last executing test programs:

10.917582535s ago: executing program 2 (id=3329):
r0 = syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000180)={'#! ', './file0'}, 0xb)
write$UHID_INPUT(r1, &(0x7f00000007c0)={0x8, {"dc5d3b0169633d3eba3eabbc09167be55101d4af4b22a373236464d2dbfaa84399b77bd438a54364a7ebc5bdaab4f9decb7c044318cd59a0af8279bcab35dd7daf7a0ceb381df2c32eff45b13e2c8f40e1895355bf6f165200cb1ca41a155730ee2e9f83183f9fafe029d0401b0770618254a8b2dc87b630072b1e2de160d1afed51b74c14b71ec1b226a324482d14ad586b1a4ce80e458fe45244c01eddeddf3564af838d6d5324f8a77023d6eb7aa14397a0e1413ea1c3dfdf063a35b709e627f36fe403ee3117365be5017682f53595f28543062c740a94a794312f5cebc315044b8ea000a5d0f27812ab0ce149d11e6f6f7620c5f3e250bf67d13a1ca39dbb7b8b5a31e3d7ba7ebe5849a7a09b61fc9f2cfc54b89e9cd0105bca49483ce55e0187ce2ad692a18219d881057c838587b915337169ee054655f26a04df913a658fccbf4def6aad750ca4796b74d322c67e9d4ee6a530a22dcc35db850b424d6ec9f62495b9f9fd2b000feadd57d26dbd505798c208d91eb0aab0fd97537631b8bf81ce0e2241c4272be4ff69b390e4485d574146b76d1fdbf7fc5334906805534cdae1e47240af7761a18fc8bd0a694be47529da98bc0f98eb7db3fc4a74cbb6e486f4de90fbf2452e72c2e1dca44543ad9ad094b8bc861eef1e814662d0b350339e3a510d459c6f83aabd5fd3dcb38224056d761e7df9b482b9905f1e2135c1929be328ecdb69c007a3efd548502c83106f6df1ab1178fac499eda92ad4373155227ec2df150c919d322ecb3ea37e659285f18a3e2f79b59900ca438df3a1381380a12d3ad7678e0a8d3bdfb40651389b4ac8c66138d442d70eafdc2df8b080028006b124e4ebe0d9883ef100f1934e42794146382c1d628fd2ebe5859b6c243824903d056d800975675bb1913142adbc039a9c68c2f146a0e8903447313f5e5549905f397a9b1f21a93b80c4d04a8ea7a29a50fbc5407a9305bba420edf898ea678d6879489c39692c99bb6dacf61f5f97637b94c1031d635b5423b38b9196fafaaf87b2796eadc21466af5a10281e6a808748969d29efb444c99a4cb2111732a792dbca4376a125a68f7cdac065cc6173dc21caafba48c742d9a7df2f771ff2f5725b22c247d4e0c6106f9f5f6929b69929ab37e9a9b326ce618bb702b883b12026f1300f21f2c7440cac8c5f1210a78aa067211d2827f5dcc7578252c2ccc3f67bab9d1bb6939b21b550788ef550acfed4bf50c0b4fb3ca4d2872ee64f95d611a317d9daaf373a10d868680b2226396c95fa2b0ab4d6fce06c3b42cb97d17a7b5089061537fdeb1a53040869f7befca330358fdba86754fc2e46c2113e1484cb37534af8f0408a7ee313778dab49f08229964298f847ea66c4ec319f64b6a12da585bc59e82e0263c507b397d3efee3b4066f4d25566aa1549f6185f6375f84b65fa8945148b90430c86a5b6fdf58d5c812b98d9dc621fd9a3d9f1a577495356516d1cbcf5e8bb8923b54b247225b9c3892b18a9e137f3620c734052af9dc8f1ea36f0d4592d5ee32e35676a84dc891f97456f2ac3a4ab58a42bcdc221a4ac8bb28d428add2fcbe5b110a8afd5d23b31e827bd16167b2d88cae024afc04a722ac0b4d45c52512e6b6f102aac4be21bc89ce246539048370553665b0a4336a6db99d0d19399be6437bf21419304331b4342b2c1db580f0c9bf681fdb8e9fa3e025454197bbc82ef93ee2f385660818ec5127080675a8013766469afe3b1e36e81bf2f04c3a26eaf4517551e734d21ba3bc90e48aea0891792970c39f3f528397e9b7ae190f1760fe5960dc763ee0a17939c60bfcac0a8914be82c749e4fe85d1ac5fa733413468fb8941085e8c4d6e0b6d1e62e20da58440facd640ddbb6c1f694b3ca48757a34c5a11668368711a1d4f3a81d31ac30d71277d7ae77882b6841cfa6289e6cce84a3ad57eeb328f831888ac7d3cfcd3a472a48d903f20cec8c8ae8d0bea04ebf7413ef7693f8ed876e49bd5f89d7e1078208ff62712e330fc0341b9ccf26845578d44b1e0c66d1bebc14742baedfabb8e9a2c8f42730360c72997efe0ce786ff330c2eb6e0ff20896f813c2a515ce76f826c11a1c1588eb369231ddeb4a2f9f9591ecdecc74d20aeb50047beb3ab89a9e4e1b805a20b645c79d0bc5d0247fab8ba46a97a07630b1f1cb69b42b568af746733d2c581f057873d64fe6e659b00b4a26745f5fba1fe7406a86b007936c7cfdac53a4c5b0ea9f6604863c8e3f174eddbb09175f6e13cda9a860cf400ef9ed02b895502ac6e6de6a658249c3c6e8a653517eae2231e56e0f120547923c6549ebc1ed14c623637ce3d96af5c93a32e58e2d9659d8b5b145888b52d9a5b5cb3cdf594eb137bcef2ba068cfd2c6ccf7ab6e5b4ec55e9197bfb91c9b8729f7b50cf0b0326f7ea3e712c77674d48545ca2a86744c3c38f149d69cf811beacf7e5f49c7bfba20f1dcf3d7bc0b9c796016820a46495d244c9606a06fe2e14233eda78d69ae4523ad7b708b0c7ead44d7fd376fed60e3cc2ee25e9600adfbe87ac7c8fb8269aec9459602af0f420becda6120ce7d9626c65ae7f860639e8bf664eb4301ec18add0e436c0356c12ab6b4ca35da2b43c4a8c239fd0b59a2ce94843cdfa1667053165053633b062844dbb0d00070fde74fa3178eb5f1f5fd02e2088d8690379f39ab22c080cdcb29d700bac74fabd8a356fe99afe83a5d99aa5024e9158a299eda6c99b6701e64f1d68e7e2c0c6e88396bb535a02d0948f0a250a6e090041c96d9c9acd6134d44d516fd1010c39e572b86b05bb1326a2a4f23f11181186f9c2a01dc7b58c0129f4b851ca9b1e3dc35db7364e29ef646211796b1651511e041345abce427fa5d6e48b8fb078c8432061a4cc518a8f2a2caf709a5c1473a62112a6650afc64eec12f8f9c08cff1b6fbf7a1209fc8661f62303b7c5d49c1d0b32a9f37e81ed9ab6193816d40995ed49c10b9f5752e04d57535a3d16f06c65d32846c31ec9787ec4a965679eb804e86b45d007f38d8104550770dc6f313bc846e43a14a8c21d0628c744e3e83cb998d1b7acfe996541a8c03852dadf9326444c582b481cae844e4f3fe3d638903b38f24633b63adbad841ac6c4c1169d781a0e271e8a967b1c7e986fcb3a66168e86e3559a44fcfa92452260491da9397659af60453f4cd4be2d15439445ec2b4366a79d3283da912d9d499df1242bd174edc235848caa21d2c997aff0e95c7e5cc0803c90fab84e7be7b37909d0e2f3bc9974e3388acb6800baba183ecc8eea8c71c0d65d669e41f99ceae523b7a6b772f3b8ebba1d2127ccc3ddb7ddcb4ec73cbdc26fc87c3848e258a0b5484d3a13e40ec4e4a65dd92f09e9fe1e3e2f8b96c4e363aa3683860dee62dfcf8823ee4a3593a092e0bd9c4cedacf44a272faa164447b01f46a7795642a40c61b0034a37f0e9b792428a0ddcd144fe8263088eaac8016f8f1cd30b55ac90a8f10d785b7570dd9e639a4a068d3fe98a420b9f72e79de817f676c2a224300d749571ad43f49d1fbe838f4566bc7b5f104c384ad87189213152b644d9fcbdf98bafeee569d640ce9045779f1d90024c023a7480a358dee276fba139c14b4fdb12885240903d0e61dc161659a68f62c92b899007e0f2b65bf0a069e9e57c9b6ae50a3b30dd1003fb0eead73ae2f6010b3b356b4060579a4f29935e1f00c01d12e5f44e8e3163d81dfef7ca8560604240c7e96e4454c6971614df306c768121abb3f628e3f1d2d026f58d1087334c5bdb74d7c949b0ee66a4531ba4e9b922aee3d0f802ed034734507a5913c52966f1f8bd4577840de0253aabc23299dced2a299859c07af9fb0f9c29b6533b9d84d471390d59ab315f5ddb226f6b8dd7889295f0fb1f7bd1adafe4cc520a1e84bf2a59d5b9795aeafc8d6fd66a8228aba8653b98622617ddfeb5d6795c9bd2f35d4a0c386e862675a50e3314c3fbb17aca151c13c7fc8b1d1b72ed0a958537b5ddc9e74bddc2b9571ec3f2b7775b125338d4852a75a63941564c65bb36dfb6bea4aab1ae7a4f285c2177aa98406eb2cc10934aa92d5a9612d4455c84ad200841d289b5c2d5deab0d8e2459598ef183d3dc47f6bad0b9513710600cfa4d69fcd5763cdcc4f2c2b7cd7d4491fd52f4aec82ce846c0988f6f0123e21e900d39c61085e68c9badc350b44004f6c042d64b0d0cbf91ad0592b198f1eeea1e52200bc8e6d62848d6884b10bdde72466039da488be6b340c23148f666f2fe6e032c07dac43586df182aca9116f4600313fa8375c76337ba86bdc391dae6450218f58f047ced64befc6bb5c2a60024669630a6279fedf2fe45e7e19ce582ad96ae0d023eb9b39f5f1e666e73bb038ae38157275be5eb3e7cbc8b05adf53e817646bdc2cfce98e5d162bf7faaca787db8717ab8b27b9e35609c5fb9fe9def07f010df8b43cf5c96851eadfdeff0b7bc5826e7e15490ae9c3d14166ee81bef007070e7981235a673804ad89943ee6b51ac63364f7870e121e6ff23a0c7d179527cd58dd7a4ca37247c2bd9efc79b720bb1ee2d39862e98cb81e93cf5b48d5d02ee8ac737ab504c867a1c49e678300803c94fbe978dea918a1e71b9791ee1e4d30056e86c26a4675a8b090be2365c0b451a13ece52a89a7057fe2052e11c6666eb916d823ea66bf217c320acba3b714910734b2d27c2fa586bd7f7664b0d1422adabad2ce2afc10270057f11940fac1a51d023ce48bd04ea39b7f99381b239fd0ddeea0dce7863ec1f8f61775013b6414ecf86e686a340a3148f87a9d7d60a1f2da53436d16fc88d6a4e7c3d55e0dd004cbecc15a5558eb705d82aacb1862ddc251dd5d9cbf1d78f97900ce6e8dab0ea678cb823bd1e7bbd1e927841af08f5427878c19f4f322228f9b36287fc13e7c1293ea875ae73815e052d6c2ebc40df8f7b9d1f76e0b10e35aa160944983d8e6b790df0d9b13f3460657336d81f7d83c0350324b930ec9c7557ce12887f76372e126f504b0980fea27f31a780c05187b9b5353dafc6b101543b24332b96e15bc26b19062e52fa9f86d260ee3a3bc92a133e328407bb85357ee5c45cb87228f44888b14941b5911b050e9319fe88033f830a8490917a9c0572ebbc5492b4e1083a2e3d77215a34abef947b5b9a950e780662de18873e55899c92db3ad3d437e8407890afa6b0c04ef861b8bc85fbbe1bb67b3d9ef001409f84b8ec4f01d861cecc143a805b981ab5cf5b605057b63cb2c84ec358e510a69cd8c33a8a62fe4680d0c980145cc709157832bfaef261cb0466c237376ca2944ce9affffd4b1dc7cc9511da0b34bffb9ac216fb8cf7c6572d95627787720d1ba67c6512fcdb16f6329e9668681c404efebad559f81f05971b5efb6b4cca97ad0346753cc0a40a877242d8a808c602b03dc962cee38e646cb18abb079c70d357c30738a70f55cd3c5956a83a1bfcd6649dd765f16bfe968066345df7380bbc0c16b3b5af513d6458c791343952f33a051c5d711c1f35af1b47f3db9bbfb5c7c636b3a2b52805d606479879be0b404a28ade5649a3185e0f85a85fc15cd824671c2befdd0da509597c87d869f0bd7ad163ad93ca28fc0c4025eccaafe385ec3fc06c54ebcd7b07b6c7e0197c5b9ef886159a1585ae45248f865be760db6f5bc8f868fc6aefd04e34ecb51159e4cdcc2214b42b1ca9caec13ba3e1b2e7a3c736977b226213d265c2873195122a9b448088c8b50edd549be41c38ab176807b75e7267f86e4", 0x1000}}, 0x1006)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc5e3ed1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "9001001c551265406c7f306003d8a0f4bd000000030000000000fe0100"}})

10.450301023s ago: executing program 2 (id=3331):
unshare(0x2a060400)
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
mmap(&(0x7f0000abb000/0x1000)=nil, 0x1000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x87f64000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffdac}, 0x94)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x81, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x128b5552b6e14d3, 0x0)
r2 = syz_usb_connect(0x1, 0x3f, &(0x7f0000000240)=ANY=[@ANYRES64=r0], 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r3, 0xc0145b0e, &(0x7f0000000040))
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff0000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0x0, r0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x49845)
r4 = io_uring_setup(0x4fee, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0x1, 0x20002f7})
pipe(&(0x7f0000000140)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
write(r6, &(0x7f0000000340), 0x11000)
r7 = msgget$private(0x0, 0x18)
msgrcv(r7, &(0x7f0000000080)={0x0, ""/48}, 0x38, 0x0, 0x0)
msgsnd(r7, &(0x7f0000000180)=ANY=[@ANYBLOB="e7637982ac2744877267baf4af74bb4fb81fffc8797e0979ec701fa535599a075a1e70b61593df3550e0917f1c8270d4b46b69dc7b8f4c0ee4f2f34fffbdfdf946d845cb82f08eb17f3f619228a81388d8338122abfb137f42d8dedf60e4b9de70861c55f4749f0714531dd489696a6971e4f5aa722c24aeaa1541049f460338346fb93dca05d1492768921a90914ff1b0f27150"], 0x8, 0x800)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
io_uring_enter(r4, 0x2219, 0x7721, 0x16, 0x0, 0x0)
setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000abaff9)={0x0, 0xea60}, 0x10)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000740), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x5)
ioctl$sock_SIOCADDRT(r8, 0x890c, &(0x7f0000000040)={0x0, @l2tp={0x2, 0x0, @remote}, @l2tp={0x2, 0x0, @remote, 0xfffffffd}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0xf7f, 0x0, 0x400000000000, 0x1000})

7.096733674s ago: executing program 2 (id=3348):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000580)={0x2c, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0})
socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x1, 0x61, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e24, 0x4e20, 0x4d, 0x0, @wg=@initiation={0x1, 0x1, "65a252e7cb7a5918c004a9971a46afced2c32642b1ec9fe34818d8ccd82041b7", "c930713c550e74ee13c2638ac75b2a9666efd31a34fce4498df8105d8bd8ed283a220c3a9becd8a70d3607ea8270d351", "ae12e16b560f2f8ac4ca3e745ce285f12f6e8719e7f1e7f286a68f76", {"980aa8fb8f80d69f1fb587086447e93e", "55e824bb69e833bd36300b088233545a"}}}}}}}, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x8, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e24, 0x4e20, 0x8}}}}}, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100))
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r5 = dup3(r4, r3, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000bc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, 0x0, &(0x7f0000000200)={0x30, 0x30, 0x30}}}], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r2, 0x0)
r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r7, r2, &(0x7f0000002080)=0x64, 0x23b)
r8 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r8, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4)
recvmmsg(r8, &(0x7f0000001f00)=[{{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000340)=""/172}, {&(0x7f0000000400)=""/235}, {&(0x7f0000000500)=""/227}, {&(0x7f0000000600)=""/211}], 0x0, &(0x7f0000000740)=""/49}, 0x4}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000780)}], 0x0, &(0x7f0000000800)=""/22}, 0x40}, {{&(0x7f0000000840), 0x0, &(0x7f0000001dc0)=[{&(0x7f00000008c0)=""/89}, {&(0x7f0000000940)=""/177}, {&(0x7f0000000a00)=""/125}, {&(0x7f0000000a80)=""/244}, {&(0x7f0000000b80)=""/248}, {&(0x7f0000000c80)=""/4096}, {&(0x7f0000001c80)=""/15}, {&(0x7f0000001cc0)=""/224}], 0x0, &(0x7f0000001e40)=""/190}, 0xcd}], 0x1, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x1, 0x0, 0x800, 0x0, 0x100001, 0x5}, 0x0, &(0x7f0000000240)={0x1f, 0x2, 0xffff, 0x3, 0x4, 0x80000000000000, 0x6a9}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x6, &(0x7f0000006680))
memfd_secret(0x0)
mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4)
futex_waitv(&(0x7f0000001b00)=[{0xfff, &(0x7f0000000940)=0x6, 0x6}], 0x1, 0x0, 0x0, 0x1)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000680)={0x2c, &(0x7f0000000400)=ANY=[@ANYBLOB="200111"], 0x0, 0x0, 0x0, 0x0})

7.08445726s ago: executing program 3 (id=3349):
r0 = syz_usb_connect$lan78xx(0x5, 0x3f, &(0x7f0000000580)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000880)={0x84, &(0x7f0000000000)=ANY=[@ANYBLOB="20140f0000040000003e519b7b0f48ded62aba0538"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = socket$inet6(0xa, 0x1, 0x7)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e21, 0x5, @private2={0xfc, 0x2, '\x00', 0x1}, 0x2}, 0x1c)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_HYPERV_EVENTFD(r3, 0x4018aebd, &(0x7f0000000080)={0x3})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000440)={0x34, &(0x7f00000000c0)={0x20, 0xf, 0x1, "82"}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)

6.515929993s ago: executing program 4 (id=3351):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_udp_encap(r1, 0x11, 0x64, &(0x7f0000000180)=0x3, 0x4)
syz_kvm_add_vcpu$x86(0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000380)={0x28, 0x7, r3, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4080000000000})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, r3})
r4 = openat$kvm(0xffffff9c, 0x0, 0x800, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, 0x0)
ioctl$KVM_SET_REGS(r6, 0x4090ae82, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x4e24, @empty}, 0x10)
syz_emit_ethernet(0x6f, &(0x7f0000000300)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x41}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x61, 0x68, 0x0, 0x0, 0x88, 0x0, @remote, @local}, {0xfffe, 0x4e24, 0x4d, 0x0, @opaque="1a294613d291a9f9214300b142c44f75fbfc1eb04feaea383299212e74786c2c71502c22168ff8b326cd03e5535c88cdff671133a39b1fa0f554ae53043142e8dcff737c71"}}}}}, 0x0)
ioctl$KVM_CAP_HYPERV_VP_INDEX(0xffffffffffffffff, 0x4068aea3, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000040000701fcffffff00000100017c0000040042800c0001800600060065580000100002800c00038008"], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)

6.24458405s ago: executing program 4 (id=3353):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0xa0}, {@in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x40}}, 0x0, 0x33}, @in6=@empty, {0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffff1, 0x3}, {0x0, 0x0, 0x2, 0xfffffffffffffffe}, {0x0, 0x0, 0x796}, 0x0, 0x3507, 0x0, 0x3, 0x0, 0xe55286f1921f74be}, 0x0, 0x1a0b1}}, 0xf8}, 0x1, 0x0, 0x0, 0x4005}, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="20010000120013070000000000000000e0000001000000000000000000000000fc00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000072c42572f64a264410b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fbc18c8582fc7800000000000000000000000050019000000000028001a"], 0x120}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0xca, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe239, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000)
ioctl$XFS_IOC_ATTRLIST_BY_HANDLE(0xffffffffffffffff, 0x4058587a, &(0x7f0000000480)={{r0, &(0x7f0000000040)='mqprio\x00', 0x418000, &(0x7f0000000080)={@_ha_fsid={[0x80000001, 0x80]}, {0x40, 0x1a3, 0x8, 0x6}}, 0xff, &(0x7f0000000140)={@_ha_fsid}, &(0x7f0000000180)=0x2}, {[0x2, 0x8, 0x7, 0xbf92]}, 0x3, 0xbd, &(0x7f00000003c0)=""/189})
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000001}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073797a3100bc637a062b907f960000000900010073797a3000000000080003400000000134000000140a03000000000000000000020000000900010073797a30000000000800034000000001090002"], 0x98}}, 0x0)
ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000500)={0x8000000000000000, 0x9, 0x1, 0x66, 0x7, 0x0, [{0x4cc, 0xfffffffffffffc01, 0xc1, '\x00', 0x2000}, {0x3, 0x3, 0x1, '\x00', 0xbf0c8701b67a2e42}, {0x100, 0x9, 0x40, '\x00', 0x1001}, {0x200, 0x9, 0xfffffffffffffffe, '\x00', 0x880}, {0x8000000000000001, 0xab4, 0x8000000000000001, '\x00', 0x1208}, {0x6, 0x0, 0x3, '\x00', 0x1008}, {0x7, 0x4, 0x3, '\x00', 0x2208}]})

6.008546789s ago: executing program 0 (id=3354):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000000200)=@assoc_value={<r2=>0x0}, &(0x7f00000001c0)=0x8)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000040)={r2}, &(0x7f0000000100)=0x8)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0)
r5 = dup3(r4, r3, 0x0)
r6 = syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x400000, 0xc00, 0x0, 0x374}, &(0x7f0000000100)=<r7=>0x0, &(0x7f0000000040)=<r8=>0x0, &(0x7f0000000180)=<r9=>0x0)
syz_io_uring_submit(r7, r8, r9, &(0x7f0000000000)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x4004, @fd_index=0x4, 0x718a, 0x0, 0x0, 0x12, 0x0, {0x2}})
io_uring_enter(r6, 0x742f, 0x77ae, 0x1, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000bc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="8500000008000000d5000000200004809500000000000000"], &(0x7f0000000240)='GPL\x00', 0x1, 0x473, &(0x7f0000000280)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff60}, 0x48)

6.003517428s ago: executing program 4 (id=3355):
r0 = syz_open_dev$loop(&(0x7f0000000040), 0x31f, 0x135042)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002640)=@ipv4_newrule={0x24, 0x20, 0x301, 0x70bd2c, 0x25dfdbff, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10}, [@FRA_GENERIC_POLICY=@FRA_IP_PROTO={0x5, 0x16, 0x2c}]}, 0x24}}, 0x8800)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[], 0x3c}}, 0x0)
dup3(r0, r1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_netfilter(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)={0x28, 0x12, 0x0, 0x5, 0x0, 0x25dfdbfe, {0x7, 0x0, 0xa}, [@typed={0x8, 0x0, 0x0, 0x0, @u32=0x6}, @nested={0xc, 0xe8, 0x0, 0x1, [@typed={0x8, 0x3f, 0x0, 0x0, @u32=0x101}]}]}, 0x28}}, 0x0)
r3 = socket$rxrpc(0x21, 0x2, 0x2)
bind$rxrpc(r3, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24)
listen(r3, 0x4)
recvmmsg(r3, &(0x7f00000050c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000}, 0xfffffffc}], 0x1, 0x40000140, 0x0)
r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x800, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000b00)={0x409, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042", <r5=>0xffffffffffffffff})
syz_usb_connect(0x2, 0x5e, &(0x7f0000000080)=ANY=[@ANYBLOB="120100006b36a2207b06a12708000000030109024c0001000010000904"], 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$SYNC_IOC_FILE_INFO(r5, 0xc0383e04, &(0x7f00000001c0)={""/32, 0x0, 0x0, 0x1, 0x0, &(0x7f0000001580)=[{}]})

5.946466059s ago: executing program 1 (id=3356):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000c00)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000180)={'veth1_to_team\x00', &(0x7f0000001c40)=@ethtool_gstrings={0x1b, 0x4}})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f00000007c0)='dctcp', 0x5)
sendto$inet6(r2, 0x0, 0x0, 0x28004044, &(0x7f0000000140)={0xa, 0x4001, 0xfffd, @empty, 0xfffffffd}, 0x1c)
fcntl$dupfd(r1, 0x406, r0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x600, &(0x7f0000000080)=[{&(0x7f00000000c0)="d8000000180081084e81f783db4cb9040a07080006007c09e8fc55a10a0015000600142603600e120800020081000401a8000100fcc0ffff000000fd035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbaceac3c2fb14c2ee5a7cef4090000001fb71b14d6d930dfe1d9d322fe7c9f8775820d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad9e3bb9ad809d5e1cace0d81ed0bffece0b42a9ecbee5de6ccd4e1ffffffffc1c9b6278754ca397c388b0dd6e4edef3d9300"/216, 0xd8}], 0x1}, 0x0)
socket(0x1d, 0x1, 0x9)

5.340794785s ago: executing program 0 (id=3357):
io_uring_setup(0x177f, &(0x7f0000000140)={0x0, 0xfffffffe, 0x2, 0x1, 0x2b4})
syz_usb_connect(0x0, 0x2d, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000009968810524711004f320102030109021b0001000000000904000001ff01320009050d0353"], 0x0)
write$tun(0xffffffffffffffff, &(0x7f0000000700)=ANY=[@ANYBLOB="0000001c030103000400c400100045980093006800004d2f9078e0000001ffffffff0c21880b000300001c794c08000800000900027fb5875c8cb1e5103810f3514c5859085f8bcd044121d872010086dd080088be000000031a0317040100000000000005080022eb00000003290eff4c0200000000000008000834120800655800000003a33ce789860dc984c201b1e28a9fe3cd0d2bcc93a01e37ac14a0f11b9a0c37809150435cc8be5d94e9184d4f2258eda7114d8909fc7dac924c6bb9796b786ca900b169b2a0c1fa6fddb2ebb2334d8dcd89c1205997f7307785e139fad9544302bba55e71930aafbca2bda3247c7dd62a134d359b11d38c14679fb46e59e5bb3ae4e2d491f5c49ddfa4b271dacb6f377b96767075d4ce"], 0xa1)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in=@loopback, @in6=@remote, 0x0, 0x0, 0x4e24, 0x0, 0xa, 0x0, 0x20, 0x3b}, {0x0, 0x1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x5}, {}, 0x0, 0x0, 0x1, 0x1, 0x2}, {{@in6=@remote, 0xfffffffe, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x2, 0x1, 0x4, 0xfffffffc, 0x0, 0xe}}, 0xe8)
syz_open_dev$usbfs(&(0x7f0000000040), 0xfffffffffffffff8, 0x501000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000e15000)={0x2, 0x6e20, @multicast1}, 0x10)
listen(r2, 0x0)
r3 = socket$inet(0x2, 0x1, 0x0)
setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4)
ioctl$KVM_CAP_PTP_KVM(r1, 0x4068aea3, &(0x7f0000000880))
bind$inet(r3, &(0x7f0000e15000)={0x2, 0x4e20, @multicast1}, 0x10)
setsockopt$SO_BINDTODEVICE_wg(r3, 0x1, 0x19, &(0x7f0000001480)='wg2\x00', 0x4)
listen(r3, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
setxattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='system.sockprotoname\x00', 0x0, 0x0, 0x1)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f0000000100)="d8df0f23b3b9ce000000b807000000ba000000000f301b8154fea900c1210680320000c4e28ddc8dcd000000c182fd3f0000c8b950020000b801000400b9a6080000b80000010066b87a000f00d80f300f300fc79d53bf0000c4b9e16dc30101220f01c3", 0x64}], 0x1, 0x14, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = syz_open_dev$usbmon(&(0x7f00000001c0), 0x80000093a, 0x4a200)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), 0xffffffffffffffff)
mmap$usbmon(&(0x7f000062e000/0x2000)=nil, 0x2000, 0x9, 0x1010, r5, 0xfffffffffffffffd)
r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000002dc0), 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000000))
ioctl$IOMMU_VFIO_SET_IOMMU(r7, 0x3b66, 0x0)
sendto$inet(r6, 0x0, 0x0, 0x0, 0x0, 0x0)

5.337830758s ago: executing program 1 (id=3358):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee1, 0x11, r0, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r1, 0x560d, 0x1000000000003)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x3, &(0x7f0000000100))
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000000)=@newlink={0x58, 0x10, 0x40d, 0x70bd2a, 0xfffffffc, {0x0, 0x0, 0x0, 0x0, 0x600b2, 0x40c41}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x14, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_BC_QUEUE_LEN={0x8, 0x9, 0xfffffff8}, @IFLA_MACVLAN_MACADDR_MODE={0x8, 0x3, 0x3}]}}}, @IFLA_ALT_IFNAME={0x14, 0x35, 'macvlan0\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x8840}, 0x40890)
sendmsg$IPCTNL_MSG_EXP_NEW(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="d40000000002010400000000000000080a000007480001802c0001800b000300fe8000000000000001000000000000aa14000400ff0100000000000000000000000000010c00028005000100840000000c00028005000100840000003c0003800c00028005000100890000002c00018014000300fe80000000000000000000040000000000000000fc0100000400000000000000000000003c0002802c00018014000300200100000000000000000000000000001400040000000000000000000000ffffe00000020c00028005000100"], 0xd4}, 0x1, 0x0, 0x0, 0x20008004}, 0x4)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r7, r8, &(0x7f0000456000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x69, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x4b564d02, 0xec000000, 0xcd}]})
ioctl$KVM_SET_LAPIC(r8, 0x4400ae8f, &(0x7f0000000180)={"b46474f815e8d5535f0887c44335cc824dc6121bc72a77f532ff5dad4d643a9cab29d2310e04eb26c0af4985fe45e3b3b0680b3ec92725d74b9716e0f7c3119a2c9a0ae65ff4772e2e12733cb013c4308fe40863480747c0a7ddb9361b1578015ca1b32c1677ebae096f08345408f567443842946ed946434c75916d1db83fe305920de65bfaf9bd940672216846cb16b8ae67cd3affc61375381fd81755f7cc5138cafe5239aee71dcd481fbe1ecd2547ffbaad4469a74697c28fb9beefa6a5d736712a55eb9110c2cf7964062ba8cbc1c038e84f0f5db7fc7053118bf5221e3efa6fc3edb5d0ca3c51a332520aa8478b1775d552c5cc24d3c2df9eb333e5ca3aa06c1c2cf8526714f5caff2f55b41976fc20b64f1fc61d5b44f50953582a1825d32130a31abfeafd1987317879e29ac51b93c9659e023fff3ddb5e39dd19cc3ef1d883c78b9e073d08a9197fb3717df238b9831831214b186693be9dd2d68bb77272e80df5dfed03e8c467627bedfbd93359a9f79a3aa37e803dc1357b37b43d813ea85267b0dc8b1c4cc51bd985328833beb2679b7fb762555bbea2da936b36f8f1673fd5f606b2b6eb23b72bf947206e8dbfeb40ca6f265a3485c8446e0f0da652860b88328073d2282c14b48a7774e62754a968b60e92205e8fafcdd70a55c3c4d1a4821ff44e6e3681f15ae091262e3a3290a24d8ceae30ebbf9d24287bb8a5d73c608d47d287f9e5f6cf02b4796a83fb0c05e45b89de9ef8bce834e6d7a0be6e30d2c66cb6e640600000000000000bc0701d8fe56113335ae6adec59300db04691cc4a689034272a8e086e92ce7061b4f79fa8afbb48a6ce4b62bdc44af013d78880457e1fa61eb9204818606f4c3b03c0f33cd2a841ac9bc2b73151a96e31ab99e6ec969b5f2c3edd5f9abc69845e487af992758ba445368da93dae1d44360d52a534a88276b8aaf349841d8a4788c60408618437c442308dbf70efeda2e54e9b9e4fe5f76997c9dcb945a26bd75748c85d19ca8b99264dce50580e8d4dbda401dad7df31e9a7a6a3a83bfbdfb5394abd581ac0824fbcd75d2f5205c0b7c9188e6f26bfd97734d9a20433f6cdba9d14a5f32a4d97a57f4603b21146fd1aebf082e863d463c224ad623c17d8043d3bf083f0322408dd6915ac6a5222ab51480eb6e11a8913348219515170d9df90d72d7363bbda3e327d19f98c0a856f88076380e788e602e8a2ae0a1930786874dc21a2e99abda15f35457cf1dcb440c4b41350d0e64512aad7f57a0adc8a6914da06460635ed21c4c0c4927317d4e4e079f62efba2927828b23f94b16619a5520731c2c40abb7b60000000000004b84f4877c00"})
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x253, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x7f, 0x90, 0x2, "", [{{0x9, 0x4, 0x0, 0x3, 0x2, 0x3, 0x1, 0x2, 0x2, {0x9, 0x21, 0x1, 0x7f, 0x1, {0x22, 0x5d8}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0xf9, 0x9, 0xec}}}}}]}}]}}, &(0x7f0000000140)={0x0, 0x0, 0x4b, 0x0})
r9 = openat$kvm(0xffffffffffffff9c, 0x0, 0x8000, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000000)={0x10004, 0x3, 0x1, 0x2000, &(0x7f0000ffc000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r10, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x48, 0x0, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, &(0x7f00000000c0)={0x3, 0x1, @stop_pts=0x400000000000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r11 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r12, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xd, 0xfffffffb, 0x7ffeffff}}}}]}, 0x44}}, 0x20040084)
sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000580)=@newqdisc={0x38, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r12, {}, {0xffff, 0xffff}, {0x2, 0x2cf1c948fb5dd22e}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x4}}, @TCA_RATE={0x6, 0x5, {0xab, 0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x400dc}, 0x24000080)

4.880595006s ago: executing program 3 (id=3359):
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f0000000100)={{0x3, 0x3, 0x8001, 0x0, 0x400c}, 0x400, 0x1, 0x6}) (async)
r0 = syz_usb_connect(0x2, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="3101000009005e08cb06030000e8160000010902240001000064000904340102d469e70009058acf"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0) (async)
socket$unix(0x1, 0x5, 0x0) (async)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) (async)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r2, &(0x7f00000001c0)=ANY=[], 0x118) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x3c, 0x3, 0x4, 0x7f}, {0x6, 0xff, 0x2, 0xfffffff3}]}) (async)
ioctl$SNDCTL_DSP_SETTRIGGER(r1, 0x40045010, &(0x7f0000000000)) (async)
r3 = socket(0x10, 0x3, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{}], 0x1, 0x40800) (async, rerun: 32)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x7fffffff}, 0x10) (rerun: 32)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, 0x0, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1400d713647e010000000000000000000100000a8c000000020a010200000000000000000000109ada31184173797a300000000069000600dea1ac9edb49fcf4b1b867b19e702b1088e990814cf15bcf2e5c7161865c910700000000b7832bdcdead345d44a0bd9d503477e4fd7ad975105a7f67bee2caeb4cf04b93d4144c0c6122c62f077fab23b749e29ca5acbbb710e271eee88adb48b98e49c997000000140000001100010000000000000000000100000a11621d04ed92d5d7de48d37d5ab058b868f10a59b98efcdb53939aaeb53df1eeabf32b3a51d8b15921"], 0xb4}, 0x1, 0x0, 0x0, 0x4044050}, 0x40)
sendmsg$kcm(r3, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="2e00000022008102e00f80ecdb4cb9020a", 0x4a}, {&(0x7f0000001700)="0c74c75350f4a590e15c61c7942348092734fe1863473bbce6798a60e9", 0x1d}], 0x2, 0x0, 0x0, 0x10}, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x8082, 0x0) (async)
ioctl$DVB_DEMUX_DMX_EXPBUF(r2, 0xc00c6f3e, &(0x7f00000002c0)={0x934, 0x80000, <r6=>r1})
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f0000000740)={0x7, 0x2, 0x0, 'queue1\x00', 0x3}) (async)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
ioctl$KVM_CLEAR_DIRTY_LOG(r7, 0xc018aec0, &(0x7f0000000040)={0x10200, 0x80, 0xc0, &(0x7f0000000340)=[0x7, 0x0, 0xe, 0x80, 0xe6b4, 0x2, 0xfffffffffffffffa, 0x2, 0x8, 0x2, 0x2, 0x700000000000000, 0x9, 0xffff, 0xfffffffffffffffe, 0x7, 0xfffffffffffffffd, 0x5, 0x26, 0x9880, 0x5, 0x6, 0x8, 0x2, 0x4, 0x20000000009, 0x2, 0x1fd, 0x4, 0x4, 0x8000000000000007, 0x5, 0x5, 0x2, 0x501, 0x40, 0xfffffffffffffff5, 0x4, 0x7fffffff, 0x7d, 0x0, 0x6, 0x20008, 0x2e2, 0x101, 0x6, 0x8000000000000001, 0xfffffffffffffff9, 0x100000002, 0x1, 0x8, 0x9, 0x6, 0x8, 0x8000000000000000, 0x4, 0x94f, 0x7, 0x7fffffffffffffff, 0x6, 0xffffffffffffffff, 0xd, 0x11, 0xa, 0x5, 0x7, 0x1, 0x2000000000000007, 0x7fffffffffffffff, 0x38c, 0x7, 0x7, 0xae8f, 0x100001e30fa4c, 0xa, 0x0, 0x4000008, 0x40dac, 0xe90, 0x7, 0xfffffffffffffffc, 0xa7, 0x5, 0x3, 0x9, 0x0, 0x1, 0x1, 0x4, 0xe, 0xfffffffffffffff9, 0x3, 0x5, 0x21, 0xfffffffffffffc01, 0xfffffffffffffffd, 0x401, 0x3, 0x1e4b, 0x2, 0x79, 0xf, 0x10000, 0xe, 0x2, 0x3, 0x3, 0xdffffffffffffff9, 0x0, 0x4, 0xa, 0x40000003, 0x9, 0x2, 0xfff, 0x80, 0x8, 0xd, 0x4, 0x9, 0xffff, 0x1, 0x401, 0x1, 0x2, 0x7, 0xea7, 0x1]}) (async)
ioctl$KVM_SET_CPUID2(r8, 0x4008ae90, &(0x7f00000000c0)={0x29}) (async)
socket$inet6_sctp(0xa, 0x5, 0x84)

4.65194663s ago: executing program 1 (id=3360):
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @loopback}, 0xc)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000068000100000000000000000002000000000000000c0008800800030000000000060007000200000008000500", @ANYRES32, @ANYBLOB="140006"], 0x48}}, 0x0)
syz_usb_control_io$rtl8150(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000002640)={0x44, &(0x7f0000000500)={0x20, 0x10, 0x2, '!k'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg$inet(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x200080f5)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000a80)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)={0x40, 0xb, 0x2, "31fb"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000380)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'netdevsim0\x00'})
unshare(0x64000d00)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x4, 0x7f, 0x1}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r2, &(0x7f0000000140), 0x0}, 0x20)
openat$procfs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/cpuinfo\x00', 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x81, 0x0, 0x9, 0xfffffffffffffffd, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socketpair$tipc(0x1e, 0xffffffffffffffff, 0x0, &(0x7f0000000140))
syz_io_uring_submit(0x0, 0x0, 0x0, &(0x7f0000000000))
io_uring_enter(0xffffffffffffffff, 0x92, 0x0, 0x64, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=@newlink={0x54, 0x10, 0x1, 0x71bd29, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x7afc5, 0xe0f}, [@IFLA_IFNAME={0x14, 0x3, 'team0\x00'}, @IFLA_ADDRESS={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}, @IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0x95800000, 0xe61e}}]}]}]}, 0x54}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4044001}, 0x0)

4.488989859s ago: executing program 0 (id=3361):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x0, &(0x7f00000000c0)}, 0x10)
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000080)="0ccc3611", 0x4}], 0x1)

4.128813117s ago: executing program 0 (id=3362):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000140)=ANY=[], 0x8)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0xc040)
ioctl$PTP_CLOCK_GETCAPS(0xffffffffffffffff, 0x40043d14, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
mkdirat(0xffffffffffffffff, 0x0, 0x22)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3)
mbind(&(0x7f0000e49000/0x4000)=nil, 0x4000, 0x0, &(0x7f0000000080)=0x7, 0x1, 0x1)
bind$tipc(r1, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
ioctl$int_in(r1, 0x5421, &(0x7f00000000c0)=0x7fffffffffffffff)
listen(r1, 0x0)
r4 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r4, &(0x7f00000002c0)={&(0x7f0000000080)=@nameseq={0x1e, 0x2, 0x2, {0x41}}, 0x10, 0x0}, 0x80)
accept4(r1, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="120100003441eb4023398a716af6b593a0010902240001000040000904"], 0x0)

3.827164339s ago: executing program 4 (id=3363):
r0 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x80047210, &(0x7f0000000000))
ioctl$DVB_DEMUX_DMX_EXPBUF(0xffffffffffffffff, 0xc00c6f3e, &(0x7f0000000040)={0x0, 0x80000, <r1=>r0})
syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff) (async)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_GET(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, r2, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x4}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x3}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @dev={0xac, 0x14, 0x14, 0x3d}}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x4}]}, 0x34}}, 0x800)
sendmsg$NFT_BATCH(r1, &(0x7f0000000e00)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000200)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xb}}, [@NFT_MSG_DELFLOWTABLE={0x380, 0x18, 0xa, 0x3, 0x0, 0x0, {0x5, 0x0, 0x4}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x4}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_HOOK={0x13c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x40, 0x3, 0x0, 0x1, [{0x14, 0x1, 'dummy0\x00'}, {0x14, 0x1, 'bond_slave_0\x00'}, {0x14, 0x1, 'bond_slave_1\x00'}]}, @NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'erspan0\x00'}, {0x14, 0x1, 'team0\x00'}]}, @NFTA_FLOWTABLE_HOOK_DEVS={0x90, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth0_to_hsr\x00'}, {0x14, 0x1, 'ip6gretap0\x00'}, {0x14, 0x1, 'wlan0\x00'}, {0x14, 0x1, 'vxcan1\x00'}, {0x14, 0x1, 'veth1_to_batadv\x00'}, {0x14, 0x1, 'veth1_to_team\x00'}, {0x14, 0x1, 'erspan0\x00'}]}, @NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'pimreg0\x00'}, {0x14, 0x1, 'vlan0\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x1000}]}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x1ff}]}, @NFTA_FLOWTABLE_HOOK={0x1f4, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0xa4, 0x3, 0x0, 0x1, [{0x14, 0x1, 'dvmrp0\x00'}, {0x14, 0x1, 'erspan0\x00'}, {0x14, 0x1, 'veth0\x00'}, {0x14, 0x1, 'veth1_to_team\x00'}, {0x14, 0x1, 'pim6reg0\x00'}, {0x14, 0x1, 'batadv_slave_0\x00'}, {0x14, 0x1, 'ip6erspan0\x00'}, {0x14, 0x1, 'nr0\x00'}]}, @NFTA_FLOWTABLE_HOOK_DEVS={0x40, 0x3, 0x0, 0x1, [{0x14, 0x1, 'vxcan1\x00'}, {0x14, 0x1, 'macvlan1\x00'}, {0x14, 0x1, 'pim6reg1\x00'}]}, @NFTA_FLOWTABLE_HOOK_DEVS={0x40, 0x3, 0x0, 0x1, [{0x14, 0x1, 'pim6reg1\x00'}, {0x14, 0x1, 'lo\x00'}, {0x14, 0x1, 'bond_slave_1\x00'}]}, @NFTA_FLOWTABLE_HOOK_DEVS={0xcc, 0x3, 0x0, 0x1, [{0x14, 0x1, 'syz_tun\x00'}, {0x14, 0x1, 'veth1_to_bridge\x00'}, {0x14, 0x1, 'veth1_to_bridge\x00'}, {0x14, 0x1, 'ip6erspan0\x00'}, {0x14, 0x1, 'batadv_slave_1\x00'}, {0x14, 0x1, 'dvmrp1\x00'}, {0x14, 0x1, 'wlan0\x00'}, {0x14, 0x1, 'veth0_to_bond\x00'}, {0x14, 0x1, 'ip6tnl0\x00'}, {0x14, 0x1, 'veth0\x00'}]}]}]}, @NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x201, 0x0, 0x0, {}, @NFT_OBJECT_TUNNEL=@NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}}, @NFT_MSG_NEWCHAIN={0x98, 0x3, 0xa, 0x301, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xffffffffffffffff}, @NFTA_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x3}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_POLICY={0x8}, @NFTA_CHAIN_HOOK={0x54, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x475cb217}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x31f6dcc1}, @NFTA_HOOK_DEV={0x14, 0x3, 'veth1_to_bridge\x00'}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x30f85ac8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_HOOK_HOOKNUM={0x8}, @NFTA_HOOK_DEV={0x14, 0x3, 'pim6reg\x00'}]}, @NFTA_CHAIN_TYPE={0xa, 0x7, 'route\x00'}]}, @NFT_MSG_NEWSET={0x4cc, 0x9, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_EXPR={0x4b8, 0x11, 0x0, 0x1, @bitwise={{0xc}, @val={0x4a8, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x400}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x9}, @NFTA_BITWISE_DATA={0x268, 0x7, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x24, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VERDICT={0x28, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}]}, @NFTA_DATA_VERDICT={0x3c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VALUE={0xc3, 0x1, "f0cd2794a3dc31c8cf052d85be5b3cd0729108b02905f7579082868d8ece7b9bc87444aae2901fd0ada4d32a66dd20aae841773be3e3ae47401994eec6725d32438f96c6c7df04670fe07c3f66d04c8deb08006f862ebcbe915a7654ba0260eafee6cc2285a02766a70d6b3b3f7fc1e517132fe0dae30d2563456d880ea18f1c12e2dc9402e3782e6b006c5e1f75bde09631ac82d77ab168f50994b5d4cad697883d4aec02d313b78baf097d577c04c2e8fb3f6dfbe4d9066b1420626ff98a"}, @NFTA_DATA_VALUE={0x34, 0x1, "b4e3a07c0732ff8a9fc0600ee11f5b85ba0cfcda30a29606e2137f7f1e08036ed7b15e8f258377c28c5748309bdf9aa3"}, @NFTA_DATA_VERDICT={0x4c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VERDICT={0x34, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0x2}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}, @NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0x8000000000000000}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}]}, @NFTA_DATA_VERDICT={0x50, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}]}, @NFTA_BITWISE_DATA={0x138, 0x7, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x20, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8}]}, @NFTA_DATA_VERDICT={0x20, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VALUE={0xa3, 0x1, "b3f4a7b7647a2fbcd3b31d706c81d5ea37bb4da0338cdf0fc52c87dd32bcc6906dc244d5acca77d442649dc4e6175e1b2cb9d2666d77a31d4e5a1df472268f430a45da2231c863ad210601e99444a82cf10e8bd36f8cdb6aed39c146c31d1643a973af2274821c1e4eddc953ea1a1ebb9f2a9c6081d44013cbbeb1a66e0c0214d58bbff3d7394b67721b5bcfea46a29a5bbefb834819b52ee8bc7d21a496bf"}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8}]}, @NFTA_DATA_VERDICT={0x38, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}]}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}]}, @NFTA_BITWISE_MASK={0xf4, 0x4, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x40, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VALUE={0x1e, 0x1, "9608563dc1cb5443935e11f39cbddfdc6320abae19a728603510"}, @NFTA_DATA_VALUE={0x4e, 0x1, "ee4be82e83e27f9a14d50b715c3df55377c2cdeef0defba8db4123b7a2db5a5915d79816d25c5423396371148d6c753ab343ffe0f999bcc98d8b042f6c6f3cba371d6312bf67af950a63"}, @NFTA_DATA_VERDICT={0x3c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VERDICT={0x4}]}]}}}]}, @NFT_MSG_DELCHAIN={0x30, 0x5, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x6}, [@NFTA_CHAIN_TYPE={0xa, 0x7, 'route\x00'}, @NFTA_CHAIN_COUNTERS={0x10, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x6}]}]}, @NFT_MSG_DELCHAIN={0x13c, 0x5, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x5}, [@NFTA_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x3}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x1}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffe}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_CHAIN_USERDATA={0xcc, 0xc, "a0dadcd3fdc5e74374445693dd7e61361794e20bfb163a23dffad6cd5bae5b0bbfb156db657933a112a21def9610528ea3e2c0395c4f717441c7d0b8f4e670ef50c649c9a77b59688ea60216f120e6fb82510d35b8f53df743ac471288504b80ae72b221a62b4ad185a0a0421eb3fbc9e96542a8cf9ad28e7f8734909efcec96074f42f27f5ca06f275f79863a496545c9bc1c435da41e1481f9fb174555ae4bafefee8068ebc3b4e89c1841f08cb816889d8a052bc4150ed4e16641d70e5f457f6214a12dba2521"}, @NFTA_CHAIN_COUNTERS={0x1c, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x9}]}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x6}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x4}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x801, 0x0, 0x0, {0x9, 0x0, 0x6}, @NFT_OBJECT_SYNPROXY=@NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}}, @NFT_MSG_DELOBJ={0x40, 0x14, 0xa, 0x301, 0x0, 0x0, {0x3, 0x0, 0x3}, [@NFTA_OBJ_USERDATA={0x2c, 0x8, "948f7613b538fbc90965676def6ad92a688bf7ee5b0f3a07828ed8cf26f6b6b2c533e4255bbc4339"}]}, @NFT_MSG_DELOBJ={0x68, 0x14, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x5}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x5}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x40, 0x18, 0xa, 0x5, 0x0, 0x0, {0xc921a85dbb198192, 0x0, 0x7}, [@NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x21f3}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0xfffffffe}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x617d}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0xba0}, 0x1, 0x0, 0x0, 0x1}, 0x20000094)
sendmsg$NL80211_CMD_SET_POWER_SAVE(r1, &(0x7f0000000f40)={&(0x7f0000000e40)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000f00)={&(0x7f0000000e80)={0x48, 0x0, 0x400, 0x70bd25, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x9, 0x10}}}}, [@NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}]}, 0x48}, 0x1, 0x0, 0x0, 0x40084}, 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000f80), 0x100, 0x0)
sendmsg$NL80211_CMD_TESTMODE(r3, &(0x7f0000001100)={&(0x7f0000000fc0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000010c0)={&(0x7f0000001000)={0xac, 0x0, 0x400, 0x70bd2b, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_TESTDATA={0x96, 0x45, "dbf89ca25ad4917250ba305aba0b9980bb80207eac63a2a2b60b935c52788fbe634cf7574d170dda10c408afcbc6281de38d9715db671a9ef255f742b45727d6fad9ba2e20b8b04c3dfb879a322348d6b8caf5c8fd0f69889dcc1d9bcacb5b5ae660388d78aee42721cc964c9c6f71078bc393c8a0bbb684c6d815e4d6be27b15721a643f2bc7ce9c102b3084dfbda57e9c8"}]}, 0xac}, 0x1, 0x0, 0x0, 0x20008004}, 0x400a840)
ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000001140)={'ipvlan0\x00'})
setsockopt$RDS_GET_MR_FOR_DEST(r3, 0x114, 0x7, &(0x7f0000001200)={@nfc={0x27, 0x0, 0x1, 0x2}, {&(0x7f0000001180)=""/13, 0xd}, &(0x7f00000011c0), 0x2}, 0xa0) (async)
setsockopt$RDS_GET_MR_FOR_DEST(r3, 0x114, 0x7, &(0x7f0000001200)={@nfc={0x27, 0x0, 0x1, 0x2}, {&(0x7f0000001180)=""/13, 0xd}, &(0x7f00000011c0), 0x2}, 0xa0)
fsetxattr$trusted_overlay_nlink(r3, &(0x7f00000012c0), &(0x7f0000001300)={'L+', 0x1d}, 0x16, 0x2)
ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000001340)=0x8001)
fcntl$F_GET_FILE_RW_HINT(r3, 0x40d, &(0x7f0000001380))
waitid$P_PIDFD(0x3, r1, &(0x7f00000013c0), 0x2, &(0x7f0000001440)) (async)
waitid$P_PIDFD(0x3, r1, &(0x7f00000013c0), 0x2, &(0x7f0000001440))
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000001500), 0x4500, 0x0)
ioctl$TUNSETPERSIST(r4, 0x400454cb, 0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f0000001580), r1) (async)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001580), r1)
sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r0, &(0x7f0000001680)={&(0x7f0000001540)={0x10, 0x0, 0x0, 0x12000011}, 0xc, &(0x7f0000001640)={&(0x7f00000015c0)={0x68, r5, 0x4, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x21}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x26}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x13}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x27}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x5d}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x52}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x3}]}, 0x68}, 0x1, 0x0, 0x0, 0x8801}, 0x4040040)
ioctl$FICLONE(r0, 0x40049409, r0) (async)
ioctl$FICLONE(r0, 0x40049409, r0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000001d40)={&(0x7f00000016c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001d00)={&(0x7f0000001700)={0x5e0, r5, 0x2, 0x70bd27, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0x1c8, 0x11d, 0x0, 0x1, [{0xb8, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x9}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x90e}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x11}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x94, 0xd, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x50, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x4a, 0x2, [{0x0, 0x5}, {0x3, 0x8}, {0x7, 0x9}, {0x3, 0x9}, {0x2, 0x3}, {0x5, 0x2}, {0x7, 0x8}, {0x2, 0x9}, {0x0, 0xa}, {0x3, 0x5}, {0x0, 0x3}, {0x0, 0xa}, {0x0, 0x9}, {0x1, 0x2}, {0x5, 0x6}, {0x6, 0x2}, {0x0, 0x5}, {0x6, 0x2}, {0x5}, {0x5, 0xa}, {0x0, 0x4}, {0x6, 0x2}, {0x3, 0x2}, {0x2, 0x6}, {0x6}, {0x1, 0x6}, {0x7, 0x5}, {0x4, 0x1}, {0x7, 0x2}, {0x5}, {0x2, 0x5}, {0x4, 0x5}, {0x2, 0x1}, {0x1, 0x6}, {0x7, 0x3}, {0x7, 0x6}, {0x0, 0x3}, {0x0, 0x9}, {0x7, 0x4}, {0x0, 0x1}, {0x1, 0x7}, {0x3, 0x8}, {0x6, 0x3}, {0x0, 0x4}, {0x3, 0x4}, {0x6, 0x1}, {0x0, 0x1}, {0x7, 0x1}, {0x0, 0x4}, {0x0, 0x1}, {0x4, 0x7}, {0x6}, {0x7, 0x7}, {0x3, 0x4}, {0x0, 0x5}, {0x4}, {0x0, 0x7}, {0x6, 0x3}, {0x5, 0xa}, {0x1}, {0x5, 0x9}, {0x5, 0x7}, {0x7, 0x2}, {0x6, 0x7}, {0x4, 0x2}, {0x0, 0x4}, {0x0, 0x4}, {0x4}, {0x3, 0x3}, {0x3, 0x9}]}]}, @NL80211_BAND_60GHZ={0x40, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HT={0x33, 0x2, [{0x6, 0x7}, {0x0, 0x8}, {0x1}, {0x0, 0x8}, {0x6, 0x5}, {0x6, 0x8}, {0x2, 0x1}, {0x3, 0x3}, {0x0, 0x3}, {0x0, 0x5}, {0x0, 0x8}, {0x3, 0x2}, {}, {0x0, 0x2}, {0x2, 0x3}, {0x7, 0x6}, {0x3, 0x9}, {0x6, 0x1}, {0x7, 0xa}, {0x3, 0x8}, {0x7, 0xa}, {0x6, 0xa}, {0x6, 0x8}, {0x0, 0x6}, {0x5, 0x8}, {0x5}, {0x3, 0x7}, {0x7, 0x9}, {0x5, 0xa}, {0x2, 0xa}, {0x2, 0x2}, {0x2, 0x9}, {0x5, 0x8}, {0x0, 0x6}, {0x2, 0x8}, {0x1}, {0x1, 0x3}, {0x6, 0x7}, {0x5, 0x1}, {0x0, 0x8}, {0x7, 0x5}, {0x3, 0x3}, {0x1, 0x5}, {0x1, 0x7}, {0x3, 0x1}, {0x5, 0x9}, {0x4, 0x4}]}]}]}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x3ff}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x7fffffff}]}, {0x8, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}, {0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x1d1}]}, {0xd0, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0xc}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x8c, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x88, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x24, 0x1, [0x24, 0x24, 0x18, 0x36, 0x1b, 0x2, 0x1, 0x12, 0x6c, 0xb, 0x30, 0x48, 0x1b, 0x18, 0x16, 0x36, 0x0, 0x36, 0x4, 0x1b, 0x30, 0x9, 0x2, 0x4, 0x9, 0x18, 0x4, 0xc, 0x1b, 0x24, 0x60, 0x9]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x401, 0x7, 0x4, 0x5, 0xe207, 0x4, 0x3, 0x8001]}}, @NL80211_TXRATE_HT={0x4a, 0x2, [{0x3, 0x2}, {0x2, 0x8}, {0x6, 0x6}, {0x3}, {0x2, 0x2}, {0x6, 0xa}, {0x7, 0x5}, {0x2, 0x8}, {0x5, 0x5}, {0x5, 0x6}, {0x0, 0x7}, {0x4, 0xa}, {0x3, 0x7}, {0x4, 0xa}, {0x1, 0xa}, {0x5, 0x1}, {0x5, 0x9}, {0x6, 0xa}, {0x3, 0x5}, {0x3, 0x2}, {0x7, 0x3}, {0x0, 0x8}, {0x6, 0xa}, {0x5, 0x2}, {0x4, 0x2}, {0x3, 0x4}, {0x7}, {0x2, 0x3}, {0x1, 0x4}, {0x5}, {0x0, 0x8}, {0x4}, {0x3, 0x2}, {0x1, 0x6}, {0x3, 0x8}, {0x4, 0x5}, {0x0, 0xa}, {0x6, 0x9}, {0x1, 0x1}, {0x1, 0x9}, {0x7, 0x6}, {0x2, 0x4}, {0x7, 0x4}, {0x3, 0x6}, {0x5, 0x7}, {0x5, 0x8}, {0x6}, {0x1, 0x1}, {0x4, 0x4}, {0x4, 0x2}, {0x7, 0x5}, {0x5, 0x4}, {0x3, 0x3}, {0x2, 0x4}, {0x5, 0xa}, {0x1, 0x8}, {0x5, 0x3}, {0x0, 0xa}, {0x1}, {0x2, 0x3}, {0x0, 0x9}, {0x1, 0x3}, {0x6, 0x6}, {0x6, 0x1}, {0x2, 0x7}, {0x1, 0x6}, {0x6, 0x6}, {0x3}, {0x3, 0x3}, {0x7, 0x4}]}]}]}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x9}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x8b}]}]}, @NL80211_ATTR_TID_CONFIG={0x404, 0x11d, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xd7}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0xb}]}, {0x2dc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x6}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x2b8, 0xd, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x18, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x65, 0x800, 0xdb1, 0x6, 0x9, 0x401, 0x5, 0xfff9]}}]}, @NL80211_BAND_6GHZ={0x24, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0xd, 0x1, [0x36, 0x1, 0x6c, 0xb, 0x1, 0x30, 0x2, 0x30, 0x30]}, @NL80211_TXRATE_LEGACY={0x7, 0x1, [0x48, 0x4, 0x1b]}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_6GHZ={0x64, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0xfffb, 0x8, 0x7ff, 0x800, 0x7fff, 0x8725, 0x4, 0x58fc]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x200, 0x2, 0xff66, 0x2, 0x9, 0x4, 0x5, 0x8]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xfffe, 0x7c3f, 0xc, 0x4, 0xcd4, 0x7, 0x9, 0xf]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_LEGACY={0x7, 0x1, [0xc, 0x6c, 0x2]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x7, 0x4, 0x0, 0x400, 0x8, 0x4, 0x200]}}]}, @NL80211_BAND_60GHZ={0x68, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x81, 0x1, 0xb4, 0x367, 0x0, 0xfff9, 0x4, 0x80]}}, @NL80211_TXRATE_HT={0x1f, 0x2, [{0x4}, {0x5, 0xa}, {0x4, 0x8}, {0x7, 0x3}, {0x2, 0x1}, {0x2, 0x3}, {0x6, 0x6}, {0x3, 0x8}, {0x0, 0x3}, {0x6, 0x7}, {0x4, 0x4}, {0x1, 0x1}, {0x1, 0x1}, {}, {0x5, 0x6}, {0x4, 0x6}, {0x0, 0x5}, {0x1, 0x3}, {0x1, 0x4}, {0x1, 0x9}, {0x2, 0x2}, {0x6, 0x4}, {}, {0x4, 0x9}, {0x7, 0x2}, {0x2, 0x9}, {0x3, 0x9}]}, @NL80211_TXRATE_LEGACY={0x13, 0x1, [0x1b, 0x9, 0x1b, 0x1, 0x4, 0x30, 0x60, 0x12, 0x6c, 0x18, 0x5, 0x5, 0x30, 0xb, 0x2]}, @NL80211_TXRATE_LEGACY={0x1b, 0x1, [0x6, 0x4, 0x5, 0x60, 0x5, 0x2, 0x16, 0x1, 0x5, 0x1b, 0x6, 0x7c, 0x18, 0x16, 0x3, 0x18, 0x4, 0xb, 0x1b, 0x17, 0x36, 0x4, 0x60]}]}, @NL80211_BAND_2GHZ={0x28, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x1, 0xc, 0x2, 0x4, 0x9, 0x2, 0xa]}}]}, @NL80211_BAND_6GHZ={0x10c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x1a, 0x1, [0x36, 0xc, 0x2, 0xc, 0x6, 0x16, 0x12, 0x48, 0x4, 0x0, 0x6, 0x24, 0x1b, 0x16, 0x9, 0x5, 0x6, 0x18, 0x60, 0x16, 0x12, 0x28]}, @NL80211_TXRATE_HT={0x39, 0x2, [{0x5, 0x1}, {0x2, 0x4}, {0x1, 0x2}, {0x5, 0x6}, {0x1, 0x6}, {0x5, 0x4}, {0x1, 0x9}, {0x2, 0x5}, {0x0, 0x5}, {0x0, 0x2}, {0x5, 0x3}, {0x3, 0x8}, {0x7, 0x7}, {0x2, 0x9}, {0x7, 0x3}, {0x7, 0x1}, {0x7, 0x1}, {0x0, 0x8}, {0x0, 0x1}, {0x7, 0xa}, {0x5, 0x2}, {0x1, 0x7}, {0x1, 0x2}, {0x0, 0x7}, {0x7}, {0x3, 0x5}, {0x3, 0x2}, {0x2, 0x7}, {0x3, 0x5}, {0x6, 0x7}, {0x2, 0xa}, {0x1, 0x3}, {0x7, 0x5}, {0x3}, {0x4, 0x6}, {}, {0x7, 0x3}, {0x4, 0x1}, {0x1, 0x2}, {0x1, 0x6}, {0x0, 0xa}, {0x1}, {0x4, 0x1}, {0x2, 0x6}, {0x6, 0x1}, {0x7, 0x5}, {0x6, 0x5}, {0x1, 0x2}, {0x1, 0x4}, {0x7, 0x5}, {0x0, 0x1}, {0x2, 0x6}, {0x1, 0x7}]}, @NL80211_TXRATE_HT={0x2e, 0x2, [{0x4, 0x8}, {0x5, 0x1}, {0x3, 0x6}, {0x2, 0x6}, {0x0, 0x2}, {0x4, 0x9}, {0x1, 0x6}, {0x5, 0x3}, {0x4, 0x4}, {0x6, 0x6}, {}, {0x6, 0x9}, {0x0, 0x1}, {0x3, 0x9}, {0x6, 0xa}, {0x7, 0x6}, {0x4, 0x2}, {0x6, 0x1}, {0x3, 0xa}, {0x7, 0x1}, {0x3, 0xa}, {0x6, 0x3}, {0x0, 0x7}, {0x2, 0x1d}, {0x0, 0x6}, {0x2, 0x2}, {0x5, 0x6}, {0x4, 0x5}, {0x4, 0x2}, {0x6}, {0x1, 0x4}, {0x7, 0x7}, {0x3, 0x9}, {0x1, 0x2}, {0x6, 0x7}, {0x5, 0xa}, {0x1, 0xa}, {0x3, 0x9}, {0x4, 0xa}, {0x1, 0x6}, {0x4, 0x4}, {0x1, 0x1}]}, @NL80211_TXRATE_HT={0x11, 0x2, [{0x1, 0x2}, {0x1, 0x2}, {0x4, 0x5}, {0x2, 0x2}, {0x1, 0x7}, {0x2, 0xa}, {0x2, 0x8}, {0x2, 0x7}, {0x0, 0x8}, {0x2, 0x2}, {0x2, 0x7}, {0x1, 0x7}, {0x1, 0x5}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HT={0x19, 0x2, [{0x6, 0x7}, {0x1, 0x4}, {0x4, 0x5}, {0x1, 0x2}, {0x5, 0x4}, {}, {0x6}, {0x1, 0x9}, {0x0, 0xa}, {0x4, 0x5}, {0x2, 0xa}, {0x6, 0x6}, {0x7, 0x5}, {0x2, 0x6}, {0x6, 0x6}, {0x7, 0x6}, {0x3}, {0x3, 0x7}, {0x4}, {0x6, 0xa}, {0x0, 0x3}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8000, 0x200, 0x5, 0x1, 0x5, 0xaaf, 0x400, 0x8bbf]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HT={0x22, 0x2, [{0x1, 0xa}, {0x5, 0x3}, {0x3, 0x2}, {0x3, 0xa}, {0x7, 0xa}, {0x4, 0x7}, {0x4, 0x8}, {0x0, 0x7}, {0x3, 0x5}, {0x3, 0x4}, {0x4}, {0x3, 0x3}, {0x2, 0x1}, {0x5, 0x3}, {0x2, 0x7}, {0x6, 0x8}, {0x1, 0x4}, {0x5, 0x2}, {0x1, 0x1}, {0x6, 0x6}, {0x5, 0xa}, {0x5, 0x6}, {0x4, 0x8}, {0x0, 0x9}, {0x1, 0x6}, {0x2, 0x1}, {0x2, 0x8}, {0x1, 0x2}, {0x5, 0x4}, {0x1, 0x6}]}]}, @NL80211_BAND_5GHZ={0x58, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x2, 0x910, 0x5, 0x3, 0x4, 0x9, 0xfff9, 0x4]}}, @NL80211_TXRATE_HT={0xd, 0x2, [{0x3, 0x7}, {0x7, 0x4}, {0x2, 0x3}, {0x0, 0x6}, {0x0, 0xa}, {0x1, 0x9}, {0x4, 0x1}, {0x6, 0x6}, {0x7, 0x7}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0x9, 0x10, 0x5, 0x400, 0x99, 0x2e, 0x7]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0xfffa, 0x84, 0x2, 0x6, 0x6, 0x2, 0x2]}}, @NL80211_TXRATE_HT={0x5, 0x2, [{0x1, 0x8}]}]}, @NL80211_BAND_6GHZ={0x20, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x1a, 0x2, [{0x4, 0x6}, {0x0, 0x4}, {0x1, 0x2}, {0x1, 0x1}, {0x6, 0xa}, {0x2, 0x4}, {0x6, 0x9}, {0x3, 0x3}, {0x2, 0x7}, {0x0, 0x6}, {0x1, 0x7}, {0x4, 0x4}, {0x1, 0x9}, {0x1}, {0x6, 0x5}, {0x7, 0x4}, {0x3}, {0x7, 0x7}, {0x4, 0x2}, {0x4, 0x6}, {0x2, 0x3}, {0x7, 0xa}]}]}]}]}, {0x60, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x59}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xb}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xf2}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x7ff}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x9}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xd3}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x98}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x10, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0xc, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}]}]}, {0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x7ff}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x2c}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x9f}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}]}, {0x44, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xac}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}]}]}]}, 0x5e0}, 0x1, 0x0, 0x0, 0x4}, 0x4008110) (async)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000001d40)={&(0x7f00000016c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001d00)={&(0x7f0000001700)={0x5e0, r5, 0x2, 0x70bd27, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0x1c8, 0x11d, 0x0, 0x1, [{0xb8, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x9}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x90e}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x11}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x94, 0xd, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x50, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x4a, 0x2, [{0x0, 0x5}, {0x3, 0x8}, {0x7, 0x9}, {0x3, 0x9}, {0x2, 0x3}, {0x5, 0x2}, {0x7, 0x8}, {0x2, 0x9}, {0x0, 0xa}, {0x3, 0x5}, {0x0, 0x3}, {0x0, 0xa}, {0x0, 0x9}, {0x1, 0x2}, {0x5, 0x6}, {0x6, 0x2}, {0x0, 0x5}, {0x6, 0x2}, {0x5}, {0x5, 0xa}, {0x0, 0x4}, {0x6, 0x2}, {0x3, 0x2}, {0x2, 0x6}, {0x6}, {0x1, 0x6}, {0x7, 0x5}, {0x4, 0x1}, {0x7, 0x2}, {0x5}, {0x2, 0x5}, {0x4, 0x5}, {0x2, 0x1}, {0x1, 0x6}, {0x7, 0x3}, {0x7, 0x6}, {0x0, 0x3}, {0x0, 0x9}, {0x7, 0x4}, {0x0, 0x1}, {0x1, 0x7}, {0x3, 0x8}, {0x6, 0x3}, {0x0, 0x4}, {0x3, 0x4}, {0x6, 0x1}, {0x0, 0x1}, {0x7, 0x1}, {0x0, 0x4}, {0x0, 0x1}, {0x4, 0x7}, {0x6}, {0x7, 0x7}, {0x3, 0x4}, {0x0, 0x5}, {0x4}, {0x0, 0x7}, {0x6, 0x3}, {0x5, 0xa}, {0x1}, {0x5, 0x9}, {0x5, 0x7}, {0x7, 0x2}, {0x6, 0x7}, {0x4, 0x2}, {0x0, 0x4}, {0x0, 0x4}, {0x4}, {0x3, 0x3}, {0x3, 0x9}]}]}, @NL80211_BAND_60GHZ={0x40, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HT={0x33, 0x2, [{0x6, 0x7}, {0x0, 0x8}, {0x1}, {0x0, 0x8}, {0x6, 0x5}, {0x6, 0x8}, {0x2, 0x1}, {0x3, 0x3}, {0x0, 0x3}, {0x0, 0x5}, {0x0, 0x8}, {0x3, 0x2}, {}, {0x0, 0x2}, {0x2, 0x3}, {0x7, 0x6}, {0x3, 0x9}, {0x6, 0x1}, {0x7, 0xa}, {0x3, 0x8}, {0x7, 0xa}, {0x6, 0xa}, {0x6, 0x8}, {0x0, 0x6}, {0x5, 0x8}, {0x5}, {0x3, 0x7}, {0x7, 0x9}, {0x5, 0xa}, {0x2, 0xa}, {0x2, 0x2}, {0x2, 0x9}, {0x5, 0x8}, {0x0, 0x6}, {0x2, 0x8}, {0x1}, {0x1, 0x3}, {0x6, 0x7}, {0x5, 0x1}, {0x0, 0x8}, {0x7, 0x5}, {0x3, 0x3}, {0x1, 0x5}, {0x1, 0x7}, {0x3, 0x1}, {0x5, 0x9}, {0x4, 0x4}]}]}]}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x3ff}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x7fffffff}]}, {0x8, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}, {0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x1d1}]}, {0xd0, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0xc}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x8c, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x88, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x24, 0x1, [0x24, 0x24, 0x18, 0x36, 0x1b, 0x2, 0x1, 0x12, 0x6c, 0xb, 0x30, 0x48, 0x1b, 0x18, 0x16, 0x36, 0x0, 0x36, 0x4, 0x1b, 0x30, 0x9, 0x2, 0x4, 0x9, 0x18, 0x4, 0xc, 0x1b, 0x24, 0x60, 0x9]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x401, 0x7, 0x4, 0x5, 0xe207, 0x4, 0x3, 0x8001]}}, @NL80211_TXRATE_HT={0x4a, 0x2, [{0x3, 0x2}, {0x2, 0x8}, {0x6, 0x6}, {0x3}, {0x2, 0x2}, {0x6, 0xa}, {0x7, 0x5}, {0x2, 0x8}, {0x5, 0x5}, {0x5, 0x6}, {0x0, 0x7}, {0x4, 0xa}, {0x3, 0x7}, {0x4, 0xa}, {0x1, 0xa}, {0x5, 0x1}, {0x5, 0x9}, {0x6, 0xa}, {0x3, 0x5}, {0x3, 0x2}, {0x7, 0x3}, {0x0, 0x8}, {0x6, 0xa}, {0x5, 0x2}, {0x4, 0x2}, {0x3, 0x4}, {0x7}, {0x2, 0x3}, {0x1, 0x4}, {0x5}, {0x0, 0x8}, {0x4}, {0x3, 0x2}, {0x1, 0x6}, {0x3, 0x8}, {0x4, 0x5}, {0x0, 0xa}, {0x6, 0x9}, {0x1, 0x1}, {0x1, 0x9}, {0x7, 0x6}, {0x2, 0x4}, {0x7, 0x4}, {0x3, 0x6}, {0x5, 0x7}, {0x5, 0x8}, {0x6}, {0x1, 0x1}, {0x4, 0x4}, {0x4, 0x2}, {0x7, 0x5}, {0x5, 0x4}, {0x3, 0x3}, {0x2, 0x4}, {0x5, 0xa}, {0x1, 0x8}, {0x5, 0x3}, {0x0, 0xa}, {0x1}, {0x2, 0x3}, {0x0, 0x9}, {0x1, 0x3}, {0x6, 0x6}, {0x6, 0x1}, {0x2, 0x7}, {0x1, 0x6}, {0x6, 0x6}, {0x3}, {0x3, 0x3}, {0x7, 0x4}]}]}]}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x9}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x8b}]}]}, @NL80211_ATTR_TID_CONFIG={0x404, 0x11d, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xd7}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0xb}]}, {0x2dc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x6}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x2b8, 0xd, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x18, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x65, 0x800, 0xdb1, 0x6, 0x9, 0x401, 0x5, 0xfff9]}}]}, @NL80211_BAND_6GHZ={0x24, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0xd, 0x1, [0x36, 0x1, 0x6c, 0xb, 0x1, 0x30, 0x2, 0x30, 0x30]}, @NL80211_TXRATE_LEGACY={0x7, 0x1, [0x48, 0x4, 0x1b]}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_6GHZ={0x64, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0xfffb, 0x8, 0x7ff, 0x800, 0x7fff, 0x8725, 0x4, 0x58fc]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x200, 0x2, 0xff66, 0x2, 0x9, 0x4, 0x5, 0x8]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xfffe, 0x7c3f, 0xc, 0x4, 0xcd4, 0x7, 0x9, 0xf]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_LEGACY={0x7, 0x1, [0xc, 0x6c, 0x2]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x7, 0x4, 0x0, 0x400, 0x8, 0x4, 0x200]}}]}, @NL80211_BAND_60GHZ={0x68, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x81, 0x1, 0xb4, 0x367, 0x0, 0xfff9, 0x4, 0x80]}}, @NL80211_TXRATE_HT={0x1f, 0x2, [{0x4}, {0x5, 0xa}, {0x4, 0x8}, {0x7, 0x3}, {0x2, 0x1}, {0x2, 0x3}, {0x6, 0x6}, {0x3, 0x8}, {0x0, 0x3}, {0x6, 0x7}, {0x4, 0x4}, {0x1, 0x1}, {0x1, 0x1}, {}, {0x5, 0x6}, {0x4, 0x6}, {0x0, 0x5}, {0x1, 0x3}, {0x1, 0x4}, {0x1, 0x9}, {0x2, 0x2}, {0x6, 0x4}, {}, {0x4, 0x9}, {0x7, 0x2}, {0x2, 0x9}, {0x3, 0x9}]}, @NL80211_TXRATE_LEGACY={0x13, 0x1, [0x1b, 0x9, 0x1b, 0x1, 0x4, 0x30, 0x60, 0x12, 0x6c, 0x18, 0x5, 0x5, 0x30, 0xb, 0x2]}, @NL80211_TXRATE_LEGACY={0x1b, 0x1, [0x6, 0x4, 0x5, 0x60, 0x5, 0x2, 0x16, 0x1, 0x5, 0x1b, 0x6, 0x7c, 0x18, 0x16, 0x3, 0x18, 0x4, 0xb, 0x1b, 0x17, 0x36, 0x4, 0x60]}]}, @NL80211_BAND_2GHZ={0x28, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x1, 0xc, 0x2, 0x4, 0x9, 0x2, 0xa]}}]}, @NL80211_BAND_6GHZ={0x10c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x1a, 0x1, [0x36, 0xc, 0x2, 0xc, 0x6, 0x16, 0x12, 0x48, 0x4, 0x0, 0x6, 0x24, 0x1b, 0x16, 0x9, 0x5, 0x6, 0x18, 0x60, 0x16, 0x12, 0x28]}, @NL80211_TXRATE_HT={0x39, 0x2, [{0x5, 0x1}, {0x2, 0x4}, {0x1, 0x2}, {0x5, 0x6}, {0x1, 0x6}, {0x5, 0x4}, {0x1, 0x9}, {0x2, 0x5}, {0x0, 0x5}, {0x0, 0x2}, {0x5, 0x3}, {0x3, 0x8}, {0x7, 0x7}, {0x2, 0x9}, {0x7, 0x3}, {0x7, 0x1}, {0x7, 0x1}, {0x0, 0x8}, {0x0, 0x1}, {0x7, 0xa}, {0x5, 0x2}, {0x1, 0x7}, {0x1, 0x2}, {0x0, 0x7}, {0x7}, {0x3, 0x5}, {0x3, 0x2}, {0x2, 0x7}, {0x3, 0x5}, {0x6, 0x7}, {0x2, 0xa}, {0x1, 0x3}, {0x7, 0x5}, {0x3}, {0x4, 0x6}, {}, {0x7, 0x3}, {0x4, 0x1}, {0x1, 0x2}, {0x1, 0x6}, {0x0, 0xa}, {0x1}, {0x4, 0x1}, {0x2, 0x6}, {0x6, 0x1}, {0x7, 0x5}, {0x6, 0x5}, {0x1, 0x2}, {0x1, 0x4}, {0x7, 0x5}, {0x0, 0x1}, {0x2, 0x6}, {0x1, 0x7}]}, @NL80211_TXRATE_HT={0x2e, 0x2, [{0x4, 0x8}, {0x5, 0x1}, {0x3, 0x6}, {0x2, 0x6}, {0x0, 0x2}, {0x4, 0x9}, {0x1, 0x6}, {0x5, 0x3}, {0x4, 0x4}, {0x6, 0x6}, {}, {0x6, 0x9}, {0x0, 0x1}, {0x3, 0x9}, {0x6, 0xa}, {0x7, 0x6}, {0x4, 0x2}, {0x6, 0x1}, {0x3, 0xa}, {0x7, 0x1}, {0x3, 0xa}, {0x6, 0x3}, {0x0, 0x7}, {0x2, 0x1d}, {0x0, 0x6}, {0x2, 0x2}, {0x5, 0x6}, {0x4, 0x5}, {0x4, 0x2}, {0x6}, {0x1, 0x4}, {0x7, 0x7}, {0x3, 0x9}, {0x1, 0x2}, {0x6, 0x7}, {0x5, 0xa}, {0x1, 0xa}, {0x3, 0x9}, {0x4, 0xa}, {0x1, 0x6}, {0x4, 0x4}, {0x1, 0x1}]}, @NL80211_TXRATE_HT={0x11, 0x2, [{0x1, 0x2}, {0x1, 0x2}, {0x4, 0x5}, {0x2, 0x2}, {0x1, 0x7}, {0x2, 0xa}, {0x2, 0x8}, {0x2, 0x7}, {0x0, 0x8}, {0x2, 0x2}, {0x2, 0x7}, {0x1, 0x7}, {0x1, 0x5}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HT={0x19, 0x2, [{0x6, 0x7}, {0x1, 0x4}, {0x4, 0x5}, {0x1, 0x2}, {0x5, 0x4}, {}, {0x6}, {0x1, 0x9}, {0x0, 0xa}, {0x4, 0x5}, {0x2, 0xa}, {0x6, 0x6}, {0x7, 0x5}, {0x2, 0x6}, {0x6, 0x6}, {0x7, 0x6}, {0x3}, {0x3, 0x7}, {0x4}, {0x6, 0xa}, {0x0, 0x3}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8000, 0x200, 0x5, 0x1, 0x5, 0xaaf, 0x400, 0x8bbf]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HT={0x22, 0x2, [{0x1, 0xa}, {0x5, 0x3}, {0x3, 0x2}, {0x3, 0xa}, {0x7, 0xa}, {0x4, 0x7}, {0x4, 0x8}, {0x0, 0x7}, {0x3, 0x5}, {0x3, 0x4}, {0x4}, {0x3, 0x3}, {0x2, 0x1}, {0x5, 0x3}, {0x2, 0x7}, {0x6, 0x8}, {0x1, 0x4}, {0x5, 0x2}, {0x1, 0x1}, {0x6, 0x6}, {0x5, 0xa}, {0x5, 0x6}, {0x4, 0x8}, {0x0, 0x9}, {0x1, 0x6}, {0x2, 0x1}, {0x2, 0x8}, {0x1, 0x2}, {0x5, 0x4}, {0x1, 0x6}]}]}, @NL80211_BAND_5GHZ={0x58, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x2, 0x910, 0x5, 0x3, 0x4, 0x9, 0xfff9, 0x4]}}, @NL80211_TXRATE_HT={0xd, 0x2, [{0x3, 0x7}, {0x7, 0x4}, {0x2, 0x3}, {0x0, 0x6}, {0x0, 0xa}, {0x1, 0x9}, {0x4, 0x1}, {0x6, 0x6}, {0x7, 0x7}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0x9, 0x10, 0x5, 0x400, 0x99, 0x2e, 0x7]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0xfffa, 0x84, 0x2, 0x6, 0x6, 0x2, 0x2]}}, @NL80211_TXRATE_HT={0x5, 0x2, [{0x1, 0x8}]}]}, @NL80211_BAND_6GHZ={0x20, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x1a, 0x2, [{0x4, 0x6}, {0x0, 0x4}, {0x1, 0x2}, {0x1, 0x1}, {0x6, 0xa}, {0x2, 0x4}, {0x6, 0x9}, {0x3, 0x3}, {0x2, 0x7}, {0x0, 0x6}, {0x1, 0x7}, {0x4, 0x4}, {0x1, 0x9}, {0x1}, {0x6, 0x5}, {0x7, 0x4}, {0x3}, {0x7, 0x7}, {0x4, 0x2}, {0x4, 0x6}, {0x2, 0x3}, {0x7, 0xa}]}]}]}]}, {0x60, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x59}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xb}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xf2}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x7ff}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x9}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xd3}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x98}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x10, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0xc, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}]}]}, {0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x7ff}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x2c}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x9f}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}]}, {0x44, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xac}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}]}]}]}, 0x5e0}, 0x1, 0x0, 0x0, 0x4}, 0x4008110)
openat2(r3, &(0x7f0000001d80)='./file0\x00', &(0x7f0000001dc0)={0x400800, 0x8, 0x30}, 0x18) (async)
r6 = openat2(r3, &(0x7f0000001d80)='./file0\x00', &(0x7f0000001dc0)={0x400800, 0x8, 0x30}, 0x18)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r6, 0x4010ae74, &(0x7f0000001e00)={0x4, 0x4, 0x589}) (async)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r6, 0x4010ae74, &(0x7f0000001e00)={0x4, 0x4, 0x589})
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000001e80)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(0xffffffffffffffff, &(0x7f0000001fc0)={&(0x7f0000001e40)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000001f80)={&(0x7f0000001ec0)={0x88, r5, 0x200, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x12}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x42}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0xe}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x5e}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x2a}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x78}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x2e}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x27}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x47}]}, 0x88}, 0x1, 0x0, 0x0, 0x8000}, 0x48820) (async)
sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(0xffffffffffffffff, &(0x7f0000001fc0)={&(0x7f0000001e40)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000001f80)={&(0x7f0000001ec0)={0x88, r5, 0x200, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x12}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x42}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0xe}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x5e}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x2a}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x78}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x2e}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x27}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x47}]}, 0x88}, 0x1, 0x0, 0x0, 0x8000}, 0x48820)
sendmsg$NL80211_CMD_RADAR_DETECT(r6, &(0x7f0000002100)={&(0x7f0000002000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000020c0)={&(0x7f0000002040)={0x48, r5, 0x400, 0x70bd2a, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x2, 0x51}}}}, [@NL80211_ATTR_CENTER_FREQ2={0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x4}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16ee}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}]}, 0x48}, 0x1, 0x0, 0x0, 0x8014}, 0x80)
syz_genetlink_get_family_id$nl80211(&(0x7f0000002140), r3)
sendmsg$TIPC_NL_BEARER_SET(r6, &(0x7f0000002380)={&(0x7f0000002180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000002340)={&(0x7f0000002200)={0x124, 0x0, 0x400, 0x70bd29, 0x25dfdbff, {}, [@TIPC_NLA_LINK={0xc8, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fff}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4f7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe436}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x44a}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffa9cb}]}]}, @TIPC_NLA_SOCK={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xd}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x101}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x6}]}]}, 0x124}, 0x1, 0x0, 0x0, 0x24000090}, 0x4000814)

3.684807362s ago: executing program 3 (id=3364):
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x4000041)
getsockopt$inet6_mptcp_buf(0xffffffffffffffff, 0x11c, 0x2, 0x0, &(0x7f0000000000))
socketpair$unix(0x1, 0x3, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x11c0, 0x4080000)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file4\x00', &(0x7f0000000380)={0x80}, 0x18)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file4\x00', 0x1, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2002, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="44000000200001c83c0175c81b2ccd29a5beec5cbf002abd7000000000000a808000000000060000000014000200fc0200000000000000000000000000011400010020010000000000000000000000000001"], 0x44}, 0x1, 0x0, 0x0, 0xc011}, 0x40008)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)=ANY=[@ANYBLOB="5c00000010003904000000000000000000008000", @ANYRESDEC=r1, @ANYBLOB="00000000000000003c0012800b000100697036746e6c00002c000280140003002001000000000000000000000000000114000200fc02"], 0x5c}}, 0x0)
ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(0xffffffffffffffff, 0x4048587b, &(0x7f0000000480)={{<r3=>0xffffffffffffffff, &(0x7f0000000200)='*!+{&/&\x00', 0x1, &(0x7f0000000240)={@align=0x2, {0xe5, 0xd, 0x73b2, 0x4}}, 0x80, &(0x7f0000000280)={@_ha_fsid}, &(0x7f0000000340)=0xe}, 0x1, &(0x7f0000000440)=[{0x1, 0x5, &(0x7f00000003c0)='\x00', &(0x7f0000000400), 0x0, 0xa}]})
ioctl$UI_GET_SYSNAME(r3, 0x8040552c, &(0x7f0000000540))
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)

2.865570076s ago: executing program 2 (id=3365):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r0)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r1 = syz_usb_connect(0x0, 0x3f, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000000009040000030b08000009058d67c8002a000009050502000000000009058b6e", @ANYRESOCT], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_emit_ethernet(0x1f2, &(0x7f0000000440)=ANY=[], 0x0)

2.789550843s ago: executing program 4 (id=3366):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FD_FRAMES(r2, 0x65, 0x5, 0x0, 0x0)
mprotect(&(0x7f00003a3000/0x1000)=nil, 0x1000, 0x3)
ioctl$DRM_IOCTL_GET_MAP(0xffffffffffffffff, 0xc0286404, &(0x7f0000000100)={&(0x7f000052e000/0x4000)=nil})
r3 = creat(&(0x7f0000001340)='./file0\x00', 0xecf86c37d53049cc)
close(r3)
ioctl$FE_DISHNETWORK_SEND_LEGACY_CMD(r3, 0x6f50, 0x5)
timer_delete(r1)
r4 = gettid()
r5 = socket$inet_sctp(0x2, 0x4, 0x84)
timer_create(0x3, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000001080))
timer_settime(0x0, 0x236bd4336e4642df, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r6 = add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
r7 = add_key$user(&(0x7f00000000c0), &(0x7f0000000280)={'syz', 0x3}, &(0x7f0000000180)="d3a2", 0x2, 0xffffffffffffffff)
r8 = add_key$user(&(0x7f0000000200), &(0x7f00000002c0)={'syz', 0x3}, &(0x7f0000000300)="48f069db6a", 0x5, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f00000003c0)={r6, r7, r8}, 0x0, 0x0, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x200000a, 0x10, r5, 0xec775000)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)

2.751981814s ago: executing program 1 (id=3367):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0)
fcntl$notify(r0, 0x402, 0x40000008) (async)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
listen(r1, 0x3) (async)
r2 = socket$inet(0xa, 0x801, 0x84) (async)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000400)=ANY=[@ANYBLOB="3c000000110001002cbd7000fedbdf25fe8000000000000000000000000000aa000004d302003c0014000d000000000000000000ffff000000000000"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x10) (async)
listen(r2, 0xfffffffd)
r4 = socket(0xa, 0x5, 0x0)
listen(r4, 0x100) (async)
r5 = socket$inet(0xa, 0x801, 0x84)
listen(r5, 0x8) (async)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
listen(r6, 0xfff) (async)
r7 = socket$netlink(0x10, 0x3, 0x4) (async)
r8 = socket$inet(0xa, 0x801, 0x84)
listen(r8, 0x8) (async)
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
listen(r9, 0x3) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r7) (async)
writev(r7, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1) (async)
bpf$ENABLE_STATS(0x20, &(0x7f0000000080), 0x4) (async)
getdents(r0, &(0x7f00000002c0)=""/114, 0x72) (async, rerun: 64)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 64)
sendmsg$NFT_BATCH(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a01080000000000000000010000090900010073797a3100000000d0000000030a030000060000000000000100000a0900010073797a31000000000900030073797a3000000000a400030062726964", @ANYBLOB="125ef6139fdeb15590f7fc84e315d1732bd5609a46423e99f203c78276eaa309d0bbd00b"], 0x118}, 0x1, 0x0, 0x0, 0x240401d4}, 0x240408d0)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r11, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x20, 0x433, 0x9, 0x70bd67, 0x25dfdbfb, {0x4}, [@typed={0x4, 0x18}, @typed={0x8, 0x1d, 0x0, 0x0, @u32=0x10001}]}, 0x20}, 0x1, 0x0, 0x0, 0x42804}, 0x0)

2.449339798s ago: executing program 1 (id=3368):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$KVM_SET_GUEST_DEBUG_x86(0xffffffffffffffff, 0x4048ae9b, &(0x7f0000000000)={0x9f634221288b0807, 0x0, {[0xa, 0x0, 0xab32, 0x9, 0x200000000000001, 0x100000001, 0x1, 0x3]}})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_int(r1, 0x29, 0x1a, 0x0, &(0x7f0000000040))
r2 = socket(0x400000000010, 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, 0x1411, 0x2, 0x70bd2d, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_RES_MRN={0x8}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x2}, @RDMA_NLDEV_ATTR_RES_MRN={0x8}, @RDMA_NLDEV_ATTR_RES_MRN={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x96)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffff9, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xfffe}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001100)={&(0x7f0000000540)=@newtfilter={0x54, 0x2c, 0xf3f, 0x70bd2c, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0xc, 0xc}, {}, {0xf, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfffa}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x10, 0x1, 0x0, 0x0, {{0x5, 0x0, 0xe}, "11"}}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20041090}, 0x4000)

1.83666453s ago: executing program 1 (id=3369):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0x9}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x1c, &(0x7f0000000300)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$dma_heap(0xffffffffffffff9c, 0x0, 0x8c081, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10)
r7 = accept4(r6, 0x0, 0x0, 0x800)
sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x4000010)
connect$inet(r8, 0x0, 0x0)
accept(r5, 0x0, 0x0)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="f0ff2524bd7200000000006d7685222f017a4f34300ef73e39000000080003", @ANYRES32=r2, @ANYBLOB="10005a800c0000800400020004000100"], 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000001780)=ANY=[@ANYBLOB="0203000920020000ff0e00000000000002000900100000009d0900000000000003000600000000000a"], 0x1100}, 0x1, 0x7}, 0x0)
sendmsg$NL80211_CMD_DEL_PMK(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="04002dbd7000fedbdf257c0000000c009900ff7f0000030000100a0006000802110000000008"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x20000000)

1.350518817s ago: executing program 3 (id=3370):
unshare(0x22020400)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0xc3072, 0xffffffffffffffff, 0x200000)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r0 = syz_clone(0x9a04600, 0x0, 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0xf)
ptrace(0x4206, r0)
ptrace(0x4207, r0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
ptrace(0x8, r1)
ioctl$XFS_IOC_ATTRLIST_BY_HANDLE(0xffffffffffffffff, 0x4038587a, 0x0)
ptrace$poke(0x5, r1, &(0x7f0000000000), 0x4000000)

782.987193ms ago: executing program 0 (id=3371):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r3, 0xc0285628, &(0x7f0000000080)={0x3, @win={{0x7, 0x4, 0x9, 0x4}, 0x2, 0x401a, &(0x7f00000021c0)={{0x6, 0x2, 0x5, 0x40}}, 0x3317, 0x0, 0x8}})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
ioctl$vim2m_VIDIOC_G_FMT(r3, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x6, 0xfb, 0x1ff, 0x1}, 0x3, 0x400000, 0x0, 0x6, 0x0, 0x9}})
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x503, 0x70bd2d, 0x700, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x840}, 0xc0b0)

345.109754ms ago: executing program 3 (id=3372):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f00000000c0)=[{0x40, 0x0, 0x20}, {0x20, 0x0, 0x3, 0xfff7f010}]}, 0x10)
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000080)="0ccc3611", 0x4}], 0x1)

327.634338ms ago: executing program 2 (id=3373):
r0 = syz_usb_connect(0x6, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000047ff4f40d3131132677a050203230902120001760fb30f090400100000e1d03750f36f82f3d49b52c764c20cc1407ad4f88c6ad9f5ded1c54d1ef74991242804e6b8f95d58580542bfccc308a67dfd5c9bc167f280eb11cc359a3cad55532e26e49171beddb8730b2886d673f8"], 0x0) (async)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f00000000c0)=0xb0000) (async, rerun: 32)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000000)={@hyper}) (async, rerun: 32)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (async)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8923, &(0x7f0000000000)={'bond_slave_0\x00', @random="0163013590ff"}) (async)
write$cgroup_subtree(r2, &(0x7f0000000140)=ANY=[], 0x10448)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0) (async)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f0000000080)={{@local, 0x2}, @local, 0x0, 0x2, 0x5e, 0x8000000000000000, 0x100000000000006, 0x3}) (async, rerun: 32)
r4 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r5 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r5, &(0x7f00000002c0)={0x1, 0x5}, 0x2) (async)
syz_usb_control_io$rtl8150(r0, &(0x7f0000000440)={0x14, &(0x7f0000000240)={0x0, 0x2, 0x46, {0x46, 0x7, "cae42fb5e611f906226b93a478617b8a5f5b752acfc0c9e8cc79eff83471a15e3ba8928735a0d0e1df6aae906e593bcb088a35e62bd8258adec11b91f3035b1d9c93eed4"}}, &(0x7f0000000300)={0x0, 0x3, 0xfb, @string={0xfb, 0x3, "79e364feae88fac7c1e324fc36e3c5e559f45595d5c64f949d9812ec96a211147519f104317f33f1f9568573c9895173b49b9ce09955bbbd2d2024a8a3489378a77f201677cbd3774d961025e7391bb4659675a71b1850c2f17453ce70cc325ac90c6b44e4e315b5592bd18090d78f778a6e0a51e296304f4c8275014f3ad54e32e45fec754cc663e26682d71f04ca17c3e31336bae13ad0c25ccbdd8fd0d5041963a23dbccdc2ed33336f0776a16c1a1ce852d3a568385ae12f02304a16d773e0ebd96ebd3c0172a788d6f89ed952a47261c5367a2d25049eaed6d5a84706fb8d74897699a950a516623d47dc539a4dd568f2f6d4a369077d"}}}, &(0x7f0000000600)={0x2c, &(0x7f0000000480)={0x40, 0x6, 0x13, "a042aeb6ef743cafdd0e36c538c6eb351378c7"}, &(0x7f00000004c0)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000500)={0x0, 0x8, 0x1, 0xff}, &(0x7f0000000540)={0xc0, 0x5, 0x1, "19"}, &(0x7f00000005c0)}) (async)
write$USERIO_CMD_REGISTER(r5, &(0x7f00000000c0), 0x2) (async)
r6 = socket$igmp6(0xa, 0x3, 0x2) (async)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000005700)=[@text32={0x20, 0x0}], 0x1, 0xe, 0x0, 0x0)
ioctl$KVM_SET_NESTED_STATE(r9, 0x4080aebf, &(0x7f0000003680)=@vmx={0x0, 0x0, 0x2080, {0x0, 0x8000000}}) (async, rerun: 64)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000200)="0f01c30fc7390f01cbb9080b00000f1a0fc72d1454d498b9800000c00f3235001000000f308fe8eca2a8810000003766baf80cb8303fa984eff20f2160ed660f38810b", 0x43}], 0x1, 0x0, 0x0, 0x0) (async, rerun: 64)
ioctl$KVM_RUN(r9, 0xae80, 0x0) (async)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528) (async, rerun: 64)
syz_emit_ethernet(0x5e, &(0x7f0000000640)={@multicast, @random="bad4f9431624", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x28, 0x3a, 0xff, @initdev={0xfe, 0x4, '\x00', 0x0, 0x0}, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @mcast1, @empty}}}}}}, 0x0) (async, rerun: 64)
read(r5, &(0x7f00000001c0)=""/77, 0x4d) (async, rerun: 32)
write$USERIO_CMD_SEND_INTERRUPT(r5, &(0x7f0000000580)={0x2, 0xfc}, 0x2) (async, rerun: 32)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="3800000040000701feffffff02000000017c0000040042800c00018006000600800a00001400028010000b800c0011"], 0x38}, 0x1, 0x0, 0x0, 0x4048011}, 0xc800) (async)
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000700)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0xfffffffffffffe99, {0xfffffd57}}}, 0x0)

214.568765ms ago: executing program 4 (id=3374):
r0 = openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8101, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = eventfd(0x8000)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000180)={r3, 0x7})
r4 = eventfd2(0x1, 0x801)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000140)={r4, 0x6, 0x1})
syz_usb_connect(0x0, 0x62, &(0x7f0000000000)=ANY=[@ANYRES64=r0, @ANYBLOB="a347f1ffc871ac6cc40202564bcb9e775a203a98937b464bf044655fb38af0f86722ccf09dc47cf21134590b1adc818f585514871df6428a14e81c80916c9c2b27bc5072b4c0ff15ab2216d72ff95904b4f446d45cb13885c0ea88e495012a914bda5df78337ed1a4fe9deee0ed5648c8544ddc8e1598a173c2243bf8f1b33b790773b819143", @ANYRES64=r0], 0x0)

160.940985ms ago: executing program 0 (id=3375):
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
io_setup(0x5, &(0x7f00000002c0)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000280), 0x2002, 0x0)
io_submit(r2, 0x1, &(0x7f0000000440)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, r3, &(0x7f0000000200)='`', 0x1, 0x5fd}])
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth0_to_team\x00', <r4=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="680000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e00300002800800010010000000100005800a000400aaaaaaaaaabb000008000300030000000a000400aaaaaaaab1aa000008000500", @ANYRES32=r4], 0x68}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[], 0x68}}, 0x20000880)
r5 = socket(0x10, 0x3, 0x0)
sendmmsg(r5, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r6 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r6, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r6, 0x29, 0x3, &(0x7f0000004240)=0x40000006, 0x4)
recvmmsg(r6, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
setsockopt$inet6_int(r6, 0x29, 0x8, &(0x7f0000000000)=0x7f, 0x4)
sendto$inet6(r6, 0x0, 0x0, 0x20000001, &(0x7f0000000300)={0xa, 0x4e20, 0x5, @mcast1}, 0x1c)
getsockopt$inet_sctp6_SCTP_NODELAY(r6, 0x84, 0x3, &(0x7f0000000140), &(0x7f00000001c0)=0x4)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x839, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x1, 0x2}, {0xf, 0x10}, {0x3, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x84}, 0x0)

152.621229ms ago: executing program 3 (id=3376):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x33}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x0, 0x200000000000000}}}, 0xb8}, 0x1, 0x0, 0x0, 0x40800}, 0x2c040010)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="b80000001500010029bd700000000000e00000020000000000000000000000000000000000000000000000000000000033000000000000000a"], 0xb8}}, 0x10000000)

0s ago: executing program 2 (id=3377):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x0, 0xc10}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vcan={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0x3}]}, 0x3c}}, 0xc000)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0xc0001, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0xb, 0x6, 0xff}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x1, 0x10007f, 0x20000006, 0x4d, 0x6, 0x3, 0x9, 0x2, 0xffff2d34, 0xffffff01, 0x6, 0x3, 0xfffffffc, 0x5, 0x4, 0x2, 0x7, 0x3c5b, 0x80000001, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x0, 0x3, 0xe, 0x8, 0x8000806e, 0x7, 0x17, 0x1, 0x7, 0x200, 0x3e, 0x8c, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x400, 0x80, 0x1, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x479f00, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x1, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8020, 0x400, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x48c93690, 0x43, 0x103], [0x7, 0xa, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xf, 0x4, 0x6, 0x5, 0x0, 0x6, 0x5, 0x1, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x2, 0x6d03, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xc2, 0x2, 0x3, 0x7fc, 0x12b, 0x4, 0x1, 0x1000000a, 0x0, 0x5, 0x1e, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x80000000, 0xb, 0x5, 0x93a, 0x6, 0x1000006, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x4, 0x2, 0x101, 0x10000, 0x4, 0x7fff, 0x10000, 0x7f, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x96, 0xffffffff, 0x80000000, 0x0, 0x4, 0xc8, 0x1, 0xfffff000, 0x10080, 0x3, 0x7e, 0x100, 0x1000, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x1, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x80405600, &(0x7f0000000280)={0x3, 0x9808fc})
r4 = syz_io_uring_setup(0x239, &(0x7f00000002c0)={0x0, 0x1410, 0x10100, 0x3, 0x1, 0x0, r2}, &(0x7f0000000080)=<r5=>0x0, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000000))
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r7, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000180)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@empty, 0x4e22, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x1}, {0xfffffffffffffffd, 0x0, 0x6, 0x0, 0x5, 0x80000000, 0x0, 0x7fffffffffffffff}, {0x0, 0x0, 0xffffffffffffffff, 0x20000000000000}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x4d5, 0x6c}, 0xa, @in=@private=0xa010102, 0x350c, 0x4, 0x0, 0x0, 0x0, 0x0, 0x200000}}, 0xe8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000200)={<r8=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r7, 0x84, 0x7a, &(0x7f0000000040)={r8, @in6={{0xa, 0x4e24, 0xfffffff7, @private1={0xfc, 0x1, '\x00', 0x1}, 0x74}}}, &(0x7f0000000280)=0x84)
syz_io_uring_submit(r5, r6, 0x0, &(0x7f0000000000))
io_uring_enter(r4, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000380)={'\x00', 0x3, 0x96c, 0xffff, 0x8, 0xdb, <r9=>0x0})
capset(&(0x7f0000000100)={0x20071026, r9}, &(0x7f0000000400)={0x1, 0x5, 0xffff, 0x2, 0x1, 0x2a})
futex_waitv(&(0x7f00000001c0)=[{0x6, &(0x7f0000000180)=0x6, 0x2}], 0x1, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

48.167222][T15913]  ? __fget_files+0x2a/0x420
[  748.167237][T15913]  ? __fget_files+0x3a0/0x420
[  748.167258][T15913]  __x64_sys_sendmsg+0x1bd/0x2a0
[  748.167280][T15913]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  748.167307][T15913]  ? __pfx_ksys_write+0x10/0x10
[  748.167334][T15913]  do_syscall_64+0x14d/0xf80
[  748.167355][T15913]  ? trace_irq_disable+0x3b/0x150
[  748.167369][T15913]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  748.167386][T15913]  ? clear_bhb_loop+0x40/0x90
[  748.167406][T15913]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  748.167421][T15913] RIP: 0033:0x7fe57e59c819
[  748.167436][T15913] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  748.167450][T15913] RSP: 002b:00007fe57f480028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  748.167467][T15913] RAX: ffffffffffffffda RBX: 00007fe57e815fa0 RCX: 00007fe57e59c819
[  748.167479][T15913] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000004
[  748.167493][T15913] RBP: 00007fe57f480090 R08: 0000000000000000 R09: 0000000000000000
[  748.167503][T15913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  748.167512][T15913] R13: 00007fe57e816038 R14: 00007fe57e815fa0 R15: 00007fe57e93fa48
[  748.167536][T15913]  </TASK>
[  748.570743][T15919] FAULT_INJECTION: forcing a failure.
[  748.570743][T15919] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  748.586425][T15919] CPU: 0 UID: 0 PID: 15919 Comm: syz.0.2812 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  748.586465][T15919] Tainted: [L]=SOFTLOCKUP
[  748.586474][T15919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  748.586487][T15919] Call Trace:
[  748.586497][T15919]  <TASK>
[  748.586506][T15919]  dump_stack_lvl+0xe8/0x150
[  748.586544][T15919]  should_fail_ex+0x412/0x560
[  748.586584][T15919]  _copy_from_user+0x2d/0xb0
[  748.586640][T15919]  ___sys_sendmsg+0x1c6/0x360
[  748.586676][T15919]  ? __pfx____sys_sendmsg+0x10/0x10
[  748.586735][T15919]  ? __fget_files+0x2a/0x420
[  748.586756][T15919]  ? __fget_files+0x3a0/0x420
[  748.586785][T15919]  __x64_sys_sendmsg+0x1bd/0x2a0
[  748.586826][T15919]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  748.586865][T15919]  ? __pfx_ksys_write+0x10/0x10
[  748.586901][T15919]  do_syscall_64+0x14d/0xf80
[  748.586929][T15919]  ? trace_irq_disable+0x3b/0x150
[  748.586949][T15919]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  748.586971][T15919]  ? clear_bhb_loop+0x40/0x90
[  748.586997][T15919]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  748.587018][T15919] RIP: 0033:0x7fe57e59c819
[  748.587037][T15919] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  748.587056][T15919] RSP: 002b:00007fe57f480028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  748.587080][T15919] RAX: ffffffffffffffda RBX: 00007fe57e815fa0 RCX: 00007fe57e59c819
[  748.587094][T15919] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000003
[  748.587107][T15919] RBP: 00007fe57f480090 R08: 0000000000000000 R09: 0000000000000000
[  748.587121][T15919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  748.587133][T15919] R13: 00007fe57e816038 R14: 00007fe57e815fa0 R15: 00007fe57e93fa48
[  748.587163][T15919]  </TASK>
[  748.897544][T15923] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  749.014464][T15930] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2816'.
[  749.959073][T15952] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2823'.
[  749.997111][T15952] bridge0: entered promiscuous mode
[  750.011843][T15952] macsec1: entered promiscuous mode
[  750.033294][T15952] macsec1: entered allmulticast mode
[  750.438658][T15952] bridge0: entered allmulticast mode
[  750.461420][T15952] bridge0: port 3(macsec1) entered blocking state
[  750.470336][T15952] bridge0: port 3(macsec1) entered disabled state
[  750.493702][T15952] bridge0: left allmulticast mode
[  750.501411][T15952] bridge0: left promiscuous mode
[  750.895626][T15966] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  751.138189][T15974] fuse: Bad value for 'fd'
[  751.142708][T15971] fuse: Bad value for 'fd'
[  751.199649][T15977] x_tables: ip_tables: osf match: only valid for protocol 6
[  751.298600][T15984] FAULT_INJECTION: forcing a failure.
[  751.298600][T15984] name failslab, interval 1, probability 0, space 0, times 0
[  751.314565][T15984] CPU: 0 UID: 0 PID: 15984 Comm: syz.3.2833 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  751.314606][T15984] Tainted: [L]=SOFTLOCKUP
[  751.314614][T15984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  751.314629][T15984] Call Trace:
[  751.314638][T15984]  <TASK>
[  751.314648][T15984]  dump_stack_lvl+0xe8/0x150
[  751.314687][T15984]  should_fail_ex+0x412/0x560
[  751.314729][T15984]  should_failslab+0xa8/0x100
[  751.314762][T15984]  kmem_cache_alloc_node_noprof+0x8f/0x690
[  751.314790][T15984]  ? __alloc_skb+0x1d0/0x7d0
[  751.314821][T15984]  ? __local_bh_enable_ip+0xd0/0x130
[  751.314857][T15984]  __alloc_skb+0x1d0/0x7d0
[  751.314881][T15984]  ? ____sys_sendmsg+0x972/0x9f0
[  751.314909][T15984]  ? ___sys_sendmsg+0x2a5/0x360
[  751.314940][T15984]  tipc_nl_compat_doit+0x18a/0x650
[  751.314972][T15984]  ? __pfx_tipc_nl_compat_doit+0x10/0x10
[  751.315004][T15984]  ? apparmor_capable+0x126/0x170
[  751.315034][T15984]  ? bpf_lsm_capable+0x9/0x20
[  751.315070][T15984]  ? security_capable+0x7e/0x2c0
[  751.315112][T15984]  tipc_nl_compat_recv+0x8d3/0xcf0
[  751.315133][T15984]  ? kasan_quarantine_put+0xbb/0x1f0
[  751.315160][T15984]  ? __pfx_tipc_nl_compat_recv+0x10/0x10
[  751.315181][T15984]  ? __mutex_trylock_common+0x158/0x260
[  751.315220][T15984]  ? __pfx___mutex_trylock_common+0x10/0x10
[  751.315254][T15984]  ? __pfx___tipc_nl_bearer_enable+0x10/0x10
[  751.315281][T15984]  ? __pfx_tipc_nl_compat_bearer_enable+0x10/0x10
[  751.315325][T15984]  genl_family_rcv_msg_doit+0x22a/0x330
[  751.315365][T15984]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  751.315420][T15984]  genl_rcv_msg+0x61c/0x7a0
[  751.315458][T15984]  ? __pfx_genl_rcv_msg+0x10/0x10
[  751.315487][T15984]  ? __pfx_tipc_nl_compat_recv+0x10/0x10
[  751.315510][T15984]  ? __lock_acquire+0x6b5/0x2cf0
[  751.315550][T15984]  netlink_rcv_skb+0x232/0x4b0
[  751.315572][T15984]  ? __pfx_genl_rcv_msg+0x10/0x10
[  751.315598][T15984]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  751.315641][T15984]  ? down_read+0x272/0x2e0
[  751.315672][T15984]  ? genl_rcv+0xd/0x40
[  751.315702][T15984]  genl_rcv+0x28/0x40
[  751.315728][T15984]  netlink_unicast+0x80f/0x9b0
[  751.315772][T15984]  ? __pfx_netlink_unicast+0x10/0x10
[  751.315815][T15984]  ? netlink_sendmsg+0x650/0xb40
[  751.315837][T15984]  ? skb_put+0x11b/0x210
[  751.315868][T15984]  netlink_sendmsg+0x813/0xb40
[  751.315902][T15984]  ? __pfx_netlink_sendmsg+0x10/0x10
[  751.315930][T15984]  ? aa_sock_msg_perm+0xf1/0x1b0
[  751.315967][T15984]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  751.315997][T15984]  ____sys_sendmsg+0x972/0x9f0
[  751.316036][T15984]  ? __pfx_____sys_sendmsg+0x10/0x10
[  751.316076][T15984]  ? import_iovec+0x73/0xa0
[  751.316107][T15984]  ___sys_sendmsg+0x2a5/0x360
[  751.316143][T15984]  ? __pfx____sys_sendmsg+0x10/0x10
[  751.316212][T15984]  ? __fget_files+0x2a/0x420
[  751.316232][T15984]  ? __fget_files+0x3a0/0x420
[  751.316264][T15984]  __x64_sys_sendmsg+0x1bd/0x2a0
[  751.316296][T15984]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  751.316337][T15984]  ? __pfx_ksys_write+0x10/0x10
[  751.316377][T15984]  do_syscall_64+0x14d/0xf80
[  751.316406][T15984]  ? trace_irq_disable+0x3b/0x150
[  751.316426][T15984]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  751.316449][T15984]  ? clear_bhb_loop+0x40/0x90
[  751.316477][T15984]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  751.316499][T15984] RIP: 0033:0x7f991fd9c819
[  751.316522][T15984] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  751.316541][T15984] RSP: 002b:00007f9920d05028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  751.316566][T15984] RAX: ffffffffffffffda RBX: 00007f9920015fa0 RCX: 00007f991fd9c819
[  751.316583][T15984] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000004
[  751.316597][T15984] RBP: 00007f9920d05090 R08: 0000000000000000 R09: 0000000000000000
[  751.316610][T15984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  751.316623][T15984] R13: 00007f9920016038 R14: 00007f9920015fa0 R15: 00007f992013fa48
[  751.316664][T15984]  </TASK>
[  752.036479][T15992] netlink: 'syz.2.2837': attribute type 2 has an invalid length.
[  752.134600][T15999] netlink: 'syz.2.2837': attribute type 2 has an invalid length.
[  752.159246][T15992] !: entered promiscuous mode
[  752.189085][T15999] !: left promiscuous mode
[  752.209979][T15992] sctp: [Deprecated]: syz.2.2837 (pid 15992) Use of struct sctp_assoc_value in delayed_ack socket option.
[  752.209979][T15992] Use struct sctp_sack_info instead
[  752.430706][T16010] fuse: Bad value for 'fd'
[  752.875191][T16022] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2845'.
[  753.296593][T16031] netlink: 'syz.3.2850': attribute type 1 has an invalid length.
[  753.322686][T16031] 8021q: adding VLAN 0 to HW filter on device bond5
[  753.331775][T16031] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2850'.
[  753.341297][T16031] netlink: 'syz.3.2850': attribute type 2 has an invalid length.
[  753.970994][T16049] wg0: Caught tx_queue_len zero misconfig
[  754.537729][T16058] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  754.643802][T16061] xt_hashlimit: size too large, truncated to 1048576
[  754.805991][T16068] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2860'.
[  754.865004][T16071] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  754.974898][T16075] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2863'.
[  755.035883][T16077] fuse: Bad value for 'user_id'
[  755.043766][T16077] fuse: Bad value for 'user_id'
[  755.057841][T16077] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2864'.
[  755.660106][T16089] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  756.203386][T16104] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2873'.
[  756.466790][T16119] netlink: 'syz.0.2879': attribute type 1 has an invalid length.
[  756.698685][T16137] netlink: 'syz.0.2885': attribute type 1 has an invalid length.
[  757.120657][T16148] tunl0: Caught tx_queue_len zero misconfig
[  757.223727][   T29] audit: type=1326 audit(1775787988.928:2076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16149 comm="syz.0.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe57e59c819 code=0x7ffc0000
[  757.264889][   T29] audit: type=1326 audit(1775787988.928:2077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16149 comm="syz.0.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=120 compat=0 ip=0x7fe57e59c819 code=0x7ffc0000
[  757.313139][   T29] audit: type=1326 audit(1775787988.928:2078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16149 comm="syz.0.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe57e59c819 code=0x7ffc0000
[  757.363368][   T29] audit: type=1326 audit(1775787988.928:2079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16149 comm="syz.0.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fe57e59c819 code=0x7ffc0000
[  757.394136][   T29] audit: type=1326 audit(1775787988.928:2080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16149 comm="syz.0.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe57e59c819 code=0x7ffc0000
[  757.691301][   T29] audit: type=1326 audit(1775787988.928:2081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16149 comm="syz.0.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe57e59c4ab code=0x7ffc0000
[  757.749432][   T29] audit: type=1326 audit(1775787988.928:2082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16149 comm="syz.0.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe57e59c819 code=0x7ffc0000
[  757.849310][   T29] audit: type=1326 audit(1775787988.928:2083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16149 comm="syz.0.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe57e59c819 code=0x7ffc0000
[  757.939937][T16157] netlink: 'syz.1.2888': attribute type 1 has an invalid length.
[  758.325637][T16167] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2892'.
[  758.730353][T16179] libceph: resolve '0..' (ret=-3): failed
[  759.059816][T16187] IPVS: length: 175 != 8
[  759.095764][T16184] netlink: 179596 bytes leftover after parsing attributes in process `syz.3.2896'.
[  760.094864][T16200] fuse: Bad value for 'fd'
[  761.481602][T16228] netlink: 'syz.1.2910': attribute type 29 has an invalid length.
[  761.513582][T16228] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2910'.
[  762.636076][T16261] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2919'.
[  762.758991][T16266] netlink: 108 bytes leftover after parsing attributes in process `syz.0.2921'.
[  763.314086][T15022] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  763.411491][T16278] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2926'.
[  764.445947][T16292] netlink: 'syz.1.2929': attribute type 4 has an invalid length.
[  764.467688][T16289] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2930'.
[  764.575965][T16289] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2930'.
[  764.590598][T16296] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2929'.
[  764.606465][ T6859] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  764.626596][ T6859] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  764.634754][ T5895] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  764.823174][T16289] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2930'.
[  764.845689][T16289] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2930'.
[  764.943956][ T5895] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  764.973066][T16289] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2930'.
[  765.474148][ T5895] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  767.059101][T16330] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  767.085092][T16330] batadv_slave_0: entered promiscuous mode
[  767.258860][T16332] fuse: Bad value for 'fd'
[  767.793689][    C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  768.763664][    C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  769.597170][T16354] netlink: 'syz.0.2946': attribute type 1 has an invalid length.
[  770.424633][T16344] syz.2.2943 (16344): drop_caches: 2
[  770.430843][T16344] syz.2.2943 (16344): drop_caches: 2
[  770.566692][T16369] kAFS: unable to lookup cell '�'
[  770.752309][T16378] ip6t_REJECT: ECHOREPLY is not supported
[  770.770088][T16378] ip6t_REJECT: ECHOREPLY is not supported
[  771.680956][T16399] fuse: Bad value for 'fd'
[  771.800695][T16403] __nla_validate_parse: 7 callbacks suppressed
[  771.800723][T16403] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2960'.
[  772.452741][T16408] netlink: 'syz.3.2962': attribute type 1 has an invalid length.
[  772.483736][T16408] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  773.397640][T16430] x_tables: duplicate underflow at hook 2
[  773.699894][T16439] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2971'.
[  774.175457][T16449] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.2973'.
[  775.339429][T16463] netlink: 179596 bytes leftover after parsing attributes in process `syz.3.2978'.
[  776.630659][ T5828] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  776.645875][ T5828] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  776.655560][ T5828] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  776.672408][ T5828] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  776.681096][ T5828] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  776.752821][ T6859] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  776.767200][ T6859] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  776.774441][    C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  776.915562][ T6859] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  776.928336][ T6859] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  777.008650][T16474] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2982'.
[  777.077656][ T6859] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  777.094392][ T6859] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  777.289279][ T6859] bond0: (slave netdevsim0): Releasing backup interface
[  777.349518][ T6859] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  777.375836][ T6859] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  777.793112][T16472] chnl_net:caif_netlink_parms(): no params data found
[  777.894609][ T6859] bridge_slave_1: left allmulticast mode
[  777.927441][ T6859] bridge_slave_1: left promiscuous mode
[  777.943968][ T6859] bridge0: port 2(bridge_slave_1) entered disabled state
[  778.002078][ T6859] bridge_slave_0: left allmulticast mode
[  778.019347][ T6859] bridge0: port 1(bridge_slave_0) entered disabled state
[  778.639549][ T6859] bond5 (unregistering): (slave geneve3): Releasing active interface
[  778.679326][ T6859] bond4 (unregistering): (slave geneve2): Releasing active interface
[  778.803720][T12598] Bluetooth: hci1: command tx timeout
[  779.162549][ T6859] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  779.198406][ T6859] bond0 (unregistering): Released all slaves
[  779.241068][ T6859] bond1 (unregistering): Released all slaves
[  779.286356][ T6859] bond2 (unregistering): Released all slaves
[  779.487038][ T6859] bond3 (unregistering): (slave wireguard0): Releasing backup interface
[  779.496165][ T6859] wireguard0: left promiscuous mode
[  779.503828][ T6859] bond3 (unregistering): Released all slaves
[  779.537711][ T6859] bond4 (unregistering): Released all slaves
[  779.587203][ T6859] bond5 (unregistering): Released all slaves
[  779.758295][T16520] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  780.438238][T16472] bridge0: port 1(bridge_slave_0) entered blocking state
[  780.471312][T16472] bridge0: port 1(bridge_slave_0) entered disabled state
[  780.495261][T16472] bridge_slave_0: entered allmulticast mode
[  780.531872][T16472] bridge_slave_0: entered promiscuous mode
[  780.675484][T16472] bridge0: port 2(bridge_slave_1) entered blocking state
[  780.695873][T16472] bridge0: port 2(bridge_slave_1) entered disabled state
[  780.707037][T16472] bridge_slave_1: entered allmulticast mode
[  780.767255][T16472] bridge_slave_1: entered promiscuous mode
[  780.837272][T12598] Bluetooth: hci1: command tx timeout
[  780.933329][T16472] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  781.008920][T16472] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  781.107858][T16554] netlink: 'syz.1.3000': attribute type 12 has an invalid length.
[  781.130522][T16554] netlink: 'syz.1.3000': attribute type 29 has an invalid length.
[  781.142217][T16554] netlink: 148 bytes leftover after parsing attributes in process `syz.1.3000'.
[  781.159699][T16554] netlink: 'syz.1.3000': attribute type 2 has an invalid length.
[  781.168949][T16554] netlink: 23 bytes leftover after parsing attributes in process `syz.1.3000'.
[  781.184137][T16472] team0: Port device team_slave_0 added
[  781.263352][T16472] team0: Port device team_slave_1 added
[  781.748193][T16472] batman_adv: batadv0: Adding interface: batadv_slave_0
[  781.818584][T16472] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  781.925637][T16472] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  781.979841][ T6859] hsr_slave_0: left promiscuous mode
[  781.991192][ T6859] hsr_slave_1: left promiscuous mode
[  782.204215][ T6859] batman_adv: batadv0: Removing interface: batadv_slave_0
[  782.276053][ T6859] veth1_macvtap: left promiscuous mode
[  782.281624][ T6859] veth0_macvtap: left promiscuous mode
[  782.294271][ T6859] veth1_vlan: left promiscuous mode
[  782.308307][ T6859] veth0_vlan: left promiscuous mode
[  782.598967][T16572] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3003'.
[  782.915940][T12598] Bluetooth: hci1: command tx timeout
[  783.136300][T16581] netlink: 27 bytes leftover after parsing attributes in process `syz.4.3006'.
[  783.240688][T16584] netlink: 112 bytes leftover after parsing attributes in process `syz.0.3007'.
[  783.424321][ T6859] team0 (unregistering): Port device team_slave_1 removed
[  783.462491][ T6859] team0 (unregistering): Port device team_slave_0 removed
[  783.624159][T16590] ALSA: mixer_oss: invalid OSS volume 'o'
[  783.629967][T16590] ALSA: mixer_oss: invalid OSS volume ''
[  783.636121][T16590] ALSA: mixer_oss: invalid OSS volume '
'
[  783.641968][T16590] ALSA: mixer_oss: invalid OSS volume '

'
[  783.659100][T16590] ALSA: mixer_oss: invalid OSS volume '
'
[  783.688345][T16590] ALSA: mixer_oss: invalid OSS volume ''
[  783.868471][T16472] batman_adv: batadv0: Adding interface: batadv_slave_1
[  783.879863][T16472] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  783.973528][T16472] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  784.372994][T16472] hsr_slave_0: entered promiscuous mode
[  784.386024][T16472] hsr_slave_1: entered promiscuous mode
[  784.394446][T16472] debugfs: 'hsr0' already exists in 'hsr'
[  784.401699][T16472] Cannot create hsr debugfs directory
[  784.734701][T16602] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3013'.
[  784.810971][T16605] ip6gre2: entered promiscuous mode
[  784.994337][T12598] Bluetooth: hci1: command tx timeout
[  785.030485][T16608] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  785.157006][T16608] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  785.366951][ T6859] IPVS: stop unused estimator thread 0...
[  786.424349][T16472] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  786.502654][T16472] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  786.569529][T16472] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  786.607997][T16472] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  786.659800][T16647] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  786.814374][T16656] netlink: 766 bytes leftover after parsing attributes in process `syz.4.3022'.
[  787.005011][T16472] 8021q: adding VLAN 0 to HW filter on device bond0
[  787.063749][T16663] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3025'.
[  787.208266][T16472] 8021q: adding VLAN 0 to HW filter on device team0
[  787.311367][ T1159] bridge0: port 1(bridge_slave_0) entered blocking state
[  787.318599][ T1159] bridge0: port 1(bridge_slave_0) entered forwarding state
[  787.350415][T16671] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3026'.
[  787.410951][ T1159] bridge0: port 2(bridge_slave_1) entered blocking state
[  787.418274][ T1159] bridge0: port 2(bridge_slave_1) entered forwarding state
[  787.822387][T16472] 8021q: adding VLAN 0 to HW filter on device batadv0
[  787.949481][T16472] veth0_vlan: entered promiscuous mode
[  787.957818][T16696] FAULT_INJECTION: forcing a failure.
[  787.957818][T16696] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  787.971741][T16689] libceph: resolve '0..' (ret=-3): failed
[  787.999027][T16472] veth1_vlan: entered promiscuous mode
[  788.063078][T16472] veth0_macvtap: entered promiscuous mode
[  788.082511][T16472] veth1_macvtap: entered promiscuous mode
[  788.179098][T16472] batman_adv: batadv0: Interface activated: batadv_slave_0
[  788.189504][T16696] CPU: 1 UID: 0 PID: 16696 Comm: syz.1.3031 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  788.189537][T16696] Tainted: [L]=SOFTLOCKUP
[  788.189545][T16696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  788.189558][T16696] Call Trace:
[  788.189566][T16696]  <TASK>
[  788.189575][T16696]  dump_stack_lvl+0xe8/0x150
[  788.189613][T16696]  should_fail_ex+0x412/0x560
[  788.189655][T16696]  _copy_from_iter+0x1d3/0x1670
[  788.189684][T16696]  ? rcu_is_watching+0x15/0xb0
[  788.189722][T16696]  ? __pfx__copy_from_iter+0x10/0x10
[  788.189754][T16696]  ? netlink_sendmsg+0x650/0xb40
[  788.189779][T16696]  ? skb_put+0x11b/0x210
[  788.189810][T16696]  netlink_sendmsg+0x6c0/0xb40
[  788.189843][T16696]  ? __pfx_netlink_sendmsg+0x10/0x10
[  788.189871][T16696]  ? aa_sock_msg_perm+0xf1/0x1b0
[  788.189909][T16696]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  788.189940][T16696]  ____sys_sendmsg+0x972/0x9f0
[  788.189980][T16696]  ? __pfx_____sys_sendmsg+0x10/0x10
[  788.190018][T16696]  ? import_iovec+0x73/0xa0
[  788.190048][T16696]  ___sys_sendmsg+0x2a5/0x360
[  788.190082][T16696]  ? __pfx____sys_sendmsg+0x10/0x10
[  788.190147][T16696]  ? __fget_files+0x2a/0x420
[  788.190168][T16696]  ? __fget_files+0x3a0/0x420
[  788.190198][T16696]  __x64_sys_sendmsg+0x1bd/0x2a0
[  788.190230][T16696]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  788.190269][T16696]  ? __pfx_ksys_write+0x10/0x10
[  788.190308][T16696]  do_syscall_64+0x14d/0xf80
[  788.190337][T16696]  ? trace_irq_disable+0x3b/0x150
[  788.190365][T16696]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  788.190389][T16696]  ? clear_bhb_loop+0x40/0x90
[  788.190416][T16696]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  788.190438][T16696] RIP: 0033:0x7fdbb8d9c819
[  788.190460][T16696] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  788.190479][T16696] RSP: 002b:00007fdbb6ff6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  788.190503][T16696] RAX: ffffffffffffffda RBX: 00007fdbb9015fa0 RCX: 00007fdbb8d9c819
[  788.190520][T16696] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  788.190533][T16696] RBP: 00007fdbb6ff6090 R08: 0000000000000000 R09: 0000000000000000
[  788.190547][T16696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  788.190561][T16696] R13: 00007fdbb9016038 R14: 00007fdbb9015fa0 R15: 00007fdbb913fa48
[  788.190594][T16696]  </TASK>
[  788.434991][T16472] batman_adv: batadv0: Interface activated: batadv_slave_1
[  788.642259][ T1159] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  788.651490][ T1083] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  788.667969][T15022] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  788.770807][T15022] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  788.829230][T16705] pim6reg: entered allmulticast mode
[  789.215350][T10674] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  789.237721][T10674] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  789.361520][ T1159] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  789.377679][ T1159] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  789.782451][T16723] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3037'.
[  790.063705][  T796] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  790.256418][T16738] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.3039'.
[  790.285660][  T796] usb 3-1: Using ep0 maxpacket: 8
[  790.312613][  T796] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  790.406735][  T796] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  790.631163][  T796] usb 3-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00
[  790.782180][  T796] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  791.002294][  T796] usb 3-1: config 0 descriptor??
[  791.255760][T16746] FAULT_INJECTION: forcing a failure.
[  791.255760][T16746] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  791.301171][T16746] CPU: 0 UID: 0 PID: 16746 Comm: syz.1.3042 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  791.301210][T16746] Tainted: [L]=SOFTLOCKUP
[  791.301218][T16746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  791.301238][T16746] Call Trace:
[  791.301246][T16746]  <TASK>
[  791.301255][T16746]  dump_stack_lvl+0xe8/0x150
[  791.301291][T16746]  should_fail_ex+0x412/0x560
[  791.301330][T16746]  _copy_from_iter+0x1d3/0x1670
[  791.301355][T16746]  ? rcu_is_watching+0x15/0xb0
[  791.301389][T16746]  ? __pfx__copy_from_iter+0x10/0x10
[  791.301417][T16746]  ? netlink_sendmsg+0x650/0xb40
[  791.301440][T16746]  ? skb_put+0x11b/0x210
[  791.301468][T16746]  netlink_sendmsg+0x6c0/0xb40
[  791.301501][T16746]  ? __pfx_netlink_sendmsg+0x10/0x10
[  791.301528][T16746]  ? aa_sock_msg_perm+0xf1/0x1b0
[  791.301565][T16746]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  791.301596][T16746]  ____sys_sendmsg+0x972/0x9f0
[  791.301636][T16746]  ? __pfx_____sys_sendmsg+0x10/0x10
[  791.301672][T16746]  ? import_iovec+0x73/0xa0
[  791.301701][T16746]  ___sys_sendmsg+0x2a5/0x360
[  791.301736][T16746]  ? __pfx____sys_sendmsg+0x10/0x10
[  791.301800][T16746]  ? __fget_files+0x2a/0x420
[  791.301820][T16746]  ? __fget_files+0x3a0/0x420
[  791.301850][T16746]  __x64_sys_sendmsg+0x1bd/0x2a0
[  791.301884][T16746]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  791.301922][T16746]  ? __pfx_ksys_write+0x10/0x10
[  791.301958][T16746]  do_syscall_64+0x14d/0xf80
[  791.301988][T16746]  ? trace_irq_disable+0x3b/0x150
[  791.302007][T16746]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  791.302030][T16746]  ? clear_bhb_loop+0x40/0x90
[  791.302057][T16746]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  791.302079][T16746] RIP: 0033:0x7fdbb8d9c819
[  791.302100][T16746] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  791.302119][T16746] RSP: 002b:00007fdbb6ff6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  791.302145][T16746] RAX: ffffffffffffffda RBX: 00007fdbb9015fa0 RCX: 00007fdbb8d9c819
[  791.302161][T16746] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  791.302175][T16746] RBP: 00007fdbb6ff6090 R08: 0000000000000000 R09: 0000000000000000
[  791.302187][T16746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  791.302200][T16746] R13: 00007fdbb9016038 R14: 00007fdbb9015fa0 R15: 00007fdbb913fa48
[  791.302268][T16746]  </TASK>
[  791.351423][T16747] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3041'.
[  791.575033][  T796] dragonrise 0003:0079:0006.0002: item fetching failed at offset 2/41
[  791.612990][  T796] dragonrise 0003:0079:0006.0002: parse failed
[  791.640680][  T796] dragonrise 0003:0079:0006.0002: probe with driver dragonrise failed with error -22
[  791.749023][ T5828] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  791.758996][ T5828] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  791.776833][ T5828] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  791.784779][  T796] usb 3-1: USB disconnect, device number 17
[  791.792069][ T5828] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  791.805454][ T5828] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  792.123790][    C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  792.854417][T15022] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  792.872052][   T29] audit: type=1326 audit(1775788024.578:2084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16792 comm="syz.1.3049" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdbb8d9c819 code=0x0
[  792.994619][T16754] chnl_net:caif_netlink_parms(): no params data found
[  793.125622][T15022] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  793.173545][T11969] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  793.305516][T15022] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  793.397121][T11969] usb 3-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  793.431975][T11969] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  793.492108][T11969] usb 3-1: Product: syz
[  793.499369][T11969] usb 3-1: Manufacturer: syz
[  793.513498][T11969] usb 3-1: SerialNumber: syz
[  793.592408][T15022] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  793.644789][T11969] usb 3-1: config 0 descriptor??
[  793.656084][T11969] ch341 3-1:0.0: ch341-uart converter detected
[  793.709800][T16754] bridge0: port 1(bridge_slave_0) entered blocking state
[  793.733351][T16754] bridge0: port 1(bridge_slave_0) entered disabled state
[  793.741027][T16754] bridge_slave_0: entered allmulticast mode
[  793.759901][T16754] bridge_slave_0: entered promiscuous mode
[  793.787019][T16754] bridge0: port 2(bridge_slave_1) entered blocking state
[  793.807132][T16754] bridge0: port 2(bridge_slave_1) entered disabled state
[  793.824487][T16754] bridge_slave_1: entered allmulticast mode
[  793.832788][T16754] bridge_slave_1: entered promiscuous mode
[  793.869934][T16798] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  793.880363][ T5828] Bluetooth: hci5: command tx timeout
[  793.894376][T16798] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  793.923632][T16816] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  793.957411][T16816] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  793.988644][T16754] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  794.019431][T16754] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  794.177683][T16754] team0: Port device team_slave_0 added
[  794.198352][T15022] bridge_slave_1: left allmulticast mode
[  794.211187][T15022] bridge_slave_1: left promiscuous mode
[  794.224024][T15022] bridge0: port 2(bridge_slave_1) entered disabled state
[  794.261835][T15022] bridge_slave_0: left allmulticast mode
[  794.274322][T15022] bridge_slave_0: left promiscuous mode
[  794.282475][T15022] bridge0: port 1(bridge_slave_0) entered disabled state
[  794.436147][T11969] usb 3-1: failed to send control message: -71
[  794.442631][T11969] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  794.480131][T11969] usb 3-1: USB disconnect, device number 18
[  794.527321][T11969] ch341 3-1:0.0: device disconnected
[  794.939088][T15022] dvmrp12 (unregistering): left allmulticast mode
[  795.227591][   T29] audit: type=1326 audit(1775788026.938:2085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16845 comm="syz.2.3058" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7b8039c819 code=0x0
[  795.257206][T15022] bond0 (unregistering): left promiscuous mode
[  795.265881][T15022] bond_slave_0: left promiscuous mode
[  795.292389][T15022] bond_slave_1: left promiscuous mode
[  795.334147][T15022] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  795.353935][T15022] bond_slave_0: left allmulticast mode
[  795.374155][T15022] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  795.386665][T15022] bond_slave_1: left allmulticast mode
[  795.396254][T15022] bond0 (unregistering): Released all slaves
[  795.424370][T15022] team0: Port device bond1 removed
[  795.435232][T15022] bond1 (unregistering): Released all slaves
[  795.466544][T16754] team0: Port device team_slave_1 added
[  795.600654][T16754] batman_adv: batadv0: Adding interface: batadv_slave_0
[  795.608371][T16754] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  795.664933][T16754] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  795.694280][T16859] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.3060'.
[  795.708256][T16754] batman_adv: batadv0: Adding interface: batadv_slave_1
[  795.735998][T16862] netlink: 179596 bytes leftover after parsing attributes in process `syz.1.3061'.
[  795.823998][T16754] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  795.870051][T16754] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  795.953813][ T5828] Bluetooth: hci5: command tx timeout
[  796.276324][T16754] hsr_slave_0: entered promiscuous mode
[  796.385227][T16754] hsr_slave_1: entered promiscuous mode
[  796.391608][T16754] debugfs: 'hsr0' already exists in 'hsr'
[  796.441833][T16754] Cannot create hsr debugfs directory
[  797.057708][T15022] batadv0: left promiscuous mode
[  797.079919][T15022] hsr_slave_0: left promiscuous mode
[  797.101254][T15022] 1�: left promiscuous mode
[  797.127748][T15022] veth0_macvtap: left promiscuous mode
[  797.183156][T16879] xt_hashlimit: size too large, truncated to 1048576
[  797.252326][T15022] pim6reg (unregistering): left allmulticast mode
[  797.313974][T16760] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  797.453603][T16760] usb 3-1: device descriptor read/64, error -71
[  797.529047][T15022] team0 (unregistering): Port device team_slave_1 removed
[  797.549847][T15022] team0 (unregistering): Port device team_slave_0 removed
[  797.708271][T16882] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  797.714131][T16760] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  797.866893][T16760] usb 3-1: device descriptor read/64, error -71
[  797.983944][T16760] usb usb3-port1: attempt power cycle
[  798.033612][ T5828] Bluetooth: hci5: command tx timeout
[  798.343870][T16760] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  798.355330][T15022] IPVS: stop unused estimator thread 0...
[  798.414216][T16760] usb 3-1: device descriptor read/8, error -71
[  798.657018][T16760] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  798.694404][T16760] usb 3-1: device descriptor read/8, error -71
[  798.774623][T16754] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  798.799220][T16754] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  798.812522][T16754] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  798.825658][T16760] usb usb3-port1: unable to enumerate USB device
[  798.834158][T16754] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  799.013708][T16923] netlink: 'syz.3.3070': attribute type 5 has an invalid length.
[  799.046383][T16923] netlink: 'syz.3.3070': attribute type 5 has an invalid length.
[  799.114629][   T29] audit: type=1326 audit(1775788030.818:2086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16924 comm="syz.0.3071" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe57e59c819 code=0x0
[  799.261684][T16754] 8021q: adding VLAN 0 to HW filter on device bond0
[  799.344815][T16754] 8021q: adding VLAN 0 to HW filter on device team0
[  799.379458][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  799.386680][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  799.456094][ T6859] bridge0: port 2(bridge_slave_1) entered blocking state
[  799.463376][ T6859] bridge0: port 2(bridge_slave_1) entered forwarding state
[  799.731195][T16754] 8021q: adding VLAN 0 to HW filter on device batadv0
[  799.894201][T16754] veth0_vlan: entered promiscuous mode
[  799.952013][T16754] veth1_vlan: entered promiscuous mode
[  800.096606][T16754] veth0_macvtap: entered promiscuous mode
[  800.114009][ T5828] Bluetooth: hci5: command tx timeout
[  800.203105][T16754] veth1_macvtap: entered promiscuous mode
[  800.285629][T16948] xt_ecn: cannot match TCP bits for non-tcp packets
[  800.356839][T16948] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  800.396809][T16754] batman_adv: batadv0: Interface activated: batadv_slave_0
[  800.462788][T16754] batman_adv: batadv0: Interface activated: batadv_slave_1
[  800.559829][T15022] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  800.577854][T15022] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  800.636889][T15022] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  800.667272][T15022] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  800.940956][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  800.973093][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  801.050803][T16969] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.3078'.
[  801.173185][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  801.195355][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  801.732706][ T5902] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  801.963770][ T5902] usb 3-1: Using ep0 maxpacket: 16
[  801.971843][ T5902] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  801.983736][ T5902] usb 3-1: config 0 interface 0 has no altsetting 0
[  801.998163][ T5902] usb 3-1: New USB device found, idVendor=15c2, idProduct=0041, bcdDevice=1f.20
[  802.008300][ T5902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  802.387559][ T5902] usb 3-1: Product: syz
[  802.391911][ T5902] usb 3-1: Manufacturer: syz
[  802.398608][ T5902] usb 3-1: SerialNumber: syz
[  802.408093][ T5902] usb 3-1: config 0 descriptor??
[  802.658948][    C0] imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71)
[  802.697214][ T5902] input: iMON Panel, Knob and Mouse(15c2:0041) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input6
[  802.857244][ T5902] imon:send_packet: packet tx failed (-71)
[  802.898019][ T5902] imon 3-1:0.0: panel buttons/knobs setup failed
[  803.105248][ T5902] rc_core: IR keymap rc-imon-pad not found
[  803.132815][ T5902] Registered IR keymap rc-empty
[  803.157747][ T5902] imon 3-1:0.0: Looks like you're trying to use an IR protocol this device does not support
[  803.209121][ T5902] imon 3-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  803.241151][ T5902] imon:send_packet: packet tx failed (-71)
[  803.272572][T12598] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  803.288165][T12598] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  803.298941][ T5902] imon 3-1:0.0: remote input dev register failed
[  803.311729][T12598] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  803.328912][ T5902] imon 3-1:0.0: imon_init_intf0: rc device setup failed
[  803.337146][T12598] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  803.350514][T12598] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  803.436170][ T5902] imon 3-1:0.0: unable to initialize intf0, err 0
[  803.464033][ T5902] imon:imon_probe: failed to initialize context!
[  803.476805][ T5902] imon 3-1:0.0: unable to register, err -19
[  803.501639][ T5902] usb 3-1: USB disconnect, device number 23
[  803.796088][T17014] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  803.914270][ T5902] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  804.113687][ T5902] usb 3-1: Using ep0 maxpacket: 16
[  804.125201][ T5902] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  804.176163][ T5902] usb 3-1: config 0 interface 0 has no altsetting 0
[  804.209234][ T5902] usb 3-1: New USB device found, idVendor=15c2, idProduct=0041, bcdDevice=1f.20
[  804.318609][ T5902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  804.517235][ T5902] usb 3-1: Product: syz
[  804.535817][ T5902] usb 3-1: Manufacturer: syz
[  804.540500][ T5902] usb 3-1: SerialNumber: syz
[  804.586796][ T5902] usb 3-1: config 0 descriptor??
[  804.602218][ T5902] usb 3-1: can't set config #0, error -71
[  804.648613][ T5902] usb 3-1: USB disconnect, device number 24
[  805.324457][T17010] chnl_net:caif_netlink_parms(): no params data found
[  805.394052][T12598] Bluetooth: hci3: command tx timeout
[  805.579560][T17046] libceph: resolve '0.4' (ret=-3): failed
[  805.807837][T17010] bridge0: port 1(bridge_slave_0) entered blocking state
[  805.838195][T17010] bridge0: port 1(bridge_slave_0) entered disabled state
[  805.861189][T17010] bridge_slave_0: entered allmulticast mode
[  805.917967][T17010] bridge_slave_0: entered promiscuous mode
[  805.940923][T17010] bridge0: port 2(bridge_slave_1) entered blocking state
[  805.975936][T17010] bridge0: port 2(bridge_slave_1) entered disabled state
[  805.983220][T17010] bridge_slave_1: entered allmulticast mode
[  806.015455][T17010] bridge_slave_1: entered promiscuous mode
[  806.377675][T17010] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  806.406140][T17010] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  806.509993][T17010] team0: Port device team_slave_0 added
[  806.574905][T17010] team0: Port device team_slave_1 added
[  806.772191][T17010] batman_adv: batadv0: Adding interface: batadv_slave_0
[  806.916810][T17010] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  806.988795][T17010] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  807.003133][T17010] batman_adv: batadv0: Adding interface: batadv_slave_1
[  807.031761][T17010] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  807.165098][T17010] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  807.474658][T12598] Bluetooth: hci3: command tx timeout
[  807.564871][T17078] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3096'.
[  807.754544][T17010] hsr_slave_0: entered promiscuous mode
[  807.785183][T17010] hsr_slave_1: entered promiscuous mode
[  807.800993][T17010] debugfs: 'hsr0' already exists in 'hsr'
[  807.817981][T17010] Cannot create hsr debugfs directory
[  808.349391][T17094] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.3097'.
[  808.494897][T17010] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  808.510746][T17010] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  808.605815][T17097] netlink: 'syz.0.3098': attribute type 3 has an invalid length.
[  808.626303][T16760] usb 5-1: new full-speed USB device number 4 using dummy_hcd
[  808.655488][T17010] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  808.666267][T17010] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  808.757456][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  808.766225][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  808.798844][T17101] x_tables: duplicate underflow at hook 2
[  808.841634][T16760] usb 5-1: unable to get BOS descriptor or descriptor too short
[  808.852658][T17010] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  808.879347][T17010] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  808.895486][T16760] usb 5-1: not running at top speed; connect to a high speed hub
[  808.927460][T16760] usb 5-1: config 5 has an invalid interface number: 45 but max is 0
[  808.951680][T16760] usb 5-1: config 5 has no interface number 0
[  808.976187][T16760] usb 5-1: config 5 interface 45 altsetting 3 endpoint 0xD has invalid maxpacket 512, setting to 64
[  808.996268][T16760] usb 5-1: config 5 interface 45 has no altsetting 0
[  809.035997][T16760] usb 5-1: New USB device found, idVendor=162e, idProduct=cba2, bcdDevice=bd.d6
[  809.045425][T16760] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  809.054127][T16760] usb 5-1: Product: syz
[  809.058698][T16760] usb 5-1: Manufacturer: syz
[  809.065173][T16760] usb 5-1: SerialNumber: syz
[  809.075021][T17010] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  809.089317][T17010] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  809.160199][T17107] syzkaller1: entered promiscuous mode
[  809.173682][T17107] syzkaller1: entered allmulticast mode
[  809.313010][T17094] syzkaller0: entered promiscuous mode
[  809.342026][T17116] netlink: 179596 bytes leftover after parsing attributes in process `syz.0.3103'.
[  809.401360][T17094] syzkaller0: entered allmulticast mode
[  809.449830][T17095] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  809.512315][T17095] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  809.553768][T12598] Bluetooth: hci3: command tx timeout
[  809.989245][T17010] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  810.094813][T17010] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  810.224167][T17010] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  810.362307][T17010] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  811.317191][T16760] usb 5-1: USB disconnect, device number 4
[  811.530380][T17010] 8021q: adding VLAN 0 to HW filter on device bond0
[  811.621641][T17010] 8021q: adding VLAN 0 to HW filter on device team0
[  811.633631][T12598] Bluetooth: hci3: command tx timeout
[  811.668619][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  811.676019][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  811.710498][ T1159] bridge0: port 2(bridge_slave_1) entered blocking state
[  811.717893][ T1159] bridge0: port 2(bridge_slave_1) entered forwarding state
[  812.053195][T17010] 8021q: adding VLAN 0 to HW filter on device batadv0
[  812.404034][T16760] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  812.616251][T17010] veth0_vlan: entered promiscuous mode
[  812.637355][T17010] veth1_vlan: entered promiscuous mode
[  812.742656][T17010] veth0_macvtap: entered promiscuous mode
[  812.753535][T16760] usb 3-1: Using ep0 maxpacket: 32
[  812.760910][T16760] usb 3-1: config 1 has an invalid descriptor of length 155, skipping remainder of the config
[  812.771897][T16760] usb 3-1: config 1 has 0 interfaces, different from the descriptor's value: 3
[  812.784445][T16760] usb 3-1: New USB device found, idVendor=0582, idProduct=0075, bcdDevice= 0.40
[  812.799445][T17010] veth1_macvtap: entered promiscuous mode
[  812.810604][T17160] netlink: 179596 bytes leftover after parsing attributes in process `syz.0.3114'.
[  812.825686][T16760] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  812.894979][T16760] usb 3-1: Product: syz
[  812.908582][T16760] usb 3-1: Manufacturer: syz
[  812.927836][T16760] usb 3-1: SerialNumber: syz
[  813.121460][T17010] batman_adv: batadv0: Interface activated: batadv_slave_0
[  813.232015][T16760] usb 3-1: USB disconnect, device number 25
[  813.246848][T17010] batman_adv: batadv0: Interface activated: batadv_slave_1
[  813.307869][T10674] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  813.318067][T10674] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  813.386386][T10674] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  813.411194][T10674] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  813.569138][T10674] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  813.584531][T10674] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  813.760334][ T1083] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  813.773078][ T1083] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  814.168939][   T29] audit: type=1326 audit(1775788045.878:2087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17180 comm="syz.3.3084" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa6f1b9c819 code=0x0
[  814.251598][T17185] FAULT_INJECTION: forcing a failure.
[  814.251598][T17185] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  814.337747][T17185] CPU: 0 UID: 0 PID: 17185 Comm: syz.2.3121 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  814.337786][T17185] Tainted: [L]=SOFTLOCKUP
[  814.337794][T17185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  814.337807][T17185] Call Trace:
[  814.337817][T17185]  <TASK>
[  814.337826][T17185]  dump_stack_lvl+0xe8/0x150
[  814.337866][T17185]  should_fail_ex+0x412/0x560
[  814.337907][T17185]  _copy_to_user+0x31/0xb0
[  814.337937][T17185]  simple_read_from_buffer+0xe1/0x170
[  814.337977][T17185]  proc_fail_nth_read+0x1bb/0x230
[  814.338015][T17185]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  814.338051][T17185]  ? rw_verify_area+0x2a6/0x4d0
[  814.338075][T17185]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  814.338109][T17185]  vfs_read+0x20c/0xa70
[  814.338131][T17185]  ? fdget_pos+0x246/0x320
[  814.338155][T17185]  ? __pfx___mutex_lock+0x10/0x10
[  814.338189][T17185]  ? __pfx_vfs_read+0x10/0x10
[  814.338214][T17185]  ? __fget_files+0x2a/0x420
[  814.338238][T17185]  ? __fget_files+0x3a0/0x420
[  814.338256][T17185]  ? __fget_files+0x2a/0x420
[  814.338283][T17185]  ksys_read+0x150/0x270
[  814.338310][T17185]  ? __pfx_ksys_read+0x10/0x10
[  814.338346][T17185]  do_syscall_64+0x14d/0xf80
[  814.338374][T17185]  ? trace_irq_disable+0x3b/0x150
[  814.338393][T17185]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  814.338416][T17185]  ? clear_bhb_loop+0x40/0x90
[  814.338444][T17185]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  814.338475][T17185] RIP: 0033:0x7f7b8035d04e
[  814.338497][T17185] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  814.338516][T17185] RSP: 002b:00007f7b811ebfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  814.338541][T17185] RAX: ffffffffffffffda RBX: 00007f7b811ec6c0 RCX: 00007f7b8035d04e
[  814.338557][T17185] RDX: 000000000000000f RSI: 00007f7b811ec0a0 RDI: 0000000000000004
[  814.338571][T17185] RBP: 00007f7b811ec090 R08: 0000000000000000 R09: 0000000000000000
[  814.338585][T17185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  814.338598][T17185] R13: 00007f7b80616038 R14: 00007f7b80615fa0 R15: 00007f7b8073fa48
[  814.338633][T17185]  </TASK>
[  815.150860][ T5909] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  815.343821][ T5909] usb 3-1: Using ep0 maxpacket: 32
[  815.363236][ T5909] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  815.374036][ T5909] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  815.459993][ T5828] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  815.474931][ T5828] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  815.482841][ T5828] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  815.494581][ T5909] usb 3-1: config 0 descriptor??
[  815.499957][ T5828] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  815.507758][ T5828] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  815.551626][ T5909] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  815.960943][ T5909] gspca_vc032x: reg_w err -71
[  815.968726][ T5909] gspca_vc032x: I2c Bus Busy Wait 00
[  815.996541][ T5909] gspca_vc032x: I2c Bus Busy Wait 00
[  816.003551][ T5909] gspca_vc032x: I2c Bus Busy Wait 00
[  816.008968][ T5909] gspca_vc032x: I2c Bus Busy Wait 00
[  816.014547][ T5909] gspca_vc032x: I2c Bus Busy Wait 00
[  816.019946][ T5909] gspca_vc032x: I2c Bus Busy Wait 00
[  816.025510][ T5909] gspca_vc032x: I2c Bus Busy Wait 00
[  816.031014][ T5909] gspca_vc032x: I2c Bus Busy Wait 00
[  816.036546][ T5909] gspca_vc032x: I2c Bus Busy Wait 00
[  816.041943][ T5909] gspca_vc032x: I2c Bus Busy Wait 00
[  816.047785][ T5909] gspca_vc032x: I2c Bus Busy Wait 00
[  816.055340][ T5909] gspca_vc032x: I2c Bus Busy Wait 00
[  816.060854][ T5909] gspca_vc032x: I2c Bus Busy Wait 00
[  816.066329][ T5909] gspca_vc032x: I2c Bus Busy Wait 00
[  816.071769][ T5909] gspca_vc032x: I2c Bus Busy Wait 00
[  816.077325][ T5909] gspca_vc032x: I2c Bus Busy Wait 00
[  816.082788][ T5909] gspca_vc032x: I2c Bus Busy Wait 00
[  816.088909][ T5909] gspca_vc032x: I2c Bus Busy Wait 00
[  816.094427][ T5909] gspca_vc032x: Unknown sensor...
[  816.099734][ T5909] vc032x 3-1:0.0: probe with driver vc032x failed with error -22
[  816.121627][ T5909] usb 3-1: USB disconnect, device number 26
[  816.263108][T17204] chnl_net:caif_netlink_parms(): no params data found
[  816.665484][T17204] bridge0: port 1(bridge_slave_0) entered blocking state
[  816.666968][T17222] program syz.2.3129 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  816.676456][T17204] bridge0: port 1(bridge_slave_0) entered disabled state
[  816.690706][T17222] netlink: 1319 bytes leftover after parsing attributes in process `syz.2.3129'.
[  816.690965][T17204] bridge_slave_0: entered allmulticast mode
[  816.715411][T17204] bridge_slave_0: entered promiscuous mode
[  816.787579][T17204] bridge0: port 2(bridge_slave_1) entered blocking state
[  816.803963][T17204] bridge0: port 2(bridge_slave_1) entered disabled state
[  816.812528][T17204] bridge_slave_1: entered allmulticast mode
[  816.821481][T17204] bridge_slave_1: entered promiscuous mode
[  817.039287][   T29] audit: type=1326 audit(1775788048.748:2088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17228 comm="syz.2.3130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b8039c819 code=0x7ffc0000
[  817.094784][T17204] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  817.127785][   T29] audit: type=1326 audit(1775788048.778:2089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17228 comm="syz.2.3130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b8039c819 code=0x7ffc0000
[  817.156375][T17204] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  817.191395][   T29] audit: type=1326 audit(1775788048.778:2090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17228 comm="syz.2.3130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b8039c819 code=0x7ffc0000
[  817.216720][   T29] audit: type=1326 audit(1775788048.778:2091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17228 comm="syz.2.3130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b8039c819 code=0x7ffc0000
[  817.285867][   T29] audit: type=1326 audit(1775788048.778:2092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17228 comm="syz.2.3130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=216 compat=0 ip=0x7f7b8039c819 code=0x7ffc0000
[  817.316969][T17204] team0: Port device team_slave_0 added
[  817.335643][T17204] team0: Port device team_slave_1 added
[  817.356794][   T29] audit: type=1326 audit(1775788048.778:2093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17228 comm="syz.2.3130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b8039c819 code=0x7ffc0000
[  817.406632][   T29] audit: type=1326 audit(1775788048.778:2094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17228 comm="syz.2.3130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b8039c819 code=0x7ffc0000
[  817.460679][   T29] audit: type=1326 audit(1775788048.788:2095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17228 comm="syz.2.3130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f7b8039c819 code=0x7ffc0000
[  817.552546][   T29] audit: type=1326 audit(1775788048.818:2096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17228 comm="syz.2.3130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f7b8039c819 code=0x7ffc0000
[  817.556841][T12598] Bluetooth: hci4: command tx timeout
[  817.606167][T17204] batman_adv: batadv0: Adding interface: batadv_slave_0
[  817.613187][T17204] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  817.711822][T17204] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  818.204141][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  818.310595][T17204] batman_adv: batadv0: Adding interface: batadv_slave_1
[  818.323714][T17204] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  818.373788][T17204] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  818.532805][T17204] hsr_slave_0: entered promiscuous mode
[  818.542099][T17204] hsr_slave_1: entered promiscuous mode
[  818.549363][T17204] debugfs: 'hsr0' already exists in 'hsr'
[  818.555714][T17204] Cannot create hsr debugfs directory
[  819.215290][   T29] audit: type=1326 audit(1775788050.928:2097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17254 comm="syz.2.3136" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7b8039c819 code=0x0
[  819.503768][T15022] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  819.538117][T15022] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  819.634353][T12598] Bluetooth: hci4: command tx timeout
[  819.925299][T15022] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  819.963519][T15022] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  820.091153][T15022] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  820.105775][T15022] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  820.210839][T15022] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  820.224429][T15022] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  820.352546][T17277] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  820.624028][ T5909] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  820.669412][T15022] bridge_slave_1: left allmulticast mode
[  820.686762][T15022] bridge_slave_1: left promiscuous mode
[  820.698632][T15022] bridge0: port 2(bridge_slave_1) entered disabled state
[  820.711759][T15022] bridge_slave_0: left allmulticast mode
[  820.718296][T15022] bridge_slave_0: left promiscuous mode
[  820.724422][T15022] bridge0: port 1(bridge_slave_0) entered disabled state
[  820.804677][ T5909] usb 4-1: Using ep0 maxpacket: 16
[  820.837378][ T5909] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  820.871366][ T5909] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  820.910462][ T5909] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  820.929205][ T5909] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  820.947962][ T5909] usb 4-1: Product: syz
[  820.961188][ T5909] usb 4-1: Manufacturer: syz
[  820.977303][ T5909] usb 4-1: SerialNumber: syz
[  821.012225][ T5909] usb 4-1: config 0 descriptor??
[  821.352843][ T5909] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  821.373529][ T5909] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  821.714008][T12598] Bluetooth: hci4: command tx timeout
[  821.833485][T15022] bond1 (unregistering): (slave bridge1): Releasing backup interface
[  821.846657][T15022] bridge1 (unregistering): left promiscuous mode
[  821.862973][T15022] bridge1 (unregistering): left allmulticast mode
[  821.953162][ T5909] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  821.961625][ T5909] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[  822.014989][T15022] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  822.040228][T15022] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  822.065974][T15022] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  822.097411][T15022] bond0 (unregistering): Released all slaves
[  822.139441][T15022] bond1 (unregistering): Released all slaves
[  822.188183][T15022] bond2 (unregistering): Released all slaves
[  822.381650][ T5909] em28xx 4-1:0.0: AC97 chip type couldn't be determined
[  822.389697][ T5909] em28xx 4-1:0.0: No AC97 audio processor
[  822.460629][ T5909] usb 4-1: USB disconnect, device number 5
[  822.506560][ T5909] em28xx 4-1:0.0: Disconnecting em28xx
[  822.539751][ T5909] em28xx 4-1:0.0: Freeing device
[  822.578095][T15022] tipc: Disabling bearer <udp:syz2>
[  822.620905][T15022] tipc: Left network mode
[  823.087981][T17318] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  823.126571][T15022] hsr_slave_0: left promiscuous mode
[  823.136403][T15022] hsr_slave_1: left promiscuous mode
[  823.144235][T15022] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  823.151711][T15022] batman_adv: batadv0: Removing interface: batadv_slave_0
[  823.358489][T17328] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3147'.
[  823.749087][T15022] veth1_macvtap: left promiscuous mode
[  823.769055][T15022] veth0_macvtap: left promiscuous mode
[  823.794481][T12598] Bluetooth: hci4: command tx timeout
[  823.816962][T15022] veth1_vlan: left promiscuous mode
[  824.023586][T15022] veth0_vlan: left promiscuous mode
[  824.055790][T11969] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  824.328618][T11969] usb 5-1: device descriptor read/64, error -71
[  824.583847][T11969] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  824.733618][T11969] usb 5-1: device descriptor read/64, error -71
[  824.853917][T11969] usb usb5-port1: attempt power cycle
[  824.936837][   T29] audit: type=1326 audit(1775788056.648:2098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17345 comm="syz.0.3150" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe57e59c819 code=0x0
[  824.996339][T15022] team0 (unregistering): Port device batadv1 removed
[  825.374573][T15022] pim6reg9 (unregistering): left allmulticast mode
[  825.383672][T11969] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  825.408768][T15022] pim6reg (unregistering): left allmulticast mode
[  825.467476][T11969] usb 5-1: device descriptor read/8, error -71
[  825.719833][T11969] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  826.399715][T11969] usb 5-1: device descriptor read/8, error -71
[  826.524213][T11969] usb usb5-port1: unable to enumerate USB device
[  826.567893][T15022] team0 (unregistering): Port device team_slave_1 removed
[  826.675391][T15022] team0 (unregistering): Port device team_slave_0 removed
[  827.541837][T17204] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  827.804198][T17204] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  828.126409][T17204] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  828.280660][T17204] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  828.939669][ T5909] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  829.189132][ T5909] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  829.224654][ T5909] usb 4-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=f6.6a
[  829.254595][ T5909] usb 4-1: New USB device strings: Mfr=181, Product=147, SerialNumber=160
[  829.283620][ T5909] usb 4-1: Product: syz
[  829.296987][ T5909] usb 4-1: Manufacturer: syz
[  829.301675][ T5909] usb 4-1: SerialNumber: syz
[  829.368528][ T5909] usb 4-1: config 0 descriptor??
[  829.410010][ T5909] comedi comedi5: Wrong number of endpoints
[  829.456841][ T5909] ni6501 4-1:0.0: driver 'ni6501' failed to auto-configure device.
[  829.631897][T17204] 8021q: adding VLAN 0 to HW filter on device bond0
[  829.739850][T17204] 8021q: adding VLAN 0 to HW filter on device team0
[  829.847114][ T6859] bridge0: port 1(bridge_slave_0) entered blocking state
[  829.854453][ T6859] bridge0: port 1(bridge_slave_0) entered forwarding state
[  829.947252][ T6859] bridge0: port 2(bridge_slave_1) entered blocking state
[  829.954489][ T6859] bridge0: port 2(bridge_slave_1) entered forwarding state
[  830.358207][T17204] 8021q: adding VLAN 0 to HW filter on device batadv0
[  830.456170][T17204] veth0_vlan: entered promiscuous mode
[  830.520580][T17204] veth1_vlan: entered promiscuous mode
[  830.639676][T17204] veth0_macvtap: entered promiscuous mode
[  830.686065][T17204] veth1_macvtap: entered promiscuous mode
[  830.783515][  T796] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  830.801311][T17204] batman_adv: batadv0: Interface activated: batadv_slave_0
[  830.831399][T17412] fuse: Bad value for 'fd'
[  830.860241][T17204] batman_adv: batadv0: Interface activated: batadv_slave_1
[  830.963697][  T796] usb 5-1: Using ep0 maxpacket: 8
[  830.971344][  T796] usb 5-1: unable to get BOS descriptor or descriptor too short
[  831.020987][T16760] usb 4-1: USB disconnect, device number 6
[  831.030091][  T796] usb 5-1: config 4 has an invalid interface number: 133 but max is 0
[  831.045532][T10674] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  831.079206][  T796] usb 5-1: config 4 has no interface number 0
[  831.112480][T10674] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  831.125619][  T796] usb 5-1: New USB device found, idVendor=12d1, idProduct=8b88, bcdDevice=f3.59
[  831.164512][T10674] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  831.173874][  T796] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  831.222704][  T796] usb 5-1: Product: syz
[  831.267086][T10674] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  831.281449][  T796] usb 5-1: Manufacturer: syz
[  831.293613][  T796] usb 5-1: SerialNumber: syz
[  831.591017][T10674] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  831.624947][  T796] huawei_cdc_ncm 5-1:4.133: CDC Union missing and no IAD found
[  831.660080][  T796] huawei_cdc_ncm 5-1:4.133: bind() failure
[  831.668956][ T6861] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  831.698544][T10674] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  831.751487][ T6861] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  831.784034][  T796] usb 5-1: USB disconnect, device number 9
[  832.364410][T17444] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  832.374973][   T29] audit: type=1326 audit(1775788064.088:2099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17439 comm="syz.4.3162" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff87459c819 code=0x0
[  832.643770][ T5902] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  832.793555][ T5902] usb 4-1: device descriptor read/64, error -71
[  833.033681][ T5902] usb 4-1: new full-speed USB device number 8 using dummy_hcd
[  833.173767][ T5902] usb 4-1: device descriptor read/64, error -71
[  833.283941][ T5902] usb usb4-port1: attempt power cycle
[  833.654786][ T5902] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  833.694426][ T5902] usb 4-1: device descriptor read/8, error -71
[  833.943783][ T5902] usb 4-1: new full-speed USB device number 10 using dummy_hcd
[  833.965947][T17467] netlink: 'syz.4.3165': attribute type 4 has an invalid length.
[  833.987841][ T5902] usb 4-1: device descriptor read/8, error -71
[  834.074663][T17467] netlink: 152 bytes leftover after parsing attributes in process `syz.4.3165'.
[  834.117562][ T5902] usb usb4-port1: unable to enumerate USB device
[  834.208610][T17467] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  834.861855][T17483] netlink: 'syz.1.3169': attribute type 11 has an invalid length.
[  834.866905][ T5910] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  834.929223][T17483] netlink: 'syz.1.3169': attribute type 6 has an invalid length.
[  834.984591][T17483] netlink: 199784 bytes leftover after parsing attributes in process `syz.1.3169'.
[  835.085170][T17489] syzkaller0: entered promiscuous mode
[  835.090864][ T5910] usb 3-1: Using ep0 maxpacket: 8
[  835.106654][T17489] syzkaller0: entered allmulticast mode
[  835.117434][ T5910] usb 3-1: config 65 has too many interfaces: 73, using maximum allowed: 32
[  835.170369][ T5910] usb 3-1: config 65 has 3 interfaces, different from the descriptor's value: 73
[  835.215366][ T5910] usb 3-1: config 65 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  835.256868][ T5910] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b1, bcdDevice= 0.40
[  835.281716][ T5910] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  835.299766][ T5910] usb 3-1: Product: syz
[  835.327695][ T5910] usb 3-1: Manufacturer: syz
[  835.332384][ T5910] usb 3-1: SerialNumber: syz
[  835.693863][T11969] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[  835.736876][T17497] fuse: Bad value for 'fd'
[  835.871195][   T29] audit: type=1326 audit(1775788067.578:2100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17498 comm="syz.3.3175" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa6f1b9c819 code=0x0
[  835.907706][T11969] usb 5-1: unable to get BOS descriptor or descriptor too short
[  835.917365][T11969] usb 5-1: not running at top speed; connect to a high speed hub
[  835.976946][T11969] usb 5-1: config 251 has an invalid descriptor of length 0, skipping remainder of the config
[  836.051597][T11969] usb 5-1: New USB device found, idVendor=1199, idProduct=9003, bcdDevice=d7.00
[  836.081470][T11969] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  836.101848][T11969] usb 5-1: Product: syz
[  836.111438][T11969] usb 5-1: Manufacturer: syz
[  836.128239][T11969] usb 5-1: SerialNumber: syz
[  836.135400][ T5910] snd-usb-audio 3-1:65.0: probe with driver snd-usb-audio failed with error -71
[  836.196104][ T5910] usb 3-1: USB disconnect, device number 27
[  836.424059][T17511] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  836.442545][T17511] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  836.504594][T17511] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  837.043541][ T5910] usb 3-1: new full-speed USB device number 28 using dummy_hcd
[  837.133262][T17522] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3180'.
[  837.236341][ T5910] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid maxpacket 106, setting to 64
[  837.268516][ T5910] usb 3-1: config 0 interface 0 has no altsetting 0
[  837.297358][ T5910] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  837.314000][ T5910] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  837.331708][ T5910] usb 3-1: Product: syz
[  837.341760][ T5910] usb 3-1: Manufacturer: syz
[  837.355857][ T5910] usb 3-1: SerialNumber: syz
[  837.384871][ T5910] usb 3-1: config 0 descriptor??
[  837.399918][T17517] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  837.430143][ T5910] usb 3-1: selecting invalid altsetting 0
[  837.436593][ T5909] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  837.605715][ T5909] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  837.630821][ T5909] usb 4-1: config 0 has an invalid interface number: 4 but max is 0
[  837.657021][ T5909] usb 4-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  837.675173][T17517] snd-usb-audio 3-1:0.0: Runtime PM usage count underflow!
[  837.683232][ T5909] usb 4-1: config 0 has no interface number 0
[  837.699132][ T5909] usb 4-1: config 0 has no interface number 1
[  837.708350][ T5910] usb 3-1: USB disconnect, device number 28
[  837.749441][ T5909] usb 4-1: New USB device found, idVendor=cc35, idProduct=693f, bcdDevice=e7.0f
[  837.781626][ T5909] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  837.803384][ T5909] usb 4-1: Product: syz
[  837.820356][ T5909] usb 4-1: Manufacturer: syz
[  837.836965][ T5909] usb 4-1: SerialNumber: syz
[  837.862461][T17428] udevd[17428]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  837.891902][ T5909] usb 4-1: config 0 descriptor??
[  837.910275][ T5909] cdc_acm 4-1:0.51: probe with driver cdc_acm failed with error -22
[  838.030177][T17531] input: syz0 as /devices/virtual/input/input8
[  838.126013][T17524] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  838.136734][T17524] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  838.151166][T17524] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  838.160743][T17524] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  838.181904][T17524] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3181'.
[  838.206838][T17524] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  838.246029][ T5910] usb 4-1: USB disconnect, device number 11
[  838.393570][ T5902] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  838.583941][ T5902] usb 2-1: Using ep0 maxpacket: 16
[  838.612423][ T5902] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  838.650263][T11969] qmi_wwan 5-1:251.0: probe with driver qmi_wwan failed with error -22
[  838.669175][ T5902] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  838.720429][T11969] usb 5-1: USB disconnect, device number 10
[  838.732482][ T5902] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  838.763490][ T5902] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  838.821901][ T5902] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  838.845589][T17548] IPv6: addrconf: prefix option has invalid lifetime
[  838.859984][ T5902] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  838.895255][ T5902] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  838.914262][ T5902] usb 2-1: Manufacturer: syz
[  838.946816][ T5902] usb 2-1: config 0 descriptor??
[  839.203545][ T5909] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  839.253715][ T5902] rc_core: IR keymap rc-hauppauge not found
[  839.259812][ T5902] Registered IR keymap rc-empty
[  839.268927][ T5902] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  839.294626][ T5902] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  839.328587][ T5902] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  839.345657][ T5902] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input9
[  839.372377][ T5902] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  839.381065][ T5909] usb 4-1: Using ep0 maxpacket: 32
[  839.392354][ T5909] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  839.406667][ T5902] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  839.420506][ T5909] usb 4-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40
[  839.433935][ T5902] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  839.452591][ T5909] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  839.461854][ T5902] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  839.476293][ T5909] usb 4-1: Product: ࠬ
[  839.481031][ T5909] usb 4-1: Manufacturer: 吊
[  839.487796][ T5909] usb 4-1: SerialNumber: Џ
[  839.494570][ T5902] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  839.533733][ T5902] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  839.557094][ T5902] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  839.583832][ T5902] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  839.603747][ T5902] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  839.644119][ T5902] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  839.681886][   T29] audit: type=1326 audit(1775788071.378:2101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17556 comm="syz.0.3191" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe57e59c819 code=0x0
[  839.733340][ T5902] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  839.791600][ T5902] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  839.981867][ T5909] usb 4-1: Audio class v2/v3 interfaces need an interface association
[  840.203623][ T5902] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  840.249471][T14936] usb 2-1: USB disconnect, device number 4
[  840.295350][ T5909] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22
[  840.339606][ T5909] usb 4-1: USB disconnect, device number 12
[  840.388201][ T5902] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  840.411920][ T5902] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  840.459043][ T5902] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  840.603193][ T5902] usb 3-1: config 0 descriptor??
[  840.657908][T16753] udevd[16753]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  840.710129][ T5902] pwc: Askey VC010 type 2 USB webcam detected.
[  840.717432][T17572] loop8: detected capacity change from 0 to 7
[  840.746426][T17572] Dev loop8: unable to read RDB block 7
[  840.767313][T17572]  loop8: unable to read partition table
[  840.790563][T17572] loop8: partition table beyond EOD, truncated
[  840.822451][T17572] loop_reread_partitions: partition scan of loop8 (�被x�^>��� ) failed (rc=-5)
[  840.886515][ T5902] pwc: recv_control_msg error -32 req 02 val 2b00
[  840.912826][ T5902] pwc: recv_control_msg error -32 req 02 val 2700
[  840.943286][ T5902] pwc: recv_control_msg error -32 req 02 val 2c00
[  840.968428][ T5902] pwc: recv_control_msg error -32 req 04 val 1000
[  840.994313][ T5902] pwc: recv_control_msg error -32 req 04 val 1300
[  841.024310][ T5902] pwc: recv_control_msg error -32 req 04 val 1400
[  841.053877][ T5902] pwc: recv_control_msg error -32 req 02 val 2000
[  841.127395][ T5902] pwc: recv_control_msg error -32 req 02 val 2100
[  841.148597][ T5902] pwc: recv_control_msg error -32 req 04 val 1500
[  841.167867][ T5902] pwc: recv_control_msg error -32 req 02 val 2500
[  841.183940][ T5902] pwc: recv_control_msg error -32 req 02 val 2400
[  841.193244][ T5902] pwc: recv_control_msg error -32 req 02 val 2600
[  841.213815][ T5902] pwc: recv_control_msg error -32 req 02 val 2900
[  841.229381][ T5902] pwc: recv_control_msg error -32 req 02 val 2800
[  841.298875][ T5902] pwc: recv_control_msg error -71 req 04 val 1100
[  841.332533][ T5902] pwc: recv_control_msg error -71 req 04 val 1200
[  841.401240][ T5902] pwc: Registered as video103.
[  841.427688][ T5902] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input11
[  841.470004][T17584] __vm_enough_memory: pid: 17584, comm: syz.3.3198, bytes: 4503599627366400 not enough memory for the allocation
[  841.590741][ T5902] usb 3-1: USB disconnect, device number 29
[  841.783560][T11969] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  841.957100][T11969] usb 4-1: Using ep0 maxpacket: 32
[  841.977530][T11969] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  841.996488][T11969] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  842.021042][T11969] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  842.044399][T11969] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  842.078016][T11969] usb 4-1: config 0 descriptor??
[  842.158797][T17590] netlink: 'syz.0.3200': attribute type 3 has an invalid length.
[  842.214092][T17590] netlink: 788 bytes leftover after parsing attributes in process `syz.0.3200'.
[  842.418034][T17595] fuse: Bad value for 'fd'
[  842.428763][T17595] fuse: Bad value for 'fd'
[  842.519970][T17584] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  842.535371][T17584] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  842.626496][T17600] xt_hashlimit: invalid interval
[  842.637415][T17604] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  842.829928][T17609] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  842.904972][T17612] team0: Port device syz_tun added
[  842.954989][T17612] team0: Port device syz_tun removed
[  843.007059][T17612] bridge_slave_0: left allmulticast mode
[  843.034194][T17612] bridge_slave_0: left promiscuous mode
[  843.055742][T17612] bridge0: port 1(bridge_slave_0) entered disabled state
[  843.089946][T17612] bridge_slave_1: left allmulticast mode
[  843.108094][T17612] bridge_slave_1: left promiscuous mode
[  843.125588][T17612] bridge0: port 2(bridge_slave_1) entered disabled state
[  843.171093][T17612] bond0: (slave bond_slave_0): Releasing backup interface
[  843.217882][T17612] bond0: (slave bond_slave_1): Releasing backup interface
[  843.306389][T17612] team0: Port device team_slave_0 removed
[  843.354020][T17612] team0: Port device team_slave_1 removed
[  843.374144][T17612] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  843.385139][T17612] batman_adv: batadv0: Removing interface: batadv_slave_0
[  843.405714][T17612] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  843.414977][T17612] batman_adv: batadv0: Removing interface: batadv_slave_1
[  843.441117][T17612] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  843.489207][   T29] audit: type=1326 audit(1775788075.198:2102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17620 comm="syz.0.3210" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe57e59c819 code=0x0
[  844.325359][T17639] program syz.4.3213 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  844.553447][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  844.618495][T11969] usbhid 4-1:0.0: can't add hid device: -71
[  844.644722][T11969] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  844.811225][T11969] usb 4-1: USB disconnect, device number 13
[  845.094347][  T796] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  845.286646][  T796] usb 2-1: Using ep0 maxpacket: 16
[  845.354350][  T796] usb 2-1: config 0 has no interfaces?
[  845.433711][  T796] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  845.461676][  T796] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  845.512111][  T796] usb 2-1: Manufacturer: syz
[  845.566981][  T796] usb 2-1: config 0 descriptor??
[  845.778621][T17661] netlink: zone id is out of range
[  845.783991][T17661] netlink: zone id is out of range
[  845.789179][T17661] netlink: zone id is out of range
[  845.795074][T17661] netlink: zone id is out of range
[  845.800484][T17661] netlink: zone id is out of range
[  845.805756][T17661] netlink: get zone limit has 4 unknown bytes
[  845.817393][T17661] fuse: Unknown parameter 'M�fY��S�_w��a�0000000000000000000818446744073709551615m�ޣg!�c��s��b޽�#��K��F�񉊑?vN����Ŝ�	��C �1V3�����-��
��Es`A�L���68��|��[@�1��P2!�9��i�)jU�?n���@q�*��y�J���ޤ�7��)E��MH��ն9���X�}�2��3[j����XXO�����0�s�ȶ-ܵ����1�3Z0�!  ;�����v�͓?_.	����	�˔`����YO�DCܱ�'PH�UE}\�A0��J/h���`a�<dPN��7#D+��ͥ(��Ra���q7��'
[  845.934557][T17643] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  846.242379][T17643] bond0: option miimon: invalid value (18446744073709551607)
[  846.250359][T17643] bond0: option miimon: allowed values 0 - 2147483647
[  846.275818][T17643] bond0 (unregistering): Released all slaves
[  846.352738][T17670] openvswitch: netlink: Flow key attr not present in new flow.
[  846.966880][T17679] netlink: 'syz.2.3224': attribute type 1 has an invalid length.
[  847.059361][T17679] 8021q: adding VLAN 0 to HW filter on device bond1
[  847.580073][ T5909] usb 2-1: USB disconnect, device number 5
[  847.847010][T17690] program syz.2.3226 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  848.261091][   T29] audit: type=1326 audit(1775788079.968:2103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17700 comm="syz.4.3229" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff87459c819 code=0x0
[  848.748414][   T29] audit: type=1326 audit(1775788080.458:2104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17694 comm="syz.1.3228" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2070b9c819 code=0x0
[  848.876368][T11969] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  849.069703][T11969] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x86 has invalid maxpacket 5632, setting to 1024
[  849.104335][T11969] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024
[  849.155807][T11969] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  849.283595][T11969] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  849.292820][T11969] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  849.366056][T11969] usb 3-1: Product: syz
[  849.380495][T11969] usb 3-1: Manufacturer: syz
[  849.411995][T11969] usb 3-1: SerialNumber: syz
[  849.563717][T14936] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  849.629007][T17715] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  849.775310][T14936] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  849.796043][T14936] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  849.842793][T14936] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  850.068119][T14936] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  850.129588][T17733] netlink: 'syz.1.3235': attribute type 8 has an invalid length.
[  850.195664][T14936] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  850.356076][T17715] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  850.414990][   T29] audit: type=1326 audit(1775788082.108:2105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17727 comm="syz.1.3235" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2070b9c819 code=0x0
[  850.594070][T11969] cdc_ncm 3-1:1.0: bind() failure
[  850.613863][T11969] cdc_ncm 3-1:1.1: probe with driver cdc_ncm failed with error -71
[  850.655101][T14936] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  850.670586][T11969] cdc_mbim 3-1:1.1: probe with driver cdc_mbim failed with error -71
[  850.733719][T11969] usbtest 3-1:1.1: probe with driver usbtest failed with error -71
[  850.852750][T11969] usb 3-1: USB disconnect, device number 30
[  850.883201][T17724] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  850.960157][T17724] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  851.532353][T14936] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -12
[  852.090505][T17762] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3242'.
[  852.100950][T17762] openvswitch: netlink: Port -1 exceeds max allowable 65535
[  852.170237][T17765] netlink: 212348 bytes leftover after parsing attributes in process `syz.4.3243'.
[  852.373598][T14936] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  852.551502][ T5910] usb 4-1: USB disconnect, device number 14
[  852.561166][T14936] usb 3-1: Using ep0 maxpacket: 16
[  852.647617][T14936] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  852.682826][T14936] usb 3-1: config 0 has no interface number 0
[  852.701239][T14936] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  852.729439][   T29] audit: type=1326 audit(1775788084.348:2106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17767 comm="syz.4.3244" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff87459c819 code=0x0
[  852.776556][T14936] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  852.813771][T14936] usb 3-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  852.853304][T14936] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  853.004007][T14936] usb 3-1: config 0 descriptor??
[  853.124157][T11969] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  853.289017][T11969] usb 2-1: config 1 interface 0 altsetting 4 bulk endpoint 0x1 has invalid maxpacket 64
[  853.314667][T11969] usb 2-1: config 1 interface 0 has no altsetting 0
[  853.356018][T11969] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  853.374695][T11969] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  853.568585][T11969] usb 2-1: Product: syz
[  853.572947][T11969] usb 2-1: Manufacturer: syz
[  853.595501][T11969] usb 2-1: SerialNumber: syz
[  853.632341][T17772] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  855.803990][T17772] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  855.825745][T14936] usbhid 3-1:0.1: can't add hid device: -71
[  855.831947][T14936] usbhid 3-1:0.1: probe with driver usbhid failed with error -71
[  855.839842][T17772] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  855.911366][T14936] usb 3-1: USB disconnect, device number 31
[  855.922798][T17772] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  855.944294][T17772] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  856.008976][T17772] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  856.042323][T17772] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  856.104411][T17772] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  856.114100][T12598] Bluetooth: hci0: command 0x0406 tx timeout
[  856.213084][T17772] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  856.299380][T17772] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  856.309392][T17772] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  856.496627][T17772] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  856.525795][T17772] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  856.532824][T17772] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  856.546160][T17772] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  856.848691][T11969] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 7 if 0 alt 4 proto 1 vid 0x0525 pid 0xA4A8
[  856.884280][T17821] xt_hashlimit: size too large, truncated to 1048576
[  856.899461][T11969] usb 2-1: USB disconnect, device number 7
[  856.967481][T11969] usblp0: removed
[  857.195977][T14936] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  857.340755][   T29] audit: type=1326 audit(1775788089.048:2107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17831 comm="syz.3.3261" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa6f1b9c819 code=0x0
[  857.394748][T14936] usb 3-1: Using ep0 maxpacket: 16
[  857.419224][T14936] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  857.458793][T14936] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  857.500414][T14936] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  857.533915][T14936] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  857.585228][T14936] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  857.659700][T14936] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  857.722287][T14936] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  857.754757][T14936] usb 3-1: Manufacturer: syz
[  857.785416][T14936] usb 3-1: config 0 descriptor??
[  857.957306][T12598] Bluetooth: hci1: command 0x0c1a tx timeout
[  858.114096][T12598] Bluetooth: hci5: command 0x0c1a tx timeout
[  858.193631][T12598] Bluetooth: hci0: command 0x0406 tx timeout
[  858.263529][T14936] rc_core: IR keymap rc-hauppauge not found
[  858.269492][T14936] Registered IR keymap rc-empty
[  858.315640][T14936] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  858.353518][T12598] Bluetooth: hci3: command 0x0c1a tx timeout
[  858.357966][T14936] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  858.599796][T12598] Bluetooth: hci4: command 0x0c1a tx timeout
[  858.610195][T14936] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  858.665516][T14936] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input12
[  858.768966][T14936] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  858.827389][T14936] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  858.889789][T14936] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  858.987678][T14936] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  859.023586][T14936] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  859.104370][T14936] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  859.193602][T14936] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  859.233751][T14936] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  859.270450][T14936] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  859.314458][T14936] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  859.355833][T14936] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  859.393568][T14936] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  859.443467][T14936] usb 3-1: USB disconnect, device number 32
[  859.820774][T17862] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3267'.
[  859.853786][T17863] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  859.936427][T17866] fuse: Bad value for 'fd'
[  860.047608][T12598] Bluetooth: hci1: command 0x0c1a tx timeout
[  860.054399][T14936] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  860.197906][T12598] Bluetooth: hci5: command 0x0c1a tx timeout
[  860.223517][T14936] usb 3-1: Using ep0 maxpacket: 32
[  860.230888][T14936] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  860.239655][T14936] usb 3-1: config 0 has no interface number 0
[  860.248657][T14936] usb 3-1: config 0 interface 12 has no altsetting 0
[  860.258929][T14936] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  860.268912][T14936] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  860.277416][T14936] usb 3-1: Product: syz
[  860.281723][T14936] usb 3-1: Manufacturer: syz
[  860.286445][T14936] usb 3-1: SerialNumber: syz
[  860.298632][T14936] usb 3-1: config 0 descriptor??
[  860.433673][T12598] Bluetooth: hci3: command 0x0c1a tx timeout
[  860.526746][T17855] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3265'.
[  860.623526][  T796] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  860.673574][T12598] Bluetooth: hci4: command 0x0c1a tx timeout
[  860.814945][  T796] usb 4-1: config 0 has too many interfaces: 253, using maximum allowed: 32
[  860.835646][T14936] f81534 3-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  860.843509][  T796] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 253
[  860.854267][T14936] f81534 3-1:0.12: f81534_find_config_idx: read failed: -71
[  860.861630][T14936] f81534 3-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  860.895088][  T796] usb 4-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac
[  860.910617][T14936] f81534 3-1:0.12: probe with driver f81534 failed with error -71
[  860.914376][  T796] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  860.953540][  T796] usb 4-1: Product: syz
[  860.962849][  T796] usb 4-1: Manufacturer: syz
[  860.976959][T14936] usb 3-1: USB disconnect, device number 33
[  860.984486][  T796] usb 4-1: SerialNumber: syz
[  861.044178][  T796] usb 4-1: config 0 descriptor??
[  861.159745][  T796] gspca_main: sunplus-2.14.0 probing 055f:c630
[  861.565997][T17886] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  861.601519][T17886] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  861.618012][T17887] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3270'.
[  861.793577][T14936] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  862.062812][T17887] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  862.083651][T14936] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  862.137326][T12598] Bluetooth: hci1: command 0x0c1a tx timeout
[  862.137388][  T796] gspca_sunplus: reg_r err -110
[  862.143777][T14936] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  862.167472][T14936] usb 2-1: Product: syz
[  862.171772][T14936] usb 2-1: Manufacturer: syz
[  862.185567][T14936] usb 2-1: SerialNumber: syz
[  862.206559][T14936] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  862.224274][ T5902] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  862.315301][T12598] Bluetooth: hci5: command 0x0c1a tx timeout
[  862.331701][  T796] sunplus 4-1:0.0: probe with driver sunplus failed with error -110
[  862.514622][T12598] Bluetooth: hci3: command 0x0c1a tx timeout
[  862.521274][T14936] usb 2-1: USB disconnect, device number 8
[  862.571051][  T796] usb 4-1: USB disconnect, device number 15
[  862.753819][T12598] Bluetooth: hci4: command 0x0c1a tx timeout
[  862.868650][   T29] audit: type=1326 audit(1775788094.578:2108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17899 comm="syz.3.3276" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa6f1b9c819 code=0x0
[  863.265185][T17906] netlink: 7064 bytes leftover after parsing attributes in process `syz.1.3277'.
[  863.293246][T17906] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  863.313633][ T5902] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  863.333916][T17906] netlink: 7064 bytes leftover after parsing attributes in process `syz.1.3277'.
[  863.353699][ T5902] ath9k_htc: Failed to initialize the device
[  863.366680][T14936] usb 2-1: ath9k_htc: USB layer deinitialized
[  863.374006][T17906] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  863.416581][T17906] netlink: 7064 bytes leftover after parsing attributes in process `syz.1.3277'.
[  863.463638][T17906] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  863.497191][T17906] netlink: 7064 bytes leftover after parsing attributes in process `syz.1.3277'.
[  863.527318][T17906] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  863.545508][T17906] netlink: 7064 bytes leftover after parsing attributes in process `syz.1.3277'.
[  863.583834][T17906] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  863.610440][T17906] netlink: 7064 bytes leftover after parsing attributes in process `syz.1.3277'.
[  863.640773][T17906] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  863.661447][T17906] netlink: 7064 bytes leftover after parsing attributes in process `syz.1.3277'.
[  863.692203][T17906] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  863.729384][T17906] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  864.688383][T17933] netlink: 'syz.1.3284': attribute type 1 has an invalid length.
[  864.713810][T17934] netlink: 'syz.0.3285': attribute type 1 has an invalid length.
[  864.731965][T17933] netlink: 'syz.1.3284': attribute type 2 has an invalid length.
[  864.943596][ T5902] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  865.054478][T17946] bond1: option tlb_dynamic_lb: invalid value (16)
[  865.084140][T17946] bond1 (unregistering): Released all slaves
[  865.121107][ T5902] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  865.143520][ T5902] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  865.227620][T17953] x_tables: duplicate underflow at hook 4
[  865.235707][T17953] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[  865.275085][ T5902] usb 4-1: config 0 descriptor??
[  865.296131][ T5902] cp210x 4-1:0.0: cp210x converter detected
[  865.683834][ T5902] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32
[  865.694512][ T5902] cp210x 4-1:0.0: failed to get vendor val 0x370c size 73: -121
[  865.703214][ T5902] cp210x 4-1:0.0: GPIO initialisation failed: -121
[  865.743550][T17959] __nla_validate_parse: 59 callbacks suppressed
[  865.743577][T17959] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3291'.
[  865.794715][T17959] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3291'.
[  865.908699][T17938] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  865.949841][T17938] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  865.986926][ T5902] usb 4-1: cp210x converter now attached to ttyUSB0
[  866.023766][ T5902] usb 4-1: USB disconnect, device number 16
[  866.411015][ T5902] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  866.517294][T14936] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  866.998562][T14936] usb 2-1: Using ep0 maxpacket: 16
[  867.034225][ T5902] cp210x 4-1:0.0: device disconnected
[  867.053864][T14936] usb 2-1: config 0 has no interfaces?
[  867.063202][T14936] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  867.095723][T14936] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  867.231481][T17974] bond1: entered allmulticast mode
[  867.243481][T14936] usb 2-1: Manufacturer: syz
[  867.405592][T14936] usb 2-1: config 0 descriptor??
[  868.256367][   T29] audit: type=1326 audit(1775788099.968:2109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17986 comm="syz.3.3296" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa6f1b9c819 code=0x0
[  869.057955][ T5909] usb 2-1: USB disconnect, device number 9
[  869.090240][T17997] vcan0: tx address claim with dlc 0
[  869.481760][T18014] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3303'.
[  869.503664][T14936] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  869.663550][T14936] usb 3-1: Using ep0 maxpacket: 8
[  869.717656][T14936] usb 3-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  869.727281][T14936] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  869.743504][T14936] usb 3-1: Product: syz
[  870.013125][T14936] usb 3-1: Manufacturer: syz
[  870.035580][T14936] usb 3-1: SerialNumber: syz
[  870.214675][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  870.221124][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  870.282077][T14936] usb 3-1: config 0 descriptor??
[  870.319812][T14936] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state.
[  870.355973][T14936] pctv452e: pctv452e_power_ctrl: 1
[  870.355973][T14936] 
[  870.395146][T14936] usb 3-1: selecting invalid altsetting 3
[  870.436789][T18026] IPVS: set_ctl: invalid protocol: 255 100.1.1.2:20001
[  870.457579][T14936] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22
[  870.457579][T14936] 
[  870.512115][T14936] dvb-usb: bulk message failed: -22 (5/0)
[  870.565675][T14936] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  870.601044][T14936] dvbdev: DVB: registering new adapter (Technotrend TT Connect S2-3600)
[  870.639229][T14936] usb 3-1: media controller created
[  870.669908][T14936] dvb-usb: bulk message failed: -22 (8/0)
[  870.695858][T14936] pctv452e: I2C error -22; AA 01  A0 01 14 -> aa 01 31 04 a0 01 14
[  870.724342][T14936] dvb-usb: MAC address reading failed.
[  870.798668][T14936] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  871.146211][T18025] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  871.152614][T18025] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  871.160368][T18025] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  871.193225][T18025] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  871.224907][T14936] DVB: Unable to find symbol stb0899_attach()
[  871.239434][T18025] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  871.283545][T14936] dvb-usb: no frontend was attached by 'Technotrend TT Connect S2-3600'
[  871.513508][T14936] rc_core: IR keymap rc-tt-1500 not found
[  871.541996][T14936] Registered IR keymap rc-empty
[  871.546324][T18030] program syz.1.3306 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  871.592684][T14936] rc rc0: Technotrend TT Connect S2-3600 as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0
[  871.649554][T14936] input: Technotrend TT Connect S2-3600 as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0/input13
[  871.701261][T14936] dvb-usb: schedule remote query interval to 100 msecs.
[  871.729625][T14936] pctv452e: pctv452e_power_ctrl: 0
[  871.729625][T14936] 
[  871.751965][T14936] dvb-usb: Technotrend TT Connect S2-3600 successfully initialized and connected.
[  871.837632][T14936] dvb-usb: bulk message failed: -22 (4/0)
[  871.851084][T14936] dvb-usb: error -22 while querying for an remote control event.
[  872.004394][T14936] dvb-usb: bulk message failed: -22 (4/0)
[  872.018829][T14936] dvb-usb: error -22 while querying for an remote control event.
[  872.153622][T14936] dvb-usb: bulk message failed: -22 (4/0)
[  872.161926][ T5909] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  872.198101][T14936] dvb-usb: error -22 while querying for an remote control event.
[  872.330429][T14936] usb 3-1: USB disconnect, device number 34
[  872.405569][ T5909] usb 2-1: Using ep0 maxpacket: 16
[  872.429793][ T5909] usb 2-1: config 0 has no interfaces?
[  872.489412][ T5909] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55
[  872.509010][ T5909] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  872.523687][T12598] Bluetooth: hci0: command 0x0406 tx timeout
[  872.549005][ T5909] usb 2-1: Product: syz
[  872.624103][ T5909] usb 2-1: Manufacturer: syz
[  872.659657][T18043] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3309'.
[  872.793546][ T5909] usb 2-1: SerialNumber: syz
[  872.829602][T14936] dvb-usb: Technotrend TT Connect S2-3600 successfully deinitialized and disconnected.
[  872.842084][ T5909] usb 2-1: config 0 descriptor??
[  873.152336][ T5909] usb 2-1: USB disconnect, device number 10
[  873.233696][T12598] Bluetooth: hci3: command 0x0c1a tx timeout
[  873.240027][ T5828] Bluetooth: hci5: command 0x0c1a tx timeout
[  873.247625][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout
[  873.324902][T12598] Bluetooth: hci4: command 0x0c1a tx timeout
[  873.922562][T18049] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3310'.
[  874.353594][   T29] audit: type=1326 audit(1775788106.058:2110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18055 comm="syz.1.3314" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2070b9c819 code=0x0
[  875.018019][T18069] net_ratelimit: 57 callbacks suppressed
[  875.018043][T18069] openvswitch: netlink: VXLAN extension 14131 out of range max 1
[  875.353539][ T5909] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  875.604376][ T5909] usb 3-1: Using ep0 maxpacket: 16
[  875.665259][ T5909] usb 3-1: descriptor type invalid, skip
[  875.716678][ T5909] usb 3-1: config 0 has no interfaces?
[  875.725710][ T5909] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  875.755203][ T5909] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  875.763360][ T5909] usb 3-1: Product: syz
[  875.943353][ T5909] usb 3-1: Manufacturer: syz
[  875.973845][ T5909] usb 3-1: SerialNumber: syz
[  876.009088][ T5909] usb 3-1: config 0 descriptor??
[  876.235040][ T5909] usb 3-1: USB disconnect, device number 35
[  876.653499][  T796] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  876.823647][  T796] usb 4-1: Using ep0 maxpacket: 16
[  876.837293][  T796] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 4.00
[  876.849453][  T796] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  876.870499][  T796] usb 4-1: Product: syz
[  876.875523][T18092] ptrace attach of "./syz-executor exec"[16754] was attempted by "/dev/kvm                 ��      ��      ��      ��              ��      ��      ��                 ����                                                                                           �   
  
                                                                                                                                                                                  ����    �        
      �       
  �     
      @
                                                                              ����    ����$�                                                                                                                                                                                                                  �    "[18092]
[  876.963500][  T796] usb 4-1: Manufacturer: syz
[  876.968164][  T796] usb 4-1: SerialNumber: syz
[  877.008220][  T796] usb 4-1: config 0 descriptor??
[  877.036841][  T796] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[  877.071074][  T796] usb 4-1: Detected FT232B
[  877.343521][T14936] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  877.553085][T14936] usb 3-1: Using ep0 maxpacket: 32
[  877.619214][T14936] usb 3-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[  877.663601][T14936] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  877.677771][T14936] usb 3-1: Product: syz
[  877.683158][T14936] usb 3-1: Manufacturer: syz
[  877.693620][T14936] usb 3-1: SerialNumber: syz
[  877.721515][T14936] usb 3-1: config 0 descriptor??
[  877.744986][T14936] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[  877.952915][T14936] gspca_topro: reg_w err -71
[  878.010323][T14936] gspca_topro: Sensor soi763a
[  878.077477][T14936] usb 3-1: USB disconnect, device number 36
[  879.187808][T18118] loop8: detected capacity change from 0 to 7
[  879.209540][T18118] Dev loop8: unable to read RDB block 7
[  879.229168][T18118]  loop8: unable to read partition table
[  879.256798][   T29] audit: type=1326 audit(1775788110.968:2111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18115 comm="syz.1.3328" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2070b9c819 code=0x0
[  879.289585][T18118] loop8: partition table beyond EOD, truncated
[  879.311580][T18118] loop_reread_partitions: partition scan of loop8 (�被x�^>��� ) failed (rc=-5)
[  879.416425][  T796] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  879.478416][  T796] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  879.524945][  T796] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  879.563924][  T796] usb 4-1: USB disconnect, device number 17
[  879.612683][  T796] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  879.675552][  T796] ftdi_sio 4-1:0.0: device disconnected
[  880.061175][T17425] usb 3-1: new low-speed USB device number 37 using dummy_hcd
[  880.173898][T14936] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  880.213705][T17425] usb 3-1: device descriptor read/64, error -71
[  880.323463][T14936] usb 4-1: Using ep0 maxpacket: 16
[  880.335831][T14936] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  880.369339][T14936] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  880.395201][T14936] usb 4-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28
[  880.414606][T14936] usb 4-1: config 0 interface 0 has no altsetting 0
[  880.422763][T14936] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  880.432674][T14936] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  880.450594][T14936] usb 4-1: config 0 descriptor??
[  880.483525][T17425] usb 3-1: new low-speed USB device number 38 using dummy_hcd
[  880.623610][T17425] usb 3-1: device descriptor read/64, error -71
[  880.743919][T17425] usb usb3-port1: attempt power cycle
[  880.764117][T18146] faux_driver vgem: [drm] Unknown color mode 181; guessing buffer size.
[  880.900714][T14936] usbhid 4-1:0.0: can't add hid device: -71
[  880.921665][T14936] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  880.947819][T14936] usb 4-1: USB disconnect, device number 18
[  881.135115][T17425] usb 3-1: new low-speed USB device number 39 using dummy_hcd
[  881.174282][T17425] usb 3-1: device descriptor read/8, error -71
[  881.424143][T17425] usb 3-1: new low-speed USB device number 40 using dummy_hcd
[  881.464442][T17425] usb 3-1: device descriptor read/8, error -71
[  881.602768][T17425] usb usb3-port1: unable to enumerate USB device
[  881.956861][T18167] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3342'.
[  881.968288][T18167] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3342'.
[  882.457598][T18176] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3344'.
[  882.466849][   T29] audit: type=1326 audit(1775788114.168:2112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18172 comm="syz.1.3345" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2070b9c819 code=0x0
[  882.523589][T18176] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3344'.
[  882.577381][T18176] geneve2: entered promiscuous mode
[  882.582683][T18176] geneve2: entered allmulticast mode
[  883.303493][T11969] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  883.333710][T17425] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  883.495632][T11969] usb 3-1: config index 0 descriptor too short (expected 23569, got 27)
[  883.513598][T11969] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  883.538795][T17425] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  883.548481][T17425] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  883.560220][T11969] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  883.579719][T17425] usb 4-1: Product: syz
[  883.593458][T11969] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  883.601650][T17425] usb 4-1: Manufacturer: syz
[  883.611803][T11969] usb 3-1: Manufacturer: syz
[  883.616847][T17425] usb 4-1: SerialNumber: syz
[  883.644869][T11969] usb 3-1: config 0 descriptor??
[  883.657075][T18194] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  883.833528][T11969] rc_core: IR keymap rc-hauppauge not found
[  883.848663][T11969] Registered IR keymap rc-empty
[  883.877641][T11969] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  883.893326][T18197] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3353'.
[  883.918130][T18197] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3353'.
[  883.928252][T11969] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input14
[  884.121783][T17425] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  884.173569][T17425] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  884.215166][T17425] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[  884.256012][T17425] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  884.305308][T18207] netlink: 'syz.1.3356': attribute type 21 has an invalid length.
[  884.330359][T18207] IPv6: NLM_F_CREATE should be specified when creating new route
[  884.342978][T17425] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  884.374567][T18207] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  884.381918][T18207] IPv6: NLM_F_CREATE should be set when creating new route
[  884.389320][T18207] IPv6: NLM_F_CREATE should be set when creating new route
[  884.396666][T18207] IPv6: NLM_F_CREATE should be set when creating new route
[  884.437396][T17425] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -32
[  884.487991][    C1] igorplugusb 3-1:0.0: Error: urb status = -32
[  884.578847][T18185] syz.2.3348 (18185): drop_caches: 2
[  884.585447][T18185] syz.2.3348 (18185): drop_caches: 2
[  885.095606][T17425] usb 4-1: USB disconnect, device number 19
[  885.585538][T17425] usb 4-1: new full-speed USB device number 20 using dummy_hcd
[  885.636887][T18227] team0: entered allmulticast mode
[  885.642088][T18227] team_slave_0: entered allmulticast mode
[  885.648678][T18227] team_slave_1: entered allmulticast mode
[  885.664736][T18227] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  885.766060][T17425] usb 4-1: config 0 has an invalid interface number: 52 but max is 0
[  885.790554][T17425] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  885.828161][T17425] usb 4-1: config 0 has no interface number 0
[  885.842483][T17425] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 10
[  885.868001][T17425] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  885.900071][T17425] usb 4-1: config 0 interface 52 has no altsetting 0
[  885.919343][T17425] usb 4-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  885.935959][T17425] usb 4-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  885.939185][T16760] usb 3-1: USB disconnect, device number 41
[  885.959937][T17425] usb 4-1: Manufacturer: syz
[  885.987668][T17425] usb 4-1: config 0 descriptor??
[  886.006735][T17425] hub 4-1:0.52: bad descriptor, ignoring hub
[  886.018589][T17425] hub 4-1:0.52: probe with driver hub failed with error -5
[  886.258840][T17425] input: syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.52/input/input15
[  886.388894][T17425] usb 4-1: Failed to suspend device, error -71
[  886.412461][T17425] usb 4-1: USB disconnect, device number 20
[  887.449325][   T29] audit: type=1326 audit(1775788119.158:2113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18244 comm="syz.4.3366" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff87459c819 code=0x0
[  887.695995][T17573] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  887.893539][T17573] usb 3-1: Using ep0 maxpacket: 8
[  887.918620][T17573] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  888.333496][T17573] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  888.492221][T18239] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3364'.
[  888.511990][T17573] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  888.522589][T17573] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024
[  888.535804][T17573] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  888.546649][T17573] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  888.559998][T17573] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  888.606301][T17573] usb 3-1: config 0 descriptor??
[  888.629163][T18247] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  889.132165][T17573] usb 3-1: USB disconnect, device number 42
[  889.141401][T12598] Bluetooth: hci2: Opcode 0x0c03 failed: -19
[  889.348347][T18270] netlink: 'syz.0.3371': attribute type 1 has an invalid length.
[  889.594518][T18270] bond2: entered promiscuous mode
[  889.600203][T18270] 8021q: adding VLAN 0 to HW filter on device bond2
[  889.930158][T18279] ��: renamed from bond_slave_0
[  890.002608][T18288] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3376'.
[  890.073276][T15022] ------------[ cut here ]------------
[  890.079238][T15022] conntrack cleanup blocked for 60s
[  890.079268][T15022] WARNING: net/netfilter/nf_conntrack_core.c:2512 at nf_conntrack_cleanup_net_list+0x234/0x340, CPU#0: kworker/u8:0/15022
[  890.099342][T15022] Modules linked in:
[  890.104868][T15022] CPU: 0 UID: 0 PID: 15022 Comm: kworker/u8:0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  890.116162][T15022] Tainted: [L]=SOFTLOCKUP
[  890.120530][T15022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  890.130745][T15022] Workqueue: netns cleanup_net
[  890.135939][T15022] RIP: 0010:nf_conntrack_cleanup_net_list+0x234/0x340
[  890.142809][T15022] Code: 08 48 89 df e8 bd d6 64 f8 4c 8b 3b 49 39 df 74 69 e8 60 84 fa f7 45 31 e4 e9 8e fe ff ff e8 53 84 fa f7 48 8d 3d 6c cc 55 06 <67> 48 0f b9 3a eb c0 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c cd fe ff
[  890.162919][T15022] RSP: 0018:ffffc900037a78b0 EFLAGS: 00010293
[  890.169104][T15022] RAX: ffffffff89cb3b9d RBX: ffffc900037a7a50 RCX: ffff888053a85b80
[  890.177203][T15022] RDX: 0000000000000000 RSI: fffffffffffffffb RDI: ffffffff90210810
[  890.185249][T15022] RBP: 0000000000000002 R08: ffff88813fe0b403 R09: 1ffff11027fc1680
[  890.194809][T15022] R10: dffffc0000000000 R11: ffffed1027fc1681 R12: 0000000000000001
[  890.202966][T15022] R13: dffffc0000000000 R14: 000000010000e5be R15: 000000010000e5c3
[  890.212231][T15022] FS:  0000000000000000(0000) GS:ffff888125454000(0000) knlGS:0000000000000000
[  890.221445][T15022] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  890.228217][T15022] CR2: 0000200000385030 CR3: 000000007db4a000 CR4: 00000000003526f0
[  890.236360][T15022] Call Trace:
[  890.239671][T15022]  <TASK>
[  890.242744][T15022]  ? __pfx_nf_conntrack_pernet_exit+0x10/0x10
[  890.248901][T15022]  ops_undo_list+0x52b/0x940
[  890.253586][T15022]  ? __pfx_ops_undo_list+0x10/0x10
[  890.258799][T15022]  ? idr_destroy+0x218/0x290
[  890.263569][T15022]  ? do_raw_spin_unlock+0xf5/0x210
[  890.268768][T15022]  cleanup_net+0x56b/0x800
[  890.273206][T15022]  ? __pfx_cleanup_net+0x10/0x10
[  890.278231][T15022]  ? process_scheduled_works+0xa8d/0x18c0
[  890.284031][T15022]  ? process_scheduled_works+0xa8d/0x18c0
[  890.289827][T15022]  process_scheduled_works+0xb6e/0x18c0
[  890.296602][T15022]  ? __pfx_process_scheduled_works+0x10/0x10
[  890.302639][T15022]  ? assign_work+0x3d5/0x5e0
[  890.308005][T15022]  worker_thread+0xa53/0xfc0
[  890.312649][T15022]  kthread+0x388/0x470
[  890.316809][T15022]  ? __pfx_worker_thread+0x10/0x10
[  890.322113][T15022]  ? __pfx_kthread+0x10/0x10
[  890.326777][T15022]  ret_from_fork+0x51e/0xb90
[  890.331398][T15022]  ? __pfx_ret_from_fork+0x10/0x10
[  890.336567][T15022]  ? __switch_to+0xc7d/0x1450
[  890.341270][T15022]  ? __pfx_kthread+0x10/0x10
[  890.345921][T15022]  ret_from_fork_asm+0x1a/0x30
[  890.350763][T15022]  </TASK>
[  890.353892][T15022] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  890.361214][T15022] CPU: 0 UID: 0 PID: 15022 Comm: kworker/u8:0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  890.372604][T15022] Tainted: [L]=SOFTLOCKUP
[  890.376941][T15022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  890.387041][T15022] Workqueue: netns cleanup_net
[  890.391855][T15022] Call Trace:
[  890.395149][T15022]  <TASK>
[  890.398108][T15022]  vpanic+0x56c/0xa60
[  890.402122][T15022]  ? __pfx__printk+0x10/0x10
[  890.406742][T15022]  ? __pfx_vpanic+0x10/0x10
[  890.411257][T15022]  ? is_bpf_text_address+0x292/0x2b0
[  890.416578][T15022]  ? is_bpf_text_address+0x26/0x2b0
[  890.421904][T15022]  panic+0xc5/0xd0
[  890.425663][T15022]  ? __pfx_panic+0x10/0x10
[  890.430124][T15022]  ? ret_from_fork_asm+0x1a/0x30
[  890.435092][T15022]  __warn+0x315/0x4f0
[  890.439096][T15022]  ? nf_conntrack_cleanup_net_list+0x234/0x340
[  890.445294][T15022]  ? nf_conntrack_cleanup_net_list+0x234/0x340
[  890.451472][T15022]  __report_bug+0x29a/0x540
[  890.455996][T15022]  ? __lock_acquire+0x6b5/0x2cf0
[  890.460950][T15022]  ? nf_conntrack_cleanup_net_list+0x234/0x340
[  890.467127][T15022]  ? __pfx___report_bug+0x10/0x10
[  890.472193][T15022]  ? nf_conntrack_cleanup_net_list+0x13e/0x340
[  890.478379][T15022]  report_bug_entry+0x19a/0x290
[  890.483285][T15022]  ? nf_conntrack_cleanup_net_list+0x234/0x340
[  890.489491][T15022]  ? nf_conntrack_cleanup_net_list+0x239/0x340
[  890.496026][T15022]  handle_bug+0xce/0x200
[  890.500312][T15022]  exc_invalid_op+0x1a/0x50
[  890.504862][T15022]  asm_exc_invalid_op+0x1a/0x20
[  890.509729][T15022] RIP: 0010:nf_conntrack_cleanup_net_list+0x234/0x340
[  890.516513][T15022] Code: 08 48 89 df e8 bd d6 64 f8 4c 8b 3b 49 39 df 74 69 e8 60 84 fa f7 45 31 e4 e9 8e fe ff ff e8 53 84 fa f7 48 8d 3d 6c cc 55 06 <67> 48 0f b9 3a eb c0 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c cd fe ff
[  890.536157][T15022] RSP: 0018:ffffc900037a78b0 EFLAGS: 00010293
[  890.542408][T15022] RAX: ffffffff89cb3b9d RBX: ffffc900037a7a50 RCX: ffff888053a85b80
[  890.550410][T15022] RDX: 0000000000000000 RSI: fffffffffffffffb RDI: ffffffff90210810
[  890.558407][T15022] RBP: 0000000000000002 R08: ffff88813fe0b403 R09: 1ffff11027fc1680
[  890.566399][T15022] R10: dffffc0000000000 R11: ffffed1027fc1681 R12: 0000000000000001
[  890.574572][T15022] R13: dffffc0000000000 R14: 000000010000e5be R15: 000000010000e5c3
[  890.582761][T15022]  ? nf_conntrack_cleanup_net_list+0x22d/0x340
[  890.589063][T15022]  ? __pfx_nf_conntrack_pernet_exit+0x10/0x10
[  890.595153][T15022]  ops_undo_list+0x52b/0x940
[  890.599765][T15022]  ? __pfx_ops_undo_list+0x10/0x10
[  890.604935][T15022]  ? idr_destroy+0x218/0x290
[  890.609550][T15022]  ? do_raw_spin_unlock+0xf5/0x210
[  890.614710][T15022]  cleanup_net+0x56b/0x800
[  890.619147][T15022]  ? __pfx_cleanup_net+0x10/0x10
[  890.624104][T15022]  ? process_scheduled_works+0xa8d/0x18c0
[  890.630118][T15022]  ? process_scheduled_works+0xa8d/0x18c0
[  890.635873][T15022]  process_scheduled_works+0xb6e/0x18c0
[  890.641495][T15022]  ? __pfx_process_scheduled_works+0x10/0x10
[  890.647513][T15022]  ? assign_work+0x3d5/0x5e0
[  890.652149][T15022]  worker_thread+0xa53/0xfc0
[  890.656778][T15022]  kthread+0x388/0x470
[  890.660860][T15022]  ? __pfx_worker_thread+0x10/0x10
[  890.665990][T15022]  ? __pfx_kthread+0x10/0x10
[  890.670601][T15022]  ret_from_fork+0x51e/0xb90
[  890.675220][T15022]  ? __pfx_ret_from_fork+0x10/0x10
[  890.680359][T15022]  ? __switch_to+0xc7d/0x1450
[  890.685397][T15022]  ? __pfx_kthread+0x10/0x10
[  890.689995][T15022]  ret_from_fork_asm+0x1a/0x30
[  890.694786][T15022]  </TASK>
[  890.698431][T15022] Kernel Offset: disabled
[  890.702764][T15022] Rebooting in 86400 seconds..