last executing test programs:

6.284912873s ago: executing program 1 (id=5142):
r0 = socket$kcm(0x2b, 0x1, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000500)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x58, r1, 0x801, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x30, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee33908f8eef16f162471f4"}, @NL80211_KEY_TYPE={0x8}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}]}]}, 0x58}}, 0x0)

6.040043969s ago: executing program 1 (id=5146):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
socket$packet(0x11, 0x3, 0x300)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
pipe(&(0x7f0000000480)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x5761, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000400)={0x0, <r3=>0x0})
sched_setattr(r3, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000180)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x0}, 0x68)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r4, 0x0, 0x0)
sendmmsg$inet6(r4, &(0x7f00000018c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000240)=' ', 0x1}], 0x1}}], 0x2, 0x48800)
syz_usb_disconnect(0xffffffffffffffff)
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f00000000c0)='vegas\x00', 0x6)
shutdown(r4, 0x2)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x810)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f0000000240)={'fscrypt:', @desc3}, &(0x7f0000000280)={0x0, "33fbbddd13c71cef0039673fee38be02527dfd0f6d5ab7c93fb57fb979267c769600e74221b957ee319944bbb455f1d2fc9a58b4c8ff9861e2a7fff06c7bac04", 0x3a}, 0x48, 0xfffffffffffffff9)
keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f0000000300)={r7, 0xf1, 0x19}, &(0x7f0000000340)={'enc=', 'oaep', ' hash=', {'sha384-ce\x00'}}, &(0x7f00000004c0)="c03b7b99324987e13b57cd8e82d93c2990073626a20f7edc6f9248509f770b012bf4f9053f82d01c21a1742bf7bea6432baac3a2ad74bb8f93554b7b9dd872a4f403c0201abcad5ac888e0a3f814711e799dc61909220ddf8cdbe340e661cc9f0c03f243b1ac1de65ada0e87ddaeec177188455a3e7d820b71b958c12492dc4bdb6b115c0e69c38863c971c1849d81de4ce7c8600cacf44fffeb474f045c672007a15d45857c9540f0dda659649093fa7c5e529405a1f871397672d897ee7c51cf01f5b57926478630157cbab6364dd5deac288d4a6bd5a3eae9e32f21db7d78c7c58d3186397cee3280b782ceff2d650b", &(0x7f00000003c0)=""/25)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000000)={'bond0\x00', &(0x7f0000000040)=@ethtool_sfeatures={0x3b, 0x2, [{0x7ad8, 0x1}, {0xfffffffc, 0x80003}]}})

5.056047735s ago: executing program 2 (id=5154):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0, <r1=>0xffffffffffffffff}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x6, 0x10, &(0x7f00000004c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x800}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xf535}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0xb6}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x0, 0x10, 0x1, &(0x7f00000006c0)="051cf3b75a97acbf", &(0x7f0000000700)=""/8, 0xb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x1b)

4.926408281s ago: executing program 2 (id=5156):
r0 = socket$kcm(0x2b, 0x1, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000500)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x58, r1, 0x801, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x30, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee33908f8eef16f162471f4"}, @NL80211_KEY_TYPE={0x8}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}]}]}, 0x58}}, 0x0)

4.894079983s ago: executing program 2 (id=5158):
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000240)={0x0, 0xfffffffc, 0x10}, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00'})
sendmsg$nl_route(r0, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x4}, @NHA_ID={0x8, 0x6, 0xf2}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@newnexthop={0x24, 0x68, 0x1, 0x3, 0x80000004, {}, [@NHA_GROUP={0xc, 0x2, [{0x2, 0xfa}]}]}, 0x24}}, 0x4000)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x3e, &(0x7f0000000200)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x67, 0x0, @rand_addr, @multicast1}, @time_exceeded={0x21, 0x0, 0x0, 0x12, 0x0, 0x2802, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @multicast1}}}}}}, 0x0)

4.777699206s ago: executing program 2 (id=5160):
socket$nl_generic(0x10, 0x3, 0x10)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb45, 0x100000000009, 0xa, 0x0, 0x3}, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x22000, 0x0)
listen(0xffffffffffffffff, 0x0)
unshare(0x28040680)
r2 = timerfd_create(0x0, 0x0)
timerfd_gettime(r2, &(0x7f0000000000))
r3 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x60040, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, 0x0, 0x20004804)
sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@delchain={0x24, 0x66, 0x1, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff3}, {}, {0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x5, 0x6, 0x8, 0xad, 0x0, 0xffffffffffffffff, 0x4000000}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0xd, 0x2, 0x4, 0x4002, 0x5, r8, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x8000000}, 0x50)

4.06501942s ago: executing program 0 (id=5166):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="00001000252155b21c00"], 0x3c}}, 0x40000)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c000000100003050000003efcffffff00000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001400128009000100626f6e64000000000400028008000a00", @ANYRES32=r2, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x4)
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x20088814}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x59)
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x4, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

3.339011434s ago: executing program 1 (id=5168):
r0 = socket$kcm(0x2b, 0x1, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000500)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x58, r1, 0x801, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x30, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee33908f8eef16f162471f4"}, @NL80211_KEY_TYPE={0x8}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}]}]}, 0x58}}, 0x0)

3.23457176s ago: executing program 2 (id=5171):
syz_usb_control_io$lan78xx(0xffffffffffffffff, &(0x7f0000000080)={0xc, &(0x7f0000000100)={0x0, 0x22, 0x82, {0x82, 0x11, "62e65e02ed179a0572f3159f66cef6b012459e2b0bc4c7c85a50ab5ae68a8710aa8067a51bff9213ca3dde9a4978cbf39b3056d42f25f622e5d208f665642f4820d50e69928ebc1ed3d5d82632162aae0869193950f6f6b364f2efce9cf897c9a17d87e981f0d3af236992378bd2076df1b1545e4ac7a82a8e87e7de5e91f1c0"}}, 0x0}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
rseq(0xfffffffffffffffe, 0xfffffffffffffecd, 0x0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="b57523cb1a2c90d8acad2e2d98dfc9ea7a5843c3b63b683ced2b3266175599b779617e66e6b3e15c042be90635a2d36160bbf9a2edcacc0bbe015b84150a1928de94397894ff36aa430fc2a0814ba634308d6d0837250dfd1eca5383f9d151449743b1a0c4ffc51242a229c5d6d06f147a61d797ea7ffeda95b76f5623", 0x7d}, {&(0x7f00000001c0)="66f7", 0x3}, {&(0x7f0000000300)='l3', 0x7fffefcd}], 0x3}], 0x1, 0x0)

3.228423265s ago: executing program 0 (id=5172):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)={0x44, 0x0, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x9c}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5}]}, 0x44}}, 0x0)

3.110733544s ago: executing program 1 (id=5174):
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a2d0000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073f97a310000000008000440080000000900010073797a30000000000800034000"], 0x64}, 0x1, 0x0, 0x0, 0x814}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000150a03f5"], 0x34}}, 0x0)

3.039597901s ago: executing program 0 (id=5176):
r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
bind$rds(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x20, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0xc, 0x2, 0x0, 0x0, @str='nl80211\x00'}]}, 0x20}}, 0x0)
recvmmsg(r3, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/189, 0xbd}, {&(0x7f00000003c0)=""/152, 0x98}, {&(0x7f0000000480)=""/4096, 0x1000}], 0x3}}], 0x7, 0x0, 0x0)
mkdir(0x0, 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
write$FUSE_CREATE_OPEN(0xffffffffffffffff, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000080)=0x2, 0x7f03)
chdir(0x0)
r4 = open(0x0, 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r4, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x0, 0x9, 0x20ff, 0x1, 0x89, 0xd612, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0)

2.736304964s ago: executing program 1 (id=5179):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x6, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000380)={'syztnl1\x00', &(0x7f0000000300)={'syztnl0\x00', <r1=>0x0, 0x4, 0x69, 0x6, 0x5, 0x8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private0, 0x8000, 0x700, 0x8, 0xfffffff7}})
r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000003c0)=0xffffffffffffffff, 0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x6, 0x12, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x1ff}, [@call={0x85, 0x0, 0x0, 0x9f}, @tail_call, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, &(0x7f0000000080)='syzkaller\x00', 0x85e, 0x18, &(0x7f00000002c0)=""/24, 0x41000, 0x3, '\x00', r1, 0x25, r2, 0x8, &(0x7f0000000400)={0x6, 0x4}, 0x8, 0x10, &(0x7f0000000440)={0x5, 0x10, 0x9}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000480)=[{0x1, 0x1, 0xc, 0xc}], 0x10, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
setpriority(0x0, 0x0, 0x10000)
epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x7, 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000000580), 0x4, 0x14000)
getpgid(0x0)

2.606242709s ago: executing program 3 (id=5180):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=ANY=[@ANYBLOB="540000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="15020000fe0f00001c00128009000100766c616e000000000c000280060001000000000008000500", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="080004"], 0x54}, 0x1, 0xba01, 0x0, 0x11}, 0x4000000)

2.605813044s ago: executing program 1 (id=5181):
r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x1e, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0x100f}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4004840}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000000))
socket$inet(0x2, 0x3, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x8)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x2001, 0x0)
r6 = ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r6)

2.357047524s ago: executing program 3 (id=5183):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="00001000252155b21c00"], 0x3c}}, 0x40000)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c000000100003050000003efcffffff00000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001400128009000100626f6e64000000000400028008000a00", @ANYRES32=r2, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x4)
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x20088814}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x59)
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x4, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

1.766760907s ago: executing program 0 (id=5186):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'sit0\x00'})
sendmsg$nl_route(r1, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x4}, @NHA_ID={0x8, 0x6, 0xf2}]}, 0x28}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@newnexthop={0x24, 0x68, 0x1, 0x3, 0x80000004, {}, [@NHA_GROUP={0xc, 0x2, [{0x2, 0xfa}]}]}, 0x24}}, 0x4000)
bind$inet6(r0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x3e, &(0x7f0000000200)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x67, 0x0, @rand_addr, @multicast1}, @time_exceeded={0x21, 0x0, 0x0, 0x12, 0x0, 0x2802, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @multicast1}}}}}}, 0x0)

1.717771948s ago: executing program 4 (id=5187):
r0 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)={0x44, r0, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x9c}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5}]}, 0x44}}, 0x0)

1.646984113s ago: executing program 0 (id=5188):
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x40880)
syz_emit_ethernet(0xfdef, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xfde1, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0xfdcd, 0x0, @wg=@data}}}}}, 0x0)

1.645397473s ago: executing program 3 (id=5189):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0xa000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x10000, 0x100000, 0xd, 0x0, 0x0, 0x0, 0x0, 0x80}, {0x0, 0x2000, 0xf, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5}, {0x33320000, 0xdddd0000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x27, 0x0, 0x4}, {0x1000, 0xffff1000, 0xf, 0xb, 0x0, 0x0, 0x0, 0xfc}, {0x0, 0x6000, 0xc, 0x9, 0x0, 0x10, 0x0, 0x0, 0x21, 0x0, 0x4}, {0x0, 0x10000, 0x0, 0x7, 0x0, 0xfd, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x5, 0x38, 0x2, 0x0, 0x8}, {0x3000, 0x1000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x2000, 0x400}, {}, 0xddf8ffdb, 0x0, 0x80a0000, 0x100, 0x8, 0xc000, 0x3000, [0x2, 0x0, 0x2]})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x63a42, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xe, 0x4, 0x8, 0x8, 0x4}, 0x50)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffe0}, {0xe, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0xfffffffd, {0x0, 0x0, 0x0, r5, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)

1.572256358s ago: executing program 4 (id=5190):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r1 = dup3(0xffffffffffffffff, r0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000540)={0x10, 0x0, &(0x7f0000000440)=[@request_death={0x400c6313}], 0x0, 0x1000000, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000640)={0x8, 0x0, &(0x7f0000000000)=[@decrefs={0x400c6313}], 0x0, 0x0, 0x0})

1.49277683s ago: executing program 0 (id=5191):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
open_by_handle_at(r2, &(0x7f0000000000)=@FILEID_NILFS_WITHOUT_PARENT={0x20, 0x61, {0x200, 0x0, 0xcb1a, 0x8, 0x7fff}}, 0x1)

1.258173814s ago: executing program 4 (id=5192):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000540)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fd", 0x1}], 0x1, 0x0, 0x0, 0x804c044}, 0x881)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000140)={0x9, 0x3, 0x4, 0x5}, 0x10)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(0xffffffffffffffff, &(0x7f0000000180)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x29fdf)

1.115244673s ago: executing program 4 (id=5193):
r0 = socket$unix(0x1, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00'})
r2 = syz_clone(0x24008000, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages(r2, 0x1, &(0x7f0000000040)=[&(0x7f0000e85000/0x2000)=nil], 0x0, &(0x7f0000000000), 0x0)
r3 = syz_open_dev$cec(&(0x7f00000002c0), 0x0, 0x181800)
ioctl$CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x5, 0x4a, 0x8, 0x1ff, "2178d46fd08e3c0ced34c7d0c7e6d7", "5679d197", '\x00\x00\x00\b', "22ff2100", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "f6380000000000000000a93c"]})
ioctl$CEC_TRANSMIT(r3, 0xc0386105, &(0x7f0000000d40)={0xc, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x4063, "5700ed00", 0x0, 0x0, 0x0, 0x0, 0x5, 0x2})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
socket$inet_sctp(0x2, 0x5, 0x84)

1.10183104s ago: executing program 3 (id=5194):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)={0x30, r1, 0x103, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_CIPHER_SUITE_GROUP={0x8, 0x4a, 0xfac0b}]]}, 0x30}, 0x1, 0x0, 0x0, 0x48c0}, 0x4000000)

892.722039ms ago: executing program 4 (id=5195):
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000340)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x33, 0xea5, '.\x00'}})

815.196595ms ago: executing program 2 (id=5196):
r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
bind$rds(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x20, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0xc, 0x2, 0x0, 0x0, @str='nl80211\x00'}]}, 0x20}}, 0x0)
recvmmsg(r3, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/189, 0xbd}, {&(0x7f00000003c0)=""/152, 0x98}, {&(0x7f0000000480)=""/4096, 0x1000}], 0x3}}], 0x7, 0x0, 0x0)
mkdir(0x0, 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
write$FUSE_CREATE_OPEN(0xffffffffffffffff, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000080)=0x2, 0x7f03)
chdir(0x0)
r4 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r4, 0x0, 0x0)

814.628349ms ago: executing program 3 (id=5197):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000740)=@newtaction={0x12c, 0x30, 0x1, 0x0, 0x25dfdbfb, {}, [{0x118, 0x1, [@m_vlan={0xe4, 0x0, 0x0, 0x0, {{0x9}, {0x58, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x9, 0x4, 0x4, 0x9, 0x6}, 0x3}}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x1ff, 0x2, 0x5, 0x2}, 0x3}}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0xfffffff7, 0x5, 0x20000000, 0x0, 0x9}, 0x3}}]}, {0x64, 0x6, "c27cce03b9f1e262a787e280ccf72f0c48e17ce31151d5b6789ad78d09ff6b393fb6e7f41168fe90955d55c0ca786029569b3c8e26edbc1375f0136ccb0f72fe0086d431da1606f841614ed72174ff01be04ec8d0d93115771b63430c567a2c5"}, {0xc, 0x7, {0xa8cb2d5242487e}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_gact={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x12c}}, 0x8000)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r4, &(0x7f0000000000), 0x18)
sendmsg$can_j1939(r4, &(0x7f00000002c0)={&(0x7f00000000c0)={0x1d, 0x0, 0x2, {0x0, 0x409ee07df186b7eb}}, 0x18, &(0x7f00000004c0)={0x0}, 0x1, 0x0, 0x0, 0x4004044}, 0x0)

159.42262ms ago: executing program 3 (id=5198):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = syz_io_uring_setup(0x460, &(0x7f0000000480)={0x0, 0x40000020, 0x10, 0x2, 0x1ef}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000000)=<r5=>0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r7, &(0x7f0000000240)=ANY=[@ANYBLOB], 0x9)
sendmsg$IPSET_CMD_LIST(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x2f, 0x1, 0x0, 0x4}]}, 0x8)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x7b, 0x0, 0x0, 0x0, &(0x7f0000011000/0x4000)=nil, 0x4000, 0xc})
io_uring_enter(r3, 0x47bc, 0x0, 0x0, 0x0, 0xffffffffffffff8a)

0s ago: executing program 4 (id=5199):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
openat$rfkill(0xffffff9c, &(0x7f0000000040), 0xb01002, 0x0)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(0xffffffffffffffff, 0x40045402, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x8, 0x0, 0x8}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in=@remote, 0x2, 0x6c}, 0x0, @in=@empty, 0x0, 0x5, 0x0, 0xb7}}, 0xe8)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0)

kernel console output (not intermixed with test programs):

.082587][ T5920] usb 4-1: config 0 has no interface number 0
[  578.096081][ T5920] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  578.115307][T10229] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  578.123606][ T5920] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  578.132681][T10229] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  578.154967][T10229] usb 3-1: USB disconnect, device number 42
[  578.157959][ T5920] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  578.198865][ T5920] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  578.229521][ T5920] usb 4-1: Product: syz
[  578.234085][ T5920] usb 4-1: SerialNumber: syz
[  578.265584][ T5920] usb 4-1: config 0 descriptor??
[  578.283003][T10229] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  578.287422][ T5920] cm109 4-1:0.8: invalid payload size 0, expected 4
[  578.304698][ T5920] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input25
[  578.536946][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  578.544271][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  578.551441][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  578.558617][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  578.595601][ T5920] usb 4-1: USB disconnect, device number 43
[  578.601588][    C0] cm109 4-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  578.654449][ T5920] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  579.363431][T15574] netlink: 348 bytes leftover after parsing attributes in process `syz.4.3443'.
[  579.387899][   T30] kauditd_printk_skb: 85 callbacks suppressed
[  579.387916][   T30] audit: type=1326 audit(1756867462.087:756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15573 comm="syz.4.3443" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  579.450812][   T30] audit: type=1326 audit(1756867462.127:757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15573 comm="syz.4.3443" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  579.530080][   T30] audit: type=1326 audit(1756867462.127:758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15573 comm="syz.4.3443" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf702e539 code=0x7ffc0000
[  579.585642][   T30] audit: type=1326 audit(1756867462.127:759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15573 comm="syz.4.3443" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  579.623288][T15583] unsupported nla_type 52263
[  579.659375][   T30] audit: type=1326 audit(1756867462.127:760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15573 comm="syz.4.3443" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  579.741492][   T30] audit: type=1326 audit(1756867462.127:761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15573 comm="syz.4.3443" exe="/root/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf702e539 code=0x7ffc0000
[  579.831291][   T30] audit: type=1326 audit(1756867462.127:762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15573 comm="syz.4.3443" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  579.865700][T15587] syzkaller1: entered promiscuous mode
[  579.871247][T15587] syzkaller1: entered allmulticast mode
[  579.879004][   T30] audit: type=1326 audit(1756867462.127:763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15573 comm="syz.4.3443" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  579.919712][   T30] audit: type=1326 audit(1756867462.127:764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15573 comm="syz.4.3443" exe="/root/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf702e539 code=0x7ffc0000
[  579.953695][   T30] audit: type=1326 audit(1756867462.127:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15573 comm="syz.4.3443" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  580.338793][T15614] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  581.645376][T15675] __nla_validate_parse: 10 callbacks suppressed
[  581.645398][T15675] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3485'.
[  581.689840][T15675] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3485'.
[  581.704997][T15675] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3485'.
[  582.032957][T15681] tipc: Started in network mode
[  582.040835][T15681] tipc: Node identity 7247eda0c72c, cluster identity 4711
[  582.089383][T15681] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  582.194026][T15697] syzkaller0: entered promiscuous mode
[  582.199542][T15697] syzkaller0: entered allmulticast mode
[  582.364622][T15681] tipc: Resetting bearer <eth:syzkaller0>
[  582.389833][T15680] tipc: Resetting bearer <eth:syzkaller0>
[  582.494188][T15680] tipc: Disabling bearer <eth:syzkaller0>
[  582.729834][T15717] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3497'.
[  582.781472][T15717] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3497'.
[  582.814272][T15717] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3497'.
[  583.496219][T15735] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3505'.
[  583.512838][T15730] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3499'.
[  583.972479][T10230] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  584.022768][T15749] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3511'.
[  584.046411][T15749] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3511'.
[  584.148021][T10230] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  584.191812][T10230] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  584.221044][T15752] netlink: 'syz.4.3512': attribute type 13 has an invalid length.
[  584.229087][T10230] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  584.244257][T15752] netlink: 'syz.4.3512': attribute type 14 has an invalid length.
[  584.253437][T10230] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  584.272438][T10230] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  584.299534][T10230] usb 3-1: config 0 descriptor??
[  584.826978][T10230] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  584.838368][T10230] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  584.874194][T10230] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  584.882733][T10230] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  584.952669][T10230] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  585.002574][T10230] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  585.051185][T10230] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  585.103137][T10230] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  585.110581][T10230] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  585.131868][T10230] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  585.205660][T10230] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  585.297960][T10230] usb 3-1: USB disconnect, device number 43
[  585.486033][T15769] fido_id[15769]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  586.789424][T15797] __nla_validate_parse: 7 callbacks suppressed
[  586.789444][T15797] netlink: 332 bytes leftover after parsing attributes in process `syz.0.3530'.
[  587.413667][T15801] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3531'.
[  587.446393][T15801] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3531'.
[  587.806038][T15809] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3535'.
[  587.815116][T10230] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  587.869875][T15809] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3535'.
[  587.880802][T15809] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3535'.
[  587.984370][T10230] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  587.995668][T10230] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  588.011898][T10230] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  588.030575][T10230] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  588.043499][T10230] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  588.082772][T10230] usb 1-1: config 0 descriptor??
[  588.285607][   T30] kauditd_printk_skb: 55 callbacks suppressed
[  588.285623][   T30] audit: type=1326 audit(1756867470.987:821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15818 comm="syz.3.3540" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000
[  588.354105][   T30] audit: type=1326 audit(1756867471.017:822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15818 comm="syz.3.3540" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000
[  588.402370][   T30] audit: type=1326 audit(1756867471.017:823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15818 comm="syz.3.3540" exe="/root/syz-executor" sig=0 arch=40000003 syscall=321 compat=1 ip=0xf709e539 code=0x7ffc0000
[  588.472525][   T30] audit: type=1326 audit(1756867471.017:824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15818 comm="syz.3.3540" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000
[  588.557178][T10230] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  588.572572][   T30] audit: type=1326 audit(1756867471.017:825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15818 comm="syz.3.3540" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000
[  588.682550][   T30] audit: type=1326 audit(1756867471.017:826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15818 comm="syz.3.3540" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf709e539 code=0x7ffc0000
[  588.820871][   T30] audit: type=1326 audit(1756867471.017:827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15818 comm="syz.3.3540" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000
[  588.856595][T10234] usb 1-1: USB disconnect, device number 39
[  588.886416][   T30] audit: type=1326 audit(1756867471.017:828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15818 comm="syz.3.3540" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000
[  588.910413][   T30] audit: type=1326 audit(1756867471.027:829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15818 comm="syz.3.3540" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf709e539 code=0x7ffc0000
[  589.021489][   T30] audit: type=1326 audit(1756867471.027:830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15818 comm="syz.3.3540" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000
[  589.245716][T15835] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3539'.
[  589.636821][T15842] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3548'.
[  589.669854][T15842] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3548'.
[  589.696654][T15842] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3548'.
[  589.907670][T15852] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  589.923239][T15851] IPVS: stopping master sync thread 15852 ...
[  590.490436][T15665] Set syz1 is full, maxelem 65536 reached
[  592.042935][T15912] __nla_validate_parse: 6 callbacks suppressed
[  592.042949][T15912] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3573'.
[  592.073920][T15913] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3558'.
[  592.125716][T15912] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3573'.
[  592.149659][T15912] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3573'.
[  592.174805][T15912] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3573'.
[  592.676947][T15933] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3584'.
[  593.324969][T15945] netlink: 14 bytes leftover after parsing attributes in process `syz.2.3586'.
[  593.339256][   T30] kauditd_printk_skb: 42 callbacks suppressed
[  593.339274][   T30] audit: type=1326 audit(1756867476.007:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15940 comm="syz.2.3586" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f41539 code=0x7ffc0000
[  593.638981][   T30] audit: type=1326 audit(1756867476.007:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15940 comm="syz.2.3586" exe="/root/syz-executor" sig=0 arch=40000003 syscall=425 compat=1 ip=0xf7f41539 code=0x7ffc0000
[  593.677353][   T30] audit: type=1326 audit(1756867476.007:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15940 comm="syz.2.3586" exe="/root/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7f41539 code=0x7ffc0000
[  593.722535][   T30] audit: type=1326 audit(1756867476.007:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15940 comm="syz.2.3586" exe="/root/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7f41539 code=0x7ffc0000
[  593.816542][   T30] audit: type=1326 audit(1756867476.017:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15940 comm="syz.2.3586" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f41539 code=0x7ffc0000
[  593.892216][   T30] audit: type=1326 audit(1756867476.017:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15940 comm="syz.2.3586" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f41539 code=0x7ffc0000
[  593.938045][   T30] audit: type=1326 audit(1756867476.017:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15940 comm="syz.2.3586" exe="/root/syz-executor" sig=0 arch=40000003 syscall=426 compat=1 ip=0xf7f41539 code=0x7ffc0000
[  594.013902][   T30] audit: type=1326 audit(1756867476.027:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15940 comm="syz.2.3586" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f41539 code=0x7ffc0000
[  594.036782][T15962] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3591'.
[  594.056806][T15962] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3591'.
[  594.078501][T15962] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3591'.
[  594.092903][   T30] audit: type=1326 audit(1756867476.027:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15940 comm="syz.2.3586" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f41539 code=0x7ffc0000
[  594.147701][   T30] audit: type=1326 audit(1756867476.027:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15940 comm="syz.2.3586" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f41539 code=0x7ffc0000
[  594.223479][T15945] bond0 (unregistering): Released all slaves
[  594.651447][T15984] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  596.153326][T16034] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  597.197160][T16070] __nla_validate_parse: 7 callbacks suppressed
[  597.197181][T16070] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3625'.
[  597.254394][T16073] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  597.270025][T16072] IPVS: stopping master sync thread 16073 ...
[  597.394794][T16077] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  597.693395][T16092] sg_write: data in/out 63015/8 bytes for SCSI command 0x7f-- guessing data in;
[  597.693395][T16092]    program syz.2.3644 not setting count and/or reply_len properly
[  597.867272][T16094] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3646'.
[  598.272792][T16105] IPVS: stopping master sync thread 16107 ...
[  598.275090][T16107] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  598.867333][   T30] kauditd_printk_skb: 58 callbacks suppressed
[  598.867351][   T30] audit: type=1326 audit(1756867481.567:941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16130 comm="syz.4.3662" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  598.958393][   T30] audit: type=1326 audit(1756867481.567:942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16130 comm="syz.4.3662" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  599.049929][   T30] audit: type=1326 audit(1756867481.567:943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16130 comm="syz.4.3662" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf702e539 code=0x7ffc0000
[  599.142385][   T30] audit: type=1326 audit(1756867481.567:944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16130 comm="syz.4.3662" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  599.201497][   T30] audit: type=1326 audit(1756867481.577:945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16130 comm="syz.4.3662" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf702e539 code=0x7ffc0000
[  599.292679][   T30] audit: type=1326 audit(1756867481.577:946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16130 comm="syz.4.3662" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  599.416543][   T30] audit: type=1326 audit(1756867481.577:947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16130 comm="syz.4.3662" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf702e539 code=0x7ffc0000
[  599.473792][   T30] audit: type=1326 audit(1756867481.577:948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16130 comm="syz.4.3662" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  599.496685][   T30] audit: type=1326 audit(1756867481.577:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16130 comm="syz.4.3662" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  599.527728][T16144] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3661'.
[  599.554988][   T30] audit: type=1326 audit(1756867481.577:950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16130 comm="syz.4.3662" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf702e539 code=0x7ffc0000
[  600.055871][T16166] team_slave_0: entered promiscuous mode
[  600.063359][T16166] ipvlan0: entered promiscuous mode
[  600.069547][T16166] ipvlan0: left promiscuous mode
[  600.076254][T16166] team_slave_0: left promiscuous mode
[  600.222037][T16141] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  600.230562][T16141] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  600.244023][T16141] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  600.252014][T16141] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  600.265089][T16171] $Hÿ: renamed from bond0
[  600.274420][T16141] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  600.283462][T16171] $Hÿ: entered promiscuous mode
[  600.283817][T16141] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  600.296986][T16141] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  600.305071][T16141] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  600.313451][T16141] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  600.319503][T16141] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  600.328402][T16141] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  600.336080][T16141] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  600.342098][T16141] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  600.353594][T16141] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  600.362828][T16146] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  601.004795][T16197] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3680'.
[  601.368049][T16213] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3695'.
[  601.393734][T16213] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3695'.
[  601.429373][T16213] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3695'.
[  601.479463][T16213] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3695'.
[  601.616333][ T5862] Bluetooth: hci0: command 0x0406 tx timeout
[  602.253334][ T5862] Bluetooth: hci1: command 0x0c1a tx timeout
[  602.333400][ T5862] Bluetooth: hci2: command 0x0c1a tx timeout
[  602.333499][T14218] Bluetooth: hci5: command 0x0c1a tx timeout
[  602.385427][T10230] hid_parser_main: 20 callbacks suppressed
[  602.385448][T10230] hid-generic 0000:3000000:0000.0010: unknown main item tag 0x4
[  602.422427][T14218] Bluetooth: hci3: command 0x0c1a tx timeout
[  602.422564][T10230] hid-generic 0000:3000000:0000.0010: unknown main item tag 0x2
[  602.452432][T10230] hid-generic 0000:3000000:0000.0010: unknown main item tag 0x3
[  602.487939][T10230] hid-generic 0000:3000000:0000.0010: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[  602.608822][T16245] fido_id[16245]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  602.966268][T16255] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3708'.
[  602.990900][T16256] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3713'.
[  603.692526][T14218] Bluetooth: hci0: command 0x0406 tx timeout
[  603.903601][T16294] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3730'.
[  603.913431][T16294] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3730'.
[  603.940030][T16296] netlink: 'syz.1.3733': attribute type 1 has an invalid length.
[  603.959062][T16296] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3733'.
[  604.139558][   T30] kauditd_printk_skb: 73 callbacks suppressed
[  604.139576][   T30] audit: type=1326 audit(1756867486.837:1024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16298 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  604.249498][   T30] audit: type=1326 audit(1756867486.867:1025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16298 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  604.335325][T14218] Bluetooth: hci1: command 0x0c1a tx timeout
[  604.342921][   T30] audit: type=1326 audit(1756867486.867:1026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16298 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=40000003 syscall=145 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  604.368892][   T30] audit: type=1326 audit(1756867486.867:1027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16298 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  604.393976][   T30] audit: type=1326 audit(1756867486.867:1028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16298 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  604.420680][T14218] Bluetooth: hci5: command 0x0c1a tx timeout
[  604.428350][ T5862] Bluetooth: hci2: command 0x0c1a tx timeout
[  604.435191][   T30] audit: type=1326 audit(1756867486.867:1029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16298 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  604.494927][ T5862] Bluetooth: hci3: command 0x0c1a tx timeout
[  604.695400][T16314] netlink: 100 bytes leftover after parsing attributes in process `syz.4.3737'.
[  604.872558][T16322] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3741'.
[  604.895230][T16322] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3741'.
[  604.915770][T16322] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3741'.
[  604.933296][T16322] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3741'.
[  605.533388][   T30] audit: type=1326 audit(1756867488.227:1030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16340 comm="syz.0.3749" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  605.610831][   T30] audit: type=1326 audit(1756867488.227:1031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16340 comm="syz.0.3749" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  605.683081][   T30] audit: type=1326 audit(1756867488.227:1032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16340 comm="syz.0.3749" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  605.759837][   T30] audit: type=1326 audit(1756867488.237:1033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16340 comm="syz.0.3749" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  606.045077][T16348] tipc: Can't bind to reserved service type 1
[  606.433277][ T5862] Bluetooth: hci1: command 0x0c1a tx timeout
[  606.493781][ T5862] Bluetooth: hci2: command 0x0c1a tx timeout
[  606.493799][T14218] Bluetooth: hci5: command 0x0c1a tx timeout
[  606.572617][ T5862] Bluetooth: hci3: command 0x0c1a tx timeout
[  606.872097][T16370] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  606.872157][T16368] IPVS: stopping master sync thread 16370 ...
[  608.154686][T16404] syzkaller0: entered allmulticast mode
[  608.206429][T16404] syzkaller0 (unregistering): left allmulticast mode
[  608.249460][T16407] __nla_validate_parse: 9 callbacks suppressed
[  608.249479][T16407] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3777'.
[  608.292886][T16407] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3777'.
[  608.319668][T16407] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3777'.
[  608.372389][T16407] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3777'.
[  609.156493][T16433] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  609.274444][T16436] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3790'.
[  609.323165][T16436] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3790'.
[  609.379418][T16436] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3790'.
[  609.402395][T16436] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3790'.
[  609.653809][T16445] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3784'.
[  609.671539][T16447] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3794'.
[  609.724304][T16447] ip6gre1: entered allmulticast mode
[  609.982962][   T30] kauditd_printk_skb: 278 callbacks suppressed
[  609.982991][   T30] audit: type=1326 audit(1756867492.687:1312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16454 comm="syz.0.3797" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  610.092508][   T30] audit: type=1326 audit(1756867492.687:1313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16454 comm="syz.0.3797" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  610.115929][   T30] audit: type=1326 audit(1756867492.727:1314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16454 comm="syz.0.3797" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  610.143632][   T30] audit: type=1326 audit(1756867492.727:1315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16454 comm="syz.0.3797" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  610.167195][   T30] audit: type=1326 audit(1756867492.727:1316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16454 comm="syz.0.3797" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  610.193301][   T30] audit: type=1326 audit(1756867492.727:1317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16454 comm="syz.0.3797" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  610.216656][   T30] audit: type=1326 audit(1756867492.727:1318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16454 comm="syz.0.3797" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  610.240552][   T30] audit: type=1326 audit(1756867492.727:1319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16454 comm="syz.0.3797" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  610.272394][   T30] audit: type=1326 audit(1756867492.727:1320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16454 comm="syz.0.3797" exe="/root/syz-executor" sig=0 arch=40000003 syscall=9 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  610.295060][   T30] audit: type=1326 audit(1756867492.727:1321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16454 comm="syz.0.3797" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  610.984743][T16492] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  610.996021][T16491] IPVS: stopping master sync thread 16492 ...
[  612.573236][T16540] tipc: Started in network mode
[  612.578156][T16540] tipc: Node identity 82121128dbe3, cluster identity 4711
[  612.612636][T16540] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  612.659900][T16540] syzkaller0: entered promiscuous mode
[  612.672388][T16540] syzkaller0: entered allmulticast mode
[  612.793659][T16540] tipc: Resetting bearer <eth:syzkaller0>
[  612.825693][T16539] tipc: Resetting bearer <eth:syzkaller0>
[  612.875488][T16539] tipc: Disabling bearer <eth:syzkaller0>
[  613.229213][T16567] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  613.828739][T16558] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  613.835545][T16558] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  613.848163][T16558] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  613.855093][T16589] bond0: (slave syz_tun): Releasing backup interface
[  613.862838][T16558] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  613.869321][T16558] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  614.142415][  T121] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  614.342421][  T121] usb 4-1: device descriptor read/64, error -71
[  614.582544][  T121] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  614.598540][T16612] __nla_validate_parse: 7 callbacks suppressed
[  614.598560][T16612] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3860'.
[  614.619448][T16610] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3859'.
[  614.624634][T16612] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3860'.
[  614.684651][T16614] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3859'.
[  614.759647][  T121] usb 4-1: device descriptor read/64, error -71
[  614.787316][T16619] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3863'.
[  614.894455][  T121] usb usb4-port1: attempt power cycle
[  615.175981][ T5862] Bluetooth: hci0: command 0x0406 tx timeout
[  615.243147][  T121] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  615.294658][  T121] usb 4-1: device descriptor read/8, error -71
[  615.363788][T16635] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3869'.
[  615.378171][T16635] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3869'.
[  615.532820][  T121] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  615.565361][  T121] usb 4-1: device descriptor read/8, error -71
[  615.705234][  T121] usb usb4-port1: unable to enumerate USB device
[  615.764229][   T30] kauditd_printk_skb: 78 callbacks suppressed
[  615.764244][   T30] audit: type=1326 audit(1756867498.457:1400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16643 comm="syz.4.3873" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  615.862421][ T5862] Bluetooth: hci5: command 0x0c1a tx timeout
[  615.867740][T14218] Bluetooth: hci1: command 0x0c1a tx timeout
[  615.877942][   T30] audit: type=1326 audit(1756867498.457:1401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16643 comm="syz.4.3873" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  615.942479][T14218] Bluetooth: hci3: command 0x0c1a tx timeout
[  615.948568][T14218] Bluetooth: hci2: command 0x0c1a tx timeout
[  615.955597][   T30] audit: type=1326 audit(1756867498.457:1402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16643 comm="syz.4.3873" exe="/root/syz-executor" sig=0 arch=40000003 syscall=399 compat=1 ip=0xf702e539 code=0x7ffc0000
[  615.978104][   T30] audit: type=1326 audit(1756867498.457:1403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16643 comm="syz.4.3873" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  616.007169][   T30] audit: type=1326 audit(1756867498.457:1404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16643 comm="syz.4.3873" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  616.216048][   T30] audit: type=1326 audit(1756867498.917:1405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16653 comm="syz.4.3877" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  616.294097][   T30] audit: type=1326 audit(1756867498.937:1406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16653 comm="syz.4.3877" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf702e539 code=0x7ffc0000
[  616.392364][   T30] audit: type=1326 audit(1756867498.937:1407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16653 comm="syz.4.3877" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  616.447190][   T30] audit: type=1326 audit(1756867498.937:1408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16653 comm="syz.4.3877" exe="/root/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf702e539 code=0x7ffc0000
[  616.502397][   T30] audit: type=1326 audit(1756867498.937:1409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16653 comm="syz.4.3877" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  616.607373][T16668] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3884'.
[  616.806161][T16682] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3891'.
[  618.224843][T16725] IPVS: stopping master sync thread 16728 ...
[  618.238823][T16729] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3912'.
[  619.137868][T16756] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  619.138114][T16755] IPVS: stopping master sync thread 16756 ...
[  620.067188][T16781] __nla_validate_parse: 5 callbacks suppressed
[  620.067209][T16781] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3936'.
[  620.150724][T16781] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3936'.
[  620.423897][T16789] IPVS: stopping master sync thread 16790 ...
[  621.109892][   T30] kauditd_printk_skb: 40 callbacks suppressed
[  621.109910][   T30] audit: type=1326 audit(1756867503.807:1450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16808 comm="syz.4.3949" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  621.191650][   T30] audit: type=1326 audit(1756867503.847:1451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16808 comm="syz.4.3949" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  621.370625][   T30] audit: type=1326 audit(1756867503.857:1452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16808 comm="syz.4.3949" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf702e539 code=0x7ffc0000
[  621.479635][   T30] audit: type=1326 audit(1756867503.857:1453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16808 comm="syz.4.3949" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  621.530292][   T30] audit: type=1326 audit(1756867503.857:1454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16808 comm="syz.4.3949" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  621.558201][   T30] audit: type=1326 audit(1756867503.857:1455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16808 comm="syz.4.3949" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf702e539 code=0x7ffc0000
[  621.587405][T16818] IPVS: stopping master sync thread 16822 ...
[  621.631184][T16821] netlink: 468 bytes leftover after parsing attributes in process `syz.0.3955'.
[  621.644041][   T30] audit: type=1326 audit(1756867503.857:1456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16808 comm="syz.4.3949" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  621.711009][   T30] audit: type=1326 audit(1756867503.857:1457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16808 comm="syz.4.3949" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  621.816024][   T30] audit: type=1326 audit(1756867503.857:1458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16808 comm="syz.4.3949" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf702e539 code=0x7ffc0000
[  621.866108][   T30] audit: type=1326 audit(1756867503.857:1459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16808 comm="syz.4.3949" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  621.965858][T16834] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3960'.
[  622.106390][T16843] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3960'.
[  622.122124][T16834] 8021q: adding VLAN 0 to HW filter on device bond1
[  622.159015][T16834] bond0: (slave bond1): Enslaving as an active interface with an up link
[  622.278558][T16843] bond0 (unregistering): (slave bond1): Releasing backup interface
[  622.316184][T16843] bond0 (unregistering): Released all slaves
[  622.751153][T16870] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  622.970121][T16882] veth1_macvtap: left promiscuous mode
[  622.975859][T16882] macsec0: entered promiscuous mode
[  623.001067][T16881] syzkaller0: entered allmulticast mode
[  623.042716][T16881] syzkaller0: entered promiscuous mode
[  623.084113][T16881] syzkaller0 (unregistering): left allmulticast mode
[  623.103180][T16881] syzkaller0 (unregistering): left promiscuous mode
[  623.137516][T16889] netlink: 432 bytes leftover after parsing attributes in process `syz.2.3984'.
[  623.272088][T16898] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  623.398304][  T121] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[  623.414711][  T121] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[  623.435858][  T121] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[  623.452871][  T121] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[  623.470634][  T121] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[  623.496290][  T121] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[  623.523382][  T121] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[  623.546946][  T121] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[  623.567201][  T121] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[  623.587034][  T121] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[  623.603548][  T121] hid-generic 0000:0000:0000.0011: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz0
[  623.711646][T16917] fido_id[16917]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  623.822790][   T10] usb 5-1: new full-speed USB device number 57 using dummy_hcd
[  623.916313][T16930] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  623.934466][T16929] IPVS: stopping master sync thread 16930 ...
[  623.994789][   T10] usb 5-1: config 1 interface 0 altsetting 93 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[  624.006616][   T10] usb 5-1: config 1 interface 0 altsetting 93 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  624.030421][   T10] usb 5-1: config 1 interface 0 has no altsetting 0
[  624.057161][   T10] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  624.077764][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  624.092565][   T10] usb 5-1: SerialNumber: syz
[  624.110744][T16915] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  624.331493][   T10] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -71
[  624.350304][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  624.357312][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  624.387107][   T10] usb 5-1: USB disconnect, device number 57
[  624.408481][T16947] netlink: 'syz.1.4009': attribute type 21 has an invalid length.
[  624.438934][T16947] netlink: 'syz.1.4009': attribute type 1 has an invalid length.
[  624.447819][T16947] netlink: 144 bytes leftover after parsing attributes in process `syz.1.4009'.
[  625.303106][T16964] IPVS: stopping master sync thread 16969 ...
[  625.303105][T16969] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  625.555455][T16978] pim6reg1: entered promiscuous mode
[  625.587104][T16978] pim6reg1: entered allmulticast mode
[  626.161957][T16997] IPVS: stopping master sync thread 16998 ...
[  626.169130][T16998] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  626.466818][T17009] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4037'.
[  626.480079][   T30] kauditd_printk_skb: 294 callbacks suppressed
[  626.480098][   T30] audit: type=1326 audit(1756867509.177:1754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17010 comm="syz.0.4035" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  626.531923][   T30] audit: type=1326 audit(1756867509.177:1755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17010 comm="syz.0.4035" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  626.625063][   T30] audit: type=1326 audit(1756867509.207:1756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17010 comm="syz.0.4035" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  626.687018][   T30] audit: type=1326 audit(1756867509.207:1757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17010 comm="syz.0.4035" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  626.698392][T17020] loop8: detected capacity change from 0 to 16384
[  626.782949][   T30] audit: type=1326 audit(1756867509.207:1758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17010 comm="syz.0.4035" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  626.834780][T17024] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9)
[  626.841690][T17024] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  626.862238][   T30] audit: type=1326 audit(1756867509.207:1759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17010 comm="syz.0.4035" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  626.898870][T17024] vhci_hcd vhci_hcd.0: Device attached
[  626.934656][T17030] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(11)
[  626.941314][T17030] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  626.948470][   T30] audit: type=1326 audit(1756867509.207:1760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17010 comm="syz.0.4035" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  626.989760][   T30] audit: type=1326 audit(1756867509.207:1761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17010 comm="syz.0.4035" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  627.054299][T17030] vhci_hcd vhci_hcd.0: Device attached
[  627.068003][T17032] vhci_hcd: connection closed
[  627.068234][T17026] vhci_hcd: connection closed
[  627.070679][T15397] vhci_hcd: stop threads
[  627.092351][T15397] vhci_hcd: release socket
[  627.107081][T15397] vhci_hcd: disconnect device
[  627.109228][   T30] audit: type=1326 audit(1756867509.207:1762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17010 comm="syz.0.4035" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  627.166763][T15397] vhci_hcd: stop threads
[  627.171057][T15397] vhci_hcd: release socket
[  627.172392][T10230] usb 39-1: new high-speed USB device number 2 using vhci_hcd
[  627.192230][T15397] vhci_hcd: disconnect device
[  627.210533][   T30] audit: type=1326 audit(1756867509.207:1763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17010 comm="syz.0.4035" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  627.246450][T17040] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4048'.
[  627.255583][T17040] bridge_slave_1: left allmulticast mode
[  627.261934][T17040] bridge_slave_1: left promiscuous mode
[  627.269767][T17040] bridge0: port 2(bridge_slave_1) entered disabled state
[  627.296417][T17040] bridge_slave_0: left allmulticast mode
[  627.302228][T17040] bridge_slave_0: left promiscuous mode
[  627.308871][T17040] bridge0: port 1(bridge_slave_0) entered disabled state
[  627.466831][T17047] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  627.479362][T17046] tipc: Disabling bearer <eth:syzkaller0>
[  627.630583][T17053] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  627.699571][T17060] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  627.699891][T17056] IPVS: stopping master sync thread 17060 ...
[  628.189808][T17083] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4067'.
[  628.422854][T17089] IPVS: stopping master sync thread 17092 ...
[  628.423372][T17092] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  629.046575][T17121] IPVS: stopping master sync thread 17122 ...
[  629.052889][T17122] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  629.530669][T17140] netlink: 'syz.3.4094': attribute type 3 has an invalid length.
[  629.733738][   T10] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  629.748405][T17149] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  629.760416][T17148] IPVS: stopping master sync thread 17149 ...
[  629.833178][T17152] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4099'.
[  629.902355][   T10] usb 1-1: device descriptor read/64, error -71
[  630.142446][   T10] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  630.282467][   T10] usb 1-1: device descriptor read/64, error -71
[  630.392872][T17175] IPVS: stopping master sync thread 17176 ...
[  630.399114][T17176] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  630.410591][   T10] usb usb1-port1: attempt power cycle
[  630.465502][T17178] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22
[  630.481492][T17178] netdevsim netdevsim3: Direct firmware load for . failed with error -22
[  630.505650][T17178] netdevsim netdevsim3: Falling back to sysfs fallback for: .
[  630.518999][T17180] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4113'.
[  630.649177][T17186] netdevsim netdevsim1: Direct firmware load for ./file0/file1 failed with error -2
[  630.659033][T17186] netdevsim netdevsim1: Falling back to sysfs fallback for: ./file0/file1
[  630.754268][   T10] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  630.782973][   T10] usb 1-1: device descriptor read/8, error -71
[  630.859212][T17193] netlink: 'syz.2.4120': attribute type 10 has an invalid length.
[  631.024435][   T10] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  631.055147][   T10] usb 1-1: device descriptor read/8, error -71
[  631.176759][   T10] usb usb1-port1: unable to enumerate USB device
[  631.346909][T17203] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  631.362371][T17202] IPVS: stopping master sync thread 17203 ...
[  631.376920][T17205] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4125'.
[  631.686758][T17222] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4134'.
[  631.697418][T17222] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4134'.
[  631.715340][T17222] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4134'.
[  631.846082][   T30] kauditd_printk_skb: 70 callbacks suppressed
[  631.846101][   T30] audit: type=1326 audit(1756867514.547:1834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17229 comm="syz.3.4137" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000
[  631.898161][   T30] audit: type=1326 audit(1756867514.547:1835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17229 comm="syz.3.4137" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000
[  631.985946][   T30] audit: type=1326 audit(1756867514.547:1836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17229 comm="syz.3.4137" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf709e539 code=0x7ffc0000
[  632.029012][T17235] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  632.029321][T17234] IPVS: stopping master sync thread 17235 ...
[  632.042809][   T30] audit: type=1326 audit(1756867514.547:1837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17229 comm="syz.3.4137" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000
[  632.070336][   T30] audit: type=1326 audit(1756867514.547:1838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17229 comm="syz.3.4137" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000
[  632.197742][   T30] audit: type=1326 audit(1756867514.547:1839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17229 comm="syz.3.4137" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf709e539 code=0x7ffc0000
[  632.299066][   T30] audit: type=1326 audit(1756867514.547:1840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17229 comm="syz.3.4137" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000
[  632.334080][T10230] vhci_hcd: vhci_device speed not set
[  632.374558][   T30] audit: type=1326 audit(1756867514.547:1841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17229 comm="syz.3.4137" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000
[  632.428107][   T30] audit: type=1326 audit(1756867514.547:1842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17229 comm="syz.3.4137" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf709e539 code=0x7ffc0000
[  632.488224][   T30] audit: type=1326 audit(1756867514.547:1843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17229 comm="syz.3.4137" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000
[  632.570393][T17238] netlink: 56 bytes leftover after parsing attributes in process `syz.3.4139'.
[  632.661889][T17252] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4144'.
[  632.826895][T17259] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4146'.
[  632.845213][T17258] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4145'.
[  632.870786][T17252] 8021q: adding VLAN 0 to HW filter on device bond3
[  632.879655][T17252] bond2: (slave bond3): Enslaving as an active interface with an up link
[  632.902045][    C1] vcan0: j1939_session_tx_dat: 0xffff88807841e000: queue data error: -100
[  632.911974][    C1] vcan0 (unregistering): j1939_xtp_rx_dpo: no connection found
[  632.919736][    C1] vcan0 (unregistering): j1939_xtp_rx_dpo: no connection found
[  632.927391][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  632.935218][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  632.943134][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  632.950928][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  632.958805][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  632.966621][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  632.974548][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  632.982404][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  632.990306][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  632.998140][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.006037][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.013871][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.021742][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.029578][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.037490][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.045316][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.053220][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.061029][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.068930][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.076743][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.084648][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.092456][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.100311][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.108127][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.116007][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.123822][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.131703][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.139515][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.147401][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.155244][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.163157][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.170946][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.178823][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.186657][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.194620][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.202451][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.210324][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.218141][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.226038][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.233877][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.241756][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.249590][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.257473][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.265307][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.273193][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.281071][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.288964][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.296776][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.304672][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.312480][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.320367][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.328208][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.336126][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.344058][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.351920][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.359733][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.367635][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.375449][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.383352][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.391152][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.399052][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.406870][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.414747][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.422554][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.430429][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.438254][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.446132][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.453951][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.461821][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.469668][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.477594][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.485401][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.493312][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.501110][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.509003][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.516812][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.524691][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.532500][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.540387][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.548215][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.556106][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.563917][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.571783][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.579595][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.587516][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.595333][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.603216][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.611014][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.618928][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.626783][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.634910][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.642730][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.650623][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.658438][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.666342][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.674161][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.682036][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.689870][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.697784][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.705620][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.713587][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.721396][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.729294][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.737129][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.745008][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.752840][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.760699][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.768508][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.776384][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.784192][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.792079][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.799921][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.807814][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.815656][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.823621][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.831415][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.839305][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.847113][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.855054][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.862890][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.870768][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.878586][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.886492][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.894304][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  633.902167][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  633.910027][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  634.032740][T17252] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4144'.
[  634.069083][T17271] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4146'.
[  634.173505][T17252] bond2 (unregistering): (slave bond3): Releasing backup interface
[  634.282730][T17252] bond2 (unregistering): Released all slaves
[  634.674917][T17289] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  634.877434][T17293] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  634.913975][T17293] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  634.932360][T17293] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  636.327652][T17311] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  636.339106][T17310] IPVS: stopping master sync thread 17311 ...
[  637.254302][T17322] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  637.544332][T17335] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  637.555882][T17334] IPVS: stopping master sync thread 17335 ...
[  637.766040][   T30] kauditd_printk_skb: 88 callbacks suppressed
[  637.766057][   T30] audit: type=1326 audit(1756867520.467:1932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17342 comm="syz.2.4176" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f41539 code=0x7ffc0000
[  637.841796][T17345] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[  637.870677][T17345] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[  637.882393][   T30] audit: type=1326 audit(1756867520.467:1933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17342 comm="syz.2.4176" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f41539 code=0x7ffc0000
[  637.906783][T17345] netdevsim netdevsim0: Falling back to sysfs fallback for: .
[  637.970870][   T30] audit: type=1326 audit(1756867520.507:1934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17342 comm="syz.2.4176" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f41539 code=0x7ffc0000
[  638.029030][   T30] audit: type=1326 audit(1756867520.507:1935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17342 comm="syz.2.4176" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f41539 code=0x7ffc0000
[  638.102383][   T30] audit: type=1326 audit(1756867520.507:1936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17342 comm="syz.2.4176" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f41539 code=0x7ffc0000
[  638.162388][   T30] audit: type=1326 audit(1756867520.507:1937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17342 comm="syz.2.4176" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f41539 code=0x7ffc0000
[  638.246959][   T30] audit: type=1326 audit(1756867520.507:1938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17342 comm="syz.2.4176" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f41539 code=0x7ffc0000
[  638.276517][   T30] audit: type=1326 audit(1756867520.507:1939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17342 comm="syz.2.4176" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f41539 code=0x7ffc0000
[  638.331996][   T30] audit: type=1326 audit(1756867520.507:1940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17342 comm="syz.2.4176" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f41539 code=0x7ffc0000
[  638.400885][   T30] audit: type=1326 audit(1756867520.507:1941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17342 comm="syz.2.4176" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f41539 code=0x7ffc0000
[  638.797467][T17359] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  639.043398][T17367] IPVS: stopping master sync thread 17368 ...
[  639.832567][T17385] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4195'.
[  640.352417][T17392] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  640.356676][T17391] IPVS: stopping master sync thread 17392 ...
[  641.374996][T17417] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  641.386362][T17416] IPVS: stopping master sync thread 17417 ...
[  641.539914][T17420] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  641.847888][T17428] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4213'.
[  642.203635][T17442] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  642.222346][T17442] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  642.242583][T17442] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  642.294147][T17446] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4221'.
[  642.295706][T17445] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  642.871947][T17468] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4233'.
[  642.956195][T17273] Set syz1 is full, maxelem 65536 reached
[  643.054238][T10230] usb 2-1: new full-speed USB device number 51 using dummy_hcd
[  643.258590][T17480] IPVS: stopping master sync thread 17481 ...
[  643.264798][T17481] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  643.277333][T10230] usb 2-1: config 0 has an invalid interface number: 76 but max is 0
[  643.289841][T10230] usb 2-1: config 0 has no interface number 0
[  643.317623][T10230] usb 2-1: config 0 interface 76 has no altsetting 0
[  643.335912][T10230] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=62.9a
[  643.346210][T10230] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  643.370797][T10230] usb 2-1: Product: syz
[  643.383446][T10230] usb 2-1: Manufacturer: syz
[  643.398458][T10230] usb 2-1: SerialNumber: syz
[  643.448899][T10230] usb 2-1: config 0 descriptor??
[  643.509849][T10230] cp210x 2-1:0.76: cp210x converter detected
[  643.695713][T10230] cp210x 2-1:0.76: failed to get vendor val 0x370b size 1: -71
[  643.727999][T10230] cp210x 2-1:0.76: querying part number failed
[  643.785316][T10230] usb 2-1: cp210x converter now attached to ttyUSB0
[  643.810572][T17500] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4247'.
[  643.813289][T10230] usb 2-1: USB disconnect, device number 51
[  643.866838][T10230] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  643.889716][T10230] cp210x 2-1:0.76: device disconnected
[  644.882533][T17514] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  644.895813][T17513] IPVS: stopping master sync thread 17514 ...
[  645.106327][T17519] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4256'.
[  645.267855][T17519] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4256'.
[  645.367271][T17522] 8021q: adding VLAN 0 to HW filter on device bond2
[  645.384290][T17522] bond0: (slave bond2): Enslaving as an active interface with an up link
[  645.562570][T17531] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4260'.
[  645.930440][T17550] IPVS: stopping master sync thread 17551 ...
[  645.942316][T17551] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  648.075490][   T30] kauditd_printk_skb: 82 callbacks suppressed
[  648.075508][   T30] audit: type=1326 audit(1756867530.777:2024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17578 comm="syz.0.4277" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  648.178655][   T30] audit: type=1326 audit(1756867530.817:2025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17578 comm="syz.0.4277" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  648.239116][T17583] IPVS: stopping master sync thread 17584 ...
[  648.242304][T17584] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  648.268978][   T30] audit: type=1326 audit(1756867530.817:2026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17578 comm="syz.0.4277" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  648.352752][   T30] audit: type=1326 audit(1756867530.817:2027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17578 comm="syz.0.4277" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  648.450527][   T30] audit: type=1326 audit(1756867530.817:2028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17578 comm="syz.0.4277" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  648.537119][   T30] audit: type=1326 audit(1756867530.817:2029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17578 comm="syz.0.4277" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  648.636234][   T30] audit: type=1326 audit(1756867530.817:2030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17578 comm="syz.0.4277" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  648.724948][   T30] audit: type=1326 audit(1756867530.817:2031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17578 comm="syz.0.4277" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  648.797631][   T30] audit: type=1326 audit(1756867530.817:2032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17578 comm="syz.0.4277" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  648.804503][T17596] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[  648.832085][   T30] audit: type=1326 audit(1756867530.817:2033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17578 comm="syz.0.4277" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  648.860356][T17596] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[  648.871994][T17596] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[  648.944273][T17602] netlink: 68 bytes leftover after parsing attributes in process `syz.1.4286'.
[  649.360586][T17614] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4294'.
[  649.411385][T17614] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4294'.
[  650.565933][T17636] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4304'.
[  650.897402][T17641] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4304'.
[  651.283398][T17640] 8021q: adding VLAN 0 to HW filter on device bond4
[  651.292186][T17640] bond2: (slave bond4): Enslaving as an active interface with an up link
[  651.480919][T17646] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4306'.
[  651.543705][T17647] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4306'.
[  651.697577][T17338] Set syz1 is full, maxelem 65536 reached
[  651.798268][T17651] openvswitch: netlink: Message has 8 unknown bytes.
[  652.336295][T17671] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4318'.
[  652.509115][T17675] 8021q: adding VLAN 0 to HW filter on device bond4
[  652.538672][T17675] bond3: (slave bond4): Enslaving as an active interface with an up link
[  652.700128][T17678] netlink: 'syz.1.4319': attribute type 3 has an invalid length.
[  652.718299][T17678] netlink: 'syz.1.4319': attribute type 3 has an invalid length.
[  652.737919][T17678] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4319'.
[  652.814513][T17678] random: crng reseeded on system resumption
[  653.077327][T17681] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  653.336796][T17688] Set syz1 is full, maxelem 65536 reached
[  653.771462][T17697] tipc: Started in network mode
[  653.776922][T17697] tipc: Node identity ca7db2744968, cluster identity 4711
[  653.787632][T17697] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  653.838204][T17699] syzkaller0: entered promiscuous mode
[  653.913482][T17699] syzkaller0: entered allmulticast mode
[  654.040428][T17697] tipc: Resetting bearer <eth:syzkaller0>
[  654.194427][T17695] tipc: Resetting bearer <eth:syzkaller0>
[  654.253192][T17695] tipc: Disabling bearer <eth:syzkaller0>
[  655.755566][   T30] kauditd_printk_skb: 20 callbacks suppressed
[  655.755584][   T30] audit: type=1326 audit(1756867538.457:2054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17746 comm="syz.1.4345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  655.758518][T17747] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  655.788250][   T30] audit: type=1326 audit(1756867538.457:2055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17746 comm="syz.1.4345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  655.846406][   T30] audit: type=1326 audit(1756867538.487:2056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17746 comm="syz.1.4345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  655.921184][   T30] audit: type=1326 audit(1756867538.487:2057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17746 comm="syz.1.4345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  655.995047][   T30] audit: type=1326 audit(1756867538.487:2058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17746 comm="syz.1.4345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  656.072403][   T30] audit: type=1326 audit(1756867538.487:2059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17746 comm="syz.1.4345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  656.141472][   T30] audit: type=1326 audit(1756867538.487:2060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17746 comm="syz.1.4345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  656.204532][   T30] audit: type=1326 audit(1756867538.487:2061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17746 comm="syz.1.4345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  656.278331][   T30] audit: type=1326 audit(1756867538.487:2062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17746 comm="syz.1.4345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  656.348298][   T30] audit: type=1326 audit(1756867538.487:2063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17746 comm="syz.1.4345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  656.456066][T17769] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4355'.
[  656.589650][T17774] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[  656.604534][T17774] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[  656.643521][T17774] netdevsim netdevsim0: Falling back to sysfs fallback for: .
[  657.716376][T17827] netlink: 228 bytes leftover after parsing attributes in process `syz.0.4383'.
[  657.851464][T17809] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4374'.
[  658.848715][T17858] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4396'.
[  659.176136][T17866] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4397'.
[  659.435250][T17871] netlink: 'syz.1.4400': attribute type 10 has an invalid length.
[  659.490716][T17871] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4400'.
[  659.519874][T17868] bond0: (slave bond2): Releasing backup interface
[  659.562145][T17868] bond3: (slave bond4): Releasing backup interface
[  659.624517][T17871] batman_adv: batadv0: Adding interface: virt_wifi0
[  659.653265][T17871] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  659.749246][T17871] batman_adv: batadv0: Interface activated: virt_wifi0
[  660.104515][T17886] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4408'.
[  660.440376][T17901] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4412'.
[  661.411011][T17922] netlink: 'syz.4.4422': attribute type 21 has an invalid length.
[  661.420591][T17922] netlink: 'syz.4.4422': attribute type 1 has an invalid length.
[  661.430055][T17922] netlink: 144 bytes leftover after parsing attributes in process `syz.4.4422'.
[  662.591201][T17952] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4436'.
[  662.909733][T17971] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22
[  662.921135][T17971] netdevsim netdevsim3: Direct firmware load for . failed with error -22
[  662.931968][T17971] netdevsim netdevsim3: Falling back to sysfs fallback for: .
[  663.045539][   T30] kauditd_printk_skb: 176 callbacks suppressed
[  663.045556][   T30] audit: type=1326 audit(1756867545.747:2240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17972 comm="syz.0.4445" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  663.111993][   T30] audit: type=1326 audit(1756867545.777:2241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17972 comm="syz.0.4445" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  663.137211][   T30] audit: type=1326 audit(1756867545.797:2242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17972 comm="syz.0.4445" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  663.219396][   T30] audit: type=1326 audit(1756867545.797:2243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17972 comm="syz.0.4445" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  663.282103][   T30] audit: type=1326 audit(1756867545.797:2244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17972 comm="syz.0.4445" exe="/root/syz-executor" sig=0 arch=40000003 syscall=289 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  663.352491][T17980] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4447'.
[  663.638489][   T30] audit: type=1326 audit(1756867545.797:2245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17972 comm="syz.0.4445" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98539 code=0x7ffc0000
[  663.725089][T17985] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4449'.
[  663.833364][T17990] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4449'.
[  664.040013][T17986] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  664.251533][T17988] bond5 (unregistering): Released all slaves
[  664.920608][T18011] netlink: 356 bytes leftover after parsing attributes in process `syz.4.4457'.
[  664.970949][   T30] audit: type=1326 audit(1756867547.667:2246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18006 comm="syz.4.4457" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  665.000676][T18016] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4461'.
[  665.010536][T18016] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4461'.
[  665.021846][T18016] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4461'.
[  665.041766][   T30] audit: type=1326 audit(1756867547.667:2247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18006 comm="syz.4.4457" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  665.066710][T18017] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4462'.
[  665.113747][   T30] audit: type=1326 audit(1756867547.667:2248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18006 comm="syz.4.4457" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf702e539 code=0x7ffc0000
[  665.152041][   T30] audit: type=1326 audit(1756867547.667:2249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18006 comm="syz.4.4457" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x7ffc0000
[  665.177193][T18017] bond0 (unregistering): Released all slaves
[  665.179010][T18020] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4462'.
[  666.139497][T18050] bond1 (unregistering): Released all slaves
[  667.559840][T18116] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  667.582981][T18116] syzkaller0: entered promiscuous mode
[  667.592386][T18116] syzkaller0: entered allmulticast mode
[  667.667458][T18123] program syz.0.4511 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  667.705296][T18116] tipc: Resetting bearer <eth:syzkaller0>
[  667.718661][T18124] __nla_validate_parse: 10 callbacks suppressed
[  667.718680][T18124] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4510'.
[  667.743009][T18113] tipc: Resetting bearer <eth:syzkaller0>
[  667.770362][T18130] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4510'.
[  667.839913][T18113] tipc: Disabling bearer <eth:syzkaller0>
[  667.859108][T18137] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4515'.
[  667.868707][T18137] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4515'.
[  667.877766][T18137] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4515'.
[  668.106407][T18140] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4517'.
[  668.346229][T18151] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4522'.
[  668.415489][T18155] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4523'.
[  668.431938][T18155] openvswitch: netlink: Flow key attr not present in new flow.
[  668.654502][T18164] IPv6: Can't replace route, no match found
[  668.711680][T18165] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  668.819234][T18169] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4530'.
[  668.888860][T18169] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4530'.
[  669.486355][   T30] kauditd_printk_skb: 34 callbacks suppressed
[  669.486373][   T30] audit: type=1326 audit(1756867552.187:2284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18186 comm="syz.1.4538" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  669.582441][   T30] audit: type=1326 audit(1756867552.187:2285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18186 comm="syz.1.4538" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  669.650903][   T30] audit: type=1326 audit(1756867552.187:2286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18186 comm="syz.1.4538" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  669.751411][   T30] audit: type=1326 audit(1756867552.187:2287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18186 comm="syz.1.4538" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  669.831398][   T30] audit: type=1326 audit(1756867552.187:2288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18186 comm="syz.1.4538" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  669.914137][   T30] audit: type=1326 audit(1756867552.187:2289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18186 comm="syz.1.4538" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  669.977876][   T30] audit: type=1326 audit(1756867552.187:2290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18186 comm="syz.1.4538" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  670.022752][   T30] audit: type=1326 audit(1756867552.187:2291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18186 comm="syz.1.4538" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  670.072332][   T30] audit: type=1326 audit(1756867552.187:2292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18186 comm="syz.1.4538" exe="/root/syz-executor" sig=0 arch=40000003 syscall=352 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  670.163758][   T30] audit: type=1326 audit(1756867552.187:2293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18186 comm="syz.1.4538" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  672.385035][T18255] IPVS: stopping master sync thread 18256 ...
[  672.992841][T18264] __nla_validate_parse: 6 callbacks suppressed
[  672.992862][T18264] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4569'.
[  673.172664][T18272] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4571'.
[  673.594017][T18283] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  673.606228][T18282] IPVS: stopping master sync thread 18283 ...
[  674.289988][T18296] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[  674.370339][T18296] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[  674.482728][T18296] netdevsim netdevsim1: Falling back to sysfs fallback for: .
[  674.555473][T18303] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4585'.
[  674.936144][T18313] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  674.936473][T18312] IPVS: stopping master sync thread 18313 ...
[  675.494126][T18331] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4597'.
[  675.678035][T18341] input: syz0 as /devices/virtual/input/input26
[  675.704027][T18343] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  675.846575][T18349] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[  675.869209][T18349] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[  675.930512][T18349] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[  676.931672][T18376] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4612'.
[  677.616498][T18390] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4617'.
[  677.875990][T18401] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4622'.
[  677.902492][T10231] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[  677.979850][T18401] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4622'.
[  677.987239][T18407] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[  677.997562][T18407] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[  678.007722][T18407] netdevsim netdevsim0: Falling back to sysfs fallback for: .
[  678.091337][T18409] binder: 18408:18409 ioctl c0306201 80000440 returned -14
[  678.103849][T10231] usb 5-1: Using ep0 maxpacket: 8
[  678.112399][T10231] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  678.119836][T10231] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  678.140608][T10231] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  678.155688][T10231] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  678.192443][T10231] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  678.218582][T10231] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  678.245055][T10231] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  678.269291][T10231] usb 5-1: config 168 interface 0 has no altsetting 0
[  678.278200][T10231] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  678.287378][T10231] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  678.337666][T18413] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4626'.
[  678.340486][T10231] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  678.348342][T18413] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4626'.
[  678.364286][T10231] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  678.382680][T10231] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  678.394520][T10231] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  678.408590][T10231] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  678.423345][T10231] usb 5-1: config 168 interface 0 has no altsetting 0
[  678.431440][T10231] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  678.439469][T10231] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  678.451348][T10231] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  678.463966][T10231] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  678.476940][T10231] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  678.489373][T10231] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  678.503780][T10231] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  678.517679][T10231] usb 5-1: config 168 interface 0 has no altsetting 0
[  678.534538][T10231] usb 5-1: string descriptor 0 read error: -22
[  678.541277][T10231] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  678.546189][T18417] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4628'.
[  678.553646][T10231] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  678.587520][T10231] adutux 5-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  678.603778][T18417] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4628'.
[  679.374999][T18436] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4634'.
[  679.504639][T18439] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4634'.
[  680.710565][T10231] usb 5-1: USB disconnect, device number 58
[  680.954407][T18465] batman_adv: batadv0: Interface deactivated: virt_wifi0
[  680.997896][T18465] batman_adv: batadv0: Removing interface: virt_wifi0
[  681.011994][T18474] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4646'.
[  681.068369][T18476] netlink: 'syz.4.4647': attribute type 10 has an invalid length.
[  681.134018][T18476] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  681.817176][T18487] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  681.824105][T18487] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  681.830239][T18487] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  681.861574][T18487] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  681.882795][T18487] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  681.929685][T18487] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  681.971126][T18507] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4660'.
[  682.049505][T18505] ip6tnl1: entered promiscuous mode
[  682.482969][T18532] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4672'.
[  682.544915][T18532] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4672'.
[  683.517071][T18540] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  683.632601][T18540] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  683.644365][T18540] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  683.680396][T18540] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  683.700163][T18540] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  683.710812][T14218] Bluetooth: hci1: Unable to find connection with handle 0x00c8
[  683.924033][T18566] __nla_validate_parse: 2 callbacks suppressed
[  683.924053][T18566] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4684'.
[  684.006141][T18570] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4687'.
[  684.052861][T18572] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4684'.
[  684.140354][T18577] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4688'.
[  684.200717][T18570] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4687'.
[  684.210672][T18582] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4688'.
[  684.222928][T18581] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4689'.
[  684.443212][T18590] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4693'.
[  684.537559][T18590] bridge_slave_0: left allmulticast mode
[  684.546674][T18590] bridge_slave_0: left promiscuous mode
[  684.553995][T18590] bridge0: port 1(bridge_slave_0) entered disabled state
[  684.589329][T18599] netlink: 'syz.4.4693': attribute type 10 has an invalid length.
[  684.592817][T18590] bridge_slave_1: left allmulticast mode
[  684.603083][T18590] bridge_slave_1: left promiscuous mode
[  684.611093][T18590] bridge0: port 2(bridge_slave_1) entered disabled state
[  684.636146][T18590] bond0: (slave bond_slave_0): Releasing backup interface
[  684.678492][T18590] bond0: (slave bond_slave_1): Releasing backup interface
[  684.711055][T18590] team0: Port device team_slave_0 removed
[  684.725253][T18590] team0: Port device team_slave_1 removed
[  684.735480][T14218] Bluetooth: hci0: command 0x0406 tx timeout
[  684.744441][T18590] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  684.752156][T18590] batman_adv: batadv0: Removing interface: batadv_slave_0
[  684.764224][T18590] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  684.774447][T18590] batman_adv: batadv0: Removing interface: batadv_slave_1
[  684.800206][T18590] bond0: (slave wlan1): Releasing backup interface
[  684.937217][T18599] bond0: (slave wlan1): Opening slave failed
[  684.976477][T18602] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[  685.015546][T18602] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[  685.052641][T18602] netdevsim netdevsim1: Falling back to sysfs fallback for: .
[  685.255773][T18610] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4700'.
[  685.270379][T18609] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4699'.
[  685.602892][T18621] block device autoloading is deprecated and will be removed.
[  685.693467][T14218] Bluetooth: hci2: command 0x0c1a tx timeout
[  685.695050][ T5862] Bluetooth: hci5: command 0x0c1a tx timeout
[  685.699523][T14218] Bluetooth: hci1: command 0x0c1a tx timeout
[  685.777398][ T5873] Bluetooth: hci3: command 0x0c1a tx timeout
[  685.777823][T10231] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  685.792714][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  685.800175][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  685.802013][T18627] netlink: 'syz.1.4705': attribute type 10 has an invalid length.
[  686.029823][T18627] mac80211_hwsim hwsim25 wlan1: entered promiscuous mode
[  686.053108][T18627] $Hÿ: (slave wlan1): Enslaving as an active interface with an up link
[  686.071866][T10231] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  686.083640][T10231] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  686.116401][T10231] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  686.151038][T18640] tipc: Enabled bearer <udp:syz2>, priority 10
[  686.157542][T10231] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  686.158953][T10231] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  686.192557][T10231] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  686.201135][T10231] usb 3-1: Manufacturer: syz
[  686.231808][T10231] usb 3-1: config 0 descriptor??
[  687.015882][T10231] hid_parser_main: 33 callbacks suppressed
[  687.015907][T10231] appleir 0003:05AC:8243.0012: unknown main item tag 0x0
[  687.189198][ T5953] tipc: Node number set to 3043749280
[  687.422803][T10231] appleir 0003:05AC:8243.0012: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0
[  687.772581][ T5873] Bluetooth: hci2: command 0x0c1a tx timeout
[  687.859575][T10231] usb 3-1: USB disconnect, device number 44
[  688.143270][T18666] fido_id[18666]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  688.442593][T18682] tipc: Started in network mode
[  688.452565][T18682] tipc: Node identity ac141441, cluster identity 4711
[  688.482927][T18682] tipc: Enabled bearer <udp:syz2>, priority 10
[  688.631178][T18690] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  688.676410][T18689] IPVS: stopping master sync thread 18690 ...
[  688.753208][T18680] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  688.782079][T18680] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  688.825208][T18680] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  688.831674][T18680] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  688.838208][T18680] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  689.154522][T18709] __nla_validate_parse: 5 callbacks suppressed
[  689.154540][T18709] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4728'.
[  689.493891][T10229] tipc: Node number set to 2886997057
[  689.605380][T18714] $Hÿ: (slave wlan1): Releasing backup interface
[  689.648135][ T5873] Bluetooth: hci3: unexpected subevent 0x01 length: 6 < 18
[  689.765345][T18714] mac80211_hwsim hwsim25 wlan1: left promiscuous mode
[  690.299864][ T5873] Bluetooth: hci2: unexpected event for opcode 0x2023
[  690.573895][ T5873] Bluetooth: hci0: command 0x0406 tx timeout
[  690.634680][T18751] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4740'.
[  690.645264][T18751] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4740'.
[  690.782388][T18755] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4742'.
[  690.787682][T18757] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4743'.
[  690.808244][T18757] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4743'.
[  690.817699][ T5873] Bluetooth: hci1: command 0x0c1a tx timeout
[  690.825783][T18755] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4742'.
[  690.894572][ T5873] Bluetooth: hci3: command 0x0c1a tx timeout
[  690.897770][T14218] Bluetooth: hci5: command 0x0c1a tx timeout
[  690.984396][T18762] netlink: 'syz.4.4745': attribute type 10 has an invalid length.
[  690.995112][T18762] bond0: (slave wlan1): Opening slave failed
[  691.267437][T18773] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4748'.
[  691.309012][T18773] bond3 (unregistering): Released all slaves
[  691.335747][T18775] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4748'.
[  691.344769][T18748] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  691.350901][T18748] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  691.359042][T18748] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  691.367725][T18748] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  691.374909][T18748] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  691.627163][T18783] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4752'.
[  691.812442][T18791] tipc: Enabled bearer <udp:syz2>, priority 10
[  692.662468][T14218] Bluetooth: hci0: command 0x0406 tx timeout
[  692.786708][T14218] Bluetooth: hci5: unknown advertising packet type: 0x82
[  692.786802][T14218] Bluetooth: hci5: Malformed LE Event: 0x02
[  692.932361][ T5953] tipc: Node number set to 1508970792
[  693.385222][T14218] Bluetooth: hci2: command 0x0c1a tx timeout
[  693.391454][ T5873] Bluetooth: hci5: command 0x0c1a tx timeout
[  693.397607][ T5873] Bluetooth: hci1: command 0x0c1a tx timeout
[  693.452405][T18825] Bluetooth: hci3: command 0x0c1a tx timeout
[  694.515484][T18839] __nla_validate_parse: 3 callbacks suppressed
[  694.515503][T18839] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4773'.
[  696.153141][T18869] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4785'.
[  696.198633][T18869] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4785'.
[  697.569987][T18885] : entered promiscuous mode
[  697.630177][T18889] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  697.651499][T18888] IPVS: stopping master sync thread 18889 ...
[  698.127797][T18908] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4799'.
[  698.198696][T18912] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4799'.
[  698.703734][T18825] Bluetooth: hci1: unexpected event for opcode 0x040d
[  699.290438][T18931] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  699.301447][T18930] IPVS: stopping master sync thread 18931 ...
[  700.205666][T18946] pim6reg: entered allmulticast mode
[  700.377145][T18959] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4814'.
[  700.462140][T18965] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4814'.
[  700.484782][T18959] bond3 (unregistering): Released all slaves
[  702.559481][T18999] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4827'.
[  702.680934][T19000] bond8 (unregistering): Released all slaves
[  702.743380][T19002] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4828'.
[  704.049226][T19038] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  704.828216][T19036] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  704.837856][T19036] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  704.852136][T19036] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  704.874955][T19036] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  704.894588][T19036] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  704.908680][T19036] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  705.352596][ T5953] usb 5-1: new low-speed USB device number 59 using dummy_hcd
[  705.554254][ T5953] usb 5-1: config index 0 descriptor too short (expected 1307, got 27)
[  705.563862][ T5953] usb 5-1: config 0 has an invalid interface number: 0 but max is -1
[  705.571966][ T5953] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 0
[  705.581556][ T5953] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  705.592848][ T5953] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[  705.604077][ T5953] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  705.631811][T19088] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  705.643205][ T5953] usb 5-1: string descriptor 0 read error: -22
[  705.649954][ T5953] usb 5-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  705.675437][ T5953] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  705.704777][ T5953] usb 5-1: config 0 descriptor??
[  705.720804][T19072] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  705.734932][ T5953] hub 5-1:0.0: bad descriptor, ignoring hub
[  705.747264][ T5953] hub 5-1:0.0: probe with driver hub failed with error -5
[  705.764236][ T5953] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input27
[  706.042534][T10230] usb 5-1: USB disconnect, device number 59
[  706.048522][    C1] usb_acecad 5-1:0.0: can't resubmit intr, dummy_hcd.4-1/input0, status -19
[  706.092496][T18825] Bluetooth: hci0: command 0x0406 tx timeout
[  706.233634][T19102] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4860'.
[  706.700187][T19114] tipc: Started in network mode
[  706.705822][T19114] tipc: Node identity ac141441, cluster identity 4711
[  706.717522][T19114] tipc: Enabled bearer <udp:syz2>, priority 10
[  706.857881][T19123] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4869'.
[  706.895514][ T5862] Bluetooth: hci2: command 0x0c1a tx timeout
[  706.895545][T14218] Bluetooth: hci1: command 0x0c1a tx timeout
[  706.911964][T18825] Bluetooth: hci5: command 0x0c1a tx timeout
[  706.972752][T18825] Bluetooth: hci3: command 0x0c1a tx timeout
[  707.488812][T19112] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  707.495897][T19112] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  707.514934][T19112] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  707.542905][T19112] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  707.554026][T19112] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  707.808088][T19112] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  707.839443][ T5953] tipc: Node number set to 2886997057
[  708.064094][ T5920] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  708.250071][T19156] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4881'.
[  708.289956][ T5920] usb 3-1: unable to get BOS descriptor or descriptor too short
[  708.327689][ T5920] usb 3-1: config 6 has an invalid interface number: 158 but max is 0
[  708.336329][ T5920] usb 3-1: config 6 has no interface number 0
[  708.342521][ T5920] usb 3-1: config 6 interface 158 altsetting 8 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  708.370821][ T5920] usb 3-1: config 6 interface 158 has no altsetting 0
[  708.526838][ T5920] usb 3-1: New USB device found, idVendor=0bda, idProduct=0140, bcdDevice=da.29
[  708.542347][ T5920] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  708.566998][ T5920] usb 3-1: Product: syz
[  708.579216][ T5920] usb 3-1: Manufacturer: syz
[  708.585431][ T5920] usb 3-1: SerialNumber: syz
[  708.732891][T14218] Bluetooth: hci0: command 0x0406 tx timeout
[  709.532469][T14218] Bluetooth: hci1: command 0x0c1a tx timeout
[  709.615954][T14218] Bluetooth: hci2: command 0x0c1a tx timeout
[  709.622080][T18825] Bluetooth: hci5: command 0x0c1a tx timeout
[  709.852877][T14218] Bluetooth: hci3: command 0x0c1a tx timeout
[  710.188050][ T5920] rtsx_usb 3-1:6.158: probe with driver rtsx_usb failed with error -71
[  710.209374][ T5920] usb 3-1: USB disconnect, device number 45
[  710.371181][T19175] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  710.377799][T19175] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  710.387817][T19175] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  710.395073][T19175] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  710.401340][T19175] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  710.414523][T19175] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  711.213620][T19213] netlink: 'syz.4.4904': attribute type 10 has an invalid length.
[  711.299740][T19216] bond8 (unregistering): Released all slaves
[  711.307995][T19220] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4903'.
[  711.336932][T19213] bond0: (slave wlan1): Opening slave failed
[  711.597103][T19226] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4907'.
[  711.689209][T19233] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4919'.
[  711.699214][T14218] Bluetooth: hci0: command 0x0406 tx timeout
[  712.107552][T19242] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4911'.
[  712.174612][T19231] bond8 (unregistering): Released all slaves
[  712.413224][T14218] Bluetooth: hci3: command 0x0c1a tx timeout
[  712.419375][T18825] Bluetooth: hci2: command 0x0c1a tx timeout
[  712.419452][ T5862] Bluetooth: hci5: command 0x0c1a tx timeout
[  712.425634][T18825] Bluetooth: hci1: command 0x0c1a tx timeout
[  713.004659][T19263] netlink: 'syz.0.4920': attribute type 10 has an invalid length.
[  713.085936][T19263] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  713.424598][T19270] fuse: Unknown parameter 'use00000000000000000000'
[  714.259392][T19291] netlink: 'syz.2.4930': attribute type 10 has an invalid length.
[  714.492446][ T5862] Bluetooth: hci2: command 0x0c1a tx timeout
[  714.627992][T19311] binder_alloc: 19308: binder_alloc_buf, no vma
[  714.860926][T19320] binder: 19319:19320 ioctl c0306201 80000640 returned -22
[  715.525941][T19338] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  715.543508][T19338] mac80211_hwsim hwsim25 syzkaller0: entered promiscuous mode
[  715.561315][T19338] mac80211_hwsim hwsim25 syzkaller0: entered allmulticast mode
[  715.573080][T19338] tipc: Resetting bearer <eth:syzkaller0>
[  715.596249][T19338] tipc: Resetting bearer <eth:syzkaller0>
[  716.049363][T19362] netlink: 'syz.2.4960': attribute type 10 has an invalid length.
[  717.872398][ T5953] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  718.039260][T19419] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4983'.
[  718.055824][ T5953] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  718.065182][ T5953] usb 3-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  718.081881][ T5953] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  718.104691][ T5953] usb 3-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  718.135827][ T5953] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  718.163316][ T5953] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  718.196636][ T5953] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  718.198640][T19424] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4985'.
[  718.205997][ T5953] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  718.228285][ T5953] usb 3-1: Product: syz
[  718.234295][ T5953] usb 3-1: Manufacturer: syz
[  718.252395][T19401] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  718.266591][ T5953] cdc_wdm 3-1:1.0: skipping garbage
[  718.282120][ T5953] cdc_wdm 3-1:1.0: skipping garbage
[  718.297330][ T5953] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  718.312399][ T5953] cdc_wdm 3-1:1.0: Unknown control protocol
[  718.499539][    C0] wdm_int_callback: 115 callbacks suppressed
[  718.499563][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  718.512175][    C0] wdm_int_callback: 115 callbacks suppressed
[  718.512199][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  718.524791][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  718.531414][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  718.538044][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  718.544669][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  718.551666][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  718.558298][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  718.564903][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  718.571528][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  718.577825][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  718.584440][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  718.590736][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  718.597356][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  718.599121][T10229] usb 3-1: USB disconnect, device number 46
[  718.603427][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  718.797003][T19442] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  718.813531][T19442] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  718.827567][T19442] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  718.846815][T19442] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  718.863986][T19442] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  718.876577][T19442] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  718.893816][T19442] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  718.920521][T19450] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  718.933999][T19442] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  718.993042][T19448] tipc: Resetting bearer <eth:syzkaller0>
[  719.220695][T19457] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4997'.
[  719.688150][T19471] bond3 (unregistering): Released all slaves
[  719.812626][T19475] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5004'.
[  720.438724][T19488] netlink: 'syz.2.5007': attribute type 10 has an invalid length.
[  720.732631][T14218] Bluetooth: hci0: command 0x0406 tx timeout
[  720.895143][T14218] Bluetooth: hci2: command 0x0c1a tx timeout
[  720.895172][ T5862] Bluetooth: hci5: command 0x0c1a tx timeout
[  720.901295][ T5873] Bluetooth: hci1: command 0x0c1a tx timeout
[  720.972357][T14218] Bluetooth: hci3: command 0x0c1a tx timeout
[  721.279217][T19516] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5020'.
[  722.734530][T19542] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5027'.
[  722.826903][T14218] Bluetooth: hci0: command 0x0406 tx timeout
[  722.972339][T14218] Bluetooth: hci2: command 0x0c1a tx timeout
[  722.978384][ T5873] Bluetooth: hci1: command 0x0c1a tx timeout
[  723.658528][T19560] binder: BINDER_SET_CONTEXT_MGR already set
[  723.665202][T19560] binder: 19559:19560 ioctl 4018620d 800002c0 returned -16
[  724.607580][T19577] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5042'.
[  724.721836][T19581] netlink: 'syz.4.5043': attribute type 10 has an invalid length.
[  724.801755][T19581] bond0: (slave wlan1): Opening slave failed
[  725.019132][T19588] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5046'.
[  725.179751][T19594] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5046'.
[  725.464269][T19588] bond3 (unregistering): Released all slaves
[  725.813689][T19601] vlan2: entered allmulticast mode
[  725.872404][T19601] bridge_slave_0: entered allmulticast mode
[  725.911719][T19605] binder: BINDER_SET_CONTEXT_MGR already set
[  725.919807][T19605] binder: 19602:19605 ioctl 4018620d 800002c0 returned -16
[  726.269521][T19613] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5055'.
[  726.386130][T19617] netlink: 'syz.1.5057': attribute type 10 has an invalid length.
[  726.397992][T19617] $Hÿ: (slave wlan1): Opening slave failed
[  726.443141][T19617] mac80211_hwsim hwsim25 syzkaller0: left promiscuous mode
[  726.462910][T19617] mac80211_hwsim hwsim25 syzkaller0: left allmulticast mode
[  726.496009][T19617] tipc: Resetting bearer <eth:syzkaller0>
[  726.735589][T19630] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[  726.757989][T19630] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[  726.772616][T19630] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[  727.182343][ T5920] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  727.335480][ T5920] usb 2-1: config index 0 descriptor too short (expected 39, got 27)
[  727.348844][ T5920] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  727.360836][ T5920] usb 2-1: config 0 interface 0 has no altsetting 0
[  727.375356][ T5920] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  727.386955][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  727.396236][ T5920] usb 2-1: Product: syz
[  727.400634][ T5920] usb 2-1: Manufacturer: syz
[  727.407782][ T5920] usb 2-1: SerialNumber: syz
[  727.418048][ T5920] usb 2-1: config 0 descriptor??
[  727.429067][ T5920] hub 2-1:0.0: bad descriptor, ignoring hub
[  727.436359][ T5920] hub 2-1:0.0: probe with driver hub failed with error -5
[  727.454524][ T5920] usb 2-1: selecting invalid altsetting 0
[  728.112461][T19641] usb 2-1: reset high-speed USB device number 52 using dummy_hcd
[  728.124619][T19641] usb 2-1: device reset changed ep0 maxpacket size!
[  728.135779][ T5953] usb 2-1: USB disconnect, device number 52
[  728.555448][ T5953] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[  728.732726][ T5953] usb 2-1: Using ep0 maxpacket: 8
[  728.760632][ T5953] usb 2-1: unable to get BOS descriptor or descriptor too short
[  728.778752][ T5953] usb 2-1: no configurations
[  728.798961][ T5953] usb 2-1: can't read configurations, error -22
[  728.860439][T19677] netlink: 'syz.2.5084': attribute type 10 has an invalid length.
[  729.261261][T19692] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5087'.
[  729.327372][T19698] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5087'.
[  729.433200][T19692] bond6 (unregistering): Released all slaves
[  729.551330][T19700] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5088'.
[  729.964950][T19710] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5093'.
[  729.967801][T19700] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5088'.
[  730.047718][T19710] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5093'.
[  730.144024][T19700] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  730.153151][T19700] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  730.162343][T19700] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  730.169776][T19700] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  730.182320][T19700] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  730.839532][T19732] vlan2: entered allmulticast mode
[  730.846671][T19731] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5103'.
[  730.856609][T19732] bridge_slave_0: entered allmulticast mode
[  731.160104][T19738] kernel profiling enabled (shift: 17)
[  732.255006][ T5873] Bluetooth: hci3: command 0x0c1a tx timeout
[  732.261144][T14218] Bluetooth: hci2: command 0x0c1a tx timeout
[  732.261253][ T5862] Bluetooth: hci5: command 0x0c1a tx timeout
[  732.271304][T14218] Bluetooth: hci1: command 0x0c1a tx timeout
[  732.274376][ T5862] Bluetooth: hci0: command 0x0406 tx timeout
[  732.395469][T19770] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5117'.
[  732.426157][T19770] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5117'.
[  732.612669][T19783] binder: 19782:19783 ioctl c0306201 80000540 returned -22
[  732.620537][T19783] binder: 19782:19783 ioctl c0306201 80000640 returned -22
[  732.730802][T19787] netlink: 'syz.3.5122': attribute type 10 has an invalid length.
[  732.831687][T19790] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5122'.
[  732.928482][T19787] team0: Port device bond0 added
[  733.533362][T19800] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5128'.
[  733.594265][T19790] team0 (unregistering): Port device bond0 removed
[  734.075091][T19814] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5133'.
[  734.085620][T19814] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5133'.
[  735.363875][T19831] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5139'.
[  735.588314][T19841] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5141'.
[  735.850862][T19850] binder: BINDER_SET_CONTEXT_MGR already set
[  735.861703][T19850] binder: 19844:19850 ioctl 4018620d 800002c0 returned -16
[  736.658315][T19871] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5152'.
[  737.023806][T19891] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5157'.
[  737.836037][T19914] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5167'.
[  737.845986][T19915] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5166'.
[  738.312383][T19911] bond10 (unregistering): Released all slaves
[  738.829590][T19936] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5174'.
[  739.711170][T19960] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5183'.
[  739.893346][T19953] bond3 (unregistering): Released all slaves
[  740.732686][T19984] netlink: 'syz.4.5193': attribute type 10 has an invalid length.
[  740.776479][T19984] bond0: (slave wlan1): Opening slave failed
[  740.908786][T19989] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[  740.918462][T19989] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[  740.928841][T19989] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[  741.909476][T20002] ==================================================================
[  741.917571][T20002] BUG: KASAN: slab-use-after-free in xfrm_state_find+0x2cf2/0x5400
[  741.925480][T20002] Read of size 1 at addr ffff888056cf5870 by task syz.4.5199/20002
[  741.933382][T20002] 
[  741.935725][T20002] CPU: 1 UID: 0 PID: 20002 Comm: syz.4.5199 Not tainted syzkaller #0 PREEMPT(full) 
[  741.935749][T20002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  741.935765][T20002] Call Trace:
[  741.935776][T20002]  <TASK>
[  741.935786][T20002]  dump_stack_lvl+0x189/0x250
[  741.935813][T20002]  ? __kasan_check_byte+0x12/0x40
[  741.935843][T20002]  ? __pfx_dump_stack_lvl+0x10/0x10
[  741.935867][T20002]  ? lock_release+0x4b/0x3e0
[  741.935899][T20002]  ? __virt_addr_valid+0x4a5/0x5c0
[  741.935926][T20002]  print_report+0xca/0x240
[  741.935945][T20002]  ? xfrm_state_find+0x2cf2/0x5400
[  741.935965][T20002]  kasan_report+0x118/0x150
[  741.935993][T20002]  ? xfrm_state_find+0x2cf2/0x5400
[  741.936017][T20002]  xfrm_state_find+0x2cf2/0x5400
[  741.936047][T20002]  ? xfrm_state_find+0x1da/0x5400
[  741.936069][T20002]  ? __pfx_xfrm_state_find+0x10/0x10
[  741.936088][T20002]  ? xfrm4_get_saddr+0xd5/0x140
[  741.936111][T20002]  ? __pfx_xfrm4_get_saddr+0x10/0x10
[  741.936138][T20002]  ? xfrm_resolve_and_create_bundle+0x6e6/0x2f80
[  741.936165][T20002]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  741.936201][T20002]  ? stack_depot_save_flags+0x40/0x860
[  741.936231][T20002]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  741.936255][T20002]  ? __lock_acquire+0xab9/0xd20
[  741.936287][T20002]  ? xfrm_sk_policy_lookup+0x9d/0x750
[  741.936310][T20002]  ? rt_set_nexthop+0x693/0xa80
[  741.936335][T20002]  ? xfrm_sk_policy_lookup+0x9d/0x750
[  741.936358][T20002]  ? xfrm_expand_policies+0x41f/0x6a0
[  741.936390][T20002]  xfrm_lookup_with_ifid+0x2a7/0x1a70
[  741.936416][T20002]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  741.936444][T20002]  xfrm_lookup_route+0x3c/0x1c0
[  741.936468][T20002]  udp_sendmsg+0x142e/0x2170
[  741.936499][T20002]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  741.936524][T20002]  ? __pfx_udp_sendmsg+0x10/0x10
[  741.936551][T20002]  ? finish_task_switch+0x18b/0x950
[  741.936588][T20002]  ? __pfx_aa_sk_perm+0x10/0x10
[  741.936615][T20002]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  741.936638][T20002]  ? __asan_memset+0x22/0x50
[  741.936659][T20002]  ? sock_rps_record_flow+0x19/0x410
[  741.936685][T20002]  ? inet_sendmsg+0x29c/0x370
[  741.936709][T20002]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  741.936732][T20002]  __sock_sendmsg+0x19c/0x270
[  741.936760][T20002]  ____sys_sendmsg+0x52d/0x830
[  741.936784][T20002]  ? __pfx_____sys_sendmsg+0x10/0x10
[  741.936812][T20002]  ___sys_sendmsg+0x21f/0x2a0
[  741.936835][T20002]  ? __pfx____sys_sendmsg+0x10/0x10
[  741.936855][T20002]  ? __lock_acquire+0xab9/0xd20
[  741.936897][T20002]  ? __fget_files+0x2a/0x420
[  741.936914][T20002]  ? __fget_files+0x3a0/0x420
[  741.936934][T20002]  __sys_sendmmsg+0x28e/0x430
[  741.936958][T20002]  ? __pfx___sys_sendmmsg+0x10/0x10
[  741.936983][T20002]  ? __pfx_do_futex+0x10/0x10
[  741.937021][T20002]  __ia32_compat_sys_sendmmsg+0xa2/0xc0
[  741.937044][T20002]  __do_fast_syscall_32+0xb6/0x2b0
[  741.937068][T20002]  do_fast_syscall_32+0x34/0x80
[  741.937084][T20002]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  741.937114][T20002] RIP: 0023:0xf702e539
[  741.937139][T20002] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  741.937158][T20002] RSP: 002b:00000000f53fd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000159
[  741.937179][T20002] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080007fc0
[  741.937194][T20002] RDX: 000000000800001d RSI: 0000000000000000 RDI: 0000000000000000
[  741.937208][T20002] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  741.937220][T20002] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  741.937232][T20002] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  741.937252][T20002]  </TASK>
[  741.937259][T20002] 
[  742.300644][T20002] Allocated by task 18694:
[  742.305042][T20002]  kasan_save_track+0x3e/0x80
[  742.309712][T20002]  __kasan_slab_alloc+0x6c/0x80
[  742.314552][T20002]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  742.320001][T20002]  xfrm_state_alloc+0x24/0x2f0
[  742.324750][T20002]  xfrm_state_find+0x37d4/0x5400
[  742.329677][T20002]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  742.335821][T20002]  xfrm_lookup_with_ifid+0x2a7/0x1a70
[  742.341184][T20002]  xfrm_lookup_route+0x3c/0x1c0
[  742.346027][T20002]  udp_sendmsg+0x142e/0x2170
[  742.350611][T20002]  __sock_sendmsg+0x19c/0x270
[  742.355279][T20002]  ____sys_sendmsg+0x52d/0x830
[  742.360048][T20002]  ___sys_sendmsg+0x21f/0x2a0
[  742.364714][T20002]  __sys_sendmmsg+0x28e/0x430
[  742.369384][T20002]  __ia32_compat_sys_sendmmsg+0xa2/0xc0
[  742.374917][T20002]  __do_fast_syscall_32+0xb6/0x2b0
[  742.380013][T20002]  do_fast_syscall_32+0x34/0x80
[  742.384848][T20002]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  742.391164][T20002] 
[  742.393477][T20002] Freed by task 10231:
[  742.397528][T20002]  kasan_save_track+0x3e/0x80
[  742.402226][T20002]  kasan_save_free_info+0x46/0x50
[  742.407238][T20002]  __kasan_slab_free+0x5b/0x80
[  742.411999][T20002]  kmem_cache_free+0x18f/0x400
[  742.416758][T20002]  xfrm_state_gc_task+0x52d/0x6b0
[  742.421777][T20002]  process_scheduled_works+0xae1/0x17b0
[  742.427306][T20002]  worker_thread+0x8a0/0xda0
[  742.431887][T20002]  kthread+0x70e/0x8a0
[  742.435955][T20002]  ret_from_fork+0x3fc/0x770
[  742.440529][T20002]  ret_from_fork_asm+0x1a/0x30
[  742.445289][T20002] 
[  742.447596][T20002] The buggy address belongs to the object at ffff888056cf5540
[  742.447596][T20002]  which belongs to the cache xfrm_state of size 928
[  742.461553][T20002] The buggy address is located 816 bytes inside of
[  742.461553][T20002]  freed 928-byte region [ffff888056cf5540, ffff888056cf58e0)
[  742.475348][T20002] 
[  742.477663][T20002] The buggy address belongs to the physical page:
[  742.484088][T20002] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888056cf4440 pfn:0x56cf4
[  742.494142][T20002] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  742.502625][T20002] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  742.510599][T20002] page_type: f5(slab)
[  742.514570][T20002] raw: 00fff00000000040 ffff888144e99c80 0000000000000000 dead000000000001
[  742.523141][T20002] raw: ffff888056cf4440 00000000000f0004 00000000f5000000 0000000000000000
[  742.531712][T20002] head: 00fff00000000040 ffff888144e99c80 0000000000000000 dead000000000001
[  742.540369][T20002] head: ffff888056cf4440 00000000000f0004 00000000f5000000 0000000000000000
[  742.549028][T20002] head: 00fff00000000002 ffffea00015b3d01 00000000ffffffff 00000000ffffffff
[  742.557686][T20002] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  742.566345][T20002] page dumped because: kasan: bad access detected
[  742.572756][T20002] page_owner tracks the page as allocated
[  742.578453][T20002] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 8141, tgid 8140 (syz.3.721), ts 210011749709, free_ts 176954593430
[  742.597626][T20002]  post_alloc_hook+0x240/0x2a0
[  742.602389][T20002]  get_page_from_freelist+0x21e4/0x22c0
[  742.607920][T20002]  __alloc_frozen_pages_noprof+0x181/0x370
[  742.613713][T20002]  alloc_pages_mpol+0x232/0x4a0
[  742.618556][T20002]  allocate_slab+0x8a/0x370
[  742.623047][T20002]  ___slab_alloc+0xbeb/0x1410
[  742.627805][T20002]  kmem_cache_alloc_noprof+0x283/0x3c0
[  742.633252][T20002]  xfrm_state_alloc+0x24/0x2f0
[  742.638001][T20002]  xfrm_state_find+0x37d4/0x5400
[  742.642922][T20002]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  742.649066][T20002]  xfrm_lookup_with_ifid+0x2a7/0x1a70
[  742.654432][T20002]  xfrm_lookup_route+0x3c/0x1c0
[  742.659272][T20002]  rawv6_sendmsg+0xdab/0x1820
[  742.663944][T20002]  __sock_sendmsg+0x19c/0x270
[  742.668614][T20002]  ____sys_sendmsg+0x52d/0x830
[  742.673365][T20002]  ___sys_sendmsg+0x21f/0x2a0
[  742.678033][T20002] page last free pid 7403 tgid 7403 stack trace:
[  742.684342][T20002]  __free_frozen_pages+0xbc4/0xd30
[  742.689448][T20002]  __put_partials+0x156/0x1a0
[  742.694111][T20002]  put_cpu_partial+0x17c/0x250
[  742.698861][T20002]  __slab_free+0x2d5/0x3c0
[  742.703266][T20002]  qlist_free_all+0x97/0x140
[  742.707847][T20002]  kasan_quarantine_reduce+0x148/0x160
[  742.713297][T20002]  __kasan_slab_alloc+0x22/0x80
[  742.718149][T20002]  __kmalloc_noprof+0x224/0x4f0
[  742.722993][T20002]  tomoyo_realpath_from_path+0xe3/0x5d0
[  742.728526][T20002]  tomoyo_path_perm+0x213/0x4b0
[  742.733368][T20002]  security_inode_getattr+0x12f/0x330
[  742.738732][T20002]  __x64_sys_newfstat+0xfc/0x200
[  742.743655][T20002]  do_syscall_64+0xfa/0x3b0
[  742.748169][T20002]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  742.754049][T20002] 
[  742.756358][T20002] Memory state around the buggy address:
[  742.761968][T20002]  ffff888056cf5700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  742.770059][T20002]  ffff888056cf5780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  742.778112][T20002] >ffff888056cf5800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  742.786168][T20002]                                                              ^
[  742.793883][T20002]  ffff888056cf5880: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  742.802035][T20002]  ffff888056cf5900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  742.810082][T20002] ==================================================================
[  742.852353][T20002] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  742.859568][T20002] CPU: 1 UID: 0 PID: 20002 Comm: syz.4.5199 Not tainted syzkaller #0 PREEMPT(full) 
[  742.868916][T20002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  742.878954][T20002] Call Trace:
[  742.882226][T20002]  <TASK>
[  742.885148][T20002]  dump_stack_lvl+0x99/0x250
[  742.889751][T20002]  ? __asan_memcpy+0x40/0x70
[  742.894319][T20002]  ? __pfx_dump_stack_lvl+0x10/0x10
[  742.899496][T20002]  ? __pfx__printk+0x10/0x10
[  742.904070][T20002]  vpanic+0x281/0x750
[  742.908057][T20002]  ? preempt_schedule+0xae/0xc0
[  742.912891][T20002]  ? __pfx_vpanic+0x10/0x10
[  742.917376][T20002]  ? preempt_schedule_common+0x83/0xd0
[  742.922819][T20002]  ? preempt_schedule+0xae/0xc0
[  742.927650][T20002]  ? __pfx_preempt_schedule+0x10/0x10
[  742.933006][T20002]  panic+0xb9/0xc0
[  742.936707][T20002]  ? __pfx_panic+0x10/0x10
[  742.941101][T20002]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  742.946984][T20002]  ? xfrm_state_find+0x2cf2/0x5400
[  742.952077][T20002]  check_panic_on_warn+0x89/0xb0
[  742.956995][T20002]  ? xfrm_state_find+0x2cf2/0x5400
[  742.962087][T20002]  end_report+0x78/0x160
[  742.966314][T20002]  kasan_report+0x129/0x150
[  742.970800][T20002]  ? xfrm_state_find+0x2cf2/0x5400
[  742.975930][T20002]  xfrm_state_find+0x2cf2/0x5400
[  742.980853][T20002]  ? xfrm_state_find+0x1da/0x5400
[  742.985856][T20002]  ? __pfx_xfrm_state_find+0x10/0x10
[  742.991118][T20002]  ? xfrm4_get_saddr+0xd5/0x140
[  742.995944][T20002]  ? __pfx_xfrm4_get_saddr+0x10/0x10
[  743.001211][T20002]  ? xfrm_resolve_and_create_bundle+0x6e6/0x2f80
[  743.007521][T20002]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  743.013661][T20002]  ? stack_depot_save_flags+0x40/0x860
[  743.019106][T20002]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  743.025673][T20002]  ? __lock_acquire+0xab9/0xd20
[  743.030509][T20002]  ? xfrm_sk_policy_lookup+0x9d/0x750
[  743.035861][T20002]  ? rt_set_nexthop+0x693/0xa80
[  743.040694][T20002]  ? xfrm_sk_policy_lookup+0x9d/0x750
[  743.046045][T20002]  ? xfrm_expand_policies+0x41f/0x6a0
[  743.051396][T20002]  xfrm_lookup_with_ifid+0x2a7/0x1a70
[  743.056751][T20002]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  743.062538][T20002]  xfrm_lookup_route+0x3c/0x1c0
[  743.067370][T20002]  udp_sendmsg+0x142e/0x2170
[  743.071942][T20002]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  743.077471][T20002]  ? __pfx_udp_sendmsg+0x10/0x10
[  743.082393][T20002]  ? finish_task_switch+0x18b/0x950
[  743.087578][T20002]  ? __pfx_aa_sk_perm+0x10/0x10
[  743.092407][T20002]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  743.098801][T20002]  ? __asan_memset+0x22/0x50
[  743.103368][T20002]  ? sock_rps_record_flow+0x19/0x410
[  743.108635][T20002]  ? inet_sendmsg+0x29c/0x370
[  743.113291][T20002]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  743.118579][T20002]  __sock_sendmsg+0x19c/0x270
[  743.123243][T20002]  ____sys_sendmsg+0x52d/0x830
[  743.127993][T20002]  ? __pfx_____sys_sendmsg+0x10/0x10
[  743.133259][T20002]  ___sys_sendmsg+0x21f/0x2a0
[  743.137917][T20002]  ? __pfx____sys_sendmsg+0x10/0x10
[  743.143094][T20002]  ? __lock_acquire+0xab9/0xd20
[  743.147933][T20002]  ? __fget_files+0x2a/0x420
[  743.152505][T20002]  ? __fget_files+0x3a0/0x420
[  743.157181][T20002]  __sys_sendmmsg+0x28e/0x430
[  743.161862][T20002]  ? __pfx___sys_sendmmsg+0x10/0x10
[  743.167065][T20002]  ? __pfx_do_futex+0x10/0x10
[  743.171737][T20002]  __ia32_compat_sys_sendmmsg+0xa2/0xc0
[  743.177264][T20002]  __do_fast_syscall_32+0xb6/0x2b0
[  743.182362][T20002]  do_fast_syscall_32+0x34/0x80
[  743.187198][T20002]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  743.193510][T20002] RIP: 0023:0xf702e539
[  743.197558][T20002] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  743.217146][T20002] RSP: 002b:00000000f53fd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000159
[  743.225539][T20002] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080007fc0
[  743.233494][T20002] RDX: 000000000800001d RSI: 0000000000000000 RDI: 0000000000000000
[  743.241444][T20002] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  743.249394][T20002] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  743.257344][T20002] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  743.265298][T20002]  </TASK>
[  743.268564][T20002] Kernel Offset: disabled
[  743.272871][T20002] Rebooting in 86400 seconds..