Node 0 active_anon:46172kB inactive_anon:0kB active_file:73784kB inactive_file:160584kB unevictable:5632kB isolated(anon):0kB isolated(file):0kB mapped:126176kB dirty:180kB writeback:0kB shmem:28316kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12500kB pagetables:6068kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  811.422506][T17865] Node 1 active_anon:0kB inactive_anon:0kB active_file:44kB inactive_file:208kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:44kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  811.454778][T17865] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  811.486137][T17865] lowmem_reserve[]: 0 2505 2505 2505 2505
[  811.492330][T17865] Node 0 DMA32 free:1241968kB boost:0kB min:34308kB low:42884kB high:51460kB reserved_highatomic:0KB free_highatomic:0KB active_anon:46172kB inactive_anon:0kB active_file:73784kB inactive_file:160584kB unevictable:5632kB writepending:180kB zspages:0kB present:3129332kB managed:2565192kB mlocked:0kB bounce:0kB free_pcp:42240kB local_pcp:21192kB free_cma:0kB
[  811.502909][ T5905] usb 7-1: USB disconnect, device number 73
[  811.536411][T17865] lowmem_reserve[]: 0 0 0 0 0
[  811.541288][T17865] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  811.574065][T17865] lowmem_reserve[]: 0 0 0 0 0
[  811.579155][T17865] Node 1 Normal free:3880752kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:44kB inactive_file:208kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:32112kB local_pcp:14864kB free_cma:0kB
[  811.612148][T17865] lowmem_reserve[]: 0 0 0 0 0
[  811.617096][T17865] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  811.630129][T17865] Node 0 DMA32: 2306*4kB (UME) 602*8kB (UME) 193*16kB (UME) 344*32kB (UME) 66*64kB (UME) 85*128kB (UM) 67*256kB (UM) 38*512kB (UM) 15*1024kB (UME) 4*2048kB (UME) 278*4096kB (UM) = 1242088kB
[  811.649547][T17865] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  811.661559][T17865] Node 1 Normal: 182*4kB (UME) 57*8kB (UME) 35*16kB (UE) 181*32kB (UME) 53*64kB (UME) 9*128kB (UME) 6*256kB (UME) 3*512kB (UME) 1*1024kB (M) 1*2048kB (E) 943*4096kB (M) = 3880752kB
[  811.682889][T17865] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  811.693109][T17865] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=2 hugepages_size=2048kB
[  811.702726][T17865] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  811.712564][T17865] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  811.722526][T17865] 66114 total pagecache pages
[  811.727700][T17865] 0 pages in swap cache
[  811.732093][T17865] Free swap  = 124996kB
[  811.747995][T17865] Total swap = 124996kB
[  811.752303][T17865] 2097051 pages RAM
[  811.756594][T17865] 0 pages HighMem/MovableOnly
[  811.761459][T17865] 424111 pages reserved
[  811.766047][T17865] 0 pages cma reserved
[  811.877106][T17860] vhci_hcd: connection reset by peer
[  811.916724][   T50] vhci_hcd: stop threads
[  811.921060][   T50] vhci_hcd: release socket
[  811.928306][T17873] usbtmc 4-1:16.0: simple control status returned 3e
[  811.939594][   T50] vhci_hcd: disconnect device
[  812.130949][ T5943] usb 4-1: USB disconnect, device number 93
[  812.272706][T17599] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  812.344019][T17599] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  812.360617][T17599] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  812.397927][T17599] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  812.822102][T17599] 8021q: adding VLAN 0 to HW filter on device bond0
[  812.892817][T17599] 8021q: adding VLAN 0 to HW filter on device team0
[  812.909012][T17903] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  812.934541][T17905] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2973'.
[  812.955164][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  812.962378][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  812.970747][T17905] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2973'.
[  813.026890][T17905] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2973'.
[  813.052151][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  813.059466][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  813.133946][T17905] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2973'.
[  813.432811][T17599] 8021q: adding VLAN 0 to HW filter on device batadv0
[  813.601534][T17599] veth0_vlan: entered promiscuous mode
[  813.637861][T17599] veth1_vlan: entered promiscuous mode
[  813.798697][T17599] veth0_macvtap: entered promiscuous mode
[  813.845708][T17599] veth1_macvtap: entered promiscuous mode
[  813.928019][T17599] batman_adv: batadv0: Interface activated: batadv_slave_0
[  813.961450][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  813.970875][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  813.993772][T17599] batman_adv: batadv0: Interface activated: batadv_slave_1
[  814.088945][   T50] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  814.104919][   T50] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  814.136003][   T50] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  814.181675][   T50] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  814.427617][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  814.468597][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  814.562515][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  814.589036][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  815.218245][T17956] netlink: 'syz.0.2989': attribute type 1 has an invalid length.
[  815.375044][   T30] audit: type=1326 audit(1761206433.894:1312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17958 comm="syz.1.2990" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x0
[  815.396647][    C0] vkms_vblank_simulate: vblank timer overrun
[  815.994840][T17969] : renamed from veth0_vlan
[  816.024841][ T5921] vhci_hcd: vhci_device speed not set
[  816.864085][   T43] usb 2-1: new high-speed USB device number 97 using dummy_hcd
[  816.913931][T17503] usb 4-1: new high-speed USB device number 94 using dummy_hcd
[  817.029290][   T43] usb 2-1: Using ep0 maxpacket: 32
[  817.059428][   T43] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  817.074495][T17503] usb 4-1: too many configurations: 9, using maximum allowed: 8
[  817.102682][   T43] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  817.134094][T17503] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  817.143176][   T43] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  817.163973][T17503] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  817.191318][   T43] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  817.220971][T17503] usb 4-1: config 0 interface 0 has no altsetting 0
[  817.244042][   T43] usb 2-1: config 0 interface 0 has no altsetting 0
[  817.251381][T17990] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3004'.
[  817.253938][T17503] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  817.300444][   T43] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  817.338684][T17503] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  817.360755][   T43] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  817.396439][   T43] usb 2-1: Product: syz
[  817.405124][T17503] usb 4-1: config 0 interface 0 has no altsetting 0
[  817.422099][   T43] usb 2-1: Manufacturer: syz
[  817.439333][   T43] usb 2-1: SerialNumber: syz
[  817.446590][T17503] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  817.469049][T17503] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  817.490011][   T43] usb 2-1: config 0 descriptor??
[  817.500675][   T43] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  817.515356][T17503] usb 4-1: config 0 interface 0 has no altsetting 0
[  817.535757][T17503] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  817.554165][   T43] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  817.563277][T17503] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  817.622511][T17503] usb 4-1: config 0 interface 0 has no altsetting 0
[  817.784353][T17503] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  817.805854][T17981] ldusb 2-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71
[  817.815302][   T43] usb 2-1: USB disconnect, device number 97
[  817.821295][    C1] ldusb 2-1:0.0: usb_submit_urb failed (-19)
[  817.851793][T17503] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  817.913060][T17503] usb 4-1: config 0 interface 0 has no altsetting 0
[  817.933025][   T43] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[  817.950086][T17503] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  818.015236][T17503] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  818.067630][T17503] usb 4-1: config 0 interface 0 has no altsetting 0
[  818.110596][T17503] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  818.165140][T17503] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  818.216671][ T5148] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  818.227468][ T5148] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  818.236072][ T5148] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  818.245303][ T5148] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  818.253051][ T5148] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  818.303939][T17503] usb 4-1: config 0 interface 0 has no altsetting 0
[  818.356466][T17503] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  818.443983][T17503] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  818.476530][T17503] usb 4-1: config 0 interface 0 has no altsetting 0
[  818.537659][T17503] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  818.586028][T17503] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  818.606918][T17503] usb 4-1: Product: syz
[  818.611151][T17503] usb 4-1: Manufacturer: syz
[  818.629539][T17503] usb 4-1: SerialNumber: syz
[  818.669372][T17503] usb 4-1: config 0 descriptor??
[  818.717176][T17503] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0
[  819.006557][    C1] usb 4-1: yurex_control_callback - control failed: -71
[  819.049845][T17503] usb 4-1: USB disconnect, device number 94
[  819.076080][T17503] yurex 4-1:0.0: USB YUREX #0 now disconnected
[  819.426572][T18021] netlink: 'syz.6.3013': attribute type 1 has an invalid length.
[  819.464167][    T9] usb 6-1: new high-speed USB device number 73 using dummy_hcd
[  819.626182][    T9] usb 6-1: Using ep0 maxpacket: 8
[  819.714890][    T9] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  819.736214][    T9] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  819.784266][    T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  819.796074][    T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  819.925249][T17997] chnl_net:caif_netlink_parms(): no params data found
[  819.932115][    T9] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  820.004547][    T9] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  820.013662][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  820.274647][ T5148] Bluetooth: hci2: command tx timeout
[  820.282511][    T9] usb 6-1: GET_CAPABILITIES returned 0
[  820.289565][    T9] usbtmc 6-1:16.0: can't read capabilities
[  820.564640][T17503] usb 6-1: USB disconnect, device number 73
[  821.219366][T17997] bridge0: port 1(bridge_slave_0) entered blocking state
[  821.246684][T17997] bridge0: port 1(bridge_slave_0) entered disabled state
[  821.287025][T17997] bridge_slave_0: entered allmulticast mode
[  821.312338][T17997] bridge_slave_0: entered promiscuous mode
[  821.404102][T17997] bridge0: port 2(bridge_slave_1) entered blocking state
[  821.432935][T17997] bridge0: port 2(bridge_slave_1) entered disabled state
[  821.458527][T17997] bridge_slave_1: entered allmulticast mode
[  821.476533][T17997] bridge_slave_1: entered promiscuous mode
[  821.628526][T17997] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  822.354955][ T5148] Bluetooth: hci2: command tx timeout
[  823.176722][   T50] bond0 (unregistering): Released all slaves
[  823.210722][   T50] bond1 (unregistering): Released all slaves
[  823.428486][   T50] bond2 (unregistering): Released all slaves
[  823.446578][   T50] bond3 (unregistering): Released all slaves
[  823.485660][T17997] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  823.506985][T18056] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3023'.
[  823.759527][   T50] tipc: Left network mode
[  823.768419][T17997] team0: Port device team_slave_0 added
[  823.802152][T17997] team0: Port device team_slave_1 added
[  824.094561][T18103] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3035'.
[  824.207267][T17997] batman_adv: batadv0: Adding interface: batadv_slave_0
[  824.303858][T17997] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  824.393205][T17997] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  824.437595][ T5148] Bluetooth: hci2: command tx timeout
[  824.596272][T17997] batman_adv: batadv0: Adding interface: batadv_slave_1
[  824.619447][T17997] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  824.713862][T17997] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  825.413991][T17997] hsr_slave_0: entered promiscuous mode
[  825.431103][T17997] hsr_slave_1: entered promiscuous mode
[  825.461324][T17997] debugfs: 'hsr0' already exists in 'hsr'
[  825.490798][T17997] Cannot create hsr debugfs directory
[  825.860295][T18137] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3047'.
[  826.517346][ T5148] Bluetooth: hci2: command tx timeout
[  826.948970][   T50] hsr_slave_0: left promiscuous mode
[  827.004228][   T50] hsr_slave_1: left promiscuous mode
[  827.605794][T18182] netlink: 300 bytes leftover after parsing attributes in process `syz.3.3060'.
[  827.782759][T18186] hub 8-0:1.0: USB hub found
[  827.790144][T18186] hub 8-0:1.0: 1 port detected
[  828.325098][T18193] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  828.331675][T18193] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  828.364323][T18193] vhci_hcd vhci_hcd.0: Device attached
[  828.624033][T17503] usb 43-1: new low-speed USB device number 4 using vhci_hcd
[  828.688104][T18194] vhci_hcd: connection reset by peer
[  828.703691][   T13] vhci_hcd: stop threads
[  828.714264][   T13] vhci_hcd: release socket
[  828.742967][   T13] vhci_hcd: disconnect device
[  829.781026][ T5943] usb 4-1: new high-speed USB device number 95 using dummy_hcd
[  829.948973][ T5943] usb 4-1: Using ep0 maxpacket: 8
[  829.984898][ T5943] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  830.007620][ T5943] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  830.049702][ T5943] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  830.076228][ T5943] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  830.089571][ T5943] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  830.098753][ T5943] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  830.168733][   T43] usb 7-1: new high-speed USB device number 74 using dummy_hcd
[  830.333955][   T43] usb 7-1: Using ep0 maxpacket: 8
[  830.341889][   T43] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  830.352129][   T43] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  830.362062][   T43] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  830.372634][   T43] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  830.385896][   T43] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  830.395103][   T43] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  830.470407][ T5943] usb 4-1: GET_CAPABILITIES returned 0
[  830.476830][ T5943] usbtmc 4-1:16.0: can't read capabilities
[  830.724658][   T43] usb 7-1: GET_CAPABILITIES returned 0
[  830.737860][   T43] usbtmc 7-1:16.0: can't read capabilities
[  830.814460][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  830.823593][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  830.832733][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  830.841870][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  830.851016][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  830.885245][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  830.894405][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  830.903548][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  830.912678][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  830.941610][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  830.950791][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  830.959888][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  830.969624][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  830.978778][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  830.987907][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  831.009007][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  831.019808][   T43] usb 4-1: USB disconnect, device number 95
[  831.035964][  T981] usb 7-1: USB disconnect, device number 74
[  831.155751][T18197] syzkaller1: entered promiscuous mode
[  831.162057][T18197] syzkaller1: entered allmulticast mode
[  831.892784][   T50] IPVS: stop unused estimator thread 0...
[  831.935529][   T30] audit: type=1326 audit(1761206450.454:1313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18235 comm="syz.5.3074" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7539 code=0x7ffc0000
[  832.133948][   T30] audit: type=1326 audit(1761206450.454:1314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18235 comm="syz.5.3074" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7539 code=0x7ffc0000
[  832.233976][   T30] audit: type=1326 audit(1761206450.474:1315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18235 comm="syz.5.3074" exe="/root/syz-executor" sig=0 arch=40000003 syscall=338 compat=1 ip=0xf7ff7539 code=0x7ffc0000
[  832.331749][T17997] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  832.363192][   T30] audit: type=1326 audit(1761206450.474:1316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18235 comm="syz.5.3074" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7539 code=0x7ffc0000
[  832.432941][T17997] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  832.458751][   T30] audit: type=1326 audit(1761206450.474:1317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18235 comm="syz.5.3074" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7539 code=0x7ffc0000
[  832.496519][T17997] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  832.511242][   T30] audit: type=1326 audit(1761206450.474:1318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18235 comm="syz.5.3074" exe="/root/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7ff7539 code=0x7ffc0000
[  832.545366][   T30] audit: type=1326 audit(1761206450.474:1319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18235 comm="syz.5.3074" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7539 code=0x7ffc0000
[  832.574390][T17997] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  832.582815][   T30] audit: type=1326 audit(1761206450.474:1320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18235 comm="syz.5.3074" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7539 code=0x7ffc0000
[  832.613087][   T30] audit: type=1326 audit(1761206450.474:1321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18235 comm="syz.5.3074" exe="/root/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf7ff7539 code=0x7ffc0000
[  832.635932][   T30] audit: type=1326 audit(1761206450.474:1322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18235 comm="syz.5.3074" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7539 code=0x7ffc0000
[  832.933755][T18254] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  832.980190][T18261] syzkaller0: entered promiscuous mode
[  832.990115][T18261] syzkaller0: entered allmulticast mode
[  833.372487][T18248] random: crng reseeded on system resumption
[  833.390675][T18254] tipc: Resetting bearer <eth:syzkaller0>
[  833.443716][T18252] tipc: Resetting bearer <eth:syzkaller0>
[  833.473302][T18252] tipc: Disabling bearer <eth:syzkaller0>
[  833.642578][T17997] 8021q: adding VLAN 0 to HW filter on device bond0
[  833.703973][T17503] vhci_hcd: vhci_device speed not set
[  833.761911][T17997] 8021q: adding VLAN 0 to HW filter on device team0
[  833.812967][   T50] bridge0: port 1(bridge_slave_0) entered blocking state
[  833.820145][   T50] bridge0: port 1(bridge_slave_0) entered forwarding state
[  833.858769][T18271] syz_tun: entered allmulticast mode
[  833.934235][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[  833.941442][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[  834.019695][T18269] syz_tun: left allmulticast mode
[  834.271499][T17997] 8021q: adding VLAN 0 to HW filter on device batadv0
[  834.477967][T17997] veth0_vlan: entered promiscuous mode
[  834.535823][T17997] veth1_vlan: entered promiscuous mode
[  834.631640][T17997] veth0_macvtap: entered promiscuous mode
[  834.675582][T17997] veth1_macvtap: entered promiscuous mode
[  834.747898][T17997] batman_adv: batadv0: Interface activated: batadv_slave_0
[  834.817796][T17997] batman_adv: batadv0: Interface activated: batadv_slave_1
[  834.948350][   T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  834.964492][   T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  835.014342][   T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  835.034316][   T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  835.463656][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  835.514248][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  835.708739][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  835.778638][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  836.017211][  T981] usb 4-1: new high-speed USB device number 96 using dummy_hcd
[  836.068411][T18311] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  836.075031][T18311] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  836.106418][T18311] vhci_hcd vhci_hcd.0: Device attached
[  836.279293][  T981] usb 4-1: Using ep0 maxpacket: 8
[  836.286860][  T981] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  836.295901][  T981] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  836.309092][  T981] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  836.321705][  T981] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  836.381694][T17503] usb 36-1: SetAddress Request (6) to port 0
[  836.393457][T18312] vhci_hcd: connection closed
[  836.394948][T17503] usb 36-1: new SuperSpeed USB device number 6 using vhci_hcd
[  836.399128][   T50] vhci_hcd: stop threads
[  836.420132][  T981] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  836.460796][   T50] vhci_hcd: release socket
[  836.504228][   T50] vhci_hcd: disconnect device
[  836.519417][  T981] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  836.570424][  T981] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  836.834204][  T981] usb 4-1: GET_CAPABILITIES returned 0
[  836.854398][  T981] usbtmc 4-1:16.0: can't read capabilities
[  837.126634][T18334] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  837.133221][T18334] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  837.147140][T18307] usbtmc 4-1:16.0: usb_control_msg returned -71
[  837.150076][ T5943] usb 4-1: USB disconnect, device number 96
[  837.282005][T18334] vhci_hcd vhci_hcd.0: Device attached
[  837.483491][T18335] vhci_hcd: connection closed
[  837.497086][ T1090] vhci_hcd: stop threads
[  837.547174][ T1090] vhci_hcd: release socket
[  837.565778][   T43] usb 34-1: SetAddress Request (7) to port 0
[  837.572076][ T1090] vhci_hcd: disconnect device
[  837.595753][   T43] usb 34-1: new SuperSpeed USB device number 7 using vhci_hcd
[  837.954352][   T43] usb 34-1: enqueue for inactive port 0
[  838.385876][   T43] usb usb34-port1: attempt power cycle
[  838.653898][T15798] usb 4-1: new high-speed USB device number 97 using dummy_hcd
[  838.916353][T15798] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  838.940179][T15798] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  838.986205][   T43] usb usb34-port1: unable to enumerate USB device
[  839.014917][T15798] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  839.045699][T15798] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  839.068302][T15798] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  839.099168][T15798] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  839.173399][T15798] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  839.194374][T15798] usb 4-1: Product: syz
[  839.202502][T15798] usb 4-1: Manufacturer: syz
[  839.247255][T15798] cdc_wdm 4-1:1.0: skipping garbage
[  839.253873][T15798] cdc_wdm 4-1:1.0: skipping garbage
[  839.267062][T15798] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  839.273098][T15798] cdc_wdm 4-1:1.0: Unknown control protocol
[  839.475719][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  839.482401][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  839.493891][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  839.500751][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  839.507272][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  839.513918][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  839.520289][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  839.526931][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  839.533250][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  839.539883][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  839.555770][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  839.562445][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  839.569684][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  839.576302][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  839.582637][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  839.589237][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  839.595537][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  839.602137][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  839.608394][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  839.614994][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  839.621500][T15798] usb 4-1: USB disconnect, device number 97
[  839.627447][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  839.826572][T18377] erspan0: entered promiscuous mode
[  839.831857][T18377] erspan0: entered allmulticast mode
[  840.297085][T18387] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  840.316515][T18387] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  840.333946][T18387] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  840.377944][T18387] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  840.390359][T18387] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  840.403690][T18387] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  840.423771][T18387] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  840.451932][T18387] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  840.458711][T18387] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  840.471726][T18387] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  840.756477][T15798] usb 6-1: new high-speed USB device number 74 using dummy_hcd
[  840.944350][T15798] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  840.961398][T15798] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  840.971421][T15798] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  841.003213][T15798] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  841.027538][T15798] usb 6-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  841.046106][T15798] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  841.064195][T15798] usb 6-1: Product: syz
[  841.093746][T15798] usb 6-1: Manufacturer: syz
[  841.111495][T15798] usb 6-1: SerialNumber: syz
[  841.152605][T15798] usb 6-1: config 0 descriptor??
[  841.474426][T17503] usb 36-1: device descriptor read/8, error -110
[  841.630759][T15798] adutux 6-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  841.648961][T15798] usb 6-1: USB disconnect, device number 74
[  841.877594][T17503] usb usb36-port1: attempt power cycle
[  841.967801][T18426] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3114'.
[  842.205928][ T5148] Bluetooth: hci4: command 0x0c1a tx timeout
[  842.352247][T18431] batadv_slave_1: entered promiscuous mode
[  842.358935][ T5148] Bluetooth: hci5: command 0x0c1a tx timeout
[  842.366280][T18429] batadv_slave_1: left promiscuous mode
[  842.434248][ T5148] Bluetooth: hci3: command 0x0c1a tx timeout
[  842.446120][T17503] usb usb36-port1: unable to enumerate USB device
[  842.514485][ T5148] Bluetooth: hci2: command 0x0405 tx timeout
[  844.034879][  T981] usb 7-1: new high-speed USB device number 75 using dummy_hcd
[  844.204716][  T981] usb 7-1: Using ep0 maxpacket: 8
[  844.212790][  T981] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  844.225577][  T981] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  844.254239][  T981] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  844.275447][  T981] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  844.299367][  T981] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  844.409265][  T981] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  844.434092][ T5148] Bluetooth: hci5: command 0x0c1a tx timeout
[  844.514419][ T5148] Bluetooth: hci3: command 0x0c1a tx timeout
[  844.594387][ T5148] Bluetooth: hci2: command 0x0405 tx timeout
[  844.638952][  T981] usb 7-1: GET_CAPABILITIES returned 0
[  844.652688][  T981] usbtmc 7-1:16.0: can't read capabilities
[  844.847887][    C1] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  844.857065][    C1] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  844.866284][    C1] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  844.916885][    C0] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  844.926074][    C0] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  844.935241][    C0] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  844.974322][    C1] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  844.983500][    C1] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  844.992627][    C1] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  845.001785][    C1] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  845.011977][    C1] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  845.021112][    C1] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  845.030239][    C1] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  845.039691][    C1] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  845.048839][    C1] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  845.058531][    C1] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  845.074107][ T5921] usb 7-1: USB disconnect, device number 75
[  846.514021][ T5148] Bluetooth: hci5: command 0x0c1a tx timeout
[  846.611376][ T5148] Bluetooth: hci3: command 0x0c1a tx timeout
[  846.674565][ T5148] Bluetooth: hci2: command 0x0405 tx timeout
[  846.821571][T18515] syzkaller0: entered promiscuous mode
[  846.827575][T18515] syzkaller0: entered allmulticast mode
[  846.943888][ T5898] usb 7-1: new high-speed USB device number 76 using dummy_hcd
[  847.125902][ T5898] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  847.143428][ T5898] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  847.161448][ T5898] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  847.171081][ T5898] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  847.182551][ T5898] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  847.196450][ T5898] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  847.214167][ T5898] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  847.229708][ T5898] usb 7-1: Product: syz
[  847.239670][ T5898] usb 7-1: Manufacturer: syz
[  847.257602][ T5898] cdc_wdm 7-1:1.0: skipping garbage
[  847.262885][ T5898] cdc_wdm 7-1:1.0: skipping garbage
[  847.292489][ T5898] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  847.299339][ T5898] cdc_wdm 7-1:1.0: Unknown control protocol
[  847.521815][    C0] wdm_int_callback: 3 callbacks suppressed
[  847.521846][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  847.534341][    C0] wdm_int_callback: 3 callbacks suppressed
[  847.534371][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  847.547413][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  847.554085][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  847.561451][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  847.568126][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  847.576071][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  847.582731][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  847.589352][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  847.596005][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  847.602775][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  847.609437][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  847.616244][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  847.622946][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  847.629973][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  847.636726][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  847.643858][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  847.650593][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  847.657144][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  847.663826][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  847.708107][  T981] usb 7-1: USB disconnect, device number 76
[  847.714598][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  849.357971][T18555] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  849.372836][T18555] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  849.508339][T18555] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  849.520975][T18555] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  849.699029][T18564] netlink: 'syz.5.3163': attribute type 10 has an invalid length.
[  850.946767][T18589] erspan0: entered promiscuous mode
[  850.952060][T18589] erspan0: entered allmulticast mode
[  850.993925][ T5148] Bluetooth: hci4: command 0x0c1a tx timeout
[  851.403936][ T5841] Bluetooth: hci5: command 0x0c1a tx timeout
[  851.553957][ T5841] Bluetooth: hci2: command 0x0405 tx timeout
[  851.560301][T11937] Bluetooth: hci3: command 0x0c1a tx timeout
[  852.860615][T18620] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(6)
[  852.867212][T18620] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  852.875955][T18620] vhci_hcd vhci_hcd.0: Device attached
[  853.050575][ T5898] usb 6-1: new full-speed USB device number 75 using dummy_hcd
[  853.133004][T18621] vhci_hcd: connection closed
[  853.147157][   T13] vhci_hcd: stop threads
[  853.164166][   T13] vhci_hcd: release socket
[  853.168875][   T13] vhci_hcd: disconnect device
[  853.215704][ T5898] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  853.227123][ T5898] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  853.242534][ T5898] usb 6-1: config 0 interface 0 has no altsetting 0
[  853.261197][ T5898] usb 6-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[  853.296709][ T5898] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  853.333671][ T5898] usb 6-1: config 0 descriptor??
[  853.634698][ T5841] Bluetooth: hci2: command 0x0405 tx timeout
[  853.852975][ T5898] hid-steam 0003:28DE:1102.0036: unknown main item tag 0x0
[  853.889679][ T5898] hid-steam 0003:28DE:1102.0036: unknown main item tag 0x0
[  853.933872][ T5898] hid-steam 0003:28DE:1102.0036: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.5-1/input0
[  854.113953][ T5898] hid-steam 0003:28DE:1102.0036: Steam Controller 'XXXXXXXXXX' connected
[  854.195248][ T5898] input: Steam Controller as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:28DE:1102.0036/input/input63
[  854.221207][ T5898] hid-steam 0003:28DE:1102.0037: unknown main item tag 0x0
[  854.230949][ T5898] hid-steam 0003:28DE:1102.0037: unknown main item tag 0x0
[  854.262763][ T5898] hid-steam 0003:28DE:1102.0037: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.5-1/input0
[  854.342473][ T5898] usb 6-1: USB disconnect, device number 75
[  854.499075][ T5898] hid-steam 0003:28DE:1102.0036: Steam Controller 'XXXXXXXXXX' disconnected
[  854.632431][T18636] fido_id[18636]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  855.151952][   T30] kauditd_printk_skb: 13 callbacks suppressed
[  855.151971][   T30] audit: type=1326 audit(1761206473.664:1336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18642 comm="syz.1.3190" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x0
[  855.502311][T18657] binder: 18655:18657 unknown command 0
[  855.515056][T18657] binder: 18655:18657 ioctl c0306201 80000080 returned -22
[  855.531421][T18658] xt_TCPMSS: Only works on TCP SYN packets
[  855.681731][ T5841] Bluetooth: hci5: Malformed HCI Event
[  855.973920][   T43] usb 4-1: new high-speed USB device number 98 using dummy_hcd
[  856.204599][   T43] usb 4-1: Using ep0 maxpacket: 32
[  856.217677][   T43] usb 4-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  856.234816][   T43] usb 4-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  856.263318][   T43] usb 4-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  856.274901][   T43] usb 4-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  856.292197][   T43] usb 4-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  856.301727][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  856.311361][   T43] usb 4-1: Product: syz
[  856.316596][   T43] usb 4-1: Manufacturer: syz
[  856.321591][   T43] usb 4-1: SerialNumber: syz
[  856.356609][    C1] imon 4-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  856.367198][   T43] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/input/input64
[  856.563988][   T43] imon 4-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  856.575094][T18679] random: crng reseeded on system resumption
[  856.668422][T17503] hid-generic 0003:0003:0000.0038: unknown main item tag 0x0
[  856.679349][   T43]  (id 0x00)
[  856.706831][T17503] hid-generic 0003:0003:0000.0038: unknown main item tag 0x0
[  856.730201][T17503] hid-generic 0003:0003:0000.0038: unknown main item tag 0x0
[  856.759866][T17503] hid-generic 0003:0003:0000.0038: unknown main item tag 0x0
[  856.827409][T17503] hid-generic 0003:0003:0000.0038: unknown main item tag 0x0
[  856.865018][T18688] syzkaller1: entered promiscuous mode
[  856.870819][T18688] syzkaller1: entered allmulticast mode
[  856.871950][T17503] hid-generic 0003:0003:0000.0038: unknown main item tag 0x0
[  856.952890][T17503] hid-generic 0003:0003:0000.0038: hidraw0: USB HID v0.00 Device [syz1] on syz1
[  857.003913][   T43] rc_core: IR keymap rc-imon-pad not found
[  857.016750][   T43] Registered IR keymap rc-empty
[  857.032989][   T43] imon 4-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  857.072937][   T43] imon 4-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  857.127217][   T43] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/rc/rc0
[  857.155125][T18690] fido_id[18690]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  857.318353][   T43] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/rc/rc0/input65
[  857.364508][   T43] imon 4-1:155.0: iMON device (15c2:ffdc, intf0) on usb<4:98> initialized
[  857.421837][   T43] usb 4-1: USB disconnect, device number 98
[  857.531381][T18701] hub 8-0:1.0: USB hub found
[  857.542956][T18701] hub 8-0:1.0: 1 port detected
[  858.485538][  T981] usb 7-1: new high-speed USB device number 77 using dummy_hcd
[  858.655943][T18721] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  858.658441][  T981] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  858.706203][  T981] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  858.726846][  T981] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  858.755053][  T981] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  858.782300][  T981] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  858.814203][  T981] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  858.824641][  T981] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  858.852599][  T981] usb 7-1: Product: syz
[  858.875409][  T981] usb 7-1: Manufacturer: syz
[  858.898921][  T981] cdc_wdm 7-1:1.0: skipping garbage
[  858.973715][  T981] cdc_wdm 7-1:1.0: skipping garbage
[  858.990047][  T981] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  859.062428][  T981] cdc_wdm 7-1:1.0: Unknown control protocol
[  859.119036][T18729] input: syz1 as /devices/virtual/input/input66
[  859.284092][  T981] usb 7-1: USB disconnect, device number 77
[  859.488110][T18733] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  861.413910][   T43] usb 6-1: new high-speed USB device number 76 using dummy_hcd
[  861.543108][T18764] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  861.584086][   T43] usb 6-1: Using ep0 maxpacket: 8
[  861.612204][   T43] usb 6-1: config 0 interface 0 has no altsetting 0
[  861.625998][   T43] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  861.648371][   T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  861.665496][   T43] usb 6-1: config 0 descriptor??
[  861.984065][T17503] usb 2-1: new high-speed USB device number 98 using dummy_hcd
[  862.092107][   T43] mcp2221 0003:04D8:00DD.0039: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0
[  862.176117][T17503] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  862.213469][T17503] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  862.343387][T17503] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  862.707539][T17503] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  862.759703][T17503] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  863.015992][T17503] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  863.060666][T17503] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  863.079135][T17503] usb 2-1: Product: syz
[  863.098176][T17503] usb 2-1: Manufacturer: syz
[  863.139537][T17503] cdc_wdm 2-1:1.0: skipping garbage
[  863.156043][T17503] cdc_wdm 2-1:1.0: skipping garbage
[  863.170381][T17503] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  863.178951][T17503] cdc_wdm 2-1:1.0: Unknown control protocol
[  863.284086][T18786] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  863.290772][T18786] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  863.299846][T18786] vhci_hcd vhci_hcd.0: Device attached
[  863.465020][    C1] wdm_int_callback: 201 callbacks suppressed
[  863.465040][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  863.477834][    C1] wdm_int_callback: 201 callbacks suppressed
[  863.477851][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  863.490687][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  863.497365][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  863.503984][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  863.510626][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  863.517592][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  863.524230][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  863.530512][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  863.537239][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  863.543614][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  863.550221][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  863.556656][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  863.563253][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  863.569513][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  863.576151][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  863.582734][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  863.589358][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  863.596124][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  863.602770][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  863.618260][T17503] usb 2-1: USB disconnect, device number 98
[  863.624263][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  863.722962][T18787] vhci_hcd: connection closed
[  863.723487][   T50] vhci_hcd: stop threads
[  863.737942][   T50] vhci_hcd: release socket
[  863.742647][   T50] vhci_hcd: disconnect device
[  863.764617][ T5943] usb 34-1: enqueue for inactive port 0
[  864.150933][T17503] usb 6-1: USB disconnect, device number 76
[  864.258963][ T5943] usb usb34-port1: attempt power cycle
[  864.951692][ T5943] usb usb34-port1: unable to enumerate USB device
[  865.091804][T18804] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3243'.
[  865.123911][T18804] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3243'.
[  865.200306][T18804] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3243'.
[  865.222688][T18804] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3243'.
[  865.714037][ T5943] usb 6-1: new high-speed USB device number 77 using dummy_hcd
[  865.903918][ T5943] usb 6-1: Using ep0 maxpacket: 32
[  865.973954][ T5943] usb 6-1: config index 0 descriptor too short (expected 29220, got 36)
[  865.982386][ T5943] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  866.060318][ T5943] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81
[  866.109417][ T5943] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  866.125532][ T5943] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  866.137430][ T5943] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 14385, setting to 1024
[  866.162698][ T5943] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  866.200244][ T5943] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  866.237956][ T5943] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  866.268219][ T5943] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  866.287484][ T5943] usb 6-1: config 0 descriptor??
[  866.293427][T18809] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  866.442036][T18835] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3249'.
[  866.533111][ T5943] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 77 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  866.567573][ T5943] usb 6-1: USB disconnect, device number 77
[  866.593562][ T5943] usblp0: removed
[  866.788940][T18850] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3254'.
[  866.813954][T18850] netlink: 'syz.0.3254': attribute type 30 has an invalid length.
[  866.841114][T18853] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3254'.
[  866.868851][T18853] netlink: 'syz.0.3254': attribute type 30 has an invalid length.
[  866.958503][ T1105] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  866.983960][ T5921] usb 2-1: new high-speed USB device number 99 using dummy_hcd
[  866.984167][ T1105] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  867.013763][ T1105] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  867.043931][ T1105] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  867.160378][ T5921] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  867.170535][ T5921] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  867.198917][ T5921] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  867.218414][ T5921] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  867.232287][ T5921] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  867.248717][ T5921] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  867.263899][ T5921] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  867.282187][ T5921] usb 2-1: Product: syz
[  867.287690][ T5921] usb 2-1: Manufacturer: syz
[  867.315469][ T5921] cdc_wdm 2-1:1.0: skipping garbage
[  867.320746][ T5921] cdc_wdm 2-1:1.0: skipping garbage
[  867.340533][ T5921] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  867.354672][ T5921] cdc_wdm 2-1:1.0: Unknown control protocol
[  867.525826][ T5921] usb 2-1: USB disconnect, device number 99
[  867.531924][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  867.654048][T18868] syz_tun: entered allmulticast mode
[  867.664049][T18868] syz_tun: left allmulticast mode
[  870.124285][T18904] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  870.130882][T18904] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  870.152043][T18904] vhci_hcd vhci_hcd.0: Device attached
[  870.294015][T18912] input: syz1 as /devices/virtual/input/input67
[  870.434171][ T5943] usb 40-1: SetAddress Request (10) to port 0
[  870.434245][ T5943] usb 40-1: new SuperSpeed USB device number 10 using vhci_hcd
[  870.450582][T18905] vhci_hcd: connection closed
[  870.453750][   T50] vhci_hcd: stop threads
[  870.453861][   T50] vhci_hcd: release socket
[  870.453967][   T50] vhci_hcd: disconnect device
[  870.460270][ T5943] usb 40-1: enqueue for inactive port 0
[  870.857401][ T5943] usb usb40-port1: attempt power cycle
[  870.879486][T18918] hub 8-0:1.0: USB hub found
[  870.885421][T18918] hub 8-0:1.0: 1 port detected
[  871.353881][  T981] usb 6-1: new high-speed USB device number 78 using dummy_hcd
[  871.444885][ T5943] usb usb40-port1: unable to enumerate USB device
[  871.516539][  T981] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  871.532963][  T981] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  871.625212][  T981] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  871.674843][  T981] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  871.698758][  T981] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  871.751665][  T981] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  871.781163][  T981] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  871.795952][  T981] usb 6-1: Product: syz
[  871.807490][  T981] usb 6-1: Manufacturer: syz
[  871.891698][  T981] cdc_wdm 6-1:1.0: skipping garbage
[  871.904152][  T981] cdc_wdm 6-1:1.0: skipping garbage
[  871.928831][  T981] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  871.955499][  T981] cdc_wdm 6-1:1.0: Unknown control protocol
[  872.095637][    C1] wdm_int_callback: 60 callbacks suppressed
[  872.095667][    C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  872.108235][    C1] wdm_int_callback: 60 callbacks suppressed
[  872.108260][    C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  872.120861][    C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  872.127516][    C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  872.134135][    C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  872.140791][    C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  872.147123][    C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  872.153761][    C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  872.161781][    C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  872.168429][    C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  872.183996][    C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  872.190672][    C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  872.196556][  T981] usb 6-1: USB disconnect, device number 78
[  872.196770][    C1] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  872.211549][    C1] vkms_vblank_simulate: vblank timer overrun
[  873.730013][T18952] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3291'.
[  873.761657][T18952] netlink: 'syz.5.3291': attribute type 30 has an invalid length.
[  873.815285][T18953] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3291'.
[  873.836743][   T12] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  873.846593][T18953] netlink: 'syz.5.3291': attribute type 30 has an invalid length.
[  873.875696][   T12] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  873.905924][   T12] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  873.984015][   T12] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  874.400721][T18965] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3298'.
[  875.423630][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  875.430119][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  875.577813][T18999] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3309'.
[  875.587751][T18999] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3309'.
[  875.700420][T18999] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3309'.
[  875.711283][T18999] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3309'.
[  876.734234][ T5921] usb 7-1: new high-speed USB device number 78 using dummy_hcd
[  876.901374][ T5921] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  876.911889][ T5921] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  876.922560][ T5921] usb 7-1: Product: syz
[  876.932246][ T5921] usb 7-1: Manufacturer: syz
[  876.939929][ T5921] usb 7-1: SerialNumber: syz
[  876.961472][ T5921] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  876.974225][   T43] usb 4-1: new high-speed USB device number 99 using dummy_hcd
[  877.042595][T17503] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  877.138726][   T43] usb 4-1: Using ep0 maxpacket: 8
[  877.160868][   T43] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  877.169528][   T43] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  877.334180][T19031] random: crng reseeded on system resumption
[  877.368768][   T43] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  877.530579][   T43] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  877.541404][   T43] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  877.555140][   T43] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  877.605025][    T9] usb 7-1: USB disconnect, device number 78
[  877.612766][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  877.964051][   T43] usb 4-1: GET_CAPABILITIES returned 0
[  877.969629][   T43] usbtmc 4-1:16.0: can't read capabilities
[  878.123875][T17503] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive
[  878.131077][T17503] ath9k_htc: Failed to initialize the device
[  878.138808][    T9] usb 7-1: ath9k_htc: USB layer deinitialized
[  878.330921][  T981] usb 4-1: USB disconnect, device number 99
[  878.338261][T19036] usbtmc 4-1:16.0: usb_control_msg returned -71
[  878.358073][T19060] usbtmc 4-1:16.0: send_request_dev_dep_msg_in returned -19
[  880.460477][T19117] netlink: 104 bytes leftover after parsing attributes in process `syz.6.3346'.
[  881.186776][T19144] netlink: 'syz.3.3358': attribute type 10 has an invalid length.
[  881.218326][T19144] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  882.038481][T19162] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3366'.
[  882.051030][T19162] mac80211_hwsim hwsim26 wlan0: entered promiscuous mode
[  882.140899][ T5148] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  882.151992][ T5148] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  882.164189][ T5148] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  882.172538][ T5148] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  882.181232][ T5148] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  882.314347][   T43] usb 4-1: new high-speed USB device number 100 using dummy_hcd
[  882.413932][  T981] usb 2-1: new high-speed USB device number 100 using dummy_hcd
[  882.484719][   T43] usb 4-1: Using ep0 maxpacket: 8
[  882.494425][   T43] usb 4-1: config 0 has an invalid interface number: 55 but max is 0
[  882.512932][   T43] usb 4-1: config 0 has no interface number 0
[  882.519541][   T43] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  882.542003][   T43] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  882.554709][   T43] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  882.566343][   T43] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  882.569776][T19172] chnl_net:caif_netlink_parms(): no params data found
[  882.580057][   T43] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  882.596096][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  882.605398][  T981] usb 2-1: Using ep0 maxpacket: 8
[  882.612312][   T43] usb 4-1: config 0 descriptor??
[  882.632311][   T43] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  882.634770][  T981] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  882.657977][  T981] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  882.681486][  T981] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  882.703329][  T981] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  882.717146][  T981] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  882.729357][  T981] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  882.822123][T19172] bridge0: port 1(bridge_slave_0) entered blocking state
[  882.832601][T19172] bridge0: port 1(bridge_slave_0) entered disabled state
[  882.841981][T19172] bridge_slave_0: entered allmulticast mode
[  882.851599][T19172] bridge_slave_0: entered promiscuous mode
[  882.863923][T19172] bridge0: port 2(bridge_slave_1) entered blocking state
[  882.871321][T19172] bridge0: port 2(bridge_slave_1) entered disabled state
[  882.879642][T19172] bridge_slave_1: entered allmulticast mode
[  882.888051][T19172] bridge_slave_1: entered promiscuous mode
[  882.951534][T19172] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  882.952824][  T981] usb 2-1: GET_CAPABILITIES returned 0
[  882.969588][T19172] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  882.971048][  T981] usbtmc 2-1:16.0: can't read capabilities
[  883.038665][T19172] team0: Port device team_slave_0 added
[  883.048851][T19172] team0: Port device team_slave_1 added
[  883.093427][T19172] batman_adv: batadv0: Adding interface: batadv_slave_0
[  883.100912][T19172] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  883.128096][T19172] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  883.141133][T19172] batman_adv: batadv0: Adding interface: batadv_slave_1
[  883.148398][T19172] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  883.176187][T19172] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  883.187138][   T43] usb 7-1: new high-speed USB device number 79 using dummy_hcd
[  883.297355][T19172] hsr_slave_0: entered promiscuous mode
[  883.305976][T19172] hsr_slave_1: entered promiscuous mode
[  883.364027][   T43] usb 7-1: Using ep0 maxpacket: 16
[  883.383972][   T43] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 64
[  883.398542][   T43] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 16
[  883.424627][   T43] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  883.434418][   T43] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  883.442515][   T43] usb 7-1: Product: 蔍♦ᬘ᭷撄薕펙幑數찃ᗖ膆Ⓨꈐ
[  883.464291][   T43] usb 7-1: Manufacturer: ⁆ⵘ爒綜쑹㨲荀衲ꪳ‬嘄䇩瀟彉쓖ᑶ쵨籏純ⶁ㶕홃ꩄ儛ⰳ帰䉩６碑쑽ꫤ瓻䀴梣枲蓙㝱ঁ騴馬崗淰左翩뚈뿃鿑艐䷲ꮑ깄弓
[  883.509555][   T43] usb 7-1: SerialNumber: 甽莕彳ႜ쿫윅嗍Ӊ窊๑ﶯ렱儢浣竣윎Ά㔰鳢퉁䟂⭔贠繨ⅇ穷ᔷ潑
[  883.752684][   T43] cdc_ncm 7-1:1.0: bind() failure
[  883.795669][   T43] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found
[  883.802793][   T43] cdc_ncm 7-1:1.1: bind() failure
[  883.823561][   T43] usb 7-1: USB disconnect, device number 79
[  883.866281][T19172] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  883.881406][T19172] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  884.006454][T19172] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  884.017680][T19172] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  884.117183][T19172] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  884.127951][T19172] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  884.218267][T19172] netdevsim netdevsim5 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  884.230383][T19172] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  884.284107][ T5841] Bluetooth: hci0: command tx timeout
[  884.418260][T19202] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3382'.
[  884.441458][T19202] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3382'.
[  884.475510][T19202] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3382'.
[  884.497864][T19202] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3382'.
[  884.658871][T19172] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  884.680918][T19172] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  884.713023][T19172] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  884.738804][T19172] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  884.911884][T19172] 8021q: adding VLAN 0 to HW filter on device bond0
[  884.922292][    C0] ldusb 4-1:0.55: usb_submit_urb failed (-1)
[  884.931270][   T43] usb 2-1: USB disconnect, device number 100
[  884.939594][    T9] usb 4-1: USB disconnect, device number 100
[  884.962338][    T9] ldusb 4-1:0.55: LD USB Device #0 now disconnected
[  884.990991][T19172] 8021q: adding VLAN 0 to HW filter on device team0
[  885.017174][T15321] bridge0: port 1(bridge_slave_0) entered blocking state
[  885.024490][T15321] bridge0: port 1(bridge_slave_0) entered forwarding state
[  885.062562][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[  885.069827][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[  885.156725][T19172] 8021q: adding VLAN 0 to HW filter on device batadv0
[  885.201232][T19172] veth0_vlan: entered promiscuous mode
[  885.216455][T19172] veth1_vlan: entered promiscuous mode
[  885.247858][T19172] veth0_macvtap: entered promiscuous mode
[  885.258778][T19172] veth1_macvtap: entered promiscuous mode
[  885.278678][T19172] batman_adv: batadv0: Interface activated: batadv_slave_0
[  885.294591][T19172] batman_adv: batadv0: Interface activated: batadv_slave_1
[  885.309286][ T1090] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  885.318938][ T1090] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  885.331625][T15321] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  885.340624][T15321] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  885.417115][ T1105] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  885.433656][ T1105] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  885.473462][T15321] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  885.482908][T15321] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  885.737439][T19231] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3393'.
[  885.756276][T19231] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3393'.
[  885.767248][T19228] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3361'.
[  885.777597][T19231] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3393'.
[  885.795995][T19231] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3393'.
[  886.354442][ T5841] Bluetooth: hci0: command tx timeout
[  886.527799][T19247] syzkaller1: entered promiscuous mode
[  886.541612][T19247] syzkaller1: entered allmulticast mode
[  886.781641][T19251] tipc: Started in network mode
[  886.786755][T19251] tipc: Node identity 62c562bfafde, cluster identity 4711
[  886.795473][T19251] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  886.805882][T19251] syzkaller0: MTU too low for tipc bearer
[  886.812183][T19251] tipc: Disabling bearer <eth:syzkaller0>
[  887.759898][T19277] usb usb8: usbfs: process 19277 (syz.6.3412) did not claim interface 0 before use
[  888.435120][ T5841] Bluetooth: hci0: command tx timeout
[  888.615613][T19285] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3416'.
[  888.909975][ T5148] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  888.920997][ T5148] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  888.931123][ T5148] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  888.939492][ T5148] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  888.948039][ T5148] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  889.438708][T19308] chnl_net:caif_netlink_parms(): no params data found
[  889.890862][T19308] bridge0: port 1(bridge_slave_0) entered blocking state
[  889.934529][T19308] bridge0: port 1(bridge_slave_0) entered disabled state
[  889.943353][T19308] bridge_slave_0: entered allmulticast mode
[  890.015825][T19308] bridge_slave_0: entered promiscuous mode
[  890.063474][T19308] bridge0: port 2(bridge_slave_1) entered blocking state
[  890.093337][T19308] bridge0: port 2(bridge_slave_1) entered disabled state
[  890.120867][T19308] bridge_slave_1: entered allmulticast mode
[  890.181688][T19308] bridge_slave_1: entered promiscuous mode
[  890.424861][T19308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  890.475581][T19308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  890.518236][ T5841] Bluetooth: hci0: command tx timeout
[  890.624579][T19340] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3433'.
[  890.626947][T19308] team0: Port device team_slave_0 added
[  890.666287][T19308] team0: Port device team_slave_1 added
[  890.761226][T19308] batman_adv: batadv0: Adding interface: batadv_slave_0
[  890.784660][T19308] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  890.817012][T19308] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  890.831844][T19308] batman_adv: batadv0: Adding interface: batadv_slave_1
[  890.843177][T19308] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  890.869796][T19308] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  890.884435][    T9] usb 6-1: new high-speed USB device number 79 using dummy_hcd
[  890.997378][ T5841] Bluetooth: hci1: command tx timeout
[  891.020716][T19308] hsr_slave_0: entered promiscuous mode
[  891.029509][T19308] hsr_slave_1: entered promiscuous mode
[  891.037062][T19308] debugfs: 'hsr0' already exists in 'hsr'
[  891.042934][T19308] Cannot create hsr debugfs directory
[  891.049960][    T9] usb 6-1: Using ep0 maxpacket: 8
[  891.057877][    T9] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  891.067943][    T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  891.082621][    T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  891.107764][    T9] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  891.121112][    T9] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  891.131394][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  891.358045][    T9] usb 6-1: GET_CAPABILITIES returned 0
[  891.363635][    T9] usbtmc 6-1:16.0: can't read capabilities
[  891.561281][T19343] usb 6-1: usbtmc_ioctl_clear_in_halt returned -32
[  891.569572][    T9] usb 6-1: USB disconnect, device number 79
[  892.174857][T19308] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  892.229552][T19308] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  892.264849][T19308] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  892.292527][T19308] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  892.722792][T19308] 8021q: adding VLAN 0 to HW filter on device bond0
[  892.855235][T19308] 8021q: adding VLAN 0 to HW filter on device team0
[  892.927523][ T1090] bridge0: port 1(bridge_slave_0) entered blocking state
[  892.934732][ T1090] bridge0: port 1(bridge_slave_0) entered forwarding state
[  892.977999][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state
[  892.985255][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state
[  893.074183][ T5841] Bluetooth: hci1: command tx timeout
[  893.143913][  T981] usb 4-1: new high-speed USB device number 101 using dummy_hcd
[  893.303963][  T981] usb 4-1: Using ep0 maxpacket: 32
[  893.316022][  T981] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[  893.366752][  T981] usb 4-1: config 0 has no interface number 0
[  893.372791][T19308] 8021q: adding VLAN 0 to HW filter on device batadv0
[  893.390124][  T981] usb 4-1: config 0 interface 12 has no altsetting 0
[  893.421212][  T981] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  893.439386][  T981] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  893.488151][  T981] usb 4-1: Product: syz
[  893.508414][  T981] usb 4-1: Manufacturer: syz
[  893.528183][  T981] usb 4-1: SerialNumber: syz
[  893.540407][T19308] veth0_vlan: entered promiscuous mode
[  893.564191][  T981] usb 4-1: config 0 descriptor??
[  893.591843][T19308] veth1_vlan: entered promiscuous mode
[  893.782323][T19308] veth0_macvtap: entered promiscuous mode
[  893.863338][T19404] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  893.869926][T19404] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  893.882402][T19308] veth1_macvtap: entered promiscuous mode
[  893.897117][T19404] vhci_hcd vhci_hcd.0: Device attached
[  894.097107][T19308] batman_adv: batadv0: Interface activated: batadv_slave_0
[  894.112128][  T981] f81534 4-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  894.130841][T19308] batman_adv: batadv0: Interface activated: batadv_slave_1
[  894.152108][  T981] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71
[  894.164054][   T43] usb 34-1: SetAddress Request (15) to port 0
[  894.299171][T19405] vhci_hcd: connection closed
[  894.299418][   T43] usb 34-1: new SuperSpeed USB device number 15 using vhci_hcd
[  894.315155][  T981] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  894.326773][  T981] f81534 4-1:0.12: probe with driver f81534 failed with error -71
[  894.340013][ T1105] vhci_hcd: stop threads
[  894.342096][  T981] usb 4-1: USB disconnect, device number 101
[  894.399461][   T13] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  894.519755][ T1105] vhci_hcd: release socket
[  894.551022][ T1105] vhci_hcd: disconnect device
[  894.561224][   T13] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  894.601867][   T13] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  894.615245][   T13] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  894.774177][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  894.835633][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  895.013142][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  895.036615][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  895.164709][ T5841] Bluetooth: hci1: command tx timeout
[  895.215816][T19417] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3463'.
[  897.233875][ T5841] Bluetooth: hci1: command tx timeout
[  897.691452][   T30] audit: type=1326 audit(1761206516.204:1337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19463 comm="syz.0.3482" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fc5539 code=0x0
[  898.427929][T19495] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3495'.
[  899.052393][T19516] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3499'.
[  899.139080][T19516] ------------[ cut here ]------------
[  899.145105][T19516] intf 08:02:11:00:00:00 [link=0]: bad STA 08:02:11:00:00:01 bandwidth 20 MHz (0) > channel config 10 MHz (7)
[  899.163695][T19516] WARNING: CPU: 1 PID: 19516 at drivers/net/wireless/virtual/mac80211_hwsim.c:2690 mac80211_hwsim_sta_rc_update+0x6f5/0x860
[  899.177571][T19516] Modules linked in:
[  899.181873][T19516] CPU: 1 UID: 0 PID: 19516 Comm: syz.0.3499 Not tainted syzkaller #0 PREEMPT(full) 
[  899.191401][T19516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  899.201906][T19516] RIP: 0010:mac80211_hwsim_sta_rc_update+0x6f5/0x860
[  899.208669][T19516] Code: 81 20 00 00 48 c7 c7 c0 9f 0a 8c 48 8b 74 24 28 89 ea 48 8b 4c 24 10 41 89 d8 45 89 f9 41 56 50 e8 f0 3a be fa 48 83 c4 10 90 <0f> 0b 90 90 e9 0c ff ff ff e8 4d 1e fb fa 90 0f 0b 90 e9 fe fe ff
[  899.228526][T19516] RSP: 0018:ffffc9000a97ee20 EFLAGS: 00010282
[  899.234759][T19516] RAX: cf10993d620c7900 RBX: 0000000000000014 RCX: 0000000000080000
[  899.243276][T19516] RDX: ffffc9000e854000 RSI: 0000000000006ff5 RDI: 0000000000006ff6
[  899.251816][T19516] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
[  899.260292][T19516] R10: dffffc0000000000 R11: fffffbfff1bba650 R12: 0000000000000000
[  899.268776][T19516] R13: dffffc0000000000 R14: 0000000000000007 R15: 0000000000000000
[  899.276823][T19516] FS:  0000000000000000(0000) GS:ffff88812623e000(0063) knlGS:00000000f5495b40
[  899.285830][T19516] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  899.292424][T19516] CR2: 00000000f7f955c0 CR3: 00000000779ea000 CR4: 00000000003526f0
[  899.300468][T19516] Call Trace:
[  899.303844][T19516]  <TASK>
[  899.306810][T19516]  ? mac80211_hwsim_sta_rc_update+0x73/0x860
[  899.312840][T19516]  mac80211_hwsim_sta_add+0xa3/0x310
[  899.318949][T19516]  drv_sta_state+0x8c1/0x1840
[  899.323687][T19516]  sta_info_insert_rcu+0x1a30/0x2840
[  899.329238][T19516]  ? sta_info_insert_rcu+0x349/0x2840
[  899.334758][T19516]  ? __pfx_sta_info_insert_rcu+0x10/0x10
[  899.340909][T19516]  ? rate_control_rate_init_all_links+0x186/0x1a0
[  899.348079][T19516]  ? ieee80211_add_station+0x4f1/0x6a0
[  899.353595][T19516]  sta_info_insert+0x16/0xc0
[  899.358285][T19516]  rdev_add_station+0x108/0x290
[  899.363192][T19516]  nl80211_new_station+0x1755/0x1b70
[  899.368623][T19516]  ? __pfx_nl80211_new_station+0x10/0x10
[  899.374424][T19516]  ? netdev_run_todo+0xe1d/0xea0
[  899.379436][T19516]  ? nl80211_pre_doit+0x4f1/0x930
[  899.384621][T19516]  genl_family_rcv_msg_doit+0x215/0x300
[  899.390223][T19516]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  899.396445][T19516]  ? bpf_lsm_capable+0x9/0x20
[  899.401180][T19516]  ? security_capable+0x7e/0x2e0
[  899.406240][T19516]  genl_rcv_msg+0x60e/0x790
[  899.410797][T19516]  ? __pfx_genl_rcv_msg+0x10/0x10
[  899.415944][T19516]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  899.421361][T19516]  ? __pfx_nl80211_new_station+0x10/0x10
[  899.427079][T19516]  ? __pfx_nl80211_post_doit+0x10/0x10
[  899.432583][T19516]  ? __asan_memcpy+0x40/0x70
[  899.437321][T19516]  ? __pfx_ref_tracker_free+0x10/0x10
[  899.443198][T19516]  netlink_rcv_skb+0x208/0x470
[  899.448591][T19516]  ? __lock_acquire+0xab9/0xd20
[  899.453501][T19516]  ? __pfx_genl_rcv_msg+0x10/0x10
[  899.458626][T19516]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  899.464060][T19516]  ? down_read+0x1ad/0x2e0
[  899.468534][T19516]  genl_rcv+0x28/0x40
[  899.472559][T19516]  netlink_unicast+0x82f/0x9e0
[  899.478010][T19516]  ? __pfx_netlink_unicast+0x10/0x10
[  899.483351][T19516]  ? netlink_sendmsg+0x642/0xb30
[  899.488543][T19516]  ? skb_put+0x11b/0x210
[  899.492826][T19516]  netlink_sendmsg+0x805/0xb30
[  899.497779][T19516]  ? __pfx_netlink_sendmsg+0x10/0x10
[  899.503117][T19516]  ? __import_iovec+0x5d4/0x7f0
[  899.508079][T19516]  ? aa_sock_msg_perm+0xf1/0x1d0
[  899.513071][T19516]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  899.518477][T19516]  ? __pfx_netlink_sendmsg+0x10/0x10
[  899.523896][T19516]  __sock_sendmsg+0x21c/0x270
[  899.528629][T19516]  ____sys_sendmsg+0x505/0x830
[  899.533528][T19516]  ? __pfx_____sys_sendmsg+0x10/0x10
[  899.538907][T19516]  ? __pfx_futex_wake_mark+0x10/0x10
[  899.544278][T19516]  ___sys_sendmsg+0x21f/0x2a0
[  899.549486][T19516]  ? __pfx____sys_sendmsg+0x10/0x10
[  899.556222][T19516]  ? __fget_files+0x2a/0x420
[  899.560857][T19516]  ? __fget_files+0x3a0/0x420
[  899.565795][T19516]  __sys_sendmsg+0x164/0x220
[  899.570428][T19516]  ? __pfx___sys_sendmsg+0x10/0x10
[  899.575658][T19516]  ? rcu_is_watching+0x15/0xb0
[  899.580466][T19516]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  899.587333][T19516]  ? lockdep_hardirqs_on+0x9c/0x150
[  899.592579][T19516]  __do_fast_syscall_32+0xb6/0x2b0
[  899.597826][T19516]  ? lockdep_hardirqs_on+0x9c/0x150
[  899.603076][T19516]  do_fast_syscall_32+0x34/0x80
[  899.608018][T19516]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  899.614523][T19516] RIP: 0023:0xf7fc5539
[  899.618630][T19516] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  899.638375][T19516] RSP: 002b:00000000f549555c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  899.647384][T19516] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 0000000080001080
[  899.655924][T19516] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  899.664000][T19516] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  899.672007][T19516] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  899.680082][T19516] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  899.688179][T19516]  </TASK>
[  899.691244][T19516] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  899.698554][T19516] CPU: 1 UID: 0 PID: 19516 Comm: syz.0.3499 Not tainted syzkaller #0 PREEMPT(full) 
[  899.707957][T19516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  899.718042][T19516] Call Trace:
[  899.721353][T19516]  <TASK>
[  899.724313][T19516]  dump_stack_lvl+0x99/0x250
[  899.729040][T19516]  ? __asan_memcpy+0x40/0x70
[  899.733667][T19516]  ? __pfx_dump_stack_lvl+0x10/0x10
[  899.738904][T19516]  ? __pfx__printk+0x10/0x10
[  899.743602][T19516]  vpanic+0x237/0x6d0
[  899.747629][T19516]  ? __pfx_vpanic+0x10/0x10
[  899.752187][T19516]  panic+0xb9/0xc0
[  899.755946][T19516]  ? __pfx_panic+0x10/0x10
[  899.760387][T19516]  __warn+0x31b/0x4b0
[  899.764379][T19516]  ? mac80211_hwsim_sta_rc_update+0x6f5/0x860
[  899.770457][T19516]  ? mac80211_hwsim_sta_rc_update+0x6f5/0x860
[  899.776535][T19516]  report_bug+0x2be/0x4f0
[  899.780873][T19516]  ? mac80211_hwsim_sta_rc_update+0x6f5/0x860
[  899.786947][T19516]  ? mac80211_hwsim_sta_rc_update+0x6f5/0x860
[  899.793019][T19516]  ? mac80211_hwsim_sta_rc_update+0x6f7/0x860
[  899.799097][T19516]  handle_bug+0x84/0x160
[  899.803383][T19516]  exc_invalid_op+0x1a/0x50
[  899.807906][T19516]  asm_exc_invalid_op+0x1a/0x20
[  899.812928][T19516] RIP: 0010:mac80211_hwsim_sta_rc_update+0x6f5/0x860
[  899.819646][T19516] Code: 81 20 00 00 48 c7 c7 c0 9f 0a 8c 48 8b 74 24 28 89 ea 48 8b 4c 24 10 41 89 d8 45 89 f9 41 56 50 e8 f0 3a be fa 48 83 c4 10 90 <0f> 0b 90 90 e9 0c ff ff ff e8 4d 1e fb fa 90 0f 0b 90 e9 fe fe ff
[  899.839282][T19516] RSP: 0018:ffffc9000a97ee20 EFLAGS: 00010282
[  899.845453][T19516] RAX: cf10993d620c7900 RBX: 0000000000000014 RCX: 0000000000080000
[  899.853451][T19516] RDX: ffffc9000e854000 RSI: 0000000000006ff5 RDI: 0000000000006ff6
[  899.861468][T19516] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
[  899.869550][T19516] R10: dffffc0000000000 R11: fffffbfff1bba650 R12: 0000000000000000
[  899.877535][T19516] R13: dffffc0000000000 R14: 0000000000000007 R15: 0000000000000000
[  899.885542][T19516]  ? mac80211_hwsim_sta_rc_update+0x73/0x860
[  899.891536][T19516]  mac80211_hwsim_sta_add+0xa3/0x310
[  899.896840][T19516]  drv_sta_state+0x8c1/0x1840
[  899.901545][T19516]  sta_info_insert_rcu+0x1a30/0x2840
[  899.906849][T19516]  ? sta_info_insert_rcu+0x349/0x2840
[  899.912250][T19516]  ? __pfx_sta_info_insert_rcu+0x10/0x10
[  899.917897][T19516]  ? rate_control_rate_init_all_links+0x186/0x1a0
[  899.924332][T19516]  ? ieee80211_add_station+0x4f1/0x6a0
[  899.929801][T19516]  sta_info_insert+0x16/0xc0
[  899.934404][T19516]  rdev_add_station+0x108/0x290
[  899.939284][T19516]  nl80211_new_station+0x1755/0x1b70
[  899.944604][T19516]  ? __pfx_nl80211_new_station+0x10/0x10
[  899.950334][T19516]  ? netdev_run_todo+0xe1d/0xea0
[  899.955323][T19516]  ? nl80211_pre_doit+0x4f1/0x930
[  899.960382][T19516]  genl_family_rcv_msg_doit+0x215/0x300
[  899.965947][T19516]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  899.972030][T19516]  ? bpf_lsm_capable+0x9/0x20
[  899.976718][T19516]  ? security_capable+0x7e/0x2e0
[  899.981681][T19516]  genl_rcv_msg+0x60e/0x790
[  899.986208][T19516]  ? __pfx_genl_rcv_msg+0x10/0x10
[  899.991276][T19516]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  899.996665][T19516]  ? __pfx_nl80211_new_station+0x10/0x10
[  900.002321][T19516]  ? __pfx_nl80211_post_doit+0x10/0x10
[  900.007800][T19516]  ? __asan_memcpy+0x40/0x70
[  900.012413][T19516]  ? __pfx_ref_tracker_free+0x10/0x10
[  900.017802][T19516]  netlink_rcv_skb+0x208/0x470
[  900.022602][T19516]  ? __lock_acquire+0xab9/0xd20
[  900.027463][T19516]  ? __pfx_genl_rcv_msg+0x10/0x10
[  900.032493][T19516]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  900.037802][T19516]  ? down_read+0x1ad/0x2e0
[  900.042258][T19516]  genl_rcv+0x28/0x40
[  900.046258][T19516]  netlink_unicast+0x82f/0x9e0
[  900.051059][T19516]  ? __pfx_netlink_unicast+0x10/0x10
[  900.056375][T19516]  ? netlink_sendmsg+0x642/0xb30
[  900.061365][T19516]  ? skb_put+0x11b/0x210
[  900.065630][T19516]  netlink_sendmsg+0x805/0xb30
[  900.070430][T19516]  ? __pfx_netlink_sendmsg+0x10/0x10
[  900.075753][T19516]  ? __import_iovec+0x5d4/0x7f0
[  900.080633][T19516]  ? aa_sock_msg_perm+0xf1/0x1d0
[  900.085598][T19516]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  900.090893][T19516]  ? __pfx_netlink_sendmsg+0x10/0x10
[  900.096195][T19516]  __sock_sendmsg+0x21c/0x270
[  900.100904][T19516]  ____sys_sendmsg+0x505/0x830
[  900.105779][T19516]  ? __pfx_____sys_sendmsg+0x10/0x10
[  900.111083][T19516]  ? __pfx_futex_wake_mark+0x10/0x10
[  900.116383][T19516]  ___sys_sendmsg+0x21f/0x2a0
[  900.121072][T19516]  ? __pfx____sys_sendmsg+0x10/0x10
[  900.126306][T19516]  ? __fget_files+0x2a/0x420
[  900.130916][T19516]  ? __fget_files+0x3a0/0x420
[  900.135799][T19516]  __sys_sendmsg+0x164/0x220
[  900.140403][T19516]  ? __pfx___sys_sendmsg+0x10/0x10
[  900.145529][T19516]  ? rcu_is_watching+0x15/0xb0
[  900.150329][T19516]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  900.157020][T19516]  ? lockdep_hardirqs_on+0x9c/0x150
[  900.162268][T19516]  __do_fast_syscall_32+0xb6/0x2b0
[  900.167397][T19516]  ? lockdep_hardirqs_on+0x9c/0x150
[  900.172623][T19516]  do_fast_syscall_32+0x34/0x80
[  900.177503][T19516]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  900.183849][T19516] RIP: 0023:0xf7fc5539
[  900.187934][T19516] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  900.207550][T19516] RSP: 002b:00000000f549555c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  900.215986][T19516] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 0000000080001080
[  900.224011][T19516] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  900.232073][T19516] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  900.240064][T19516] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  900.248053][T19516] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  900.256051][T19516]  </TASK>
[  900.259361][T19516] Kernel Offset: disabled
[  900.263713][T19516] Rebooting in 86400 seconds..