last executing test programs:

12.264015126s ago: executing program 2 (id=2874):
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/dev\x00')
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1872360611f2a5176b240000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000fd"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan0\x00'})
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=ANY=[], 0x80}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x8000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x42}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000380)='mm_lru_insertion\x00', r2}, 0x10)
setresgid(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, 0xffffffffffffffff, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
r4 = eventfd(0x8040001)
ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r5, &(0x7f0000000240), 0x0, 0x7ff, 0x8)
socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f00000001c0))
ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f00000005c0)={0x1, r4})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f00000003c0)={0x0, 0x1, 0x0, &(0x7f0000000080)=""/17, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/73, &(0x7f0000000880)=""/72})
ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
ioctl$VHOST_SET_LOG_BASE(r3, 0x4008af04, &(0x7f0000000340)=&(0x7f00000002c0))
r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$AUTOFS_IOC_FAIL(r6, 0x9361, 0x1)

10.199470146s ago: executing program 2 (id=2881):
socket$alg(0x26, 0x5, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
syz_open_dev$audion(0x0, 0x0, 0x0)
mmap$IORING_OFF_SQES(&(0x7f00001f0000/0x4000)=nil, 0x4000, 0x1000005, 0x8010, 0xffffffffffffffff, 0x10000000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(0xffffffffffffffff, 0x7a5, &(0x7f00000000c0)={{@my=0x0}, 0x0, 0x1})
preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600707, 0x19)

8.442589975s ago: executing program 1 (id=2887):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000580)=[{&(0x7f0000000640)=""/102396, 0x18ffc}], 0x1, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000740)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @loopback, @loopback}, "1400000023000000"}}}}}, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map}, 0x10)
fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000100)=ANY=[@ANYBLOB="2c0000002600bdab"], 0x2c}}, 0x0)
sendmsg$SMC_PNETID_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040), 0x10)
ioctl$IOCTL_CONFIG_SYS_RESOURCE_PARAMETERS(0xffffffffffffffff, 0x40096100, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
r3 = accept4(r2, 0x0, 0x0, 0x0)
sendmmsg$alg(r3, &(0x7f0000003540)=[{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000180)="31ab732abda06e22281b2f0df75394f09d", 0x11}], 0x1}], 0x1, 0x0)
recvmmsg(r3, &(0x7f0000006900)=[{{0x0, 0x0, &(0x7f0000000ec0)=[{&(0x7f0000000a00)=""/166, 0xa6}], 0x1}}], 0x1, 0x60, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x2}}, 0x2e)
close(r4)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @broadcast}, 0x2, 0x0, 0x0, 0x3}}, 0x2e)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x90)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)

8.081044525s ago: executing program 2 (id=2888):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000300)={&(0x7f0000000440)={0x8c, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'ovf\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2f}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3}]}, @IPVS_CMD_ATTR_DAEMON={0x38, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0xff}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x40}]}, 0x8c}, 0x1, 0x0, 0x0, 0x44041}, 0x80)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syz_tun\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01000000000000000000080000000c00018008000100", @ANYRES32=r3, @ANYBLOB="44b0030b5321940f0d7f5d444da27b0fe58d6b4d6e3c8e72153b4aef9370077be8e9de1781c8d7f4793be6398ee97f138006abee299d98480b13dde90000000000000000"], 0x20}}, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f0000000000), 0xc)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x8, 0xad, 0x1000}, 0x9c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = dup(0xffffffffffffffff)
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000004000000009100000000000800000200000000001c"])
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1a, 0x0, &(0x7f0000000040)=0x18)
sendmsg$NL80211_CMD_DEL_STATION(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x24}}, 0x0)
r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$qrtrtun(0xffffffffffffffff, &(0x7f00000000c0)=""/97, 0x61)
preadv(r6, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
syz_usbip_server_init(0x5)
close_range(r0, 0xffffffffffffffff, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0x36}, 0x1f, 0x0, 0x0, 0x0, 0x6}, 0x20)
r7 = socket$inet6(0xa, 0x3, 0x80)
setsockopt$sock_linger(r7, 0x1, 0xd, &(0x7f0000000040)={0x1}, 0x8)
close(r7)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904000001a7a00f00090582020002"], 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)

7.780595063s ago: executing program 1 (id=2891):
r0 = openat$binder_debug(0xffffff9c, &(0x7f0000000980)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
read(r0, &(0x7f0000000b00)=""/205, 0xcd) (fail_nth: 2)

7.326803569s ago: executing program 3 (id=2893):
r0 = syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x0)
ioctl$CEC_RECEIVE(r0, 0xc0386106, &(0x7f0000000000)={0x0, 0x0, 0xfffffffc, 0x1000000, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd})
timer_create(0x3, &(0x7f00000000c0)={0x0, 0x1d, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000100))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = syz_open_dev$sndpcmp(&(0x7f0000000240), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r4, 0xc25c4110, &(0x7f0000000980)={0x0, [[0x5], [0xdd2], [0x0, 0x5]], '\x00', [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xfffffffd}, {0xfffffffe}], '\x00', 0x0, 0x0, 0x0, 0x2})
dup(r3)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)=ANY=[])
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x3000001, 0x4010, r6, 0x1a241000)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4)
bind$inet(r6, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r6, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x400, 0x10)
setsockopt$pppl2tp_PPPOL2TP_SO_REORDERTO(r7, 0x111, 0x5, 0x100, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newqdisc={0x24}, 0x24}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000300)={'wlan1\x00'})
r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r9, 0xc058534f, &(0x7f0000000380)={{0x0, 0x1}, 0x0, 0x1})

7.263674388s ago: executing program 1 (id=2894):
socket$packet(0x11, 0x0, 0x300)
socket$packet(0x11, 0x3, 0x300)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb007}, 0x4)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000004c0)={'geneve0\x00', <r3=>0x0})
sendto$packet(r1, &(0x7f0000000180)="0b051000e0ff030006004788aa96a13bb100000000000800400f", 0x10000, 0x0, &(0x7f0000000140)={0x11, 0x0, r3}, 0x14)
r4 = syz_open_dev$loop(&(0x7f0000001b40), 0x5, 0x20001)
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="12010100000000105801000100000000000109022400010000002009040000010300000009210000000122dc01090589"], 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000080)={@local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00cd04", 0x10, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x1}}}}}}, 0x0)
r6 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r6, &(0x7f0000000140)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e24, 0x7, @private2, 0xfffffff8}}, 0x24)
sendmmsg(r6, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0xe000}, 0x5}, {{&(0x7f0000000540)=@hci={0x1f, 0xffffffffffffffff, 0x1}, 0x80, &(0x7f0000000b80)=[{&(0x7f0000001040)="67e6de0ab6dea771d6694956029a184ab026dd5254c774a66e853d4139f6132f5b396d706b3c9c39cea4d2143a9c2fb3b617b8f0c1ceeee99d40a80cfc66c9128dacfa2dd20dee3174d9c11d872a1a5ca07470e8ea583e32cd27d68b3cf8e2210aba007334a6bef1ae34e64421fda7160977a3e309f4a04f74b3a93b6a9ab319174d833f5f25401f27498e21fa6803fe1b02ff43d3311e86ee4aa7e8bbcc1f70cdc50c6985aab03e155c7195818082aeea6d3b90d8cf0e3c018e9558b4d306285a78634647adc5002bdc0fccc781c6", 0xcf}, {&(0x7f00000006c0)="1beb32bf5d29588a3fbf4270469f6ff3d395b4f7c244a4d847eaadeefbc2fd51ba5e29000775f761c555efeb167ba9dc19267bcbaba377aa65b2c722d6520838156fe229358b8af34d918aed6379e88a47c4cdc0b5ea9b14d7472289d288ab3a7f5303ba4181e79810f73183ea0c9282aab9602eeb65154d8c424d14c7c63cf759b7e4db1d8bff93edccfb6ba069d91a9844da8e48a1adef8ddf4824e02ae4", 0x9f}, {&(0x7f0000001140)="244c67a88999081b515e662636ff051a028ea646cce47a31407699fe5c2d46978970ecee63bd472bc6731b754d0e29c4817d56c0a85e6f2c71cc8d1d230e3133ee7253e4845ed993a68766fd08197633941fc45a9ae0f59b6e884a2640a43d40a8a776079b0f12a1935333279706079d6da9ef2871836dfa93cf8f83ceb18dde6fe1ac32a98f2139a71127adf25d8d30448f3cd617eae2c033f93776328669a78c58f2b74020c28369505c0137e06935d1b2fe8d54d033e5b45ecd7d3aa30111d5d81717f836f2675072661d62deb0e7fa0f942a0bd57c3f94b8be368c9b00173c281e58332f1a421f97914ef4c0cf8f81aad6903649c3427237351f24d0e6d3a182dee3114d00ac9f22a1a8a6e8af44b5129854cd5a98c0903bdd53183abba52234e91180997f9691e26d4b280b13ef8663fded47cbed7c757d14bb07f80e2078d1b3d2e3bf69f38e5ad664079cd6b8c12328a6b1f6cddaebef1039c921db33b39c69d47afeaf4b8b5c80c2ce4c74ce8b36ef1e4fc66da86389b7df5f2327c737c99c86c5504f242f6c3ecffe9b2d8fe3ab8daea7ecfd5c41a0ba02dd8e6a6cc2174217b2783875e32f9a9efcc8f34ea49632074ee01d3af9fbb40538e605f50878ec3785fd9cf48fe8ff5bfae86f49e0fa75aca1e3e5e784b08ed99d6083fccca1ad1ec6a4d22d2b4a3f5f5f5aeb18a56c35df85b4320c85def30fe54b083b17a4c66b07cf3f7a074e396b0186e0a9d29fe5b890cb8b9abc0ad5e0996851427ec663", 0x223}, {&(0x7f0000000880)="069d1d476bf1ae0be8ab43dd4f773f946417b8fdade32eac1b020f958c18f78d0302c63675b55090b76ced874f34b726eb30c6d55c52cbf4e8867a978bda7324b6c3ca8d0ec185364c5cae43b780121c3e", 0x51}, {&(0x7f0000000900)="ab565b19a477a160c825dace56e1d0bce9bef7131dc0af24e77ee9ac2453ed98d8238266daad63", 0x27}, {&(0x7f0000000940)="a3fb904d9d7075acfc7f28356e380d441c603522a26173c3ef9c66e9c69d5029310d0997524f299649dbce8c2fde72196b28c6b23f5d49da1a13891f1fc28e1b24a2b929c0121a2eee66ff52cb3d64ad429793392291ee95ccb1545258fe9450ec8a052f1968a152cb9c", 0x6a}, {&(0x7f00000009c0)="5617948f7556fafd3c710d39b508971dbcef4020a0554c35636f1d3dd9e7028404d3195b8d085ee79a8a250e260f88f3efe9fa16dedbd4ffec67c28be439ca18d6e742d974ddca8d9edad77b39aec239d0cbfe325250a7e4ff76e3a5cfaf4f436cce5d54dfc6a18ca49ee9a84ff5d3568e9113b83e8b5fd0c51f040d3ff4c203a0f3b6f2d539f64aa9d68202d2a265615c13745d32d0047dd2f261f6a6b24155ec9c2186f45af774d46f7bc6ff0ece7b3b1d88755dd6cf20fe8fba5b780d53d72a5a9855f880240c9f5e525acb58254cd73ce245dcf453d0636b7b", 0xdb}, {&(0x7f0000000ac0)="dd04a32068aeca292027c82b90628385c3ac651e5a48b120de6062422bd67558ca59f30da7f180de3857b06ea9ef3846e5574dda848e2345e67ecbedfeeca896b5c9c64b1179c8b17df927c1fd4e816923d89beeb6d98e863fd41921f3cd9b7ee1403310ab7d802f38d537ccd1f75d9638576ca71b278dd2ab48c741dce85012c5d93206be", 0x85}], 0x8, &(0x7f0000000c00)=[{0xd0, 0x117, 0x0, "97726c7a9b4bb750988c4a2c869f6c13ebf2a9cbb5ec6e8e7ce02114a2cb40b6f8e8dda659e9ef47db61436f0e21d71c8847443b328e2440e024be5605673777a1484a643d756c13b2c35e42aff0861301b00fff06675ff7cc54ead3fff0aeb3a0503566abd950e0f65d5566778b08493355268f6a30e2eba887ede1e8b6e8e01d0ec3643f18c7909c7528108ab8f4fcbaa93aba7ed3c23fd42631c83d5e1e68aa1d3fb4fa1730888046b785bec475c3ca6645ac54d68543c8a6081276c8b67758e2"}, {0x70, 0x10a, 0x2, "4ed334603c48314d6dc8a8d1c3afeea522edd7e0d583fd3682b048a07789986ded8b728f6e0036907e88d0e8b9d57a91f1e82f81c972275ebbd0fa1935651b00b1a263c095b1cdf982f93252dabe9b703c0f925cfce50887a789ec5bf53f6b064e6de317"}], 0x140}}], 0x2, 0xfffe)
openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0)
openat$tun(0xffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0)
close(r7)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000003c0))
ioctl$SIOCSIFHWADDR(r7, 0x8b07, &(0x7f0000000000)={'wlan1\x00', @random="060000000010"})
syz_usb_control_io$hid(r5, 0x0, 0x0)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='cpu.idle\x00', 0x2, 0x0)
syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12011003000012002505a8a4f0"], 0x0)
syz_usb_control_io(r5, &(0x7f00000000c0)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0)
ioctl$LOOP_SET_CAPACITY(r4, 0x4c07)

6.709356693s ago: executing program 4 (id=2896):
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$l2tp(0x2, 0x2, 0x73)
pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='freezer.self_freezing\x00', 0x0, 0x0)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r2)
sendmsg$IPVS_CMD_NEW_SERVICE(r3, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYBLOB="b4000000", @ANYRES16=r4, @ANYBLOB="000425bd7000ffdbdf250100000038000180060004004e2300000c0007000800000000000000060004004e23000008000b08006970000600020001000000080009002c000000080005006fbeff0f00001c000180090006006c626c6300000000090006006e6f6e65000000000c000280080007000700000028000180080009004c00000014000300ff020000010000000000000000000001070006007272000008000600060000000800060000006ffd6fbeb4b5cd0136c0de06c049e1f9bb5f91"], 0xb4}, 0x1, 0x0, 0x0, 0x4}, 0x20008000)
sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000040)={&(0x7f0000000240)={0x7c, r4, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0x24, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x4}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0xc2}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x80000000}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xfd}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4001}, 0x24040085)
sendmsg$IPVS_CMD_DEL_DEST(r0, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x1c, r4, 0x4, 0x70bd2c, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc1}, 0x2000c000)
openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
creat(&(0x7f0000000040)='./file0\x00', 0x0)
inotify_init()
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0xc0341, 0x0)
open(&(0x7f00000002c0)='./bus\x00', 0x0, 0x0)
socket$inet6(0xa, 0x6, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
pipe(&(0x7f0000000480))
r5 = syz_open_dev$vim2m(&(0x7f0000000140), 0x0, 0x2)
setsockopt$inet6_tcp_int(r0, 0x6, 0x17, &(0x7f00000003c0)=0xd, 0x4)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000300), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r6, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000080)=0x3)
ioctl$TCSETSW(r7, 0x5403, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0cc5605, &(0x7f0000000180)={0x0, @sdr})

6.595067347s ago: executing program 4 (id=2897):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x44041}, 0x80)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syz_tun\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01000000000000000000080000000c00018008000100", @ANYRES32=r3, @ANYBLOB="44b0030b5321940f0d7f5d444da27b0fe58d6b4d6e3c8e72153b4aef9370077be8e9de1781c8d7f4793be6398ee97f138006abee299d98480b13dde90000000000000000"], 0x20}}, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f0000000000), 0xc)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x8, 0xad, 0x1000}, 0x9c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = dup(0xffffffffffffffff)
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000004000000009100000000000800000200000000001c"])
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1a, 0x0, &(0x7f0000000040)=0x18)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_STATION(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYRES16=r6], 0x24}}, 0x0)
r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$qrtrtun(0xffffffffffffffff, &(0x7f00000000c0)=""/97, 0x61)
preadv(r7, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
syz_usbip_server_init(0x5)
close_range(r0, 0xffffffffffffffff, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x80)
setsockopt$sock_linger(r8, 0x1, 0xd, &(0x7f0000000040)={0x1}, 0x8)
close(r8)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904000001a7a00f00090582020002"], 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)

6.186213533s ago: executing program 3 (id=2898):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = socket(0x39, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'sit0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x34, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP6_TC={0x5}}, @NHA_OIF={0x8, 0x5, r2}]}, 0x34}}, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmmsg$alg(r4, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/73, 0x49}], 0x1}, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=<r5=>0x0)
r6 = syz_open_procfs(r5, &(0x7f0000000100)='ns\x00')
fchdir(r6)
truncate(&(0x7f00000000c0)='./cgroup\x00', 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58)
openat$nullb(0xffffff9c, &(0x7f0000000180), 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000024c0)="3665a1ab76d96c30d50edf834841f6afe970e1835bbbd0e306a1c491d5b7220203feeb5dd9d5948e080f73798052d544d60b2a1967cbbf9a10", 0x39)

5.943227032s ago: executing program 3 (id=2899):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000300)={&(0x7f0000000440)={0x84, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'ovf\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2f}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3}]}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0xff}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x40}]}, 0x84}, 0x1, 0x0, 0x0, 0x44041}, 0x80)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syz_tun\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01000000000000000000080000000c00018008000100", @ANYRES32=r3, @ANYBLOB="44b0030b5321940f0d7f5d444da27b0fe58d6b4d6e3c8e72153b4aef9370077be8e9de1781c8d7f4793be6398ee97f138006abee299d98480b13dde90000000000000000"], 0x20}}, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f0000000000), 0xc)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x8, 0xad, 0x1000}, 0x9c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = dup(0xffffffffffffffff)
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000004000000009100000000000800000200000000001c"])
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1a, 0x0, &(0x7f0000000040)=0x18)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_STATION(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYRES16=r6], 0x24}}, 0x0)
r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$qrtrtun(0xffffffffffffffff, &(0x7f00000000c0)=""/97, 0x61)
preadv(r7, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
syz_usbip_server_init(0x5)
close_range(r0, 0xffffffffffffffff, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0x36}, 0x1f, 0x0, 0x0, 0x0, 0x6}, 0x20)
r8 = socket$inet6(0xa, 0x3, 0x80)
setsockopt$sock_linger(r8, 0x1, 0xd, &(0x7f0000000040)={0x1}, 0x8)
close(r8)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904000001a7a00f00090582020002"], 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)

5.42936164s ago: executing program 2 (id=2900):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000300)={&(0x7f0000000440)={0x8c, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'ovf\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2f}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3}]}, @IPVS_CMD_ATTR_DAEMON={0x38, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0xff}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x40}]}, 0x8c}, 0x1, 0x0, 0x0, 0x44041}, 0x80)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syz_tun\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01000000000000000000080000000c00018008000100", @ANYRES32=r3, @ANYBLOB="44b0030b5321940f0d7f5d444da27b0fe58d6b4d6e3c8e72153b4aef9370077be8e9de1781c8d7f4793be6398ee97f138006abee299d98480b13dde90000000000000000"], 0x20}}, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f0000000000), 0xc)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x8, 0xad, 0x1000}, 0x9c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
dup(0xffffffffffffffff)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1a, 0x0, &(0x7f0000000040)=0x18)
sendmsg$NL80211_CMD_DEL_STATION(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x24}}, 0x0)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$qrtrtun(0xffffffffffffffff, &(0x7f00000000c0)=""/97, 0x61)
preadv(r5, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
syz_usbip_server_init(0x5)
close_range(r0, 0xffffffffffffffff, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0x36}, 0x1f, 0x0, 0x0, 0x0, 0x6}, 0x20)
r6 = socket$inet6(0xa, 0x3, 0x80)
setsockopt$sock_linger(r6, 0x1, 0xd, &(0x7f0000000040)={0x1}, 0x8)
close(r6)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904000001a7a00f00090582020002"], 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)

4.943366536s ago: executing program 1 (id=2902):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
syz_open_dev$vbi(0x0, 0x3, 0x2)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x48, r1, 0x5, 0x0, 0x0, {{0x12}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@device_b}, @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x8000, 0x1}}]}, 0x48}}, 0x0)

4.539216982s ago: executing program 1 (id=2903):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000300)={&(0x7f0000000440)={0x54, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'ovf\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2f}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x40}]}, 0x54}, 0x1, 0x0, 0x0, 0x44041}, 0x80)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syz_tun\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01000000000000000000080000000c00018008000100", @ANYRES32=r3, @ANYBLOB="44b0030b5321940f0d7f5d444da27b0fe58d6b4d6e3c8e72153b4aef9370077be8e9de1781c8d7f4793be6398ee97f138006abee299d98480b13dde90000000000000000"], 0x20}}, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f0000000000), 0xc)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x8, 0xad, 0x1000}, 0x9c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = dup(0xffffffffffffffff)
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000004000000009100000000000800000200000000001c"])
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1a, 0x0, &(0x7f0000000040)=0x18)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_STATION(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYRES16=r6], 0x24}}, 0x0)
r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$qrtrtun(0xffffffffffffffff, &(0x7f00000000c0)=""/97, 0x61)
preadv(r7, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
syz_usbip_server_init(0x5)
close_range(r0, 0xffffffffffffffff, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0x36}, 0x1f, 0x0, 0x0, 0x0, 0x6}, 0x20)
r8 = socket$inet6(0xa, 0x3, 0x80)
setsockopt$sock_linger(r8, 0x1, 0xd, &(0x7f0000000040)={0x1}, 0x8)
close(r8)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904000001a7a00f00090582020002"], 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)

4.013727044s ago: executing program 3 (id=2905):
socket(0x0, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
dup(0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x20, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}]}, 0x20}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000500)=0x20000000005)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000100)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
r3 = syz_io_uring_setup(0x110, &(0x7f0000000480), &(0x7f0000000240)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r6 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
shmat(r6, &(0x7f0000ffc000/0x3000)=nil, 0x4000)
shmctl$IPC_RMID(r6, 0x0)
remap_file_pages(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xffffffffffffffff)
r7 = socket$packet(0x11, 0x3, 0x300)
syz_open_dev$sndmidi(&(0x7f0000000080), 0xc, 0x0)
syz_open_dev$amidi(&(0x7f0000000040), 0x2, 0x2)
syz_open_dev$amidi(&(0x7f0000000140), 0x2, 0x181)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'veth0_to_hsr\x00'})
syz_io_uring_submit(0x0, r5, &(0x7f0000000340)=@IORING_OP_SPLICE={0x1e, 0xa, 0x0, @fd, 0x7})
io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0)

3.918772584s ago: executing program 4 (id=2906):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000003b00)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
r3 = epoll_create(0x4)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000000))
epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, r2, &(0x7f0000000040)={0x16000000b})
epoll_wait(r3, &(0x7f0000000180), 0x0, 0x9e3e)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)={0x38, 0x2, 0x1, 0x3, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0xffffffffffffffcb, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x4}}]}]}, 0x38}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}}, 0x1c}}, 0x0)
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newsa={0x150, 0x10, 0x400, 0x0, 0x0, {{@in=@loopback, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in=@loopback, 0x0, 0x32}, @in6=@private1, {0x0, 0x0, 0x0, 0x1f}, {}, {}, 0x0, 0x0, 0xa}, [@algo_aead={0x60, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xa0, 0x80, "25cac5216d1c8af0a976902918bf448c5d9f5459"}}]}, 0x150}}, 0x0)
r11 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$PIO_UNIMAP(r11, 0x4b67, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x8000, 0x6}]})
r12 = socket(0x22, 0x2, 0x3)
getsockopt$packet_buf(r12, 0x107, 0x1, &(0x7f0000000240)=""/1, &(0x7f0000002180)=0x1)
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xa7, 0xf3, 0x98, 0x8, 0x547, 0x7303, 0xc4ff, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x58, 0x22, 0xd3}}]}}]}}, 0x0)

3.434211668s ago: executing program 2 (id=2908):
r0 = socket$unix(0x1, 0x1, 0x0)
getsockopt(r0, 0x1, 0x5, &(0x7f00000014c0)=""/181, &(0x7f0000001580)=0xb5) (fail_nth: 2)

3.36319284s ago: executing program 3 (id=2909):
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x48241, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02180000100000000000000000000000030006000000000002004e2300000000000000000000000008001200000000000000000000000000170000000000000000000000000000000200"/85], 0x80}}, 0x0)
syz_usb_connect$uac1(0x0, 0x8a, &(0x7f0000000400)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x78, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@processing_unit={0x8, 0x24, 0x7, 0x0, 0x0, 0x0, '2'}, @output_terminal={0x9}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x0, 0x0, 0xa1}]}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, &(0x7f00000006c0)={0x0, 0x0, 0x25, &(0x7f0000000500)={0x5, 0xf, 0x25, 0x2, [@ss_container_id={0x14, 0x10, 0x4, 0x0, "79f03953c4c96fe6b1d67b8b584cc085"}, @ssp_cap={0xc}]}, 0x4, [{0x4, &(0x7f0000000540)=@lang_id={0x4, 0x3, 0x415}}, {0x2, &(0x7f0000000580)=@string={0x2}}, {0x4, &(0x7f0000000640)=@lang_id={0x4}}, {0x0, 0x0}]})
sendto$packet(0xffffffffffffffff, &(0x7f00000002c0)="05040500d3fc09000000478803", 0xd, 0x0, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000003c80)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_BETA={0x8}, @TCA_FQ_PIE_QUANTUM={0x8, 0x7, 0x40}]}}]}, 0x44}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000380), 0xffffffffffffffff)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r9=>0x0})
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r6, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000900)={0xec, r7, 0x1, 0x70bd29, 0x0, {}, [@HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_macvtap\x00'}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}]}, @HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0xec}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
r11 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
getsockname$packet(r11, &(0x7f0000000080)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001100)=ANY=[@ANYBLOB, @ANYRES32=r12, @ANYBLOB="20000100", @ANYRES32, @ANYBLOB="000000000000000000000000000000000000b57d57cf3590e17f2ba104f6c8de42672f1824db1b1cfc6c2706feebd9bb82854539d3c0047b0adebeb8d142f548ebc20f0a00a2b1421628e6034facfdc66e70479e5db119dfd3a661b437b5d1be003b9ed939c441cac807dbf0ca315547aa59b23b282319e79247fd1f7b9c6b25007935d6178e27ed1b8eaf7ab016"], 0x38}, 0x1, 0xf00}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000180)={'vxcan0\x00', <r13=>0x0})
sendmsg$ETHTOOL_MSG_PAUSE_SET(r3, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xac, r7, 0x300, 0x70bd27, 0x25dfdbfd, {}, [@ETHTOOL_A_PAUSE_TX={0x5}, @ETHTOOL_A_PAUSE_TX={0x5}, @ETHTOOL_A_PAUSE_TX={0x5}, @ETHTOOL_A_PAUSE_RX={0x5}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x1}, @ETHTOOL_A_PAUSE_HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}]}, @ETHTOOL_A_PAUSE_AUTONEG={0x5, 0x2, 0x1}, @ETHTOOL_A_PAUSE_AUTONEG={0x5}]}, 0xac}, 0x1, 0x0, 0x0, 0x20040000}, 0x20040014)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r14=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r14, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}, 0x1, 0x0, 0x0, 0x20000004}, 0x4)

3.320502015s ago: executing program 0 (id=2910):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x10}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x16}, @NFTA_BITWISE_DATA={0xc, 0x7, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, "18"}]}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x8c}}, 0x0)

2.914398599s ago: executing program 0 (id=2911):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)=@hci={0x1f, 0x3}, 0x80, 0x0}, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x0, 0x0)
mbind(&(0x7f00005f7000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000f62000/0x3000)=nil, 0x3000, 0x2)
mlock2(&(0x7f0000b00000/0x3000)=nil, 0x3000, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, 0x0)
ioctl$HIDIOCAPPLICATION(r1, 0x4802, 0x10001)
bind$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x3, 0x0, 0x1, 0xc1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3f}}, 0x14)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="020300000a000000000000000000000003000600000000000200060000000000000000000000000002000100000000000000001800000000030005000000000002"], 0x50}, 0x1, 0x7}, 0x0)

2.891221285s ago: executing program 2 (id=2912):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
set_thread_area(&(0x7f0000000080)={0x3, 0x20001000, 0xe45606ae9e24e1c8, 0x0, 0x3, 0x1, 0x1, 0x0, 0x1})
syz_open_dev$usbmon(&(0x7f0000000140), 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d000905820349"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
readv(r0, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/152, 0x98}], 0x1)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000200), 0xffffffffffffffff)
r1 = io_uring_setup(0x354a, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x4000000})
r2 = socket(0x2b, 0x1, 0x1)
setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, &(0x7f0000002780)=ANY=[@ANYBLOB="00020201"], 0x18)
socket(0x29, 0x2, 0x4)
setsockopt(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x1, 0x84)
bind$inet6(r3, &(0x7f0000ed3fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
shutdown(r3, 0x0)
setsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f0000000040)={0x1, 0xffffffff}, 0x8)
sendto$inet6(r3, &(0x7f0000000100)="bc", 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
close(r3)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c)
ioctl$sock_SIOCGIFINDEX(r2, 0x894b, &(0x7f00000002c0)={'bond0\x00'})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000580)=[{&(0x7f0000000000)=""/53, 0x35}, {&(0x7f0000000180)=""/173, 0xad}, {&(0x7f0000000080)=""/121, 0x79}, {&(0x7f0000000300)=""/151, 0x97}, {&(0x7f00000003c0)=""/188, 0xbc}, {&(0x7f0000000480)=""/226, 0xe2}, {&(0x7f0000000240)=""/81, 0x51}], 0x7)
io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r4, &(0x7f000047b000)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
listen(r4, 0x400000001ffffffd)
r5 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r6 = accept4(r4, 0x0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r6, 0x8933, &(0x7f0000000240)={'wg0\x00'})
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, 0x0, 0x0)

2.439533962s ago: executing program 0 (id=2913):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
syz_open_dev$vbi(0x0, 0x3, 0x2)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x48, r1, 0x5, 0x0, 0x0, {{0x12}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@device_b}, @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x8000, 0x1}}]}, 0x48}}, 0x0)

2.263108464s ago: executing program 0 (id=2914):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504, 0x0, 0xffffffffffffffff, 0x1}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r0}, 0x38)
bpf$OBJ_PIN_MAP(0x6, &(0x7f00000005c0)=@generic={&(0x7f0000000580)='./file0\x00', r0}, 0x18)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
gettid()
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r4=>0x0})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000480)={&(0x7f0000000840)=ANY=[@ANYBLOB="9feb010018080000000000001c0000001c00000009000000000000000000000ce4ff0000000000000000000e005772b900031400"/61], 0x0, 0x3d, 0xfffffdd0}, 0x20)
socket$packet(0x11, 0x3, 0x300)
ioctl$FS_IOC_SETVERSION(r1, 0x40087602, 0x0)
mmap(&(0x7f0000abb000/0x1000)=nil, 0x1000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x0)
splice(0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x20, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r7=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000009c0)=@newlink={0x50, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x74, r7, 0x0, 0x11203}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x7}, @IFLA_BR_STP_STATE={0x8, 0x5, 0x1}, @IFLA_BR_MCAST_MEMBERSHIP_INTVL={0xc, 0x1f, 0x5}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x4854}, 0x10)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r8, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={0x0}, 0x1, 0x0, 0x0, 0x50}, 0x0)
sendmsg$TIPC_NL_NAME_TABLE_GET(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000540), r9)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), r8)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000043c0)={&(0x7f0000004240), 0xc, &(0x7f0000004340)={&(0x7f0000004280)={0xb4, 0x2, 0x6, 0x101, 0x0, 0x0, {0x7, 0x0, 0x8}, [@IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8}, @IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x48, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}, @IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}}}, @IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0x20000}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1}}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0xb4}, 0x1, 0x0, 0x0, 0x800}, 0x800)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000a40)={0xffffffffffffffff, 0xffffffffffffffff, 0x24, 0x0, @val=@iter={&(0x7f0000000040)=@task={0x0, 0x0, r2}, 0x10}}, 0x40)
sendmsg$sock(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)="869b132bd023614380db065e0361c17ea4a123b3bb9e097016930f86e5770aad078c4c277a1395029b04e6e395582175a5a51337a9cca6caa5dbca7d39f50d3c0953ced75eb50ab4bd376a823a25e25fedb026cc0bfe050a853add29e084638e80ea15d545bc95fa88627d7655fabad382915947827999877ccda8219594061cf48fe5dab16ef146649e7e028814bfaf30cab93eb504eed401a2fb150716a6846135fbe3ed3b14696dfa17f7f4e2c25287e53088614a50682c0c2fc16acefd8d9efd4fda8c9e43260fc9fdfb1c88e806ed60f2ada4838b9121780a8f84cdbf51e94b168394c9548cf4ec13209f4c6b61f836", 0xf2}, {&(0x7f0000000180)="63dc795835b4abc3c66a6e43fea75ec65048efda024fdf35087571dc1d1b616c974a193938ab50c5a9040e493af0d8b3fd64c4b6c4e240f82c33fa04565e96627b710e1a1bed2b0bf3b639a0330dfd84769348c374bc3df81dcba87c805741808d97453f774927a7eac58c92dcb5bbe6c7f3c8928c6f67fce77871e66b", 0x7d}, {&(0x7f0000000200)="e6fa9509b3792cd8646ebb9e5cd3c4a3c0298aa2f0e9af3211b9955da6183790f633515fc57370dc7213c5344ed303e14a4df7bdf7c927fdba448e0f08f7279b9dcdeaf9da197bebd94e1cef1fdc75679ea9503c9d7d41", 0x57}, {&(0x7f0000000280)="bade6986c4232e27e3f99c07302eade2ff6d6f759679f4facdf6527ccd2990bf067d2035a5a40b89881da26e8e31b8a69542e9c28544292a9f7b98ed76ec55f43051e0f5c054e218f68921671d930e4482680ecdb7b48da951639612eb96e3f5dde849be9be09d7c4344", 0x6a}, {&(0x7f0000000300)="cbc573c9900f51448fab2864e1d1172045", 0x11}, {&(0x7f0000000600)="69696a2eb5907059f0370a5ba21355df079580fd33926bec09e99699f0960e85f9d91460b2947c904a8acf656c6e23a43f4dc3e92b7d77ec9aaaf088ca48ad96bfd101765a1adf01e755d2329b21aaac6149c57824de3ce43197564c77506f75a5add1ae48665fef0125251ee4be13d52411e1f3dfd3763e7a104fba0ba9b233a6ee231fe2ef568913742d92623204816163cabcc0061c63f76309014825a1c4c2c0f75ac60255441d5f7f88fcebfa8e030abe32f57f9728cb43b2388c2dd42f7d49d72377f1cdad2b0cb966817bdac2efa3c940d7d777e14a16155431b4ae91eeca06049ad60b0d2ddcee489f42a6bc48578dbc423f64cd8b3443aa60abfb7b3e02ec6e60f117bfaffa0b4fcb969bf68d77b2a41f8e436dbeb5eece3de20b8213029ad65cc9f5e75d1804b1871ba1023b337a486eaf18f323934e4322aa66406fe8c943406cfd0584e0ea68d2f2ef985c4c63de2b1601a6f4afe85fa1021e9124d2303069fd5223dec6a10ac6a329d3e4614c2e810c0a1f198cc8160793f0258fba6e870c16646c71cb6f142d7c8524476c2371f3e5d1a1d60a31245b8a2fbec5ef72d3b3e8a2b931e15de41bc3107b13dfaf16373c6af4ee6e9b1c063d09ef7a6804b7f6c4086113e7d05862aa141321d37287c4fc166dd91b73d662eb36b82b7667ec6ffebb707d5146440113b41b01646080f894a3015fa9aa17d85f4824dc7dfc32c8ccc7816ff9c2756306403e65018731978a9193579c71f7a5c0c6edd6823807873785cc8f25d281dc82657490e0b94e64051b587d70039b957cf98a4cface5be6ebf35c5dcba41a099574f750c02c59ef68d1dfd79b012f3e1f7b5801c67b196e9c6ff1defe0b8a73f7e22526a5d063c3d5ea5c0d746091a0d52923adf8c2fec2fe9d54a9e8f135842b38307253a399058403ff1761543a5cda1245f648e27d8bd2e7b8f6a93ccc46053690078b6897b1f0ccd351882ed4348a39b628e48ef87d962c6b1a138c80db1a132e005b5ce38a6c02837163a1db0115deba0244f255771a8629e106add608676c981cf63228f28b62b3d487538f69a2d776dbf8bf27824ed9c061df32a602d3ed4c2f9baff1b25ff492c522324ea33836bd873c24ff236538bca01103f2738082b6909fc30fdffe19cfe2a57904368b13543e97e453246f1349356cb8a3dd3b3941e1d9b6119a4ab87e90a17604c50411b3f93d2f8d4a0728", 0x367}], 0x6}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000004000000000000000e0000008510f7006b93e5b9ddd9988c00000000"], 0x0}, 0x90)
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r3, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r4, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)
ioctl$HIDIOCGFLAG(0xffffffffffffffff, 0x8004480e, 0x0)

1.926344469s ago: executing program 4 (id=2915):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x16b601, 0x0)
write$sequencer(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="04"], 0x8)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, 0x0, 0x62)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080))
creat(&(0x7f0000000180)='./file0\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x183403, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8953, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4098884, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c)

1.914538937s ago: executing program 1 (id=2916):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000300)={&(0x7f0000000440)={0x84, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'ovf\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2f}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3}]}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0xff}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x40}]}, 0x84}, 0x1, 0x0, 0x0, 0x44041}, 0x80)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syz_tun\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01000000000000000000080000000c00018008000100", @ANYRES32=r3, @ANYBLOB="44b0030b5321940f0d7f5d444da27b0fe58d6b4d6e3c8e72153b4aef9370077be8e9de1781c8d7f4793be6398ee97f138006abee299d98480b13dde90000000000000000"], 0x20}}, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f0000000000), 0xc)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x8, 0xad, 0x1000}, 0x9c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = dup(0xffffffffffffffff)
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000004000000009100000000000800000200000000001c"])
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1a, 0x0, &(0x7f0000000040)=0x18)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_STATION(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYRES16=r6], 0x24}}, 0x0)
r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$qrtrtun(0xffffffffffffffff, &(0x7f00000000c0)=""/97, 0x61)
preadv(r7, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
syz_usbip_server_init(0x5)
close_range(r0, 0xffffffffffffffff, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0x36}, 0x1f, 0x0, 0x0, 0x0, 0x6}, 0x20)
r8 = socket$inet6(0xa, 0x3, 0x80)
setsockopt$sock_linger(r8, 0x1, 0xd, &(0x7f0000000040)={0x1}, 0x8)
close(r8)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904000001a7a00f00090582020002"], 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)

1.426382555s ago: executing program 4 (id=2917):
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0xfffffffffffffea6)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000880)={@mcast1}, 0x20)
r0 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x0, &(0x7f0000000400)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0xfffffff8, {{0xa, 0x2, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @mcast2, 0xa2}}}, 0x104)
syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00')
r1 = openat$mice(0xffffff9c, &(0x7f0000000040), 0x400)
ioctl$PTP_EXTTS_REQUEST2(r1, 0x40103d0b, &(0x7f00000000c0)={0x7})
r2 = socket$inet6(0xa, 0x800, 0xb2c)
setsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000000000)=0x28, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, &(0x7f0000001880), 0x0, 0x0, 0x0)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f0000000340)=0x2000000)
ioctl$SNDCTL_DSP_SUBDIVIDE(r4, 0xc0045009, &(0x7f0000000000)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001880), 0x0, 0x0, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000000)=@broute={'broute\x00', 0x9a03, 0x0, 0x90, [], 0x10d, 0x0, 0x0}, 0x108)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)={0x1c}, 0x1c}}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00', 0xfffffffe})
write$sndseq(r5, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x3]}}], 0xffc8)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x260000, 0x0)
write$sequencer(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[], 0x8)

1.250223723s ago: executing program 0 (id=2918):
socket(0x0, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
dup(0xffffffffffffffff)
r0 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x14, r0, 0x1}, 0x14}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000500)=0x20000000005)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000100)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
r2 = syz_io_uring_setup(0x110, &(0x7f0000000480), &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r4 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
shmat(r4, &(0x7f0000ffc000/0x3000)=nil, 0x4000)
remap_file_pages(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xffffffffffffffff)
socket$packet(0x11, 0x3, 0x300)
syz_open_dev$sndmidi(&(0x7f0000000080), 0xc, 0x0)
syz_open_dev$amidi(&(0x7f0000000040), 0x2, 0x2)
syz_open_dev$amidi(&(0x7f0000000140), 0x2, 0x181)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth0_to_hsr\x00'})
io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0)

1.159861185s ago: executing program 3 (id=2919):
socket(0x0, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
dup(0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x20, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}]}, 0x20}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000500)=0x20000000005)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000100)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
r3 = syz_io_uring_setup(0x110, &(0x7f0000000480), &(0x7f0000000240)=<r4=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r5 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
shmat(r5, &(0x7f0000ffc000/0x3000)=nil, 0x4000)
shmctl$IPC_RMID(r5, 0x0)
remap_file_pages(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xffffffffffffffff)
r6 = socket$packet(0x11, 0x3, 0x300)
syz_open_dev$sndmidi(&(0x7f0000000080), 0xc, 0x0)
syz_open_dev$amidi(&(0x7f0000000040), 0x2, 0x2)
syz_open_dev$amidi(&(0x7f0000000140), 0x2, 0x181)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'veth0_to_hsr\x00'})
syz_io_uring_submit(r4, 0x0, &(0x7f0000000340)=@IORING_OP_SPLICE={0x1e, 0xa, 0x0, @fd, 0x7})
io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0)

768.930566ms ago: executing program 4 (id=2920):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000300)={&(0x7f0000000440)={0x8c, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'ovf\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2f}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3}]}, @IPVS_CMD_ATTR_DAEMON={0x38, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0xff}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x40}]}, 0x8c}, 0x1, 0x0, 0x0, 0x44041}, 0x80)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syz_tun\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01000000000000000000080000000c00018008000100", @ANYRES32=r3, @ANYBLOB="44b0030b5321940f0d7f5d444da27b0fe58d6b4d6e3c8e72153b4aef9370077be8e9de1781c8d7f4793be6398ee97f138006abee299d98480b13dde90000000000000000"], 0x20}}, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f0000000000), 0xc)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x8, 0xad, 0x1000}, 0x9c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
dup(0xffffffffffffffff)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1a, 0x0, &(0x7f0000000040)=0x18)
sendmsg$NL80211_CMD_DEL_STATION(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x24}}, 0x0)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$qrtrtun(0xffffffffffffffff, &(0x7f00000000c0)=""/97, 0x61)
preadv(r5, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
syz_usbip_server_init(0x5)
close_range(r0, 0xffffffffffffffff, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0x36}, 0x1f, 0x0, 0x0, 0x0, 0x6}, 0x20)
r6 = socket$inet6(0xa, 0x3, 0x80)
setsockopt$sock_linger(r6, 0x1, 0xd, &(0x7f0000000040)={0x1}, 0x8)
close(r6)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904000001a7a00f00090582020002"], 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)

0s ago: executing program 0 (id=2921):
socket(0x0, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
dup(0xffffffffffffffff)
r0 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x14, r0, 0x1}, 0x14}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000500)=0x20000000005)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000100)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
r2 = syz_io_uring_setup(0x110, &(0x7f0000000480), &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r4 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
shmat(r4, &(0x7f0000ffc000/0x3000)=nil, 0x4000)
remap_file_pages(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xffffffffffffffff)
socket$packet(0x11, 0x3, 0x300)
syz_open_dev$sndmidi(&(0x7f0000000080), 0xc, 0x0)
syz_open_dev$amidi(&(0x7f0000000040), 0x2, 0x2)
syz_open_dev$amidi(&(0x7f0000000140), 0x2, 0x181)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth0_to_hsr\x00'})
io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

 ch341 4-1:0.0: device disconnected
[ 1305.680023][T22017] FAULT_INJECTION: forcing a failure.
[ 1305.680023][T22017] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1305.753883][T22017] CPU: 0 PID: 22017 Comm: syz.0.2651 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[ 1305.764129][T22017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1305.774301][T22017] Call Trace:
[ 1305.777598][T22017]  <TASK>
[ 1305.780549][T22017]  dump_stack_lvl+0x241/0x360
[ 1305.785268][T22017]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1305.790518][T22017]  ? __pfx__printk+0x10/0x10
[ 1305.795162][T22017]  ? __pfx_lock_release+0x10/0x10
[ 1305.800343][T22017]  should_fail_ex+0x3b0/0x4e0
[ 1305.805080][T22017]  _copy_from_user+0x2f/0xe0
[ 1305.809701][T22017]  get_compat_msghdr+0xae/0x730
[ 1305.814613][T22017]  ? __fget_files+0x29/0x470
[ 1305.819254][T22017]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1305.824786][T22017]  ? __fget_files+0x3f6/0x470
[ 1305.829531][T22017]  __sys_sendmsg+0x273/0x3a0
[ 1305.834181][T22017]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1305.839320][T22017]  ? vfs_write+0x7c4/0xc90
[ 1305.843816][T22017]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1305.850439][T22017]  ? lockdep_hardirqs_on+0x99/0x150
[ 1305.855701][T22017]  __do_fast_syscall_32+0xb4/0x120
[ 1305.860848][T22017]  ? exc_page_fault+0x590/0x8c0
[ 1305.865727][T22017]  do_fast_syscall_32+0x34/0x80
[ 1305.870608][T22017]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1305.876959][T22017] RIP: 0023:0xf7497579
[ 1305.881130][T22017] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1305.900866][T22017] RSP: 002b:00000000f5d8f57c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1305.909327][T22017] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000020000000
[ 1305.917328][T22017] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1305.925343][T22017] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1305.933363][T22017] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1305.941375][T22017] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1305.949396][T22017]  </TASK>
[ 1306.316501][T22029] IPv4: Oversized IP packet from 172.20.20.24
[ 1306.323489][    C0] IPv4: Oversized IP packet from 172.20.20.24
[ 1306.330036][    C0] IPv4: Oversized IP packet from 172.20.20.24
[ 1306.632762][ T5095] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[ 1306.659929][T22034] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[ 1306.666539][T22034] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1306.677495][T22034] vhci_hcd vhci_hcd.0: Device attached
[ 1306.841859][ T5095] usb 1-1: Using ep0 maxpacket: 16
[ 1306.864020][ T5095] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[ 1306.899055][ T5095] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 1306.922621][ T5095] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1306.952541][ T5095] usb 1-1: config 0 descriptor??
[ 1307.021732][ T5147] usb 16-1: SetAddress Request (16) to port 0
[ 1307.037125][ T5147] usb 16-1: new SuperSpeed USB device number 16 using vhci_hcd
[ 1307.047609][T10710] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[ 1307.148602][T22055] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2663'.
[ 1307.276302][T10710] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1307.333307][T10710] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1307.346116][T22060] FAULT_INJECTION: forcing a failure.
[ 1307.346116][T22060] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1307.397600][T10710] usb 4-1: config 0 descriptor??
[ 1307.413501][T22060] CPU: 0 PID: 22060 Comm: syz.1.2664 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[ 1307.414034][T22029] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1307.423737][T22060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1307.423765][T22060] Call Trace:
[ 1307.423778][T22060]  <TASK>
[ 1307.423790][T22060]  dump_stack_lvl+0x241/0x360
[ 1307.423837][T22060]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1307.423873][T22060]  ? __pfx__printk+0x10/0x10
[ 1307.423910][T22060]  ? __pfx_lock_release+0x10/0x10
[ 1307.423947][T22060]  should_fail_ex+0x3b0/0x4e0
[ 1307.423990][T22060]  _copy_from_user+0x2f/0xe0
[ 1307.424022][T22060]  get_compat_msghdr+0xae/0x730
[ 1307.424066][T22060]  ? __fget_files+0x29/0x470
[ 1307.424101][T22060]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1307.424139][T22060]  ? __fget_files+0x3f6/0x470
[ 1307.424187][T22060]  __sys_sendmsg+0x273/0x3a0
[ 1307.424227][T22060]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1307.424258][T22060]  ? vfs_write+0x7c4/0xc90
[ 1307.424342][T22060]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1307.424381][T22060]  ? lockdep_hardirqs_on+0x99/0x150
[ 1307.424419][T22060]  __do_fast_syscall_32+0xb4/0x120
[ 1307.484691][T22029] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1307.488040][T22060]  ? exc_page_fault+0x590/0x8c0
[ 1307.542116][T22060]  do_fast_syscall_32+0x34/0x80
[ 1307.547011][T22060]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1307.553386][T22060] RIP: 0023:0xf7464579
[ 1307.557601][T22060] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1307.577251][T22060] RSP: 002b:00000000f5d7d57c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1307.585703][T22060] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000640
[ 1307.593731][T22060] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1307.601728][T22060] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1307.609725][T22060] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1307.617814][T22060] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1307.625853][T22060]  </TASK>
[ 1307.664274][ T5095] hid (null): nested delimiters
[ 1307.692111][ T5095] hid (null): report_id 24797 is invalid
[ 1307.749506][ T5095] hid-generic 0003:0158:0100.0024: unknown main item tag 0x1
[ 1307.779748][ T5095] hid-generic 0003:0158:0100.0024: unexpected long global item
[ 1307.795618][ T5095] hid-generic 0003:0158:0100.0024: probe with driver hid-generic failed with error -22
[ 1307.846224][T22067] vivid-004: disconnect
[ 1307.875269][T22043] vhci_hcd: connection reset by peer
[ 1307.883642][T10710] ath6kl: Failed to submit usb control message: -71
[ 1307.900744][ T2920] vhci_hcd: stop threads
[ 1307.909375][T10710] ath6kl: unable to send the bmi data to the device: -71
[ 1307.910933][T22064] vivid-004: reconnect
[ 1307.923902][ T2920] vhci_hcd: release socket
[ 1307.924005][ T5095] usb 1-1: USB disconnect, device number 31
[ 1307.936621][ T2920] vhci_hcd: disconnect device
[ 1307.946419][T10710] ath6kl: Unable to send get target info: -71
[ 1307.982630][T10710] ath6kl: Failed to init ath6kl core: -71
[ 1308.001594][ T7110] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[ 1308.018359][T10710] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1308.047247][T10710] usb 4-1: USB disconnect, device number 21
[ 1308.204453][ T7110] usb 3-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[ 1308.224069][ T7110] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1308.265233][ T7110] usb 3-1: Product: syz
[ 1308.269528][ T7110] usb 3-1: Manufacturer: syz
[ 1308.293424][ T7110] usb 3-1: SerialNumber: syz
[ 1308.302357][ T7110] usb 3-1: config 0 descriptor??
[ 1308.314638][ T7110] ch341 3-1:0.0: ch341-uart converter detected
[ 1308.780414][T22085] FAULT_INJECTION: forcing a failure.
[ 1308.780414][T22085] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1308.809388][T22085] CPU: 0 PID: 22085 Comm: syz.3.2673 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[ 1308.819616][T22085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1308.829721][T22085] Call Trace:
[ 1308.833136][T22085]  <TASK>
[ 1308.836108][T22085]  dump_stack_lvl+0x241/0x360
[ 1308.840841][T22085]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1308.846105][T22085]  ? __pfx__printk+0x10/0x10
[ 1308.850765][T22085]  ? __pfx_lock_release+0x10/0x10
[ 1308.855851][T22085]  ? __lock_acquire+0x1346/0x1fd0
[ 1308.860932][T22085]  should_fail_ex+0x3b0/0x4e0
[ 1308.865680][T22085]  _copy_from_iter+0x1f6/0x1960
[ 1308.870594][T22085]  ? __pfx__copy_from_iter+0x10/0x10
[ 1308.875933][T22085]  ? tun_get_user+0x84c/0x4560
[ 1308.880760][T22085]  ? __pfx_lock_release+0x10/0x10
[ 1308.885938][T22085]  ? page_copy_sane+0x46/0x260
[ 1308.890764][T22085]  copy_page_from_iter+0x7a/0x100
[ 1308.895853][T22085]  tun_get_user+0x1f48/0x4560
[ 1308.900596][T22085]  ? tun_get_user+0x84c/0x4560
[ 1308.905441][T22085]  ? __pfx_tun_get_user+0x10/0x10
[ 1308.910542][T22085]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1308.916075][T22085]  ? tun_get+0x1e/0x2f0
[ 1308.920316][T22085]  ? tun_get+0x1e/0x2f0
[ 1308.924536][T22085]  ? tun_get+0x27d/0x2f0
[ 1308.928841][T22085]  tun_chr_write_iter+0x113/0x1f0
[ 1308.934018][T22085]  vfs_write+0xa72/0xc90
[ 1308.938329][T22085]  ? __pfx_tun_chr_write_iter+0x10/0x10
[ 1308.944032][T22085]  ? __pfx_vfs_write+0x10/0x10
[ 1308.948899][T22085]  ksys_write+0x1a0/0x2c0
[ 1308.953297][T22085]  ? __pfx_ksys_write+0x10/0x10
[ 1308.958186][T22085]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1308.964828][T22085]  ? lockdep_hardirqs_on+0x99/0x150
[ 1308.970086][T22085]  __do_fast_syscall_32+0xb4/0x120
[ 1308.975262][T22085]  ? exc_page_fault+0x590/0x8c0
[ 1308.980257][T22085]  do_fast_syscall_32+0x34/0x80
[ 1308.985166][T22085]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1308.991646][T22085] RIP: 0023:0xf742f579
[ 1308.995748][T22085] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1309.015471][T22085] RSP: 002b:00000000f5d48540 EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[ 1309.024136][T22085] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000020000580
[ 1309.032139][T22085] RDX: 000000000000004a RSI: 00000000f741aff4 RDI: 0000000000000000
[ 1309.040251][T22085] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1309.048262][T22085] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1309.056259][T22085] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1309.064274][T22085]  </TASK>
[ 1309.080565][ T7110] usb 3-1: failed to send control message: -71
[ 1309.105792][ T7110] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[ 1309.165873][ T7110] usb 3-1: USB disconnect, device number 26
[ 1309.191270][ T7110] ch341 3-1:0.0: device disconnected
[ 1309.912756][T22100] vivid-002: disconnect
[ 1310.004338][T22099] vivid-002: reconnect
[ 1310.030581][T22113] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[ 1310.037169][T22113] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1310.045513][T22113] vhci_hcd vhci_hcd.0: Device attached
[ 1310.082910][T22114] vhci_hcd: connection closed
[ 1310.091722][   T12] vhci_hcd: stop threads
[ 1310.106659][   T12] vhci_hcd: release socket
[ 1310.163213][T22118] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2686'.
[ 1310.173109][   T12] vhci_hcd: disconnect device
[ 1310.197868][T22119] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8)
[ 1310.204726][T22119] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1310.214323][T22119] vhci_hcd vhci_hcd.0: Device attached
[ 1310.323852][   T29] kauditd_printk_skb: 6 callbacks suppressed
[ 1310.323874][   T29] audit: type=1326 audit(1720877789.587:1773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22116 comm="syz.2.2686" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b8579 code=0x7fc00000
[ 1310.382990][T22120] vhci_hcd: connection closed
[ 1310.384368][   T35] vhci_hcd: stop threads
[ 1310.391117][   T29] audit: type=1326 audit(1720877789.617:1774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22116 comm="syz.2.2686" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf73b8579 code=0x7fc00000
[ 1310.422704][   T29] audit: type=1326 audit(1720877789.617:1775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22116 comm="syz.2.2686" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b8579 code=0x7fc00000
[ 1310.434286][   T35] vhci_hcd: release socket
[ 1310.474323][   T35] vhci_hcd: disconnect device
[ 1310.490278][   T29] audit: type=1326 audit(1720877789.617:1776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22116 comm="syz.2.2686" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b8579 code=0x7fc00000
[ 1310.521475][ T5095] usb 2-1: new high-speed USB device number 100 using dummy_hcd
[ 1310.530310][T10710] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[ 1310.541934][   T45] usb 18-1: enqueue for inactive port 0
[ 1310.548969][   T29] audit: type=1326 audit(1720877789.617:1777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22116 comm="syz.2.2686" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b8579 code=0x7fc00000
[ 1310.597908][   T29] audit: type=1326 audit(1720877789.617:1778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22116 comm="syz.2.2686" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b8579 code=0x7fc00000
[ 1310.645072][   T29] audit: type=1326 audit(1720877789.617:1779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22116 comm="syz.2.2686" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b8579 code=0x7fc00000
[ 1310.668275][   T29] audit: type=1326 audit(1720877789.617:1780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22116 comm="syz.2.2686" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b8579 code=0x7fc00000
[ 1310.696221][   T29] audit: type=1326 audit(1720877789.617:1781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22116 comm="syz.2.2686" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b8579 code=0x7fc00000
[ 1310.719198][ T5098] usb 5-1: new high-speed USB device number 107 using dummy_hcd
[ 1310.737316][   T29] audit: type=1326 audit(1720877789.617:1782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22116 comm="syz.2.2686" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b8579 code=0x7fc00000
[ 1310.767140][ T5095] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1310.778283][T10710] usb 1-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[ 1310.789479][ T5095] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1310.797692][T10710] usb 1-1: config 9 has 0 interfaces, different from the descriptor's value: 1
[ 1310.809577][ T5095] usb 2-1: config 0 descriptor??
[ 1310.817650][T10710] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1310.827421][T10710] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1310.928384][ T5098] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1310.942020][ T5098] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1310.978538][ T5098] usb 5-1: config 0 descriptor??
[ 1311.001992][    T9] usb 3-1: new full-speed USB device number 27 using dummy_hcd
[ 1311.072317][ T5095] ath6kl: Failed to submit usb control message: -71
[ 1311.074441][   T45] usb usb18-port1: attempt power cycle
[ 1311.079201][ T5095] ath6kl: unable to send the bmi data to the device: -71
[ 1311.099096][ T5095] ath6kl: Unable to send get target info: -71
[ 1311.127641][ T5095] ath6kl: Failed to init ath6kl core: -71
[ 1311.174399][ T5095] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1311.223384][ T5095] usb 2-1: USB disconnect, device number 100
[ 1311.236749][    T9] usb 3-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 1311.248116][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1311.259779][T22125] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1311.305546][    T9] usb 3-1: config 0 descriptor??
[ 1311.312534][T22125] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1311.327420][ T5098] ath6kl: Failed to submit usb control message: -71
[ 1311.357410][ T5098] ath6kl: unable to send the bmi data to the device: -71
[ 1311.388647][ T5098] ath6kl: Unable to send get target info: -71
[ 1311.437234][T10710] usb 1-1: string descriptor 0 read error: -71
[ 1311.446365][ T5098] ath6kl: Failed to init ath6kl core: -71
[ 1311.481602][T10710] usb 1-1: USB disconnect, device number 32
[ 1311.497596][ T5098] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1311.559043][ T5098] usb 5-1: USB disconnect, device number 107
[ 1311.763049][   T45] usb usb18-port1: unable to enumerate USB device
[ 1312.092084][T22145] fuse: Bad value for 'fd'
[ 1312.174312][    T9] pegasus 3-1:0.0: probe with driver pegasus failed with error -71
[ 1312.201782][ T5147] usb 16-1: device descriptor read/8, error -110
[ 1312.242691][    T9] usb 3-1: USB disconnect, device number 27
[ 1312.304942][T22150] FAULT_INJECTION: forcing a failure.
[ 1312.304942][T22150] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1312.361866][T22150] CPU: 1 PID: 22150 Comm: syz.4.2695 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[ 1312.372122][T22150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1312.382413][T22150] Call Trace:
[ 1312.385735][T22150]  <TASK>
[ 1312.388695][T22150]  dump_stack_lvl+0x241/0x360
[ 1312.393495][T22150]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1312.398767][T22150]  ? __pfx__printk+0x10/0x10
[ 1312.403432][T22150]  ? snprintf+0xda/0x120
[ 1312.407752][T22150]  should_fail_ex+0x3b0/0x4e0
[ 1312.412515][T22150]  _copy_to_user+0x2f/0xb0
[ 1312.416993][T22150]  simple_read_from_buffer+0xca/0x150
[ 1312.422420][T22150]  proc_fail_nth_read+0x1e9/0x250
[ 1312.427505][T22150]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1312.433138][T22150]  ? rw_verify_area+0x520/0x6b0
[ 1312.438042][T22150]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1312.443649][T22150]  vfs_read+0x204/0xbc0
[ 1312.447862][T22150]  ? __pfx_lock_release+0x10/0x10
[ 1312.452946][T22150]  ? __pfx_vfs_read+0x10/0x10
[ 1312.457694][T22150]  ? __fget_files+0x29/0x470
[ 1312.462353][T22150]  ? __fget_files+0x3f6/0x470
[ 1312.467109][T22150]  ksys_read+0x1a0/0x2c0
[ 1312.471500][T22150]  ? __pfx_ksys_read+0x10/0x10
[ 1312.476340][T22150]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1312.483011][T22150]  ? lockdep_hardirqs_on+0x99/0x150
[ 1312.488283][T22150]  __do_fast_syscall_32+0xb4/0x120
[ 1312.493463][T22150]  ? exc_page_fault+0x590/0x8c0
[ 1312.498473][T22150]  do_fast_syscall_32+0x34/0x80
[ 1312.503401][T22150]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1312.509778][T22150] RIP: 0023:0xf73db579
[ 1312.513987][T22150] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1312.533661][T22150] RSP: 002b:00000000f5cd35b0 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[ 1312.542310][T22150] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5cd3630
[ 1312.550336][T22150] RDX: 000000000000000f RSI: 00000000f73c6ff4 RDI: 0000000000000000
[ 1312.558454][T22150] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1312.566476][T22150] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1312.574510][T22150] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1312.582648][T22150]  </TASK>
[ 1312.645095][ T5147] usb usb16-port1: attempt power cycle
[ 1312.808114][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1312.870315][T22162] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2698'.
[ 1312.890143][T22162] netlink: 'syz.3.2698': attribute type 20 has an invalid length.
[ 1312.925197][T22161] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2699'.
[ 1312.943497][T22161] netlink: 'syz.1.2699': attribute type 20 has an invalid length.
[ 1313.023679][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1313.233588][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1313.338553][ T5147] usb usb16-port1: unable to enumerate USB device
[ 1313.370546][T14767] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1313.384242][T14767] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1313.397865][T14767] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1313.409859][T14767] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1313.423910][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1313.434861][T14767] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 1313.444276][T14767] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1313.829487][T22177] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[ 1313.836165][T22177] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1313.859081][T22177] vhci_hcd vhci_hcd.0: Device attached
[ 1313.876194][T22178] vhci_hcd: connection closed
[ 1313.979856][ T2920] vhci_hcd: stop threads
[ 1314.011643][T22171] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[ 1314.018224][T22171] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1314.032428][ T2920] vhci_hcd: release socket
[ 1314.036953][ T2920] vhci_hcd: disconnect device
[ 1314.058566][T22171] vhci_hcd vhci_hcd.0: Device attached
[ 1314.066608][T22184] vhci_hcd: connection closed
[ 1314.089830][ T2920] vhci_hcd: stop threads
[ 1314.169670][ T2920] vhci_hcd: release socket
[ 1314.195020][ T2920] vhci_hcd: disconnect device
[ 1314.323335][   T12] bridge_slave_1: left allmulticast mode
[ 1314.345947][   T12] bridge_slave_1: left promiscuous mode
[ 1314.366269][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1314.419810][   T12] bridge_slave_0: left allmulticast mode
[ 1314.433428][   T12] bridge_slave_0: left promiscuous mode
[ 1314.456789][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1314.523131][T22199] FAULT_INJECTION: forcing a failure.
[ 1314.523131][T22199] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1314.561630][T22199] CPU: 0 PID: 22199 Comm: syz.1.2709 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[ 1314.571889][T22199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1314.582226][T22199] Call Trace:
[ 1314.585541][T22199]  <TASK>
[ 1314.588596][T22199]  dump_stack_lvl+0x241/0x360
[ 1314.593328][T22199]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1314.598569][T22199]  ? __pfx__printk+0x10/0x10
[ 1314.603200][T22199]  ? __pfx_lock_release+0x10/0x10
[ 1314.608263][T22199]  should_fail_ex+0x3b0/0x4e0
[ 1314.613515][T22199]  _copy_from_user+0x2f/0xe0
[ 1314.618142][T22199]  get_old_timespec32+0x113/0x280
[ 1314.623332][T22199]  ? __pfx_get_old_timespec32+0x10/0x10
[ 1314.628946][T22199]  do_compat_pselect+0x127/0x3b0
[ 1314.633950][T22199]  ? __pfx_do_compat_pselect+0x10/0x10
[ 1314.639549][T22199]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1314.646801][T22199]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1314.653344][T22199]  __ia32_compat_sys_pselect6_time32+0x11b/0x160
[ 1314.659873][T22199]  __do_fast_syscall_32+0xb4/0x120
[ 1314.665146][T22199]  ? exc_page_fault+0x590/0x8c0
[ 1314.670048][T22199]  do_fast_syscall_32+0x34/0x80
[ 1314.674991][T22199]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1314.681439][T22199] RIP: 0023:0xf7464579
[ 1314.685642][T22199] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1314.705542][T22199] RSP: 002b:00000000f5d7d57c EFLAGS: 00000206 ORIG_RAX: 0000000000000134
[ 1314.713988][T22199] RAX: ffffffffffffffda RBX: 0000000000000040 RCX: 00000000200001c0
[ 1314.722077][T22199] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000300
[ 1314.730090][T22199] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1314.738095][T22199] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1314.746185][T22199] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1314.754205][T22199]  </TASK>
[ 1315.434754][T22209] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[ 1315.442255][T22209] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1315.500624][T22217] vhci_hcd: connection closed
[ 1315.501176][T22209] vhci_hcd vhci_hcd.0: Device attached
[ 1315.526938][   T11] vhci_hcd: stop threads
[ 1315.531299][   T11] vhci_hcd: release socket
[ 1315.537272][   T53] Bluetooth: hci2: command tx timeout
[ 1315.559783][   T11] vhci_hcd: disconnect device
[ 1315.881516][ T5098] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[ 1316.120194][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1316.130158][ T5098] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1316.145816][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1316.156981][ T5098] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1316.173826][   T12] bond0 (unregistering): Released all slaves
[ 1316.184532][ T5098] usb 3-1: config 0 descriptor??
[ 1316.263009][T22215] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1316.271138][T22215] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1316.411115][ T5098] ath6kl: Failed to submit usb control message: -71
[ 1316.422244][ T5098] ath6kl: unable to send the bmi data to the device: -71
[ 1316.432568][ T5098] ath6kl: Unable to send get target info: -71
[ 1316.466885][ T5098] ath6kl: Failed to init ath6kl core: -71
[ 1316.483121][ T5098] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1316.525183][T22169] chnl_net:caif_netlink_parms(): no params data found
[ 1316.536580][ T5098] usb 3-1: USB disconnect, device number 28
[ 1316.941038][T22241] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8)
[ 1316.947733][T22241] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1316.980215][T22241] vhci_hcd vhci_hcd.0: Device attached
[ 1317.040409][T22242] vhci_hcd: connection closed
[ 1317.040741][   T35] vhci_hcd: stop threads
[ 1317.050927][   T35] vhci_hcd: release socket
[ 1317.061637][   T35] vhci_hcd: disconnect device
[ 1317.411507][ T5095] usb 5-1: new high-speed USB device number 108 using dummy_hcd
[ 1317.441640][    T9] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[ 1317.573652][   T12] hsr_slave_0: left promiscuous mode
[ 1317.604129][   T12] hsr_slave_1: left promiscuous mode
[ 1317.611709][T22227] Bluetooth: hci2: command tx timeout
[ 1317.620015][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1317.654793][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1317.655674][ T5095] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1317.671614][ T5095] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1317.682101][    T9] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1317.690864][    T9] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1317.704853][ T5095] usb 5-1: config 0 descriptor??
[ 1317.714127][    T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1317.718150][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1317.766449][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1317.802137][    T9] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1317.811304][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1317.871526][   T12] veth1_macvtap: left promiscuous mode
[ 1317.877356][   T12] veth0_macvtap: left promiscuous mode
[ 1317.883900][   T12] veth1_vlan: left promiscuous mode
[ 1317.889492][   T12] veth0_vlan: left promiscuous mode
[ 1317.935831][ T5095] ath6kl: Failed to submit usb control message: -71
[ 1317.973106][ T5095] ath6kl: unable to send the bmi data to the device: -71
[ 1317.980274][ T5095] ath6kl: Unable to send get target info: -71
[ 1318.028186][ T5095] ath6kl: Failed to init ath6kl core: -71
[ 1318.054212][ T5095] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1318.133026][ T5095] usb 5-1: USB disconnect, device number 108
[ 1318.268335][T22265] vivid-000: disconnect
[ 1318.334731][T22227] Bluetooth: hci0: command 0x0406 tx timeout
[ 1318.340894][T22227] Bluetooth: hci3: command 0x0406 tx timeout
[ 1318.372193][T22264] vivid-000: reconnect
[ 1318.763913][T22276] IPv4: Oversized IP packet from 172.20.20.24
[ 1318.770829][    C1] IPv4: Oversized IP packet from 172.20.20.24
[ 1318.777457][    C1] IPv4: Oversized IP packet from 172.20.20.24
[ 1319.081516][ T5171] usb 5-1: new high-speed USB device number 109 using dummy_hcd
[ 1319.281737][ T5171] usb 5-1: Using ep0 maxpacket: 16
[ 1319.309122][ T5171] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[ 1319.380149][ T5171] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 1319.410227][ T5171] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1319.486383][ T5171] usb 5-1: config 0 descriptor??
[ 1319.691467][T14767] Bluetooth: hci2: command tx timeout
[ 1319.995926][T22280] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1320.013266][T22280] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1320.074465][ T5171] hid (null): nested delimiters
[ 1320.099969][ T5171] hid (null): report_id 24797 is invalid
[ 1320.126535][ T5171] hid-generic 0003:0158:0100.0025: unknown main item tag 0x1
[ 1320.140100][ T5171] hid-generic 0003:0158:0100.0025: unexpected long global item
[ 1320.161012][ T5171] hid-generic 0003:0158:0100.0025: probe with driver hid-generic failed with error -22
[ 1320.250771][   T12] team0 (unregistering): Port device team_slave_1 removed
[ 1320.411619][T14767] Bluetooth: hci3: command 0x0406 tx timeout
[ 1320.482756][   T12] team0 (unregistering): Port device team_slave_0 removed
[ 1321.718018][T22169] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1321.725460][T22169] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1321.752988][T22169] bridge_slave_0: entered allmulticast mode
[ 1321.772542][T14767] Bluetooth: hci2: command tx timeout
[ 1321.778185][T22169] bridge_slave_0: entered promiscuous mode
[ 1321.789876][T22169] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1321.798090][T22169] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1321.806789][T22169] bridge_slave_1: entered allmulticast mode
[ 1321.814652][T22169] bridge_slave_1: entered promiscuous mode
[ 1321.867469][T22282] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1321.875402][T22282] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1321.888903][    T9] usb 4-1: 0:2 : does not exist
[ 1321.946363][   T45] usb 5-1: USB disconnect, device number 109
[ 1321.956348][    T9] usb 4-1: USB disconnect, device number 22
[ 1322.308678][T22169] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1322.336540][T17450] udevd[17450]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1322.390904][T22169] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1322.595049][   T45] usb 5-1: new high-speed USB device number 110 using dummy_hcd
[ 1322.600169][T22295] FAULT_INJECTION: forcing a failure.
[ 1322.600169][T22295] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1322.638901][T22295] CPU: 0 PID: 22295 Comm: syz.2.2728 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[ 1322.649143][T22295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1322.659251][T22295] Call Trace:
[ 1322.662665][T22295]  <TASK>
[ 1322.665639][T22295]  dump_stack_lvl+0x241/0x360
[ 1322.670386][T22295]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1322.675652][T22295]  ? __pfx__printk+0x10/0x10
[ 1322.680294][T22295]  ? __pfx_lock_release+0x10/0x10
[ 1322.685372][T22295]  should_fail_ex+0x3b0/0x4e0
[ 1322.690121][T22295]  _copy_from_user+0x2f/0xe0
[ 1322.694778][T22295]  get_compat_msghdr+0xae/0x730
[ 1322.699833][T22295]  ? __fget_files+0x29/0x470
[ 1322.704489][T22295]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1322.710011][T22295]  ? __fget_files+0x3f6/0x470
[ 1322.714760][T22295]  __sys_sendmsg+0x273/0x3a0
[ 1322.719411][T22295]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1322.724575][T22295]  ? vfs_write+0x7c4/0xc90
[ 1322.729096][T22295]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1322.735750][T22295]  ? lockdep_hardirqs_on+0x99/0x150
[ 1322.741013][T22295]  __do_fast_syscall_32+0xb4/0x120
[ 1322.746196][T22295]  ? exc_page_fault+0x590/0x8c0
[ 1322.751101][T22295]  do_fast_syscall_32+0x34/0x80
[ 1322.756009][T22295]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1322.762393][T22295] RIP: 0023:0xf73b8579
[ 1322.766505][T22295] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1322.786155][T22295] RSP: 002b:00000000f5cd157c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1322.794625][T22295] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000040
[ 1322.802645][T22295] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1322.810662][T22295] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1322.818683][T22295] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1322.826703][T22295] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1322.834804][T22295]  </TASK>
[ 1322.837881][   T45] usb 5-1: Using ep0 maxpacket: 32
[ 1322.909419][T22169] team0: Port device team_slave_0 added
[ 1322.934094][   T45] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 8
[ 1322.953260][   T45] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64
[ 1323.001549][   T45] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1323.011067][   T45] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1323.023503][T22169] team0: Port device team_slave_1 added
[ 1323.048543][   T45] usb 5-1: Product: syz
[ 1323.057717][   T45] usb 5-1: Manufacturer: 器濶K耑㔚壀齟绾�轡䬧ᦘ��垰ꢪ幯ᲇ暕㲩醽쫅㈚璠�ᱠ贔㣣⽒嶽뷈Ⱘ슨�劫
[ 1323.121165][   T45] usb 5-1: SerialNumber: syz
[ 1323.178913][T22169] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1323.214467][T22169] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1323.288788][T22169] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1323.332381][T22169] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1323.365978][T22169] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1323.461632][T22169] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1323.708874][T22314] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[ 1323.715483][T22314] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1323.724109][T22314] vhci_hcd vhci_hcd.0: Device attached
[ 1323.789507][T22169] hsr_slave_0: entered promiscuous mode
[ 1323.823414][T22317] vhci_hcd: connection closed
[ 1323.829767][ T1052] vhci_hcd: stop threads
[ 1323.843884][T22169] hsr_slave_1: entered promiscuous mode
[ 1323.866534][ T1052] vhci_hcd: release socket
[ 1323.880234][ T1052] vhci_hcd: disconnect device
[ 1323.929553][T22169] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1323.968037][T22169] Cannot create hsr debugfs directory
[ 1324.399263][T22329] FAULT_INJECTION: forcing a failure.
[ 1324.399263][T22329] name failslab, interval 1, probability 0, space 0, times 0
[ 1324.448618][T22329] CPU: 0 PID: 22329 Comm: syz.2.2734 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[ 1324.458869][T22329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1324.468984][T22329] Call Trace:
[ 1324.472306][T22329]  <TASK>
[ 1324.475323][T22329]  dump_stack_lvl+0x241/0x360
[ 1324.480071][T22329]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1324.485332][T22329]  ? __pfx__printk+0x10/0x10
[ 1324.490063][T22329]  ? __pfx___might_resched+0x10/0x10
[ 1324.495423][T22329]  should_fail_ex+0x3b0/0x4e0
[ 1324.500169][T22329]  ? dup_task_struct+0x57/0x8c0
[ 1324.505082][T22329]  should_failslab+0x9/0x20
[ 1324.509667][T22329]  kmem_cache_alloc_node_noprof+0x71/0x320
[ 1324.515547][T22329]  dup_task_struct+0x57/0x8c0
[ 1324.520270][T22329]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1324.525515][T22329]  ? lockdep_hardirqs_on+0x99/0x150
[ 1324.530790][T22329]  copy_process+0x5d1/0x3dc0
[ 1324.535448][T22329]  ? __pfx_lock_acquire+0x10/0x10
[ 1324.540520][T22329]  ? get_pid_task+0x23/0x1f0
[ 1324.545184][T22329]  ? __pfx_copy_process+0x10/0x10
[ 1324.550263][T22329]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 1324.556233][T22329]  ? ksys_write+0x23e/0x2c0
[ 1324.560805][T22329]  kernel_clone+0x226/0x8f0
[ 1324.565372][T22329]  ? vfs_write+0x7c4/0xc90
[ 1324.569855][T22329]  ? __pfx_kernel_clone+0x10/0x10
[ 1324.574952][T22329]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1324.580996][T22329]  __ia32_compat_sys_ia32_clone+0x255/0x2a0
[ 1324.586972][T22329]  ? __pfx___ia32_compat_sys_ia32_clone+0x10/0x10
[ 1324.593562][T22329]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1324.600234][T22329]  ? lockdep_hardirqs_on+0x99/0x150
[ 1324.605516][T22329]  __do_fast_syscall_32+0xb4/0x120
[ 1324.610690][T22329]  ? exc_page_fault+0x590/0x8c0
[ 1324.615602][T22329]  do_fast_syscall_32+0x34/0x80
[ 1324.620519][T22329]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1324.626905][T22329] RIP: 0023:0xf73b8579
[ 1324.631042][T22329] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1324.650690][T22329] RSP: 002b:00000000f5cd152c EFLAGS: 00000206 ORIG_RAX: 0000000000000078
[ 1324.659278][T22329] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[ 1324.667392][T22329] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1324.675411][T22329] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1324.683517][T22329] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1324.691562][T22329] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1324.699653][T22329]  </TASK>
[ 1324.736577][   T45] cdc_ncm 5-1:1.0: bind() failure
[ 1324.788154][   T45] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[ 1324.820438][   T45] cdc_ncm 5-1:1.1: bind() failure
[ 1324.859573][ T5171] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[ 1324.878686][   T45] usb 5-1: USB disconnect, device number 110
[ 1325.073648][ T5171] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1325.103996][ T5171] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1325.151560][ T5171] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1325.192139][ T5171] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1325.203462][ T1064] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1325.215471][ T5171] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1325.226060][    T9] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[ 1325.435873][    T9] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1325.458266][    T9] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1325.509943][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1325.555271][    T9] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1325.572663][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1325.588918][ T1064] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1325.752554][ T5171] usb 4-1: 0:2 : does not exist
[ 1325.819016][ T5171] usb 4-1: USB disconnect, device number 23
[ 1325.964961][ T1064] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1326.123424][ T1064] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1326.327175][    T9] usb 3-1: 0:2 : does not exist
[ 1326.327641][   T53] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1326.346088][   T53] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1326.359423][   T53] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1326.382860][   T53] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1326.404857][   T53] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 1326.431839][    T9] usb 3-1: USB disconnect, device number 29
[ 1326.439254][   T53] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1326.609726][T22353] autofs4:pid:22353:validate_dev_ioctl: path string terminator missing for cmd(0xc018937e)
[ 1326.636714][T17450] udevd[17450]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1326.773689][T17025] udevd[17025]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[ 1326.978518][ T1064] bridge_slave_1: left allmulticast mode
[ 1327.007013][ T1064] bridge_slave_1: left promiscuous mode
[ 1327.015790][ T1064] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1327.042464][ T1064] bridge_slave_0: left allmulticast mode
[ 1327.048457][ T1064] bridge_slave_0: left promiscuous mode
[ 1327.058786][ T1064] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1327.121619][ T5171] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[ 1327.329589][ T5171] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1327.362032][ T5171] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1327.381785][ T5171] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1327.405874][ T5171] usb 4-1: Product: syz
[ 1327.425192][ T5171] usb 4-1: Manufacturer: syz
[ 1327.431099][ T5171] usb 4-1: SerialNumber: syz
[ 1327.581215][   T53] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1327.613859][   T53] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1327.628654][   T53] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1327.645359][   T53] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1327.669169][   T53] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[ 1327.676761][   T53] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1327.738183][T22362] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[ 1327.744776][T22362] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1327.753582][T22362] vhci_hcd vhci_hcd.0: Device attached
[ 1327.914623][T22363] vhci_hcd: connection closed
[ 1327.915093][   T35] vhci_hcd: stop threads
[ 1327.947230][   T35] vhci_hcd: release socket
[ 1327.972586][   T35] vhci_hcd: disconnect device
[ 1328.231727][ T5095] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[ 1328.277357][ T1064] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1328.301062][ T1064] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1328.318918][ T1064] bond0 (unregistering): Released all slaves
[ 1328.378572][T22169] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1328.453127][ T5095] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1328.471181][T22169] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1328.479284][ T5095] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1328.504962][ T5095] usb 3-1: config 0 descriptor??
[ 1328.527944][T22169] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1328.572145][T22270] Bluetooth: hci3: command tx timeout
[ 1328.675592][T22169] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1328.735372][ T5095] ath6kl: Failed to submit usb control message: -71
[ 1328.761223][ T5095] ath6kl: unable to send the bmi data to the device: -71
[ 1328.769276][ T5095] ath6kl: Unable to send get target info: -71
[ 1328.804593][ T5095] ath6kl: Failed to init ath6kl core: -71
[ 1328.813187][ T5095] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1328.884186][ T5095] usb 3-1: USB disconnect, device number 30
[ 1329.182618][ T1064] hsr_slave_0: left promiscuous mode
[ 1329.192888][ T1064] hsr_slave_1: left promiscuous mode
[ 1329.200236][ T1064] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1329.209278][ T1064] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1329.224765][ T1064] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1329.233028][ T1064] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1329.259980][ T1064] veth1_macvtap: left promiscuous mode
[ 1329.266532][ T1064] veth0_macvtap: left promiscuous mode
[ 1329.273045][ T1064] veth1_vlan: left promiscuous mode
[ 1329.278426][ T1064] veth0_vlan: left promiscuous mode
[ 1329.554419][  T784] usb 4-1: USB disconnect, device number 24
[ 1329.779574][T22270] Bluetooth: hci5: command tx timeout
[ 1330.407282][ T1064] team0 (unregistering): Port device team_slave_1 removed
[ 1330.478011][ T1064] team0 (unregistering): Port device team_slave_0 removed
[ 1330.651785][T22270] Bluetooth: hci3: command tx timeout
[ 1331.353248][T22386] FAULT_INJECTION: forcing a failure.
[ 1331.353248][T22386] name failslab, interval 1, probability 0, space 0, times 0
[ 1331.421109][T22386] CPU: 1 PID: 22386 Comm: syz.3.2744 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[ 1331.431362][T22386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1331.441482][T22386] Call Trace:
[ 1331.445238][T22386]  <TASK>
[ 1331.448206][T22386]  dump_stack_lvl+0x241/0x360
[ 1331.452959][T22386]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1331.458225][T22386]  ? __pfx__printk+0x10/0x10
[ 1331.462884][T22386]  ? __pfx___might_resched+0x10/0x10
[ 1331.468253][T22386]  should_fail_ex+0x3b0/0x4e0
[ 1331.473015][T22386]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[ 1331.478950][T22386]  should_failslab+0x9/0x20
[ 1331.483756][T22386]  __kmalloc_noprof+0xd8/0x400
[ 1331.489184][T22386]  ? kfree+0x4e/0x360
[ 1331.493216][T22386]  tomoyo_realpath_from_path+0xcf/0x5e0
[ 1331.498974][T22386]  tomoyo_path_number_perm+0x23a/0x880
[ 1331.504494][T22386]  ? __lock_acquire+0x1346/0x1fd0
[ 1331.509727][T22386]  ? tomoyo_path_number_perm+0x208/0x880
[ 1331.515396][T22386]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1331.521670][T22386]  ? __fget_files+0x29/0x470
[ 1331.526321][T22386]  ? __fget_files+0x3f6/0x470
[ 1331.531068][T22386]  security_file_ioctl_compat+0x75/0xb0
[ 1331.536758][T22386]  __se_compat_sys_ioctl+0xd6/0xca0
[ 1331.542024][T22386]  ? __pfx___se_compat_sys_ioctl+0x10/0x10
[ 1331.547973][T22386]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1331.554167][T22386]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1331.561048][T22386]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1331.567766][T22386]  ? lockdep_hardirqs_on+0x99/0x150
[ 1331.573265][T22386]  __do_fast_syscall_32+0xb4/0x120
[ 1331.578600][T22386]  ? exc_page_fault+0x590/0x8c0
[ 1331.583488][T22386]  do_fast_syscall_32+0x34/0x80
[ 1331.588387][T22386]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1331.594745][T22386] RIP: 0023:0xf742f579
[ 1331.598831][T22386] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1331.618640][T22386] RSP: 002b:00000000f5d4857c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1331.627269][T22386] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c02c564a
[ 1331.635275][T22386] RDX: 0000000020001200 RSI: 0000000000000000 RDI: 0000000000000000
[ 1331.643818][T22386] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1331.651871][T22386] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1331.660157][T22386] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1331.668223][T22386]  </TASK>
[ 1331.798030][T22354] chnl_net:caif_netlink_parms(): no params data found
[ 1331.848649][T22169] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1331.850409][T22386] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1331.863232][T22270] Bluetooth: hci5: command tx timeout
[ 1332.078654][T22402] IPv4: Oversized IP packet from 172.20.20.24
[ 1332.081645][T22365] chnl_net:caif_netlink_parms(): no params data found
[ 1332.085920][    C1] IPv4: Oversized IP packet from 172.20.20.24
[ 1332.098429][    C1] IPv4: Oversized IP packet from 172.20.20.24
[ 1332.286278][T22169] 8021q: adding VLAN 0 to HW filter on device team0
[ 1332.394837][T22354] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1332.413497][T22354] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1332.422791][ T5095] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[ 1332.442830][T22354] bridge_slave_0: entered allmulticast mode
[ 1332.450800][T22354] bridge_slave_0: entered promiscuous mode
[ 1332.462752][T22354] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1332.470435][T22354] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1332.478360][T22354] bridge_slave_1: entered allmulticast mode
[ 1332.490409][T22354] bridge_slave_1: entered promiscuous mode
[ 1332.523223][T10710] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[ 1332.568881][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1332.576173][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1332.631742][ T5095] usb 3-1: Using ep0 maxpacket: 16
[ 1332.639675][ T5095] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[ 1332.665923][ T5095] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 1332.672216][T22354] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1332.688993][T22354] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1332.713785][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1332.721120][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1332.729765][ T5095] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1332.732476][T22270] Bluetooth: hci3: command tx timeout
[ 1332.754848][T10710] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[ 1332.767177][ T5095] usb 3-1: config 0 descriptor??
[ 1332.772680][T10710] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1332.780714][T10710] usb 4-1: Product: syz
[ 1332.792523][T10710] usb 4-1: Manufacturer: syz
[ 1332.797279][T10710] usb 4-1: SerialNumber: syz
[ 1332.806381][T10710] usb 4-1: config 0 descriptor??
[ 1332.832427][T10710] ch341 4-1:0.0: ch341-uart converter detected
[ 1332.892151][ T1064] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1332.980237][T22354] team0: Port device team_slave_0 added
[ 1333.062976][ T1064] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1333.090152][T22354] team0: Port device team_slave_1 added
[ 1333.098235][T22365] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1333.105967][T22365] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1333.114420][T22365] bridge_slave_0: entered allmulticast mode
[ 1333.132221][T22365] bridge_slave_0: entered promiscuous mode
[ 1333.219272][ T1064] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1333.230775][T22402] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1333.247446][T22365] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1333.255182][T22365] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1333.256479][T22402] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1333.270918][T22365] bridge_slave_1: entered allmulticast mode
[ 1333.286140][T22365] bridge_slave_1: entered promiscuous mode
[ 1333.296006][ T5095] hid (null): nested delimiters
[ 1333.301010][ T5095] hid (null): report_id 24797 is invalid
[ 1333.316418][ T5095] hid-generic 0003:0158:0100.0026: unknown main item tag 0x1
[ 1333.329802][ T5095] hid-generic 0003:0158:0100.0026: unexpected long global item
[ 1333.339696][ T5095] hid-generic 0003:0158:0100.0026: probe with driver hid-generic failed with error -22
[ 1333.397203][ T1064] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1333.473153][T22354] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1333.480483][T22354] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1333.509547][T10710] usb 4-1: failed to send control message: -71
[ 1333.516540][T10710] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[ 1333.530366][   T45] usb 3-1: USB disconnect, device number 31
[ 1333.544110][T10710] usb 4-1: USB disconnect, device number 25
[ 1333.550133][T22354] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1333.562138][T10710] ch341 4-1:0.0: device disconnected
[ 1333.579748][T22354] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1333.587637][T22354] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1333.644582][T22354] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1333.674068][T22365] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1333.696482][T22365] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1333.809087][T22365] team0: Port device team_slave_0 added
[ 1333.850898][T22354] hsr_slave_0: entered promiscuous mode
[ 1333.867143][T22354] hsr_slave_1: entered promiscuous mode
[ 1333.876139][T22354] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1333.884683][T22354] Cannot create hsr debugfs directory
[ 1333.893681][T22365] team0: Port device team_slave_1 added
[ 1333.932209][T22270] Bluetooth: hci5: command tx timeout
[ 1334.025392][T22365] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1334.033373][T22365] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1334.061007][T22365] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1334.087883][ T1064] bridge_slave_1: left allmulticast mode
[ 1334.096152][ T1064] bridge_slave_1: left promiscuous mode
[ 1334.102392][ T1064] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1334.117506][ T1064] bridge_slave_0: left allmulticast mode
[ 1334.128047][ T1064] bridge_slave_0: left promiscuous mode
[ 1334.137770][ T1064] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1334.812098][T22270] Bluetooth: hci3: command tx timeout
[ 1334.965913][ T1064] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1334.979960][ T1064] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1334.996371][ T1064] bond0 (unregistering): Released all slaves
[ 1335.052756][T22365] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1335.075688][T22365] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1335.104026][T22365] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1335.305416][T22432] autofs4:pid:22432:validate_dev_ioctl: path string terminator missing for cmd(0xc018937e)
[ 1335.520675][T22365] hsr_slave_0: entered promiscuous mode
[ 1335.537917][T22365] hsr_slave_1: entered promiscuous mode
[ 1335.546397][T22365] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1335.555691][T22365] Cannot create hsr debugfs directory
[ 1335.622652][T10710] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[ 1335.834135][T10710] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1335.855133][ T1064] hsr_slave_0: left promiscuous mode
[ 1335.861925][ T1064] hsr_slave_1: left promiscuous mode
[ 1335.878618][ T1064] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1335.896161][ T1064] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1335.906634][T10710] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1335.924825][ T1064] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1335.932421][T22442] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[ 1335.938132][T10710] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1335.938932][T22442] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1335.948077][T10710] usb 3-1: Product: syz
[ 1335.962843][T10710] usb 3-1: Manufacturer: syz
[ 1335.967517][T10710] usb 3-1: SerialNumber: syz
[ 1335.971892][ T1064] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1335.972379][T22442] vhci_hcd vhci_hcd.0: Device attached
[ 1336.011880][T22270] Bluetooth: hci5: command tx timeout
[ 1336.019872][T22443] vhci_hcd: connection closed
[ 1336.037703][ T1064] veth1_macvtap: left promiscuous mode
[ 1336.049506][ T2900] vhci_hcd: stop threads
[ 1336.054349][ T2900] vhci_hcd: release socket
[ 1336.072225][ T1064] veth0_macvtap: left promiscuous mode
[ 1336.075416][ T2900] vhci_hcd: disconnect device
[ 1336.078010][ T1064] veth1_vlan: left promiscuous mode
[ 1336.090765][ T1064] veth0_vlan: left promiscuous mode
[ 1336.356381][T10710] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[ 1336.591184][T10710] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1336.613821][T10710] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1336.642455][T10710] usb 4-1: config 0 descriptor??
[ 1336.878359][T10710] ath6kl: Failed to submit usb control message: -71
[ 1336.885179][T10710] ath6kl: unable to send the bmi data to the device: -71
[ 1336.893293][T10710] ath6kl: Unable to send get target info: -71
[ 1336.900758][ T1064] team0 (unregistering): Port device team_slave_1 removed
[ 1336.901122][T10710] ath6kl: Failed to init ath6kl core: -71
[ 1336.927453][T10710] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1336.966291][T10710] usb 4-1: USB disconnect, device number 26
[ 1337.017828][ T1064] team0 (unregistering): Port device team_slave_0 removed
[ 1338.200121][T22169] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1338.317999][ T7110] usb 3-1: USB disconnect, device number 32
[ 1338.574081][T22169] veth0_vlan: entered promiscuous mode
[ 1338.690439][T22169] veth1_vlan: entered promiscuous mode
[ 1338.704457][T22462] IPv4: Oversized IP packet from 172.20.20.24
[ 1338.711240][    C0] IPv4: Oversized IP packet from 172.20.20.24
[ 1338.717910][    C0] IPv4: Oversized IP packet from 172.20.20.24
[ 1338.815588][T22169] veth0_macvtap: entered promiscuous mode
[ 1338.847442][T22169] veth1_macvtap: entered promiscuous mode
[ 1338.906280][T22169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1338.924284][T22169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1338.934575][T22169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1338.954620][T22169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1338.964665][T22169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1338.977299][T22169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1338.989517][T22169] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1339.011481][T10710] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[ 1339.026156][T22169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1339.035451][ T7110] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[ 1339.038047][T22169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1339.077943][T22169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1339.090829][T22169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1339.108074][T22169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1339.121237][T22169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1339.145906][T22169] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1339.196032][T22169] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1339.220034][T22169] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1339.230335][T10710] usb 3-1: Using ep0 maxpacket: 16
[ 1339.235130][ T7110] usb 4-1: Using ep0 maxpacket: 8
[ 1339.238600][T10710] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[ 1339.255896][ T7110] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1339.260115][T22169] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1339.274656][T10710] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 1339.280343][ T7110] usb 4-1: unable to read config index 0 descriptor/start: -71
[ 1339.292147][T22169] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1339.295932][T10710] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1339.317597][ T7110] usb 4-1: can't read configurations, error -71
[ 1339.350132][T10710] usb 3-1: config 0 descriptor??
[ 1339.569461][T22354] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1339.605766][T22354] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1339.635695][ T1052] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1339.648578][T22354] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1339.661536][ T1052] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1339.676039][T22354] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1339.802929][T22462] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1339.836833][T22462] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1339.862853][ T2920] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1339.876850][T10710] hid (null): nested delimiters
[ 1339.880642][ T2920] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1339.901809][T10710] hid (null): report_id 24797 is invalid
[ 1339.949190][T10710] hid-generic 0003:0158:0100.0027: unknown main item tag 0x1
[ 1339.960189][T22365] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1340.003311][T22365] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1340.013501][T10710] hid-generic 0003:0158:0100.0027: unexpected long global item
[ 1340.044440][T10710] hid-generic 0003:0158:0100.0027: probe with driver hid-generic failed with error -22
[ 1340.113332][T10710] usb 3-1: USB disconnect, device number 33
[ 1340.119776][T22365] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1340.176309][T22365] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1340.579374][T22354] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1340.775218][T22365] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1340.858573][T22354] 8021q: adding VLAN 0 to HW filter on device team0
[ 1340.910855][ T5098] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1340.918135][ T5098] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1341.009760][ T5098] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1341.017016][ T5098] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1341.104419][T22365] 8021q: adding VLAN 0 to HW filter on device team0
[ 1341.187600][ T5098] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1341.194889][ T5098] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1341.290038][T10710] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1341.297474][T10710] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1341.729583][T22524] autofs4:pid:22524:validate_dev_ioctl: path string terminator missing for cmd(0xc018937e)
[ 1341.821848][   T45] usb 3-1: new full-speed USB device number 34 using dummy_hcd
[ 1341.837945][T22354] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1341.876320][T22365] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1342.025500][   T45] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 0, changing to 4
[ 1342.049926][   T45] usb 3-1: New USB device found, idVendor=2c42, idProduct=1636, bcdDevice=17.01
[ 1342.071833][ T7110] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[ 1342.079660][   T45] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1342.088903][T22354] veth0_vlan: entered promiscuous mode
[ 1342.103265][   T45] usb 3-1: Product: syz
[ 1342.125895][   T45] usb 3-1: Manufacturer: syz
[ 1342.127703][T22528] FAULT_INJECTION: forcing a failure.
[ 1342.127703][T22528] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1342.137920][   T45] usb 3-1: SerialNumber: syz
[ 1342.150515][T22528] CPU: 1 PID: 22528 Comm: syz.3.2767 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[ 1342.160734][T22528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1342.170834][T22528] Call Trace:
[ 1342.173781][T22354] veth1_vlan: entered promiscuous mode
[ 1342.174129][T22528]  <TASK>
[ 1342.182566][T22528]  dump_stack_lvl+0x241/0x360
[ 1342.187309][T22528]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1342.188313][T22365] veth0_vlan: entered promiscuous mode
[ 1342.192550][T22528]  ? __pfx__printk+0x10/0x10
[ 1342.192591][T22528]  ? __pfx_lock_release+0x10/0x10
[ 1342.192625][T22528]  should_fail_ex+0x3b0/0x4e0
[ 1342.192666][T22528]  _copy_from_user+0x2f/0xe0
[ 1342.217052][T22528]  get_compat_msghdr+0xae/0x730
[ 1342.221970][T22528]  ? __fget_files+0x29/0x470
[ 1342.226621][T22528]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1342.232145][T22528]  ? __fget_files+0x3f6/0x470
[ 1342.236894][T22528]  __sys_sendmsg+0x273/0x3a0
[ 1342.241543][T22528]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1342.246709][T22528]  ? vfs_write+0x7c4/0xc90
[ 1342.250594][T22365] veth1_vlan: entered promiscuous mode
[ 1342.251313][T22528]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1342.263442][T22528]  ? lockdep_hardirqs_on+0x99/0x150
[ 1342.268679][T22528]  __do_fast_syscall_32+0xb4/0x120
[ 1342.273829][T22528]  ? exc_page_fault+0x590/0x8c0
[ 1342.278717][T22528]  do_fast_syscall_32+0x34/0x80
[ 1342.283598][T22528]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1342.289946][T22528] RIP: 0023:0xf742f579
[ 1342.294031][T22528] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1342.313662][T22528] RSP: 002b:00000000f5d4857c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1342.322104][T22528] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000240
[ 1342.330177][T22528] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1342.338440][T22528] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1342.346533][T22528] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1342.354538][T22528] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1342.362642][T22528]  </TASK>
[ 1342.369769][   T45] usb 3-1: config 0 descriptor??
[ 1342.387642][   T45] f81232 3-1:0.0: f81534a converter detected
[ 1342.409433][T22354] veth0_macvtap: entered promiscuous mode
[ 1342.460437][T22354] veth1_macvtap: entered promiscuous mode
[ 1342.504981][ T7110] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1342.535209][ T7110] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1342.548690][ T7110] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1342.572588][ T7110] usb 1-1: Product: syz
[ 1342.577121][ T7110] usb 1-1: Manufacturer: syz
[ 1342.586908][T22365] veth0_macvtap: entered promiscuous mode
[ 1342.600608][ T7110] usb 1-1: SerialNumber: syz
[ 1342.616832][   T45] f81534a ttyUSB0: f81232_set_register failed status: -71
[ 1342.650708][T22354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1342.663108][   T45] f81534a ttyUSB0: probe with driver f81534a failed with error -5
[ 1342.693972][T22354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1342.703302][   T45] usb 3-1: USB disconnect, device number 34
[ 1342.725410][   T45] f81232 3-1:0.0: device disconnected
[ 1342.743665][T22354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1342.775480][T22354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1342.808529][T22354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1342.827965][T22354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1342.854337][T22354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1342.871421][T22354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1342.891027][T22354] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1342.902763][T22365] veth1_macvtap: entered promiscuous mode
[ 1342.964114][T22354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1342.986045][T22354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1343.005252][T22354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1343.016094][T22354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1343.036748][T22354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1343.063773][T22354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1343.083419][T22354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1343.103869][T22354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1343.119957][T22354] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1343.145178][T22354] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1343.187663][T22354] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1343.217920][T22354] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1343.242320][T22354] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1343.268109][T22365] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1343.316378][T22365] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1343.339321][T22365] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1343.355438][T22365] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1343.369127][T22365] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1343.382389][T22365] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1343.394076][T22365] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1343.436569][T22365] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1343.447864][T22365] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1343.500110][T22365] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1343.528314][T22365] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1343.607516][T22365] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1343.652038][T22365] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1343.682341][T22365] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1343.702693][T22365] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1343.724105][T22365] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1343.747155][T22365] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1343.758196][ T5098] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[ 1343.776392][T22365] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1343.796221][T22365] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1343.809948][T22365] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1343.829447][T22365] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1343.845610][T22365] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1343.958186][ T5098] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1343.975496][ T5098] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1343.989232][T22365] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1344.007502][T22365] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1344.023521][ T5098] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1344.033765][T22365] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1344.040474][ T5098] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1344.071186][T22365] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1344.076132][ T5098] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1344.144349][ T5098] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1344.179762][ T5098] usb 3-1: Manufacturer: syz
[ 1344.206970][ T5098] usb 3-1: config 0 descriptor??
[ 1344.257550][ T2920] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1344.324911][ T2920] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1344.449621][ T2900] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1344.477697][ T2900] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1344.692337][ T1064] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1344.701147][ T1064] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1344.736411][T22556] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1344.782170][T22556] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1344.805210][  T784] usb 1-1: USB disconnect, device number 33
[ 1344.836648][ T5098] appleir 0003:05AC:8243.0028: unknown main item tag 0x0
[ 1344.855111][ T1052] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1344.878556][ T1052] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1344.917905][ T5098] appleir 0003:05AC:8243.0028: No inputs registered, leaving
[ 1344.967567][ T5098] appleir 0003:05AC:8243.0028: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0
[ 1345.180211][T22588] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8)
[ 1345.186985][T22588] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1345.276354][T22588] vhci_hcd vhci_hcd.0: Device attached
[ 1345.330311][T22589] vhci_hcd: connection closed
[ 1345.335463][ T1064] vhci_hcd: stop threads
[ 1345.375206][ T1064] vhci_hcd: release socket
[ 1345.450375][ T1064] vhci_hcd: disconnect device
[ 1345.601202][T22605] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[ 1345.607998][T22605] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1345.661307][T22605] vhci_hcd vhci_hcd.0: Device attached
[ 1345.874026][T22606] vhci_hcd: connection closed
[ 1345.875602][ T1038] vhci_hcd: stop threads
[ 1345.918094][   T58] usb 5-1: new high-speed USB device number 111 using dummy_hcd
[ 1345.947102][ T1038] vhci_hcd: release socket
[ 1345.975308][ T1038] vhci_hcd: disconnect device
[ 1346.042673][ T7110] usb 16-1: enqueue for inactive port 0
[ 1346.167031][   T58] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1346.227555][   T58] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1346.241682][  T784] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[ 1346.266536][   T58] usb 5-1: config 0 descriptor??
[ 1346.464468][  T784] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1346.485379][  T784] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1346.503596][  T784] usb 4-1: config 0 descriptor??
[ 1346.591863][   T58] ath6kl: Failed to submit usb control message: -71
[ 1346.598618][   T58] ath6kl: unable to send the bmi data to the device: -71
[ 1346.603527][ T7110] usb usb16-port1: attempt power cycle
[ 1346.669580][   T58] ath6kl: Unable to send get target info: -71
[ 1346.701613][   T58] ath6kl: Failed to init ath6kl core: -71
[ 1346.758682][   T58] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1346.834338][  T784] ath6kl: Failed to submit usb control message: -71
[ 1346.873739][   T58] usb 5-1: USB disconnect, device number 111
[ 1346.883661][  T784] ath6kl: unable to send the bmi data to the device: -71
[ 1346.904621][  T784] ath6kl: Unable to send get target info: -71
[ 1346.922093][  T784] ath6kl: Failed to init ath6kl core: -71
[ 1346.988001][  T784] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1347.082495][T10710] usb 3-1: USB disconnect, device number 35
[ 1347.093197][  T784] usb 4-1: USB disconnect, device number 29
[ 1347.339579][ T7110] usb usb16-port1: unable to enumerate USB device
[ 1347.548259][T22650] IPv4: Oversized IP packet from 172.20.20.24
[ 1347.555179][    C1] IPv4: Oversized IP packet from 172.20.20.24
[ 1347.561664][    C1] IPv4: Oversized IP packet from 172.20.20.24
[ 1347.901493][T10710] usb 5-1: new high-speed USB device number 112 using dummy_hcd
[ 1348.115129][T10710] usb 5-1: Using ep0 maxpacket: 16
[ 1348.136675][T10710] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[ 1348.180995][T10710] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 1348.279212][T10710] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1348.327290][T10710] usb 5-1: config 0 descriptor??
[ 1348.808287][T22650] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1348.832817][T22650] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1348.857970][T10710] hid (null): nested delimiters
[ 1348.878196][T10710] hid (null): report_id 24797 is invalid
[ 1348.905054][T10710] hid-generic 0003:0158:0100.0029: unknown main item tag 0x1
[ 1348.928816][T10710] hid-generic 0003:0158:0100.0029: unexpected long global item
[ 1348.942714][T22680] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2792'.
[ 1348.977844][T10710] hid-generic 0003:0158:0100.0029: probe with driver hid-generic failed with error -22
[ 1348.991093][T22684] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[ 1348.997682][T22684] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1349.013219][T22684] vhci_hcd vhci_hcd.0: Device attached
[ 1349.186081][T10710] usb 5-1: USB disconnect, device number 112
[ 1349.303668][T22690] FAULT_INJECTION: forcing a failure.
[ 1349.303668][T22690] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1349.322158][T22692] fuse: Bad value for 'group_id'
[ 1349.332716][  T784] usb 12-1: SetAddress Request (17) to port 0
[ 1349.334829][T22690] CPU: 0 PID: 22690 Comm: syz.0.2794 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[ 1349.349212][T22690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1349.357419][  T784] usb 12-1: new SuperSpeed USB device number 17 using vhci_hcd
[ 1349.359281][T22690] Call Trace:
[ 1349.359295][T22690]  <TASK>
[ 1349.373492][T22690]  dump_stack_lvl+0x241/0x360
[ 1349.378198][T22690]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1349.383413][T22690]  ? __pfx__printk+0x10/0x10
[ 1349.388040][T22690]  ? __pfx_lock_release+0x10/0x10
[ 1349.393186][T22690]  should_fail_ex+0x3b0/0x4e0
[ 1349.397889][T22690]  _copy_from_user+0x2f/0xe0
[ 1349.402492][T22690]  get_compat_msghdr+0xae/0x730
[ 1349.407361][T22690]  ? __fget_files+0x29/0x470
[ 1349.411986][T22690]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1349.417463][T22690]  ? __fget_files+0x3f6/0x470
[ 1349.422163][T22690]  __sys_sendmsg+0x273/0x3a0
[ 1349.426764][T22690]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1349.431992][T22690]  ? vfs_write+0x7c4/0xc90
[ 1349.436453][T22690]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1349.443094][T22690]  ? lockdep_hardirqs_on+0x99/0x150
[ 1349.448331][T22690]  __do_fast_syscall_32+0xb4/0x120
[ 1349.453495][T22690]  ? exc_page_fault+0x590/0x8c0
[ 1349.458377][T22690]  do_fast_syscall_32+0x34/0x80
[ 1349.463267][T22690]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1349.469601][T22690] RIP: 0023:0xf73d4579
[ 1349.473675][T22690] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1349.493400][T22690] RSP: 002b:00000000f5ced57c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1349.501837][T22690] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000
[ 1349.509842][T22690] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1349.517945][T22690] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1349.525935][T22690] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1349.533925][T22690] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1349.541941][T22690]  </TASK>
[ 1349.590994][T22685] vhci_hcd: connection reset by peer
[ 1349.599364][   T11] vhci_hcd: stop threads
[ 1349.604663][   T11] vhci_hcd: release socket
[ 1349.613041][   T11] vhci_hcd: disconnect device
[ 1349.861599][ T7110] usb 2-1: new high-speed USB device number 101 using dummy_hcd
[ 1350.083445][ T7110] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1350.117915][ T7110] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1350.148494][ T7110] usb 2-1: config 0 descriptor??
[ 1350.405027][ T7110] ath6kl: Failed to submit usb control message: -71
[ 1350.426274][ T7110] ath6kl: unable to send the bmi data to the device: -71
[ 1350.464157][ T7110] ath6kl: Unable to send get target info: -71
[ 1350.500135][ T7110] ath6kl: Failed to init ath6kl core: -71
[ 1350.534436][ T7110] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1350.578215][ T7110] usb 2-1: USB disconnect, device number 101
[ 1350.593047][T17450] udevd[17450]: setting mode of /dev/bus/usb/002/101 to 020664 failed: No such file or directory
[ 1350.614016][T17450] udevd[17450]: setting owner of /dev/bus/usb/002/101 to uid=0, gid=0 failed: No such file or directory
[ 1351.091802][T22719] IPv6: addrconf: prefix option has invalid lifetime
[ 1351.324257][T22734] FAULT_INJECTION: forcing a failure.
[ 1351.324257][T22734] name failslab, interval 1, probability 0, space 0, times 0
[ 1351.357787][T22734] CPU: 1 PID: 22734 Comm: syz.3.2809 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[ 1351.368042][T22734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1351.378179][T22734] Call Trace:
[ 1351.381496][T22734]  <TASK>
[ 1351.384471][T22734]  dump_stack_lvl+0x241/0x360
[ 1351.389229][T22734]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1351.394488][T22734]  ? __pfx__printk+0x10/0x10
[ 1351.399144][T22734]  ? __pfx___might_resched+0x10/0x10
[ 1351.404498][T22734]  should_fail_ex+0x3b0/0x4e0
[ 1351.409237][T22734]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[ 1351.415008][T22734]  should_failslab+0x9/0x20
[ 1351.419613][T22734]  __kmalloc_noprof+0xd8/0x400
[ 1351.424453][T22734]  ? kfree+0x4e/0x360
[ 1351.428501][T22734]  tomoyo_realpath_from_path+0xcf/0x5e0
[ 1351.434204][T22734]  tomoyo_path_number_perm+0x23a/0x880
[ 1351.439736][T22734]  ? __lock_acquire+0x1346/0x1fd0
[ 1351.444832][T22734]  ? tomoyo_path_number_perm+0x208/0x880
[ 1351.450573][T22734]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1351.456761][T22734]  ? __fget_files+0x29/0x470
[ 1351.461418][T22734]  ? __fget_files+0x3f6/0x470
[ 1351.466174][T22734]  security_file_ioctl_compat+0x75/0xb0
[ 1351.471811][T22734]  __se_compat_sys_ioctl+0xd6/0xca0
[ 1351.477068][T22734]  ? __pfx___se_compat_sys_ioctl+0x10/0x10
[ 1351.482935][T22734]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1351.489937][T22734]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1351.496340][T22734]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1351.503010][T22734]  ? lockdep_hardirqs_on+0x99/0x150
[ 1351.508286][T22734]  __do_fast_syscall_32+0xb4/0x120
[ 1351.513475][T22734]  ? exc_page_fault+0x590/0x8c0
[ 1351.518494][T22734]  do_fast_syscall_32+0x34/0x80
[ 1351.523429][T22734]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1351.529909][T22734] RIP: 0023:0xf742f579
[ 1351.534026][T22734] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1351.553685][T22734] RSP: 002b:00000000f5d4857c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1351.562209][T22734] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0045002
[ 1351.570243][T22734] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1351.578270][T22734] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1351.586287][T22734] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1351.594309][T22734] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1351.602351][T22734]  </TASK>
[ 1351.684591][T22734] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1352.462616][T22761] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2817'.
[ 1353.472221][   T58] usb 2-1: new high-speed USB device number 102 using dummy_hcd
[ 1353.698904][   T58] usb 2-1: config 1 has an invalid descriptor of length 124, skipping remainder of the config
[ 1353.718014][   T58] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1353.760540][T22793] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[ 1353.767162][T22793] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1353.776687][T22793] vhci_hcd vhci_hcd.0: Device attached
[ 1353.787398][   T58] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1353.791980][T22795] vhci_hcd: connection closed
[ 1353.812190][ T2920] vhci_hcd: stop threads
[ 1353.831125][ T2920] vhci_hcd: release socket
[ 1353.846633][ T2920] vhci_hcd: disconnect device
[ 1353.863323][T22800] xt_connbytes: Forcing CT accounting to be enabled
[ 1353.870594][T22800] Cannot find del_set index 0 as target
[ 1353.880222][   T58] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1353.896315][   T58] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1353.921603][   T58] usb 2-1: Product: syz
[ 1353.942618][   T58] usb 2-1: Manufacturer: syz
[ 1353.981739][   T58] usb 2-1: SerialNumber: syz
[ 1354.006471][   T58] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found
[ 1354.033077][   T58] cdc_ncm 2-1:1.0: bind() failure
[ 1354.142936][   T29] kauditd_printk_skb: 29 callbacks suppressed
[ 1354.142957][   T29] audit: type=1326 audit(1720877833.407:1812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22805 comm="syz.2.2831" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73b8579 code=0x0
[ 1354.184821][    T9] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[ 1354.250689][   T29] audit: type=1326 audit(1720877833.457:1813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22805 comm="syz.2.2831" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73b8579 code=0x0
[ 1354.426150][    T9] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1354.444157][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1354.444824][T22812] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2832'.
[ 1354.475385][    T9] usb 1-1: config 0 descriptor??
[ 1354.653247][  T784] usb 12-1: device descriptor read/8, error -110
[ 1354.701573][    T9] ath6kl: Failed to submit usb control message: -71
[ 1354.708434][    T9] ath6kl: unable to send the bmi data to the device: -71
[ 1354.772013][    T9] ath6kl: Unable to send get target info: -71
[ 1354.780235][    T9] ath6kl: Failed to init ath6kl core: -71
[ 1354.793693][    T9] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1354.834476][    T9] usb 1-1: USB disconnect, device number 34
[ 1355.073654][  T784] usb usb12-port1: attempt power cycle
[ 1355.743383][  T784] usb usb12-port1: unable to enumerate USB device
[ 1355.915803][T22844] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2840'.
[ 1355.961869][   T45] usb 1-1: new full-speed USB device number 35 using dummy_hcd
[ 1356.082766][ T5196] usb 2-1: USB disconnect, device number 102
[ 1356.163522][   T45] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 1356.200937][   T45] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1356.272535][   T45] usb 1-1: config 0 descriptor??
[ 1356.368901][T22270] Bluetooth: hci3: unexpected event 0x0f length: 100 > 4
[ 1356.564927][T22853] fuse: Unknown parameter 'group_‰d'
[ 1356.677055][T22853] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1356.885236][T22857] ipvlan2: entered promiscuous mode
[ 1356.890871][T22857] ipvlan2: entered allmulticast mode
[ 1356.932223][T22857] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[ 1357.347436][   T45] pegasus 1-1:0.0: probe with driver pegasus failed with error -71
[ 1357.396765][   T45] usb 1-1: USB disconnect, device number 35
[ 1357.489319][T22871] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8)
[ 1357.495924][T22871] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1357.537764][T22871] vhci_hcd vhci_hcd.0: Device attached
[ 1357.558450][T22872] vhci_hcd: connection closed
[ 1357.566727][ T1064] vhci_hcd: stop threads
[ 1357.592264][ T1064] vhci_hcd: release socket
[ 1357.607071][ T1064] vhci_hcd: disconnect device
[ 1357.761932][    C1] vxcan0: j1939_tp_rxtimer: 0xffff88802ce9ac00: rx timeout, send abort
[ 1357.774785][    C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff88802ce9ac00: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1357.962831][    T9] usb 5-1: new high-speed USB device number 113 using dummy_hcd
[ 1358.184765][    T9] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1358.194150][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1358.249188][    T9] usb 5-1: config 0 descriptor??
[ 1358.483258][    T9] ath6kl: Failed to submit usb control message: -71
[ 1358.489987][    T9] ath6kl: unable to send the bmi data to the device: -71
[ 1358.537276][    T9] ath6kl: Unable to send get target info: -71
[ 1358.552851][    T9] ath6kl: Failed to init ath6kl core: -71
[ 1358.560004][    T9] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1358.656975][    T9] usb 5-1: USB disconnect, device number 113
[ 1358.760731][T22889] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[ 1358.767350][T22889] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1358.838846][T22889] vhci_hcd vhci_hcd.0: Device attached
[ 1358.981939][T22887] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2852'.
[ 1358.987075][T22893] vhci_hcd: connection closed
[ 1359.021847][ T2920] vhci_hcd: stop threads
[ 1359.062755][ T2920] vhci_hcd: release socket
[ 1359.091621][ T2920] vhci_hcd: disconnect device
[ 1359.165187][ T7110] usb 12-1: enqueue for inactive port 0
[ 1359.431899][    T9] usb 2-1: new high-speed USB device number 103 using dummy_hcd
[ 1359.481281][T22906] fuse: Unknown parameter 'group_‰d'
[ 1359.605773][T22911] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2859'.
[ 1359.634681][    T9] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1359.712264][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1359.727223][ T7110] usb usb12-port1: attempt power cycle
[ 1359.733397][    T9] usb 2-1: config 0 descriptor??
[ 1359.875938][T22906] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1359.942419][   T58] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[ 1360.024562][    T9] ath6kl: Failed to submit usb control message: -71
[ 1360.043418][    T9] ath6kl: unable to send the bmi data to the device: -71
[ 1360.079514][    T9] ath6kl: Unable to send get target info: -71
[ 1360.118785][    T9] ath6kl: Failed to init ath6kl core: -71
[ 1360.132279][    T9] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1360.165889][    T9] usb 2-1: USB disconnect, device number 103
[ 1360.185281][   T58] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1360.196700][   T58] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1360.211171][   T58] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1360.280495][   T58] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1360.311253][   T58] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1360.383179][ T7110] usb usb12-port1: unable to enumerate USB device
[ 1360.486619][T22936] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2864'.
[ 1360.760005][T22913] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.2860'.
[ 1360.842766][   T58] usb 1-1: 0:2 : does not exist
[ 1360.894445][   T58] usb 1-1: USB disconnect, device number 36
[ 1361.195117][T17450] udevd[17450]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1361.285813][T22945] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8)
[ 1361.292443][T22945] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1361.326522][T22945] vhci_hcd vhci_hcd.0: Device attached
[ 1361.352046][T22947] vhci_hcd: connection closed
[ 1361.356384][ T2900] vhci_hcd: stop threads
[ 1361.401155][T22951] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[ 1361.407755][T22951] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1361.421497][ T2900] vhci_hcd: release socket
[ 1361.463902][T22951] vhci_hcd vhci_hcd.0: Device attached
[ 1361.477768][ T2900] vhci_hcd: disconnect device
[ 1361.661685][    T9] usb 5-1: new high-speed USB device number 114 using dummy_hcd
[ 1361.690386][T22952] vhci_hcd: connection closed
[ 1361.690707][ T2920] vhci_hcd: stop threads
[ 1361.721253][ T2920] vhci_hcd: release socket
[ 1361.735839][ T2920] vhci_hcd: disconnect device
[ 1361.947341][    T9] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1361.981044][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1362.032455][    T9] usb 5-1: config 0 descriptor??
[ 1362.073598][ T5142] usb 2-1: new high-speed USB device number 104 using dummy_hcd
[ 1362.273593][    T9] ath6kl: Failed to submit usb control message: -71
[ 1362.280327][    T9] ath6kl: unable to send the bmi data to the device: -71
[ 1362.312381][ T5142] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1362.322039][    T9] ath6kl: Unable to send get target info: -71
[ 1362.339875][ T1250] ieee802154 phy0 wpan0: encryption failed: -22
[ 1362.348166][ T1250] ieee802154 phy1 wpan1: encryption failed: -22
[ 1362.357655][ T5142] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1362.373928][    T9] ath6kl: Failed to init ath6kl core: -71
[ 1362.394045][ T5142] usb 2-1: config 0 descriptor??
[ 1362.405450][    T9] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1362.439415][T22963] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1362.448262][T22963] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1362.477101][    T9] usb 5-1: USB disconnect, device number 114
[ 1362.633687][ T5142] ath6kl: Failed to submit usb control message: -71
[ 1362.640716][ T5142] ath6kl: unable to send the bmi data to the device: -71
[ 1362.677002][ T5142] ath6kl: Unable to send get target info: -71
[ 1362.707537][ T5142] ath6kl: Failed to init ath6kl core: -71
[ 1362.727227][ T5142] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1362.803394][ T5142] usb 2-1: USB disconnect, device number 104
[ 1363.137545][T22977] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2872'.
[ 1363.284915][T22982] IPv4: Oversized IP packet from 172.20.20.24
[ 1363.292089][    C1] IPv4: Oversized IP packet from 172.20.20.24
[ 1363.298859][    C1] IPv4: Oversized IP packet from 172.20.20.24
[ 1363.393423][   T29] audit: type=1326 audit(1720877842.657:1814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22979 comm="syz.2.2874" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b8579 code=0x7ffc0000
[ 1363.473960][   T29] audit: type=1326 audit(1720877842.657:1815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22979 comm="syz.2.2874" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b8579 code=0x7ffc0000
[ 1363.544041][   T29] audit: type=1326 audit(1720877842.657:1816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22979 comm="syz.2.2874" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf73b8579 code=0x7ffc0000
[ 1363.613297][   T45] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[ 1363.645331][   T29] audit: type=1326 audit(1720877842.657:1817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22979 comm="syz.2.2874" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b8579 code=0x7ffc0000
[ 1363.715981][   T29] audit: type=1326 audit(1720877842.657:1818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22979 comm="syz.2.2874" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf73b8579 code=0x7ffc0000
[ 1363.779469][   T29] audit: type=1326 audit(1720877842.657:1819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22979 comm="syz.2.2874" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b8579 code=0x7ffc0000
[ 1363.809970][T22993] ipvlan2: entered promiscuous mode
[ 1363.821563][   T45] usb 4-1: Using ep0 maxpacket: 16
[ 1363.837710][T22993] ipvlan2: entered allmulticast mode
[ 1363.840100][   T29] audit: type=1326 audit(1720877842.657:1820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22979 comm="syz.2.2874" exe="/root/syz-executor" sig=0 arch=40000003 syscall=170 compat=1 ip=0xf73b8579 code=0x7ffc0000
[ 1363.846671][   T45] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[ 1363.886149][T22993] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[ 1363.970604][   T29] audit: type=1326 audit(1720877842.657:1821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22979 comm="syz.2.2874" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b8579 code=0x7ffc0000
[ 1363.994208][   T45] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 1364.063683][   T45] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1364.063979][   T29] audit: type=1326 audit(1720877842.657:1822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22979 comm="syz.2.2874" exe="/root/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf73b8579 code=0x7ffc0000
[ 1364.168851][T23001] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[ 1364.175543][T23001] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1364.187112][   T45] usb 4-1: config 0 descriptor??
[ 1364.203768][T23001] vhci_hcd vhci_hcd.0: Device attached
[ 1364.240310][T23004] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2878'.
[ 1364.280881][T23002] vhci_hcd: connection closed
[ 1364.281664][ T1038] vhci_hcd: stop threads
[ 1364.298252][ T1038] vhci_hcd: release socket
[ 1364.307007][ T1038] vhci_hcd: disconnect device
[ 1364.611472][   T29] audit: type=1326 audit(1720877843.837:1823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22979 comm="syz.2.2874" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b8579 code=0x7ffc0000
[ 1364.692674][T22982] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1364.720497][T22982] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1364.762188][   T45] hid (null): nested delimiters
[ 1364.767198][   T45] hid (null): report_id 24797 is invalid
[ 1364.807710][   T45] hid-generic 0003:0158:0100.002A: unknown main item tag 0x1
[ 1364.828335][   T45] hid-generic 0003:0158:0100.002A: unexpected long global item
[ 1364.840948][   T45] hid-generic 0003:0158:0100.002A: probe with driver hid-generic failed with error -22
[ 1364.870157][ T7110] usb 2-1: new high-speed USB device number 105 using dummy_hcd
[ 1364.994677][ T5142] usb 4-1: USB disconnect, device number 30
[ 1365.012361][    T9] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[ 1365.093639][ T7110] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1365.118298][ T7110] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1365.151106][ T7110] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1365.179540][ T7110] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1365.210119][ T7110] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1365.240060][    T9] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1365.256033][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1365.283364][    T9] usb 1-1: config 0 descriptor??
[ 1365.301099][T23018] FAULT_INJECTION: forcing a failure.
[ 1365.301099][T23018] name failslab, interval 1, probability 0, space 0, times 0
[ 1365.320529][T23018] CPU: 0 PID: 23018 Comm: syz.4.2882 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[ 1365.330869][T23018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1365.340988][T23018] Call Trace:
[ 1365.344402][T23018]  <TASK>
[ 1365.347489][T23018]  dump_stack_lvl+0x241/0x360
[ 1365.352321][T23018]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1365.357588][T23018]  ? __pfx__printk+0x10/0x10
[ 1365.362244][T23018]  ? __pfx___might_resched+0x10/0x10
[ 1365.367591][T23018]  should_fail_ex+0x3b0/0x4e0
[ 1365.372307][T23018]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[ 1365.378048][T23018]  should_failslab+0x9/0x20
[ 1365.382578][T23018]  __kmalloc_noprof+0xd8/0x400
[ 1365.387370][T23018]  ? kfree+0x4e/0x360
[ 1365.391414][T23018]  tomoyo_realpath_from_path+0xcf/0x5e0
[ 1365.397016][T23018]  tomoyo_path_number_perm+0x23a/0x880
[ 1365.402500][T23018]  ? __lock_acquire+0x1346/0x1fd0
[ 1365.407550][T23018]  ? tomoyo_path_number_perm+0x208/0x880
[ 1365.413219][T23018]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1365.419288][T23018]  ? __fget_files+0x29/0x470
[ 1365.423910][T23018]  ? __fget_files+0x3f6/0x470
[ 1365.428702][T23018]  security_file_ioctl_compat+0x75/0xb0
[ 1365.434292][T23018]  __se_compat_sys_ioctl+0xd6/0xca0
[ 1365.439520][T23018]  ? __pfx___se_compat_sys_ioctl+0x10/0x10
[ 1365.445371][T23018]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1365.451408][T23018]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1365.457782][T23018]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1365.464465][T23018]  ? lockdep_hardirqs_on+0x99/0x150
[ 1365.469800][T23018]  __do_fast_syscall_32+0xb4/0x120
[ 1365.474951][T23018]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1365.481146][T23018]  ? lockdep_hardirqs_on+0x99/0x150
[ 1365.486979][T23018]  do_fast_syscall_32+0x34/0x80
[ 1365.491867][T23018]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1365.498272][T23018] RIP: 0023:0xf7495579
[ 1365.502537][T23018] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1365.522198][T23018] RSP: 002b:00000000f5dae57c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1365.530648][T23018] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c01864c6
[ 1365.538740][T23018] RDX: 00000000200003c0 RSI: 0000000000000000 RDI: 0000000000000000
[ 1365.546739][T23018] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1365.554725][T23018] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1365.562803][T23018] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1365.570811][T23018]  </TASK>
[ 1365.582764][T23018] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1365.652198][    T9] ath6kl: Failed to submit usb control message: -71
[ 1365.658938][    T9] ath6kl: unable to send the bmi data to the device: -71
[ 1365.683639][    T9] ath6kl: Unable to send get target info: -71
[ 1365.730519][    T9] ath6kl: Failed to init ath6kl core: -71
[ 1365.742879][    T9] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1365.773324][    T9] usb 1-1: USB disconnect, device number 37
[ 1365.789211][T23008] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.2879'.
[ 1365.979510][ T7110] usb 2-1: 0:2 : does not exist
[ 1366.050178][ T7110] usb 2-1: USB disconnect, device number 105
[ 1366.393699][T17450] udevd[17450]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1366.625460][T23031] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1366.633317][T23031] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1366.929883][T23028] IPv6: addrconf: prefix option has invalid lifetime
[ 1366.942861][T23037] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2886'.
[ 1367.144323][T23040] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2887'.
[ 1367.495274][T23044] IPv4: Oversized IP packet from 172.20.20.24
[ 1367.502252][    C1] IPv4: Oversized IP packet from 172.20.20.24
[ 1367.508811][    C1] IPv4: Oversized IP packet from 172.20.20.24
[ 1367.579082][T23049] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[ 1367.585682][T23049] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1367.647341][T23049] vhci_hcd vhci_hcd.0: Device attached
[ 1367.674771][T23053] FAULT_INJECTION: forcing a failure.
[ 1367.674771][T23053] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1367.722108][T23053] CPU: 0 PID: 23053 Comm: syz.1.2891 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[ 1367.732554][T23053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1367.742839][T23053] Call Trace:
[ 1367.746167][T23053]  <TASK>
[ 1367.749142][T23053]  dump_stack_lvl+0x241/0x360
[ 1367.753990][T23053]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1367.759283][T23053]  ? __pfx__printk+0x10/0x10
[ 1367.763948][T23053]  ? __pfx_lock_release+0x10/0x10
[ 1367.769200][T23053]  should_fail_ex+0x3b0/0x4e0
[ 1367.774230][T23053]  _copy_to_iter+0x43a/0x1960
[ 1367.778957][T23053]  ? __virt_addr_valid+0x183/0x530
[ 1367.784149][T23053]  ? __pfx__copy_to_iter+0x10/0x10
[ 1367.789318][T23053]  ? __virt_addr_valid+0x183/0x530
[ 1367.794463][T23053]  ? __virt_addr_valid+0x183/0x530
[ 1367.799622][T23053]  ? __virt_addr_valid+0x45f/0x530
[ 1367.804946][T23053]  ? __phys_addr_symbol+0x2f/0x70
[ 1367.810013][T23053]  ? __check_object_size+0x49c/0x900
[ 1367.815346][T23053]  seq_read_iter+0xb72/0xd60
[ 1367.820690][T23053]  seq_read+0x3a4/0x4f0
[ 1367.825051][T23053]  ? __pfx_seq_read+0x10/0x10
[ 1367.829780][T23053]  ? debugfs_file_get+0x4cc/0x630
[ 1367.834956][T23053]  full_proxy_read+0x119/0x1d0
[ 1367.839792][T23053]  ? __pfx_full_proxy_read+0x10/0x10
[ 1367.845163][T23053]  vfs_read+0x204/0xbc0
[ 1367.849357][T23053]  ? __pfx_lock_release+0x10/0x10
[ 1367.854434][T23053]  ? __pfx_vfs_read+0x10/0x10
[ 1367.859236][T23053]  ? __fget_files+0x29/0x470
[ 1367.864039][T23053]  ? __fget_files+0x3f6/0x470
[ 1367.868768][T23053]  ksys_read+0x1a0/0x2c0
[ 1367.873140][T23053]  ? __pfx_ksys_read+0x10/0x10
[ 1367.878288][T23053]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1367.885005][T23053]  ? lockdep_hardirqs_on+0x99/0x150
[ 1367.890359][T23053]  __do_fast_syscall_32+0xb4/0x120
[ 1367.895547][T23053]  ? exc_page_fault+0x590/0x8c0
[ 1367.900446][T23053]  do_fast_syscall_32+0x34/0x80
[ 1367.905337][T23053]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1367.911723][T23053] RIP: 0023:0xf7491579
[ 1367.915814][T23053] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1367.935708][T23053] RSP: 002b:00000000f5daa57c EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[ 1367.944149][T23053] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000b00
[ 1367.952269][T23053] RDX: 00000000000000cd RSI: 0000000000000000 RDI: 0000000000000000
[ 1367.960267][T23053] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1367.968268][T23053] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1367.976358][T23053] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1367.984378][T23053]  </TASK>
[ 1368.141617][ T7110] usb 14-1: SetAddress Request (21) to port 0
[ 1368.142122][    T9] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[ 1368.147847][ T7110] usb 14-1: new SuperSpeed USB device number 21 using vhci_hcd
[ 1368.182745][T23050] vhci_hcd: connection closed
[ 1368.183233][ T2920] vhci_hcd: stop threads
[ 1368.192569][ T2920] vhci_hcd: release socket
[ 1368.202357][ T2920] vhci_hcd: disconnect device
[ 1368.233541][ T7110] usb 14-1: enqueue for inactive port 0
[ 1368.252312][T23065] IPv4: Oversized IP packet from 172.20.20.24
[ 1368.259781][    C1] IPv4: Oversized IP packet from 172.20.20.24
[ 1368.266439][    C1] IPv4: Oversized IP packet from 172.20.20.24
[ 1368.402350][    T9] usb 1-1: Using ep0 maxpacket: 16
[ 1368.420140][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[ 1368.441849][    T9] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 1368.451007][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1368.488771][    T9] usb 1-1: config 0 descriptor??
[ 1368.512175][ T5098] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[ 1368.552403][ T5196] usb 2-1: new high-speed USB device number 106 using dummy_hcd
[ 1368.653283][ T7110] usb usb14-port1: attempt power cycle
[ 1368.713798][ T5098] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1368.750522][ T5098] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1368.753073][ T5196] usb 2-1: Using ep0 maxpacket: 16
[ 1368.776045][ T5098] usb 3-1: config 0 descriptor??
[ 1368.786640][ T5196] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[ 1368.809164][ T5196] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 1368.830850][ T5196] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1368.855133][ T5196] usb 2-1: config 0 descriptor??
[ 1368.988016][T23044] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1369.007019][T23044] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1369.057755][    T9] hid (null): nested delimiters
[ 1369.106844][    T9] hid (null): report_id 24797 is invalid
[ 1369.113792][ T5098] ath6kl: Failed to submit usb control message: -71
[ 1369.144825][ T5098] ath6kl: unable to send the bmi data to the device: -71
[ 1369.168837][T23078] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8)
[ 1369.175428][T23078] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1369.185790][    T9] hid-generic 0003:0158:0100.002B: unknown main item tag 0x1
[ 1369.203249][T23078] vhci_hcd vhci_hcd.0: Device attached
[ 1369.205393][ T5098] ath6kl: Unable to send get target info: -71
[ 1369.248432][    T9] hid-generic 0003:0158:0100.002B: unexpected long global item
[ 1369.276324][ T5098] ath6kl: Failed to init ath6kl core: -71
[ 1369.286349][T23065] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1369.302452][    T9] hid-generic 0003:0158:0100.002B: probe with driver hid-generic failed with error -22
[ 1369.308352][ T7110] usb usb14-port1: unable to enumerate USB device
[ 1369.326619][ T5098] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1369.329889][T23065] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1369.402195][ T5098] usb 3-1: USB disconnect, device number 36
[ 1369.413262][    T9] usb 1-1: USB disconnect, device number 38
[ 1369.465700][ T5196] hid (null): nested delimiters
[ 1369.514638][ T5196] hid (null): report_id 24797 is invalid
[ 1369.554275][ T5196] hid-generic 0003:0158:0100.002C: unknown main item tag 0x1
[ 1369.562081][  T784] usb 18-1: SetAddress Request (26) to port 0
[ 1369.568291][  T784] usb 18-1: new SuperSpeed USB device number 26 using vhci_hcd
[ 1369.586658][ T5196] hid-generic 0003:0158:0100.002C: unexpected long global item
[ 1369.597019][ T5196] hid-generic 0003:0158:0100.002C: probe with driver hid-generic failed with error -22
[ 1369.636686][T23079] vhci_hcd: connection reset by peer
[ 1369.669130][ T5196] usb 2-1: USB disconnect, device number 106
[ 1369.688200][ T1052] vhci_hcd: stop threads
[ 1369.708494][ T1052] vhci_hcd: release socket
[ 1369.731112][ T1052] vhci_hcd: disconnect device
[ 1369.769923][T23086] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[ 1369.776535][T23086] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1369.786086][T23086] vhci_hcd vhci_hcd.0: Device attached
[ 1369.852103][T23087] vhci_hcd: connection closed
[ 1369.868065][ T1038] vhci_hcd: stop threads
[ 1369.882306][ T1038] vhci_hcd: release socket
[ 1369.886791][ T1038] vhci_hcd: disconnect device
[ 1370.022509][    T9] usb 5-1: new high-speed USB device number 115 using dummy_hcd
[ 1370.083733][T23090] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[ 1370.090431][T23090] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1370.105990][T23090] vhci_hcd vhci_hcd.0: Device attached
[ 1370.111689][ T7110] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[ 1370.140177][T23092] vhci_hcd: connection closed
[ 1370.149139][ T2920] vhci_hcd: stop threads
[ 1370.184970][ T2920] vhci_hcd: release socket
[ 1370.189606][ T2920] vhci_hcd: disconnect device
[ 1370.234194][    T9] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1370.248434][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1370.271187][    T9] usb 5-1: config 0 descriptor??
[ 1370.295692][ T7110] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1370.308246][ T7110] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1370.325802][ T7110] usb 4-1: config 0 descriptor??
[ 1370.492746][ T5098] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[ 1370.611027][ T7110] ath6kl: Failed to submit usb control message: -71
[ 1370.641031][ T7110] ath6kl: unable to send the bmi data to the device: -71
[ 1370.672043][    T9] ath6kl: Failed to submit usb control message: -71
[ 1370.674200][ T7110] ath6kl: Unable to send get target info: -71
[ 1370.685713][    T9] ath6kl: unable to send the bmi data to the device: -71
[ 1370.704482][    T9] ath6kl: Unable to send get target info: -71
[ 1370.716928][ T7110] ath6kl: Failed to init ath6kl core: -71
[ 1370.731233][ T7110] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1370.792901][ T7110] usb 4-1: USB disconnect, device number 31
[ 1370.806395][    T9] ath6kl: Failed to init ath6kl core: -71
[ 1370.820103][    T9] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1370.838910][ T5098] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1370.887255][ T5098] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1370.940373][    T9] usb 5-1: USB disconnect, device number 115
[ 1370.979366][ T5098] usb 3-1: config 0 descriptor??
[ 1371.107284][T23110] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[ 1371.113885][T23110] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1371.124306][T23110] vhci_hcd vhci_hcd.0: Device attached
[ 1371.244231][ T5098] ath6kl: Failed to submit usb control message: -71
[ 1371.264555][T23111] vhci_hcd: connection closed
[ 1371.265104][ T1052] vhci_hcd: stop threads
[ 1371.300014][ T5098] ath6kl: unable to send the bmi data to the device: -71
[ 1371.311947][ T1052] vhci_hcd: release socket
[ 1371.335179][ T5098] ath6kl: Unable to send get target info: -71
[ 1371.342659][ T1052] vhci_hcd: disconnect device
[ 1371.373441][ T5098] ath6kl: Failed to init ath6kl core: -71
[ 1371.380596][ T5098] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1371.420572][ T5098] usb 3-1: USB disconnect, device number 37
[ 1371.592481][   T45] usb 2-1: new high-speed USB device number 107 using dummy_hcd
[ 1371.637186][T23120] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2906'.
[ 1371.790291][   T45] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1371.819536][   T45] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1371.852719][   T45] usb 2-1: config 0 descriptor??
[ 1371.971625][ T5196] usb 5-1: new high-speed USB device number 116 using dummy_hcd
[ 1372.043199][T23129] FAULT_INJECTION: forcing a failure.
[ 1372.043199][T23129] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1372.057236][T23129] CPU: 1 PID: 23129 Comm: syz.2.2908 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[ 1372.067479][T23129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1372.077582][T23129] Call Trace:
[ 1372.080909][T23129]  <TASK>
[ 1372.083886][T23129]  dump_stack_lvl+0x241/0x360
[ 1372.088627][T23129]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1372.093913][T23129]  ? __pfx__printk+0x10/0x10
[ 1372.098577][T23129]  ? __pfx_lock_release+0x10/0x10
[ 1372.103844][T23129]  ? aa_label_sk_perm+0x4f0/0x6d0
[ 1372.108946][T23129]  should_fail_ex+0x3b0/0x4e0
[ 1372.113709][T23129]  _copy_to_user+0x2f/0xb0
[ 1372.118190][T23129]  sk_getsockopt+0x2595/0x3890
[ 1372.123020][T23129]  ? __pfx_sk_getsockopt+0x10/0x10
[ 1372.128163][T23129]  ? __pfx___might_resched+0x10/0x10
[ 1372.133584][T23129]  ? __lock_acquire+0x1346/0x1fd0
[ 1372.138653][T23129]  ? aa_sk_perm+0x967/0xab0
[ 1372.143193][T23129]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1372.148120][T23129]  ? __pfx_lock_acquire+0x10/0x10
[ 1372.153185][T23129]  ? aa_sock_opt_perm+0x79/0x120
[ 1372.158156][T23129]  do_sock_getsockopt+0x270/0x850
[ 1372.163230][T23129]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 1372.168818][T23129]  ? __fget_files+0x3f6/0x470
[ 1372.173530][T23129]  ? __fget_files+0x29/0x470
[ 1372.178166][T23129]  __sys_getsockopt+0x271/0x330
[ 1372.183053][T23129]  ? __pfx___sys_getsockopt+0x10/0x10
[ 1372.188480][T23129]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1372.194862][T23129]  __ia32_sys_getsockopt+0xb5/0xd0
[ 1372.200012][T23129]  __do_fast_syscall_32+0xb4/0x120
[ 1372.205362][T23129]  ? exc_page_fault+0x590/0x8c0
[ 1372.210362][T23129]  do_fast_syscall_32+0x34/0x80
[ 1372.215277][T23129]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1372.221687][T23129] RIP: 0023:0xf73b8579
[ 1372.225835][T23129] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1372.245605][T23129] RSP: 002b:00000000f5cd157c EFLAGS: 00000206 ORIG_RAX: 000000000000016d
[ 1372.254078][T23129] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000001
[ 1372.262108][T23129] RDX: 0000000000000005 RSI: 00000000200014c0 RDI: 0000000020001580
[ 1372.270122][T23129] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1372.278218][T23129] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1372.286580][T23129] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1372.294607][T23129]  </TASK>
[ 1372.405616][ T5196] usb 5-1: Using ep0 maxpacket: 8
[ 1372.418193][ T5196] usb 5-1: New USB device found, idVendor=0547, idProduct=7303, bcdDevice=c4.ff
[ 1372.435823][ T5196] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1372.473484][ T5196] usb 5-1: config 0 descriptor??
[ 1372.510019][ T5196] gspca_main: dtcs033-2.14.0 probing 0547:7303
[ 1372.517793][   T45] ath6kl: Failed to submit usb control message: -71
[ 1372.539382][   T45] ath6kl: unable to send the bmi data to the device: -71
[ 1372.562684][   T45] ath6kl: Unable to send get target info: -71
[ 1372.585000][   T45] ath6kl: Failed to init ath6kl core: -71
[ 1372.617215][   T45] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1372.654877][   T45] usb 2-1: USB disconnect, device number 107
[ 1372.711649][T10710] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[ 1372.718541][ T5196] usb 5-1: USB disconnect, device number 116
[ 1372.951534][    T9] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[ 1372.993229][T10710] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[ 1373.015385][T10710] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1373.057354][T10710] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1373.090404][T10710] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1373.120858][T10710] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1373.186261][    T9] usb 3-1: Using ep0 maxpacket: 8
[ 1373.200386][T23146] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1373.201727][    T9] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[ 1373.208404][T23146] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1373.230987][    T9] usb 3-1: config 0 has no interface number 0
[ 1373.272154][    T9] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1373.319454][    T9] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1373.393135][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1373.433499][    T9] usb 3-1: config 0 descriptor??
[ 1373.474696][    T9] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1373.519432][T23146] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2914'.
[ 1373.524716][T10710] usb 4-1: 0:2 : does not exist
[ 1373.633226][T10710] usb 4-1: USB disconnect, device number 32
[ 1373.787349][T23154] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[ 1373.793965][T23154] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1373.848680][T23154] vhci_hcd vhci_hcd.0: Device attached
[ 1374.013685][T17450] udevd[17450]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1374.119963][T23155] vhci_hcd: connection closed
[ 1374.140680][ T2900] vhci_hcd: stop threads
[ 1374.172018][ T2900] vhci_hcd: release socket
[ 1374.205080][ T2900] vhci_hcd: disconnect device
[ 1374.463530][ T5171] usb 2-1: new high-speed USB device number 108 using dummy_hcd
[ 1374.652169][  T784] usb 18-1: device descriptor read/8, error -110
[ 1374.706385][ T5171] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1374.748170][ T5171] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1374.776768][ T5171] usb 2-1: config 0 descriptor??
[ 1375.023018][T23175] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8)
[ 1375.029633][T23175] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1375.052584][T23175] vhci_hcd vhci_hcd.0: Device attached
[ 1375.069832][ T5171] ath6kl: Failed to submit usb control message: -71
[ 1375.081104][ T5171] ath6kl: unable to send the bmi data to the device: -71
[ 1375.092542][ T5171] ath6kl: Unable to send get target info: -71
[ 1375.118819][ T5171] ath6kl: Failed to init ath6kl core: -71
[ 1375.197574][T23176] vhci_hcd: connection closed
[ 1375.197819][ T1038] vhci_hcd: stop threads
[ 1375.205703][  T784] usb 18-1: SetAddress Request (27) to port 0
[ 1375.222735][ T5171] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1375.261592][ T1038] vhci_hcd: release socket
[ 1375.264983][  T784] usb 18-1: new SuperSpeed USB device number 27 using vhci_hcd
[ 1375.266173][ T1038] vhci_hcd: disconnect device
[ 1375.321021][ T5171] usb 2-1: USB disconnect, device number 108
[ 1375.352808][  T784] ------------[ cut here ]------------
[ 1375.358355][  T784] refcount_t: addition on 0; use-after-free.
[ 1375.364982][  T784] WARNING: CPU: 1 PID: 784 at lib/refcount.c:25 refcount_warn_saturate+0x13a/0x1d0
[ 1375.374358][  T784] Modules linked in:
[ 1375.378293][  T784] CPU: 1 PID: 784 Comm: kworker/1:2 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[ 1375.388442][  T784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1375.398555][  T784] Workqueue: usb_hub_wq hub_event
[ 1375.403650][  T784] RIP: 0010:refcount_warn_saturate+0x13a/0x1d0
[ 1375.410042][  T784] Code: 80 d6 1f 8c e8 37 16 a9 fc 90 0f 0b 90 90 eb b9 e8 5b e8 e6 fc c6 05 64 bf e8 0a 01 90 48 c7 c7 e0 d6 1f 8c e8 17 16 a9 fc 90 <0f> 0b 90 90 eb 99 e8 3b e8 e6 fc c6 05 45 bf e8 0a 01 90 48 c7 c7
[ 1375.429714][  T784] RSP: 0018:ffffc9000384f270 EFLAGS: 00010046
[ 1375.435851][  T784] RAX: 984309741ee81900 RBX: ffff8880257470e0 RCX: ffff88801fb85a00
[ 1375.443881][  T784] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1375.451924][  T784] RBP: 0000000000000002 R08: ffffffff81585882 R09: fffffbfff1c39994
[ 1375.459958][  T784] R10: dffffc0000000000 R11: fffffbfff1c39994 R12: ffff8880242d8408
[ 1375.468175][  T784] R13: ffff8880242d8448 R14: ffff8880257470e0 R15: ffff8880257470a8
[ 1375.476398][  T784] FS:  0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
[ 1375.485389][  T784] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1375.492011][  T784] CR2: 000000005845d99c CR3: 0000000062b7a000 CR4: 00000000003506f0
[ 1375.500120][  T784] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000400
[ 1375.508420][  T784] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1375.516423][  T784] Call Trace:
[ 1375.519725][  T784]  <TASK>
[ 1375.522688][  T784]  ? __warn+0x163/0x4e0
[ 1375.526889][  T784]  ? refcount_warn_saturate+0x13a/0x1d0
[ 1375.532470][  T784]  ? report_bug+0x2b3/0x500
[ 1375.537011][  T784]  ? refcount_warn_saturate+0x13a/0x1d0
[ 1375.542616][  T784]  ? handle_bug+0x3e/0x70
[ 1375.546972][  T784]  ? exc_invalid_op+0x1a/0x50
[ 1375.551733][  T784]  ? asm_exc_invalid_op+0x1a/0x20
[ 1375.556863][  T784]  ? __warn_printk+0x292/0x360
[ 1375.561683][  T784]  ? refcount_warn_saturate+0x13a/0x1d0
[ 1375.567361][  T784]  kobject_get+0xfd/0x120
[ 1375.571737][  T784]  usb_get_dev+0x23/0x40
[ 1375.576009][  T784]  vhci_urb_enqueue+0x5bf/0xef0
[ 1375.580901][  T784]  ? __pfx_vhci_urb_enqueue+0x10/0x10
[ 1375.586301][  T784]  ? stack_depot_save_flags+0x29/0x830
[ 1375.591799][  T784]  ? usb_hcd_map_urb_for_dma+0x503/0xf90
[ 1375.597557][  T784]  ? mon_submit+0x1bb/0x200
[ 1375.602109][  T784]  usb_hcd_submit_urb+0x36c/0x1e80
[ 1375.607280][  T784]  ? __asan_memset+0x23/0x50
[ 1375.611912][  T784]  ? lockdep_init_map_type+0xa1/0x910
[ 1375.617331][  T784]  ? __pfx_usb_hcd_submit_urb+0x10/0x10
[ 1375.622920][  T784]  ? __pfx_lockdep_init_map_type+0x10/0x10
[ 1375.628773][  T784]  ? usb_submit_urb+0xe85/0x18c0
[ 1375.633829][  T784]  usb_start_wait_urb+0x113/0x520
[ 1375.638907][  T784]  ? __pfx_usb_start_wait_urb+0x10/0x10
[ 1375.644500][  T784]  ? __kmalloc_noprof+0x217/0x400
[ 1375.649748][  T784]  usb_control_msg+0x2b1/0x4c0
[ 1375.654558][  T784]  ? __pfx_usb_control_msg+0x10/0x10
[ 1375.659882][  T784]  ? usb_hcd_reset_endpoint+0x159/0x200
[ 1375.665481][  T784]  ? msleep+0x40/0xe0
[ 1375.669500][  T784]  hub_port_init+0x1156/0x2670
[ 1375.674323][  T784]  hub_event+0x295f/0x5150
[ 1375.678887][  T784]  ? __pfx_hub_event+0x10/0x10
[ 1375.684141][  T784]  ? __pfx_lock_acquire+0x10/0x10
[ 1375.689285][  T784]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1375.695301][  T784]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1375.701697][  T784]  ? process_scheduled_works+0x945/0x1830
[ 1375.707551][  T784]  process_scheduled_works+0xa2c/0x1830
[ 1375.713269][  T784]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1375.719388][  T784]  ? assign_work+0x364/0x3d0
[ 1375.724087][  T784]  worker_thread+0x86d/0xd50
[ 1375.728744][  T784]  ? __kthread_parkme+0x169/0x1d0
[ 1375.733809][  T784]  ? __pfx_worker_thread+0x10/0x10
[ 1375.738959][  T784]  kthread+0x2f0/0x390
[ 1375.743093][  T784]  ? __pfx_worker_thread+0x10/0x10
[ 1375.748238][  T784]  ? __pfx_kthread+0x10/0x10
[ 1375.752870][  T784]  ret_from_fork+0x4b/0x80
[ 1375.757355][  T784]  ? __pfx_kthread+0x10/0x10
[ 1375.762004][  T784]  ret_from_fork_asm+0x1a/0x30
[ 1375.766843][  T784]  </TASK>
[ 1375.769894][  T784] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1375.777194][  T784] CPU: 1 PID: 784 Comm: kworker/1:2 Not tainted 6.10.0-rc7-syzkaller-00254-g528dd46d0fc3 #0
[ 1375.787923][  T784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1375.798040][  T784] Workqueue: usb_hub_wq hub_event
[ 1375.803217][  T784] Call Trace:
[ 1375.807154][  T784]  <TASK>
[ 1375.810215][  T784]  dump_stack_lvl+0x241/0x360
[ 1375.814964][  T784]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1375.820197][  T784]  ? __pfx__printk+0x10/0x10
[ 1375.824896][  T784]  ? _printk+0xd5/0x120
[ 1375.829094][  T784]  ? vscnprintf+0x5d/0x90
[ 1375.833456][  T784]  panic+0x349/0x860
[ 1375.837395][  T784]  ? __warn+0x172/0x4e0
[ 1375.841686][  T784]  ? __pfx_panic+0x10/0x10
[ 1375.846300][  T784]  ? show_trace_log_lvl+0x4e6/0x520
[ 1375.851566][  T784]  ? ret_from_fork_asm+0x1a/0x30
[ 1375.856565][  T784]  __warn+0x346/0x4e0
[ 1375.860637][  T784]  ? refcount_warn_saturate+0x13a/0x1d0
[ 1375.866424][  T784]  report_bug+0x2b3/0x500
[ 1375.870886][  T784]  ? refcount_warn_saturate+0x13a/0x1d0
[ 1375.876515][  T784]  handle_bug+0x3e/0x70
[ 1375.880702][  T784]  exc_invalid_op+0x1a/0x50
[ 1375.885256][  T784]  asm_exc_invalid_op+0x1a/0x20
[ 1375.890157][  T784] RIP: 0010:refcount_warn_saturate+0x13a/0x1d0
[ 1375.896434][  T784] Code: 80 d6 1f 8c e8 37 16 a9 fc 90 0f 0b 90 90 eb b9 e8 5b e8 e6 fc c6 05 64 bf e8 0a 01 90 48 c7 c7 e0 d6 1f 8c e8 17 16 a9 fc 90 <0f> 0b 90 90 eb 99 e8 3b e8 e6 fc c6 05 45 bf e8 0a 01 90 48 c7 c7
[ 1375.916165][  T784] RSP: 0018:ffffc9000384f270 EFLAGS: 00010046
[ 1375.922304][  T784] RAX: 984309741ee81900 RBX: ffff8880257470e0 RCX: ffff88801fb85a00
[ 1375.930301][  T784] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1375.938297][  T784] RBP: 0000000000000002 R08: ffffffff81585882 R09: fffffbfff1c39994
[ 1375.946292][  T784] R10: dffffc0000000000 R11: fffffbfff1c39994 R12: ffff8880242d8408
[ 1375.954301][  T784] R13: ffff8880242d8448 R14: ffff8880257470e0 R15: ffff8880257470a8
[ 1375.962318][  T784]  ? __warn_printk+0x292/0x360
[ 1375.967157][  T784]  kobject_get+0xfd/0x120
[ 1375.971784][  T784]  usb_get_dev+0x23/0x40
[ 1375.976085][  T784]  vhci_urb_enqueue+0x5bf/0xef0
[ 1375.981002][  T784]  ? __pfx_vhci_urb_enqueue+0x10/0x10
[ 1375.986431][  T784]  ? stack_depot_save_flags+0x29/0x830
[ 1375.991977][  T784]  ? usb_hcd_map_urb_for_dma+0x503/0xf90
[ 1375.997933][  T784]  ? mon_submit+0x1bb/0x200
[ 1376.002482][  T784]  usb_hcd_submit_urb+0x36c/0x1e80
[ 1376.007666][  T784]  ? __asan_memset+0x23/0x50
[ 1376.012305][  T784]  ? lockdep_init_map_type+0xa1/0x910
[ 1376.017720][  T784]  ? __pfx_usb_hcd_submit_urb+0x10/0x10
[ 1376.023297][  T784]  ? __pfx_lockdep_init_map_type+0x10/0x10
[ 1376.029154][  T784]  ? usb_submit_urb+0xe85/0x18c0
[ 1376.034152][  T784]  usb_start_wait_urb+0x113/0x520
[ 1376.039219][  T784]  ? __pfx_usb_start_wait_urb+0x10/0x10
[ 1376.044904][  T784]  ? __kmalloc_noprof+0x217/0x400
[ 1376.050176][  T784]  usb_control_msg+0x2b1/0x4c0
[ 1376.054987][  T784]  ? __pfx_usb_control_msg+0x10/0x10
[ 1376.060336][  T784]  ? usb_hcd_reset_endpoint+0x159/0x200
[ 1376.065957][  T784]  ? msleep+0x40/0xe0
[ 1376.069981][  T784]  hub_port_init+0x1156/0x2670
[ 1376.074974][  T784]  hub_event+0x295f/0x5150
[ 1376.079487][  T784]  ? __pfx_hub_event+0x10/0x10
[ 1376.084283][  T784]  ? __pfx_lock_acquire+0x10/0x10
[ 1376.089428][  T784]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1376.095637][  T784]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1376.102035][  T784]  ? process_scheduled_works+0x945/0x1830
[ 1376.107795][  T784]  process_scheduled_works+0xa2c/0x1830
[ 1376.113413][  T784]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1376.119542][  T784]  ? assign_work+0x364/0x3d0
[ 1376.124252][  T784]  worker_thread+0x86d/0xd50
[ 1376.128898][  T784]  ? __kthread_parkme+0x169/0x1d0
[ 1376.133965][  T784]  ? __pfx_worker_thread+0x10/0x10
[ 1376.139128][  T784]  kthread+0x2f0/0x390
[ 1376.143241][  T784]  ? __pfx_worker_thread+0x10/0x10
[ 1376.148387][  T784]  ? __pfx_kthread+0x10/0x10
[ 1376.153132][  T784]  ret_from_fork+0x4b/0x80
[ 1376.157588][  T784]  ? __pfx_kthread+0x10/0x10
[ 1376.162212][  T784]  ret_from_fork_asm+0x1a/0x30
[ 1376.167035][  T784]  </TASK>
[ 1376.170449][  T784] Kernel Offset: disabled
[ 1376.174921][  T784] Rebooting in 86400 seconds..