last executing test programs:

1m15.424761119s ago: executing program 4 (id=1440):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r1, 0x2, 0x0, 0x0, @void, @value}, 0x10)
socket$kcm(0xa, 0x6, 0x0)

1m15.201468407s ago: executing program 4 (id=1444):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r1=>0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x40, r3, 0x1, 0x2, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x24, 0x11d, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x5e}]}, {0x4}]}]}, 0x40}}, 0x0)

1m14.381021298s ago: executing program 4 (id=1449):
r0 = socket$rds(0x15, 0x5, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map=r1, r2, 0x26, 0x0, 0x0, @void, @value}, 0x10)
close_range(r0, 0xffffffffffffffff, 0x0)

1m4.443977256s ago: executing program 4 (id=1449):
r0 = socket$rds(0x15, 0x5, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map=r1, r2, 0x26, 0x0, 0x0, @void, @value}, 0x10)
close_range(r0, 0xffffffffffffffff, 0x0)

43.695631864s ago: executing program 4 (id=1449):
r0 = socket$rds(0x15, 0x5, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map=r1, r2, 0x26, 0x0, 0x0, @void, @value}, 0x10)
close_range(r0, 0xffffffffffffffff, 0x0)

25.893962088s ago: executing program 4 (id=1449):
r0 = socket$rds(0x15, 0x5, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map=r1, r2, 0x26, 0x0, 0x0, @void, @value}, 0x10)
close_range(r0, 0xffffffffffffffff, 0x0)

8.664181471s ago: executing program 1 (id=1756):
unshare(0x68040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
unshare(0x64000600)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000000)=ANY=[@ANYBLOB="66696c746572000000000000000000000000000000000000000000000000000002"], 0x48)

4.91747317s ago: executing program 2 (id=1774):
r0 = socket$inet(0x2, 0x2, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000000)=@ethtool_ringparam={0x9, 0x0, 0x300}})
setsockopt$inet_int(r0, 0x0, 0x13, &(0x7f0000000140)=0x7, 0x4)
getsockopt$IPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x43, &(0x7f00000000c0)={'NETMAP\x00'}, &(0x7f0000000100)=0x1e)

4.164704993s ago: executing program 2 (id=1775):
r0 = msgget$private(0x0, 0x8d)
msgsnd(r0, &(0x7f00000000c0)={0x3, "df"}, 0x9, 0x0)
msgsnd(0x0, &(0x7f0000000880)={0x2}, 0x8, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x0, 0x1000)
msgrcv(0x0, 0x0, 0x0, 0x2, 0x3000)
msgrcv(r0, &(0x7f00000005c0), 0x73, 0x3, 0x3000)

4.047560876s ago: executing program 3 (id=1778):
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil)
shmat(r1, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})

3.76691992s ago: executing program 0 (id=1781):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
syz_emit_ethernet(0x36, &(0x7f00000000c0)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0)
write$tun(r0, &(0x7f00000003c0)={@val={0x6f01, 0x800}, @val={0x1, 0x3, 0x0, 0x4, 0x3d}, @mpls={[], @ipv4=@tcp={{0x7, 0x4, 0x0, 0x0, 0x45, 0x0, 0x0, 0x4, 0x84, 0x0, @empty=0x3fffffff, @local, {[@timestamp={0x44, 0x8, 0xce, 0x0, 0x0, [0x0]}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0x9, 0x0, 0x0, 0x0, 0x0, {[@window={0x9, 0x3}, @generic={0x0, 0xa, "2c1230b4505eff6e"}]}}, {"c4f6ad54bd"}}}}}, 0x53)

3.610434652s ago: executing program 3 (id=1782):
pipe(&(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040))
read$char_usb(r0, &(0x7f0000000100)=""/124, 0x7c)
write$char_usb(r1, &(0x7f0000000440)="93022dbdbc1617a43c01a780c7820002965690d5c8d73c0a0e6cf67207babd59551d5e207555b8aa0dd5e7711552ecbb22fa2834fbc8fb0676345ceb4539d3043da5cabe03a40ad12f30308f82dd7a531c389a9672d2945cc6791ac0797e768f8d1cf2de8c45e3e9f9579a14987f644bc3d08f5f33f88751d9c63d8bdd", 0x7d)

3.199056471s ago: executing program 3 (id=1783):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r1, 0x0, <r2=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[<r3=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000040)={r3, 0x0, r2, 0x0, 0x3})

3.169198939s ago: executing program 2 (id=1784):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='bbr\x00', 0x4)
sendto$inet(r0, &(0x7f0000000000), 0xd52db71cf93d708d, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

2.952611332s ago: executing program 3 (id=1785):
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000020301010000000000000000000010000800010001"], 0x1c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x101, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000020303005aced4c314a392ec0000ffff0800010001"], 0x1c}}, 0x0)

2.931972434s ago: executing program 0 (id=1786):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
dup3(r1, r0, 0x0)
io_setup(0x8, &(0x7f0000004200)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000000340)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}])
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

2.645695879s ago: executing program 3 (id=1787):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = syz_io_uring_setup(0x10d, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x3b6}, &(0x7f0000000240)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}})
io_uring_enter(r1, 0x4021, 0x0, 0x0, 0x0, 0x0)

2.595895085s ago: executing program 0 (id=1788):
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r0)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r1 = syz_clone(0x20000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_connect(0x2, 0x27d, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000e124cf4068162303ca5f000000010902"], 0x0)
syz_open_procfs$namespace(r1, &(0x7f0000000040)='ns/ipc\x00')

2.214802957s ago: executing program 2 (id=1789):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x96, &(0x7f0000000040)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "101040", 0x60, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x18, 0xc2, 0x0, 0x0, 0x0, {[@fastopen={0x22, 0x5, "03c0ab"}, @window={0x3, 0x3}, @mss={0x2, 0x4, 0x9}, @sack_perm={0x4, 0x2}, @generic={0x0, 0xa, "8bfbd54ae56dd076"}, @timestamp={0x8, 0xa}, @sack_perm={0x4, 0x2}, @md5sig={0x13, 0x12, "7232407c80067615774fdbb46eb86cc8"}, @generic={0x0, 0xa, "111fad2ea7434823"}, @exp_fastopen={0xfe, 0x9, 0xf989, "b43eb61a1a"}]}}}}}}}}, 0x0)

2.144350944s ago: executing program 3 (id=1790):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x90)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ab9fd540501d6f60d49fbc0000010902120001000040000904"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000500)={0x44, &(0x7f0000000180)={0x0, 0x18, 0x28, "5ee1807c7c7a3313283e8e08159bf8b62ce6af3b9e6d915da994573c00db680b023fea61eaafe6e7"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000480)={0x44, &(0x7f0000000080)=ANY=[@ANYBLOB="00002800000099"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2.034044595s ago: executing program 1 (id=1791):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)

2.00544026s ago: executing program 2 (id=1792):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = epoll_create1(0x0)
recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x1f00)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0xb0000004})
connect$unix(r0, &(0x7f0000000140)=@abs, 0x6e)

1.737277088s ago: executing program 1 (id=1793):
prlimit64(0x0, 0x0, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}, @crypto_settings=[@NL80211_ATTR_SOCKET_OWNER={0x4}]]}, 0x30}}, 0x0)

1.468309776s ago: executing program 1 (id=1794):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000240)={'wg2\x00', <r3=>0x0})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'veth0_macvtap\x00', <r4=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r3}, @IFLA_HSR_SLAVE1={0x8, 0x1, r4}]}}}]}, 0x40}}, 0x0)

1.15981307s ago: executing program 1 (id=1795):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000e00)={&(0x7f0000000980)='sys_exit\x00', r0}, 0x10)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
write$cgroup_int(r2, &(0x7f00000001c0), 0xfffffdef)
write$cgroup_pid(r2, 0x0, 0x0)

934.208028ms ago: executing program 0 (id=1796):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000240))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002400)={0x11, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='tlb_flush\x00', r0}, 0x10)
mremap(&(0x7f0000000000/0x9000)=nil, 0xa00000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)

820.973514ms ago: executing program 2 (id=1797):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, &(0x7f0000000040)=""/247, 0x26, 0xf7, 0x1, 0x0, 0x0, @void, @value}, 0x20)
pipe(&(0x7f0000000580)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010100000100000000000200fffc0900010073797a30000000000800024000000001cc000000030a01020000000000000000020000000900010073797a3000000000aa000300"], 0x1e4}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x7fff, 0x0)

747.534768ms ago: executing program 1 (id=1798):
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
fcntl$setpipe(r0, 0x407, 0x0)
write$FUSE_INIT(r0, &(0x7f0000000340)={0x50}, 0x50)
vmsplice(r0, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0)
fcntl$setpipe(r0, 0x407, 0x2000000)
prctl$PR_SET_THP_DISABLE(0x29, 0x0)

347.020821ms ago: executing program 0 (id=1799):
sendmsg$alg(0xffffffffffffffff, &(0x7f0000008dc0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000005c0)='\x00', 0x1}], 0x1, 0x0, 0x0, 0x20040090}, 0x4)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000180)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000240)={0x1d, r1, 0x2}, 0x18)
connect$can_j1939(r0, &(0x7f0000000200)={0x1d, r1}, 0x18)
sendmmsg(r0, &(0x7f00000038c0)=[{{0x0, 0x0, 0x0}}], 0x3ffffffffffff06, 0x0)

0s ago: executing program 0 (id=1800):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f00000003c0)=[@increfs], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x10, 0x0, &(0x7f00000002c0)=[@request_death={0x400c6313}], 0x0, 0x0, 0x0})

kernel console output (not intermixed with test programs):

ir permissive=1
[  254.055492][ T8211] bridge0: port 3(gretap0) entered blocking state
[  254.075327][ T8211] bridge0: port 3(gretap0) entered disabled state
[  254.076070][   T29] audit: type=1400 audit(1727998424.929:530): avc:  denied  { open } for  pid=8207 comm="syz.3.1198" path="/57/file0" dev="overlay" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  254.095852][ T8211] gretap0: entered allmulticast mode
[  254.134283][ T8211] gretap0: entered promiscuous mode
[  254.155151][ T8211] bridge0: port 3(gretap0) entered blocking state
[  254.163760][ T8211] bridge0: port 3(gretap0) entered forwarding state
[  254.183758][   T29] audit: type=1400 audit(1727998425.129:531): avc:  denied  { unmount } for  pid=7406 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  254.221590][ T8212] gretap0: left allmulticast mode
[  254.236007][ T8212] gretap0: left promiscuous mode
[  254.243850][ T8212] bridge0: port 3(gretap0) entered disabled state
[  254.245210][   T25] usb 1-1: USB disconnect, device number 15
[  254.758079][   T65] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  255.634296][ T8257] netlink: 'syz.2.1216': attribute type 1 has an invalid length.
[  255.663709][ T8257] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  255.672957][ T8257] IPv6: NLM_F_CREATE should be set when creating new route
[  255.785819][ T8263] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1218'.
[  255.799745][  T938] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  256.012567][  T938] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  256.047441][  T938] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  256.118854][  T938] usb 2-1: config 0 descriptor??
[  256.155563][  T938] cp210x 2-1:0.0: cp210x converter detected
[  256.573515][  T938] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32
[  256.685968][ T1114] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  256.796975][  T938] usb 2-1: cp210x converter now attached to ttyUSB0
[  256.880295][   T25] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  256.980613][ T8287] trusted_key: syz.4.1228 sent an empty control message without MSG_MORE.
[  257.033825][ T5273] usb 2-1: USB disconnect, device number 15
[  257.088837][ T5273] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  257.136049][   T25] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  257.156322][   T25] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  257.166742][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.218808][   T25] usb 1-1: config 0 descriptor??
[  257.229532][   T25] pwc: Askey VC010 type 2 USB webcam detected.
[  257.246062][ T5273] cp210x 2-1:0.0: device disconnected
[  257.839806][ T8310] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1280
[  257.879093][   T25] pwc: recv_control_msg error -71 req 02 val 2700
[  257.887976][   T25] pwc: recv_control_msg error -71 req 02 val 2c00
[  257.905284][   T25] pwc: recv_control_msg error -71 req 04 val 1000
[  257.936887][   T25] pwc: recv_control_msg error -71 req 04 val 1300
[  257.950921][   T25] pwc: recv_control_msg error -71 req 04 val 1400
[  257.981170][   T25] pwc: recv_control_msg error -71 req 02 val 2000
[  258.001742][   T25] pwc: recv_control_msg error -71 req 02 val 2100
[  258.051186][   T25] pwc: recv_control_msg error -71 req 04 val 1500
[  258.068060][   T25] pwc: recv_control_msg error -71 req 02 val 2500
[  258.090363][   T25] pwc: recv_control_msg error -71 req 02 val 2400
[  258.113983][   T25] pwc: recv_control_msg error -71 req 02 val 2600
[  258.143122][   T25] pwc: recv_control_msg error -71 req 02 val 2900
[  258.161672][   T25] pwc: recv_control_msg error -71 req 02 val 2800
[  258.187242][   T25] pwc: recv_control_msg error -71 req 04 val 1100
[  258.213832][   T25] pwc: recv_control_msg error -71 req 04 val 1200
[  258.237371][   T25] pwc: Registered as video71.
[  258.245528][   T29] audit: type=1400 audit(1727998429.199:532): avc:  denied  { nlmsg_read } for  pid=8323 comm="syz.4.1243" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  258.268572][   T25] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input22
[  258.318131][   T25] usb 1-1: USB disconnect, device number 16
[  258.357502][  T938] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  258.430661][ T8328] netlink: 'syz.4.1245': attribute type 25 has an invalid length.
[  258.454932][ T8328] netlink: 184 bytes leftover after parsing attributes in process `syz.4.1245'.
[  258.547543][  T938] usb 2-1: Using ep0 maxpacket: 16
[  258.558854][  T938] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[  258.586561][  T938] usb 2-1: config 0 has no interface number 0
[  258.604902][  T938] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  258.644663][  T938] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  258.645487][   T29] audit: type=1400 audit(1727998429.599:533): avc:  denied  { compute_member } for  pid=8329 comm="syz.2.1247" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  258.668034][  T938] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  258.711710][  T938] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  258.743023][  T938] usb 2-1: Product: syz
[  258.762705][  T938] usb 2-1: SerialNumber: syz
[  258.790369][  T938] usb 2-1: config 0 descriptor??
[  258.900497][  T938] cm109 2-1:0.8: invalid payload size 0, expected 4
[  258.909785][  T938] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.8/input/input23
[  258.969249][ T8341] sock: sock_set_timeout: `syz.2.1251' (pid 8341) tries to set negative timeout
[  259.190662][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[  259.476638][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  259.488056][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  259.498658][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  259.507651][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  259.515766][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  259.525694][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  259.533640][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  259.544166][    C1] cm109 2-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  259.555824][ T1849] usb 2-1: USB disconnect, device number 16
[  259.678591][ T1849] cm109 2-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  260.175514][   T29] audit: type=1400 audit(1727998431.129:534): avc:  denied  { listen } for  pid=8359 comm="syz.4.1258" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  260.202868][   T29] audit: type=1400 audit(1727998431.129:535): avc:  denied  { accept } for  pid=8359 comm="syz.4.1258" lport=49087 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  260.417248][   T29] audit: type=1326 audit(1727998431.349:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8363 comm="syz.2.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7577dff9 code=0x7fc00000
[  260.497216][   T29] audit: type=1326 audit(1727998431.349:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8363 comm="syz.2.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7feb7577dff9 code=0x7fc00000
[  260.528744][   T12] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  260.593709][   T29] audit: type=1326 audit(1727998431.349:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8363 comm="syz.2.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7577dff9 code=0x7fc00000
[  260.767453][   T29] audit: type=1326 audit(1727998431.349:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8363 comm="syz.2.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7577dff9 code=0x7fc00000
[  260.877643][   T29] audit: type=1326 audit(1727998431.349:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8363 comm="syz.2.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7577dff9 code=0x7fc00000
[  260.972222][   T29] audit: type=1326 audit(1727998431.349:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8363 comm="syz.2.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7577dff9 code=0x7fc00000
[  261.031019][   T29] audit: type=1326 audit(1727998431.349:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8363 comm="syz.2.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7577dff9 code=0x7fc00000
[  261.132517][   T29] audit: type=1326 audit(1727998431.349:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8363 comm="syz.2.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7577dff9 code=0x7fc00000
[  261.807999][ T8394] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1272'.
[  261.877714][ T8394] netlink: 'syz.1.1272': attribute type 7 has an invalid length.
[  261.957684][ T8394] netlink: 'syz.1.1272': attribute type 8 has an invalid length.
[  261.967840][ T8394] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1272'.
[  262.028082][ T8394] gretap0: entered promiscuous mode
[  262.080388][ T8394] batadv_slave_1: entered promiscuous mode
[  262.208761][ T5273] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  262.377457][ T5273] usb 3-1: Using ep0 maxpacket: 16
[  262.402147][ T5273] usb 3-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35
[  262.436851][ T5273] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  262.446791][ T5273] usb 3-1: Product: syz
[  262.452046][ T5273] usb 3-1: Manufacturer: syz
[  262.458791][ T5273] usb 3-1: SerialNumber: syz
[  262.467564][ T5273] usb 3-1: config 0 descriptor??
[  262.508342][ T5273] as10x_usb: device has been detected
[  262.519023][ T5273] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led))
[  262.572079][ T5273] usb 3-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))...
[  262.607588][ T1114] IPVS: ovf: UDP 127.0.0.1:0 - no destination available
[  262.686183][ T5273] as10x_usb: error during firmware upload part1
[  262.717888][ T5273] Registered device Sky IT Digital Key (green led)
[  262.763369][ T8400] random: crng reseeded on system resumption
[  263.382158][    T9] usb 3-1: USB disconnect, device number 18
[  263.414142][    T9] Unregistered device Sky IT Digital Key (green led)
[  263.415754][    T9] as10x_usb: device has been disconnected
[  263.701754][ T8435] bridge0: entered allmulticast mode
[  263.964216][ T1114] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  263.978648][ T8438] netlink: 'syz.4.1294': attribute type 11 has an invalid length.
[  264.007227][ T8438] netlink: 134660 bytes leftover after parsing attributes in process `syz.4.1294'.
[  264.027331][ T8438] openvswitch: netlink: Message has 8 unknown bytes.
[  264.281902][ T1114] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  264.515280][ T1114] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  264.709713][ T1114] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  264.852927][ T5238] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  264.867669][ T5238] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  264.885709][ T5238] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  264.911372][ T5238] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  264.923781][ T5238] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  264.933725][ T5238] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  265.411334][ T1114] bridge_slave_1: left allmulticast mode
[  265.430110][ T1114] bridge_slave_1: left promiscuous mode
[  265.460770][ T1114] bridge0: port 2(bridge_slave_1) entered disabled state
[  265.503298][ T8471] syz.2.1310 (8471) used greatest stack depth: 19696 bytes left
[  265.514238][ T1114] bridge_slave_0: left allmulticast mode
[  265.521321][ T1114] bridge_slave_0: left promiscuous mode
[  265.537734][ T1114] bridge0: port 1(bridge_slave_0) entered disabled state
[  265.747212][  T938] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  265.907230][  T938] usb 4-1: Using ep0 maxpacket: 16
[  265.935518][  T938] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  265.963475][  T938] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  265.990081][  T938] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  266.018517][  T938] usb 4-1: Product: syz
[  266.031881][  T938] usb 4-1: Manufacturer: syz
[  266.044582][  T938] usb 4-1: SerialNumber: syz
[  266.465074][   T29] kauditd_printk_skb: 74 callbacks suppressed
[  266.465099][   T29] audit: type=1400 audit(1727998693.418:618): avc:  denied  { read } for  pid=8486 comm="syz.2.1316" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  266.945468][ T1114] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  266.981642][ T1114] bond_slave_1: left promiscuous mode
[  266.997288][ T5238] Bluetooth: hci2: command tx timeout
[  267.084447][ T1114] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  267.128485][ T1114] batadv0: left promiscuous mode
[  267.153119][ T1114] bond0 (unregistering): Released all slaves
[  267.163454][  T938] cdc_ncm 4-1:1.0: SET_NTB_FORMAT failed
[  267.190381][  T938] cdc_ncm 4-1:1.0: bind() failure
[  267.205350][  T938] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  267.256705][  T938] cdc_ncm 4-1:1.1: bind() failure
[  267.289216][  T938] usb 4-1: USB disconnect, device number 10
[  267.417464][ T1849] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  267.583138][ T1269] ieee802154 phy0 wpan0: encryption failed: -22
[  267.598028][ T1849] usb 3-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=51.d4
[  267.611011][ T1849] usb 3-1: New USB device strings: Mfr=231, Product=37, SerialNumber=191
[  267.621458][ T1849] usb 3-1: Product: syz
[  267.664996][ T1849] usb 3-1: Manufacturer: syz
[  267.693031][ T1849] usb 3-1: SerialNumber: syz
[  267.702153][ T1849] usb 3-1: config 0 descriptor??
[  267.967188][ T5215] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  268.105009][ T1114] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  268.118107][ T1114] batman_adv: batadv0: Removing interface: batadv_slave_0
[  268.140708][ T1849] gs_usb 3-1:0.0: Configuring for 1 interfaces
[  268.179431][ T1114] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  268.205176][ T1114] batman_adv: batadv0: Removing interface: batadv_slave_1
[  268.316613][ T5215] usb 2-1: Using ep0 maxpacket: 8
[  268.329402][ T5215] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  268.341379][ T5215] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  268.369704][ T5215] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  268.378771][ T1114] veth1_macvtap: left promiscuous mode
[  268.385192][ T5215] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  268.405767][ T1114] veth0_macvtap: left promiscuous mode
[  268.417392][ T1114] veth1_vlan: left promiscuous mode
[  268.423601][ T1114] veth0_vlan: left promiscuous mode
[  268.429939][ T1849] gs_usb 3-1:0.0: Couldn't register candev for channel 0 (-EINVAL)
[  268.446987][ T1849] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -22
[  268.457420][ T5215] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  268.457522][ T5215] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  268.457566][ T5215] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  268.636726][ T1849] usb 3-1: USB disconnect, device number 19
[  268.714024][ T5215] usb 2-1: GET_CAPABILITIES returned 0
[  268.733754][ T5215] usbtmc 2-1:16.0: can't read capabilities
[  268.922622][ T1849] usb 2-1: USB disconnect, device number 17
[  269.077249][ T5238] Bluetooth: hci2: command tx timeout
[  270.064983][ T1114] team0 (unregistering): Port device team_slave_1 removed
[  270.291314][ T1114] team0 (unregistering): Port device team_slave_0 removed
[  271.178142][ T5238] Bluetooth: hci2: command tx timeout
[  271.641280][ T8525] geneve3: entered promiscuous mode
[  271.667202][ T8525] geneve3: entered allmulticast mode
[  271.764879][ T8457] chnl_net:caif_netlink_parms(): no params data found
[  272.291336][ T8457] bridge0: port 1(bridge_slave_0) entered blocking state
[  272.321664][ T8457] bridge0: port 1(bridge_slave_0) entered disabled state
[  272.356172][ T8457] bridge_slave_0: entered allmulticast mode
[  272.384103][ T8457] bridge_slave_0: entered promiscuous mode
[  272.481199][ T8457] bridge0: port 2(bridge_slave_1) entered blocking state
[  272.497348][ T8457] bridge0: port 2(bridge_slave_1) entered disabled state
[  272.512599][ T8457] bridge_slave_1: entered allmulticast mode
[  272.539014][ T8457] bridge_slave_1: entered promiscuous mode
[  272.642873][ T8457] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  272.657887][ T1114] IPVS: stop unused estimator thread 0...
[  272.671873][ T8457] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  272.707312][   T25] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  272.818568][ T8457] team0: Port device team_slave_0 added
[  272.856845][ T8457] team0: Port device team_slave_1 added
[  272.898437][   T25] usb 5-1: Using ep0 maxpacket: 16
[  272.919636][   T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  272.939595][   T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  272.976319][   T25] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  273.003099][   T25] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  273.036859][ T8457] batman_adv: batadv0: Adding interface: batadv_slave_0
[  273.045956][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  273.059744][ T8457] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  273.068362][   T25] usb 5-1: config 0 descriptor??
[  273.092493][    C1] vkms_vblank_simulate: vblank timer overrun
[  273.207763][ T8457] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  273.237811][ T5238] Bluetooth: hci2: command tx timeout
[  273.249327][ T8457] batman_adv: batadv0: Adding interface: batadv_slave_1
[  273.258996][ T8457] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  273.297633][    C1] vkms_vblank_simulate: vblank timer overrun
[  273.306520][ T8457] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  273.347675][ T8559] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  273.374734][ T8559] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  273.489555][ T8457] hsr_slave_0: entered promiscuous mode
[  273.505885][ T8457] hsr_slave_1: entered promiscuous mode
[  273.547407][ T8457] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  273.555669][ T8457] Cannot create hsr debugfs directory
[  273.629643][   T25] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[  273.668700][   T25] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[  273.697162][   T25] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[  273.717604][   T25] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[  273.737194][   T25] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[  273.808177][   T25] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0011/input/input24
[  273.844477][   T25] microsoft 0003:045E:07DA.0011: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  273.870400][ T8573] syz.3.1350 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  273.871752][   T25] usb 5-1: USB disconnect, device number 18
[  274.477244][   T29] audit: type=1400 audit(1727998701.408:619): avc:  denied  { create } for  pid=8564 comm="syz.1.1348" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1
[  274.503684][    C1] vkms_vblank_simulate: vblank timer overrun
[  274.647525][   T29] audit: type=1400 audit(1727998701.588:620): avc:  denied  { setopt } for  pid=8564 comm="syz.1.1348" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  274.668953][    C1] vkms_vblank_simulate: vblank timer overrun
[  275.648206][   T29] audit: type=1326 audit(1727998702.608:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8608 comm="syz.3.1361" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa32857dff9 code=0x0
[  275.678903][    C1] vkms_vblank_simulate: vblank timer overrun
[  275.751437][ T8457] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  275.767257][ T5303] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  275.825264][ T8457] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  275.868639][ T8457] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  275.919799][ T8457] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  275.937221][ T5303] usb 2-1: Using ep0 maxpacket: 8
[  275.958932][ T5303] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  275.972947][ T5303] usb 2-1: config 0 has no interface number 0
[  276.000267][ T5303] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  276.023726][ T5303] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  276.046814][ T5303] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  276.077466][ T1849] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  276.089129][ T5303] usb 2-1: config 0 descriptor??
[  276.133942][ T5303] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  276.186073][ T8457] 8021q: adding VLAN 0 to HW filter on device bond0
[  276.213150][ T8457] 8021q: adding VLAN 0 to HW filter on device team0
[  276.245534][   T82] bridge0: port 1(bridge_slave_0) entered blocking state
[  276.254401][   T82] bridge0: port 1(bridge_slave_0) entered forwarding state
[  276.259338][ T1849] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  276.292889][   T82] bridge0: port 2(bridge_slave_1) entered blocking state
[  276.301914][   T82] bridge0: port 2(bridge_slave_1) entered forwarding state
[  276.325142][ T1849] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  276.391487][ T1849] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  276.427560][ T1849] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  276.456964][   T25] usb 2-1: USB disconnect, device number 18
[  276.475340][ T1849] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  276.487313][   T25] iowarrior 2-1:0.1: I/O-Warror #0 now disconnected
[  276.507142][ T1849] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  276.532310][ T1849] usb 5-1: Manufacturer: syz
[  276.558368][ T1849] usb 5-1: config 0 descriptor??
[  277.016913][ T1849] appleir 0003:05AC:8243.0012: No inputs registered, leaving
[  277.039999][ T1849] appleir 0003:05AC:8243.0012: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0
[  277.228218][ T8457] 8021q: adding VLAN 0 to HW filter on device batadv0
[  277.389436][ T5303] usb 5-1: USB disconnect, device number 19
[  277.421717][ T8457] veth0_vlan: entered promiscuous mode
[  277.480314][ T8457] veth1_vlan: entered promiscuous mode
[  277.590909][ T8457] veth0_macvtap: entered promiscuous mode
[  277.650081][ T8457] veth1_macvtap: entered promiscuous mode
[  277.729287][ T8457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  277.757314][ T8457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  277.778902][ T8457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  277.794197][ T8457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  277.809781][ T8457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  277.823842][ T8457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  277.837692][ T8457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  277.852725][ T8457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  277.866044][ T8457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  277.882621][ T8457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  277.899436][ T8457] batman_adv: batadv0: Interface activated: batadv_slave_0
[  277.913542][ T8457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  277.927133][ T8457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  277.940083][ T8457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  277.955262][ T8457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  277.969081][ T8457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  277.982285][ T8457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  277.998480][ T8457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  278.011568][ T8457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  278.025907][ T8457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  278.038306][ T8457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  278.050244][ T8457] batman_adv: batadv0: Interface activated: batadv_slave_1
[  278.079607][ T8457] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  278.093311][ T8457] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  278.106029][ T8457] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  278.121220][ T8457] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  278.410801][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  278.455963][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  278.571797][ T5238] Bluetooth: hci0: unexpected event for opcode 0x2031
[  278.601677][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  278.652470][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  279.672521][   T29] audit: type=1400 audit(1727998706.628:622): avc:  denied  { mount } for  pid=8690 comm="syz.1.1391" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  279.759799][ T8691] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=null.
[  279.785415][   T29] audit: type=1400 audit(1727998706.688:623): avc:  denied  { mounton } for  pid=8690 comm="syz.1.1391" path="/315/bus" dev="overlay" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1
[  280.042349][   T29] audit: type=1400 audit(1727998706.998:624): avc:  denied  { unmount } for  pid=5226 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  280.648675][ T5303] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0
[  280.657866][ T5303] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0
[  280.700706][ T5303] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0
[  280.727132][ T5303] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0
[  280.755351][ T5303] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0
[  280.777333][ T5303] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0
[  280.837250][ T5303] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0
[  280.868269][ T5303] hid-generic 0000:0000:0000.0013: hidraw0: <UNKNOWN> HID v0.02 Device [syz0] on syz1
[  281.352125][ T8744] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1408'.
[  281.409933][ T8744] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address.
[  281.471589][ T8744] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (7)
[  281.729731][ T5215] usb 3-1: new full-speed USB device number 20 using dummy_hcd
[  281.901544][ T5215] usb 3-1: config 0 has no interfaces?
[  281.914385][ T5215] usb 3-1: New USB device found, idVendor=468c, idProduct=90ea, bcdDevice=99.6d
[  281.935144][ T5215] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  281.965830][ T5215] usb 3-1: Product: syz
[  281.983447][ T5215] usb 3-1: Manufacturer: syz
[  281.998057][ T5215] usb 3-1: SerialNumber: syz
[  282.026338][ T5215] usb 3-1: config 0 descriptor??
[  282.459761][ T5273] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  282.506022][ T8748] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  282.548414][ T8748] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  282.550291][ T8779] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1425'.
[  282.593205][ T5215] usb 3-1: USB disconnect, device number 20
[  282.610903][ T5238] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  282.624087][ T5238] Bluetooth: hci0: Injecting HCI hardware error event
[  282.635680][ T5238] Bluetooth: hci0: hardware error 0x00
[  282.667562][ T5273] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  282.702778][ T5273] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  282.719944][ T5273] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  282.730088][ T5273] usb 4-1: Product: syz
[  282.734938][ T5273] usb 4-1: Manufacturer: syz
[  282.741058][ T5273] usb 4-1: SerialNumber: syz
[  283.071912][ T5273] usb 4-1: USB disconnect, device number 11
[  283.457202][   T29] audit: type=1400 audit(1727998710.378:625): avc:  denied  { ioctl } for  pid=8794 comm="syz.2.1433" path="/dev/fuse" dev="devtmpfs" ino=99 ioctlcmd=0xe500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  283.708656][ T8786] orangefs_mount: mount request failed with -4
[  284.227253][ T5303] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  284.417603][ T5303] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  284.451521][ T5303] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  284.483516][ T5303] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  284.488403][ T8822] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  284.515832][ T5303] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  284.546134][ T5303] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  284.567440][ T5303] usb 3-1: config 0 descriptor??
[  284.677224][ T5238] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  284.940245][ T8826] netlink: 'syz.1.1448': attribute type 4 has an invalid length.
[  285.009376][ T8828] netlink: 'syz.1.1448': attribute type 17 has an invalid length.
[  285.046180][ T5303] plantronics 0003:047F:FFFF.0014: No inputs registered, leaving
[  285.119744][ T5303] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  285.373673][ T5273] usb 3-1: USB disconnect, device number 21
[  285.480622][   T65] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  285.832266][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  285.846629][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  285.866455][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  285.878149][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  285.889115][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  285.898504][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  285.937379][ T8839] netlink: 88 bytes leftover after parsing attributes in process `syz.3.1453'.
[  285.958974][ T8839] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1453'.
[  286.581566][ T8836] chnl_net:caif_netlink_parms(): no params data found
[  286.785981][   T29] audit: type=1400 audit(1727998713.738:626): avc:  denied  { read } for  pid=8861 comm="syz.0.1461" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  286.818970][   T29] audit: type=1400 audit(1727998713.738:627): avc:  denied  { open } for  pid=8861 comm="syz.0.1461" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  286.901733][   T29] audit: type=1400 audit(1727998713.808:628): avc:  denied  { ioctl } for  pid=8861 comm="syz.0.1461" path="/dev/nvram" dev="devtmpfs" ino=623 ioctlcmd=0x7040 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  286.950874][   T29] audit: type=1400 audit(1727998713.878:629): avc:  denied  { name_bind } for  pid=8865 comm="syz.2.1462" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  287.160770][ T8836] bridge0: port 1(bridge_slave_0) entered blocking state
[  287.170094][ T8836] bridge0: port 1(bridge_slave_0) entered disabled state
[  287.187395][ T8836] bridge_slave_0: entered allmulticast mode
[  287.198974][ T8836] bridge_slave_0: entered promiscuous mode
[  287.237569][ T8836] bridge0: port 2(bridge_slave_1) entered blocking state
[  287.247282][ T8836] bridge0: port 2(bridge_slave_1) entered disabled state
[  287.257310][ T8836] bridge_slave_1: entered allmulticast mode
[  287.278219][ T8836] bridge_slave_1: entered promiscuous mode
[  287.373263][ T8836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  287.422431][ T8836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  287.457690][  T938] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  287.571940][ T8836] team0: Port device team_slave_0 added
[  287.580311][   T29] audit: type=1400 audit(1727998714.528:630): avc:  denied  { append } for  pid=8877 comm="syz.2.1469" name="rtc0" dev="devtmpfs" ino=837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  287.614489][ T8836] team0: Port device team_slave_1 added
[  287.641115][  T938] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  287.641173][  T938] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  287.641223][  T938] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  287.641265][  T938] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  287.641327][  T938] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  287.641371][  T938] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  287.643956][  T938] usb 2-1: config 0 descriptor??
[  287.679141][ T8836] batman_adv: batadv0: Adding interface: batadv_slave_0
[  287.679170][ T8836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  287.679218][ T8836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  287.683394][ T8836] batman_adv: batadv0: Adding interface: batadv_slave_1
[  287.683421][ T8836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  287.683465][ T8836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  287.764178][ T8836] hsr_slave_0: entered promiscuous mode
[  287.776812][ T8836] hsr_slave_1: entered promiscuous mode
[  287.785648][ T8836] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  287.785755][ T8836] Cannot create hsr debugfs directory
[  287.957339][ T5238] Bluetooth: hci0: command tx timeout
[  288.092172][  T938] plantronics 0003:047F:FFFF.0015: No inputs registered, leaving
[  288.095687][  T938] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  288.188612][ T8836] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  288.380029][ T5273] usb 2-1: USB disconnect, device number 19
[  288.465601][ T8836] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  288.566540][   T29] audit: type=1400 audit(1727998715.518:631): avc:  denied  { read } for  pid=8884 comm="syz.2.1471" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  288.676202][ T8836] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  288.855115][ T8836] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  288.936637][ T8895] netlink: 'syz.0.1475': attribute type 10 has an invalid length.
[  288.984836][ T8895] syz_tun: entered promiscuous mode
[  289.032632][ T8895] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  289.090107][   T29] audit: type=1400 audit(1727998716.048:632): avc:  denied  { ioctl } for  pid=8896 comm="syz.1.1476" path="socket:[21984]" dev="sockfs" ino=21984 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  289.338361][ T8836] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  289.356355][ T8836] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  289.370467][ T8836] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  289.393399][ T8836] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  289.609740][ T8836] 8021q: adding VLAN 0 to HW filter on device bond0
[  289.656102][ T8836] 8021q: adding VLAN 0 to HW filter on device team0
[  289.677015][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[  289.685056][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[  289.770855][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  289.779570][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  289.787538][  T938] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  289.950259][  T938] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  289.985418][  T938] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  290.026670][  T938] usb 1-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  290.051879][ T5238] Bluetooth: hci0: command tx timeout
[  290.062376][  T938] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  290.130166][  T938] usb 1-1: config 0 descriptor??
[  290.191347][ T8836] 8021q: adding VLAN 0 to HW filter on device batadv0
[  290.575755][  T938] hid-steam 0003:28DE:1142.0016: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.0-1/input0
[  290.677416][  T938] hid-steam 0003:28DE:1142.0016: Steam wireless receiver connected
[  290.791134][  T938] hid-steam 0003:28DE:1142.0017: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.0-1/input0
[  290.868340][ T8836] veth0_vlan: entered promiscuous mode
[  290.998920][ T8836] veth1_vlan: entered promiscuous mode
[  291.319747][ T8836] veth0_macvtap: entered promiscuous mode
[  291.375514][ T8836] veth1_macvtap: entered promiscuous mode
[  291.467895][ T8836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  291.513666][ T8836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  291.528098][ T8836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  291.543304][ T8836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  291.567270][ T8836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  291.587218][ T8836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  291.612003][ T8836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  291.645257][ T8836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  291.667437][ T8836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  291.709232][ T8836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  291.758338][ T8836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  291.789535][ T8836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  291.845727][ T8836] batman_adv: batadv0: Interface activated: batadv_slave_0
[  291.901362][  T938] usb 1-1: reset high-speed USB device number 17 using dummy_hcd
[  291.918445][ T8836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  291.948310][ T8836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  291.987272][ T8836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  292.027183][ T8836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  292.067237][ T8836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  292.101993][   T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  292.114365][ T8836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  292.142893][   T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  292.154173][   T54] Bluetooth: hci0: command tx timeout
[  292.163891][   T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  292.178589][   T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  292.192222][ T8836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  292.208441][   T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  292.222901][   T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  292.231450][ T8836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  292.278364][ T8836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  292.294265][ T8836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  292.313218][ T8836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  292.331124][ T8836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  292.349791][ T8836] batman_adv: batadv0: Interface activated: batadv_slave_1
[  292.405721][ T8836] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  292.427239][ T8836] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  292.457428][ T8836] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  292.507164][ T8836] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  292.758420][    T9] usb 1-1: USB disconnect, device number 17
[  292.795420][    T9] hid-steam 0003:28DE:1142.0016: Steam wireless receiver disconnected
[  293.277786][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  293.327333][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  293.834901][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  293.887429][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  294.075078][ T8964] syzkaller1: entered promiscuous mode
[  294.104969][ T8964] syzkaller1: entered allmulticast mode
[  294.216918][ T5238] Bluetooth: hci0: command tx timeout
[  294.279097][ T5238] Bluetooth: hci3: command tx timeout
[  294.584352][ T8947] chnl_net:caif_netlink_parms(): no params data found
[  294.724910][ T8979] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1497'.
[  295.214536][ T8947] bridge0: port 1(bridge_slave_0) entered blocking state
[  295.257306][ T8947] bridge0: port 1(bridge_slave_0) entered disabled state
[  295.287563][ T8947] bridge_slave_0: entered allmulticast mode
[  295.309204][ T8947] bridge_slave_0: entered promiscuous mode
[  295.387486][ T8947] bridge0: port 2(bridge_slave_1) entered blocking state
[  295.395057][ T8947] bridge0: port 2(bridge_slave_1) entered disabled state
[  295.448669][ T8947] bridge_slave_1: entered allmulticast mode
[  295.469684][ T8947] bridge_slave_1: entered promiscuous mode
[  295.789140][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  295.807957][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  295.820674][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  295.831913][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  295.840946][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  295.857951][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  295.905445][ T8947] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  295.962541][ T8947] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  296.120078][ T8947] team0: Port device team_slave_0 added
[  296.147619][ T8947] team0: Port device team_slave_1 added
[  296.356218][   T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  296.371735][   T54] Bluetooth: hci3: command tx timeout
[  296.519115][ T8947] batman_adv: batadv0: Adding interface: batadv_slave_0
[  296.542328][ T8947] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  296.622808][ T8947] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  296.677978][   T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  296.738795][ T8947] batman_adv: batadv0: Adding interface: batadv_slave_1
[  296.748075][ T8947] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  296.833874][ T8947] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  296.966800][   T29] audit: type=1400 audit(1727998723.918:633): avc:  denied  { write } for  pid=9017 comm="syz.0.1508" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  296.974672][   T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  297.301375][   T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  297.483226][ T8947] hsr_slave_0: entered promiscuous mode
[  297.515083][ T8947] hsr_slave_1: entered promiscuous mode
[  297.528204][ T8947] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  297.540007][ T8947] Cannot create hsr debugfs directory
[  297.589171][   T25] usb 1-1: new low-speed USB device number 18 using dummy_hcd
[  297.752269][   T25] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  297.827245][   T25] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  297.865878][   T29] audit: type=1400 audit(1727998724.818:634): avc:  denied  { module_request } for  pid=9000 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  297.912693][   T25] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8
[  297.952749][   T25] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  297.985744][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  298.036718][   T54] Bluetooth: hci0: command tx timeout
[  298.096700][ T9023] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  298.113549][   T25] hub 1-1:1.0: bad descriptor, ignoring hub
[  298.124720][   T25] hub 1-1:1.0: probe with driver hub failed with error -5
[  298.133814][   T25] cdc_wdm 1-1:1.0: skipping garbage
[  298.141644][   T25] cdc_wdm 1-1:1.0: skipping garbage
[  298.151780][   T25] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  298.160248][   T25] cdc_wdm 1-1:1.0: Unknown control protocol
[  298.373714][ T9000] chnl_net:caif_netlink_parms(): no params data found
[  298.438916][   T54] Bluetooth: hci3: command tx timeout
[  298.478512][   T25] usb 1-1: USB disconnect, device number 18
[  298.582194][ T8947] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  298.671442][   T12] bridge_slave_1: left allmulticast mode
[  298.679467][   T12] bridge_slave_1: left promiscuous mode
[  298.697510][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  298.760692][   T12] bridge_slave_0: left allmulticast mode
[  298.797694][   T12] bridge_slave_0: left promiscuous mode
[  298.806083][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  298.837223][   T25] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  299.007520][   T25] usb 1-1: Using ep0 maxpacket: 8
[  299.031004][   T25] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  299.057272][   T25] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  299.087298][   T25] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  299.123937][   T25] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  299.159692][   T25] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  299.193615][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  299.248883][   T25] hub 1-1:1.0: bad descriptor, ignoring hub
[  299.279801][   T25] hub 1-1:1.0: probe with driver hub failed with error -5
[  299.312669][   T25] cdc_wdm 1-1:1.0: skipping garbage
[  299.332451][   T25] cdc_wdm 1-1:1.0: skipping garbage
[  299.354017][   T25] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  299.377474][   T25] cdc_wdm 1-1:1.0: Unknown control protocol
[  299.620276][   T25] usb 1-1: USB disconnect, device number 19
[  300.118155][   T54] Bluetooth: hci0: command tx timeout
[  300.537367][   T54] Bluetooth: hci3: command tx timeout
[  300.567807][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  300.641876][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  300.703044][   T12] bond0 (unregistering): Released all slaves
[  300.850706][ T8947] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.592832][ T8947] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.863906][ T8947] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.999322][ T9000] bridge0: port 1(bridge_slave_0) entered blocking state
[  302.012809][ T9000] bridge0: port 1(bridge_slave_0) entered disabled state
[  302.033917][ T9000] bridge_slave_0: entered allmulticast mode
[  302.058734][ T9000] bridge_slave_0: entered promiscuous mode
[  302.197499][   T54] Bluetooth: hci0: command tx timeout
[  302.487470][ T9086] syz.3.1531: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1
[  302.505126][ T9086] CPU: 0 UID: 0 PID: 9086 Comm: syz.3.1531 Not tainted 6.12.0-rc1-syzkaller-00113-g8c245fe7dde3 #0
[  302.519366][ T9086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  302.531782][ T9086] Call Trace:
[  302.537015][ T9086]  <TASK>
[  302.540180][ T9086]  dump_stack_lvl+0x16c/0x1f0
[  302.546194][ T9086]  warn_alloc+0x24d/0x3a0
[  302.551831][ T9086]  ? __pfx_warn_alloc+0x10/0x10
[  302.559540][ T9086]  ? __pfx_stack_trace_save+0x10/0x10
[  302.566907][ T9086]  ? __schedule+0xefd/0x5750
[  302.572022][ T9086]  ? kasan_save_stack+0x42/0x60
[  302.577838][ T9086]  ? kasan_save_stack+0x33/0x60
[  302.583915][ T9086]  ? kasan_save_track+0x14/0x30
[  302.589243][ T9086]  ? __kasan_kmalloc+0xaa/0xb0
[  302.595158][ T9086]  ? xskq_create+0x52/0x1d0
[  302.599907][ T9086]  ? do_sock_setsockopt+0x222/0x480
[  302.605540][ T9086]  ? __sys_setsockopt+0x1a4/0x270
[  302.612176][ T9086]  ? __x64_sys_setsockopt+0xbd/0x160
[  302.617573][ T9086]  __vmalloc_node_range_noprof+0x11a7/0x15a0
[  302.624272][ T9086]  ? xskq_create+0xfb/0x1d0
[  302.630042][ T9086]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  302.638209][ T9086]  ? xskq_create+0xfb/0x1d0
[  302.643226][ T9086]  vmalloc_user_noprof+0x6b/0x90
[  302.649350][ T9086]  ? xskq_create+0xfb/0x1d0
[  302.654828][ T9086]  xskq_create+0xfb/0x1d0
[  302.659872][ T9086]  xsk_setsockopt+0x757/0xa10
[  302.668435][ T9086]  ? __pfx_xsk_setsockopt+0x10/0x10
[  302.676060][ T9086]  ? selinux_socket_setsockopt+0x6a/0x80
[  302.683138][ T9086]  ? __pfx_xsk_setsockopt+0x10/0x10
[  302.689947][ T9086]  do_sock_setsockopt+0x222/0x480
[  302.695854][ T9086]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  302.702666][ T9086]  ? fdget+0x176/0x210
[  302.706965][ T9086]  __sys_setsockopt+0x1a4/0x270
[  302.713752][ T9086]  ? __pfx___sys_setsockopt+0x10/0x10
[  302.719847][ T9086]  ? lock_acquire+0x2f/0xb0
[  302.724717][ T9086]  __x64_sys_setsockopt+0xbd/0x160
[  302.730563][ T9086]  ? do_syscall_64+0x91/0x250
[  302.736034][ T9086]  ? lockdep_hardirqs_on+0x7c/0x110
[  302.741413][ T9086]  do_syscall_64+0xcd/0x250
[  302.747178][ T9086]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.754473][ T9086] RIP: 0033:0x7fa32857dff9
[  302.759412][ T9086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  302.786283][ T9086] RSP: 002b:00007fa329393038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  302.796149][ T9086] RAX: ffffffffffffffda RBX: 00007fa328736058 RCX: 00007fa32857dff9
[  302.804799][ T9086] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000003
[  302.813405][ T9086] RBP: 00007fa3285f0296 R08: 0000000000000020 R09: 0000000000000000
[  302.823627][ T9086] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000
[  302.833496][ T9086] R13: 0000000000000001 R14: 00007fa328736058 R15: 00007ffcaaaa1a28
[  302.843642][ T9086]  </TASK>
[  302.877215][ T9086] Mem-Info:
[  302.883244][ T9086] active_anon:22648 inactive_anon:0 isolated_anon:0
[  302.883244][ T9086]  active_file:11504 inactive_file:38607 isolated_file:0
[  302.883244][ T9086]  unevictable:768 dirty:401 writeback:0
[  302.883244][ T9086]  slab_reclaimable:10337 slab_unreclaimable:102404
[  302.883244][ T9086]  mapped:32280 shmem:19809 pagetables:729
[  302.883244][ T9086]  sec_pagetables:0 bounce:0
[  302.883244][ T9086]  kernel_misc_reclaimable:0
[  302.883244][ T9086]  free:1315745 free_pcp:785 free_cma:0
[  302.945137][ T9086] Node 0 active_anon:90592kB inactive_anon:0kB active_file:45964kB inactive_file:154356kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:129068kB dirty:1552kB writeback:0kB shmem:77700kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10496kB pagetables:2916kB sec_pagetables:0kB all_unreclaimable? no
[  302.998229][ T9000] bridge0: port 2(bridge_slave_1) entered blocking state
[  303.006469][ T9000] bridge0: port 2(bridge_slave_1) entered disabled state
[  303.077507][ T9000] bridge_slave_1: entered allmulticast mode
[  303.086546][ T9000] bridge_slave_1: entered promiscuous mode
[  303.122746][ T9086] Node 1 active_anon:0kB inactive_anon:0kB active_file:52kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:52kB dirty:52kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  303.163323][ T9086] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  303.221433][ T9086] lowmem_reserve[]: 0 2461 2461 0 0
[  303.243942][ T9086] Node 0 DMA32 free:1329580kB boost:0kB min:34168kB low:42708kB high:51248kB reserved_highatomic:0KB active_anon:79076kB inactive_anon:0kB active_file:45964kB inactive_file:154036kB unevictable:1536kB writepending:1548kB present:3129332kB managed:2549168kB mlocked:0kB bounce:0kB free_pcp:3912kB local_pcp:1060kB free_cma:0kB
[  303.337299][ T9086] lowmem_reserve[]: 0 0 0 0 0
[  303.342754][ T9086] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:32kB inactive_anon:0kB active_file:0kB inactive_file:320kB unevictable:0kB writepending:4kB present:1048580kB managed:364kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB
[  303.381703][ T9086] lowmem_reserve[]: 0 0 0 0 0
[  303.383526][   T25] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  303.398038][ T9086] Node 1 Normal free:3929136kB boost:0kB min:55728kB low:69660kB high:83592kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:52kB inactive_file:72kB unevictable:1536kB writepending:52kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:784kB local_pcp:784kB free_cma:0kB
[  303.450633][ T9086] lowmem_reserve[]: 0 0 0 0 0
[  303.477411][ T9086] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  303.508099][ T9086] Node 0 DMA32: 13*4kB (M) 196*8kB (UME) 162*16kB (UME) 139*32kB (UME) 15*64kB (UME) 11*128kB (UE) 8*256kB (UM) 9*512kB (UM) 4*1024kB (UM) 4*2048kB (ME) 317*4096kB (ME) = 1328404kB
[  303.538219][ T9086] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  303.561939][   T25] usb 1-1: Using ep0 maxpacket: 32
[  303.568694][   T12] hsr_slave_0: left promiscuous mode
[  303.591983][   T25] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  303.607370][   T25] usb 1-1: config 0 has no interface number 0
[  303.626459][ T9086] Node 1 Normal: 64*4kB (UME) 6*8kB (UME) 20*16kB (UME) 178*32kB (UME) 76*64kB (UME) 25*128kB (UME) 14*256kB (UM) 9*512kB (UME) 3*1024kB (UE) 4*2048kB (UE) 951*4096kB (M) = 3929136kB
[  303.649828][   T25] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  303.679014][ T9086] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  303.691540][   T25] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  303.717834][   T12] hsr_slave_1: left promiscuous mode
[  303.737166][   T25] usb 1-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  303.750336][ T9086] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  303.776330][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  303.797646][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  303.820051][ T9086] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  303.836061][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  303.848134][   T25] usb 1-1: config 0 descriptor??
[  303.874543][ T9086] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  303.889636][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  303.917649][ T9086] 55245 total pagecache pages
[  303.923285][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  303.943805][ T9086] 0 pages in swap cache
[  303.959968][ T9086] Free swap  = 124240kB
[  303.985583][ T9086] Total swap = 124996kB
[  304.012623][ T9086] 2097051 pages RAM
[  304.029473][ T9086] 0 pages HighMem/MovableOnly
[  304.036355][ T9086] 428037 pages reserved
[  304.040386][   T12] veth1_macvtap: left promiscuous mode
[  304.046785][   T12] veth0_macvtap: left promiscuous mode
[  304.055154][   T12] veth1_vlan: left promiscuous mode
[  304.061078][   T12] veth0_vlan: left promiscuous mode
[  304.086761][ T9086] 0 pages cma reserved
[  304.277584][   T54] Bluetooth: hci0: command tx timeout
[  304.458575][ T1849] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  304.610714][   T25] uclogic 0003:28BD:0094.0018: pen parameters not found
[  304.634783][ T1849] usb 4-1: Using ep0 maxpacket: 16
[  304.642867][   T25] uclogic 0003:28BD:0094.0018: interface is invalid, ignoring
[  304.656341][ T1849] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  304.675660][ T1849] usb 4-1: config 0 has no interface number 0
[  304.758243][ T1849] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  304.777262][ T1849] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  304.786576][ T1849] usb 4-1: Product: syz
[  304.810925][ T1849] usb 4-1: Manufacturer: syz
[  304.815891][ T1849] usb 4-1: SerialNumber: syz
[  304.841186][ T1849] usb 4-1: config 0 descriptor??
[  304.851805][ T1849] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  304.878428][ T5215] usb 1-1: USB disconnect, device number 20
[  305.437016][   T12] team0 (unregistering): Port device team_slave_1 removed
[  305.576935][   T12] team0 (unregistering): Port device team_slave_0 removed
[  305.967219][ T1849] gspca_spca1528: reg_w err -71
[  305.974190][ T1849] spca1528 4-1:0.1: probe with driver spca1528 failed with error -71
[  306.038743][ T1849] usb 4-1: USB disconnect, device number 12
[  307.212539][ T9000] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  307.448579][ T9000] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  307.636593][ T9000] team0: Port device team_slave_0 added
[  307.744641][ T9000] team0: Port device team_slave_1 added
[  307.769500][ T8947] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  307.838237][ T8947] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  307.893366][ T9000] batman_adv: batadv0: Adding interface: batadv_slave_0
[  307.901953][ T9000] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  307.933824][ T9000] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  307.956038][ T8947] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  307.981156][ T9000] batman_adv: batadv0: Adding interface: batadv_slave_1
[  307.995360][ T9000] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  308.026771][ T9000] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  308.027475][   T25] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  308.050347][ T8947] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  308.200097][ T9000] hsr_slave_0: entered promiscuous mode
[  308.237247][   T25] usb 1-1: Using ep0 maxpacket: 16
[  308.260312][   T25] usb 1-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35
[  308.270496][   T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  308.280910][ T9000] hsr_slave_1: entered promiscuous mode
[  308.287160][   T25] usb 1-1: Product: syz
[  308.295191][   T25] usb 1-1: Manufacturer: syz
[  308.301346][   T25] usb 1-1: SerialNumber: syz
[  308.310267][   T25] usb 1-1: config 0 descriptor??
[  308.320577][   T25] as10x_usb: device has been detected
[  308.327743][   T25] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led))
[  308.353161][   T25] usb 1-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))...
[  308.356122][ T9000] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  308.367851][   T25] as10x_usb: error during firmware upload part1
[  308.380269][   T25] Registered device Sky IT Digital Key (green led)
[  308.427326][ T9000] Cannot create hsr debugfs directory
[  308.658446][ T9112] random: crng reseeded on system resumption
[  308.868093][ T1849] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  309.049509][ T1849] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  309.079479][ T1849] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  309.116767][ T1849] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  309.199243][ T1849] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  309.260267][ T1849] usb 4-1: config 0 descriptor??
[  309.329491][ T8947] 8021q: adding VLAN 0 to HW filter on device bond0
[  309.419371][ T8947] 8021q: adding VLAN 0 to HW filter on device team0
[  309.496287][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  309.504232][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  309.617014][ T1098] bridge0: port 2(bridge_slave_1) entered blocking state
[  309.625496][ T1098] bridge0: port 2(bridge_slave_1) entered forwarding state
[  309.687932][ T5273] usb 1-1: USB disconnect, device number 21
[  309.768334][ T5273] Unregistered device Sky IT Digital Key (green led)
[  309.771890][ T1849] cm6533_jd 0003:0D8C:0022.0019: unknown main item tag 0x0
[  309.792061][ T5273] as10x_usb: device has been disconnected
[  309.818455][ T1849] cm6533_jd 0003:0D8C:0022.0019: unknown main item tag 0x0
[  309.848787][ T1849] cm6533_jd 0003:0D8C:0022.0019: unknown main item tag 0x0
[  309.887270][ T1849] cm6533_jd 0003:0D8C:0022.0019: unknown main item tag 0x0
[  309.918983][ T1849] cm6533_jd 0003:0D8C:0022.0019: unknown main item tag 0x0
[  309.948509][ T1849] cm6533_jd 0003:0D8C:0022.0019: No inputs registered, leaving
[  309.979236][ T1849] cm6533_jd 0003:0D8C:0022.0019: hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0
[  309.997710][ T9000] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  310.046565][ T9000] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  310.078013][ T1849] usb 4-1: USB disconnect, device number 13
[  310.098708][ T9000] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  310.122925][ T9000] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  310.386895][ T8947] 8021q: adding VLAN 0 to HW filter on device batadv0
[  310.405356][ T9000] 8021q: adding VLAN 0 to HW filter on device bond0
[  310.466510][   T29] audit: type=1326 audit(1727998737.408:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9132 comm="syz.0.1551" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9f4397dff9 code=0x0
[  310.534442][ T8947] veth0_vlan: entered promiscuous mode
[  310.554764][ T8947] veth1_vlan: entered promiscuous mode
[  310.583695][ T9000] 8021q: adding VLAN 0 to HW filter on device team0
[  310.621513][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  310.629818][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  310.645810][ T8947] veth0_macvtap: entered promiscuous mode
[  310.672041][ T8947] veth1_macvtap: entered promiscuous mode
[  310.685114][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  310.694080][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  310.750306][ T8947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  310.774248][ T8947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  310.820756][ T8947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  310.851330][ T8947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  310.875385][ T8947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  310.899637][ T8947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  310.933218][ T8947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  310.952487][   T29] audit: type=1400 audit(1727998737.908:636): avc:  denied  { create } for  pid=9136 comm="syz.3.1553" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  310.987096][ T8947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  311.007341][   T29] audit: type=1400 audit(1727998737.908:637): avc:  denied  { write } for  pid=9136 comm="syz.3.1553" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  311.045842][ T8947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  311.063495][ T8947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  311.076518][ T8947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  311.092785][ T8947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  311.105612][ T8947] batman_adv: batadv0: Interface activated: batadv_slave_0
[  311.187344][ T8947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  311.213059][ T8947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  311.247150][ T8947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  311.269747][ T8947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  311.293059][ T8947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  311.306654][ T8947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  311.319889][ T8947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  311.331920][ T8947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  311.344104][ T8947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  311.357758][ T8947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  311.370496][ T8947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  311.383283][ T8947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  311.396905][ T8947] batman_adv: batadv0: Interface activated: batadv_slave_1
[  311.474384][ T8947] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  311.487661][ T8947] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  311.500781][ T8947] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  311.512695][ T8947] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  311.768376][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  311.807249][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  311.902010][   T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  311.931390][   T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  312.062889][ T9000] 8021q: adding VLAN 0 to HW filter on device batadv0
[  312.797302][ T5215] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  312.921587][ T9000] veth0_vlan: entered promiscuous mode
[  312.964106][ T9000] veth1_vlan: entered promiscuous mode
[  312.992504][ T5215] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  313.021503][ T5215] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  313.043039][ T5215] usb 4-1: Product: syz
[  313.054055][ T5215] usb 4-1: Manufacturer: syz
[  313.103055][ T5215] usb 4-1: SerialNumber: syz
[  313.124734][ T9000] veth0_macvtap: entered promiscuous mode
[  313.134492][ T5215] usb 4-1: config 0 descriptor??
[  313.193067][ T9000] veth1_macvtap: entered promiscuous mode
[  313.250556][ T9000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  313.303011][ T9000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  313.327412][ T9000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  313.361749][ T9000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  313.405539][ T9000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  313.447211][ T5274] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  313.456836][ T9000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  313.496571][ T9000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  313.523183][   T25] usb 4-1: USB disconnect, device number 14
[  313.531160][ T9000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  313.556026][ T9000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  313.597336][ T9000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  313.632246][ T9000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  313.647960][ T9000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  313.648194][ T5274] usb 3-1: Using ep0 maxpacket: 16
[  313.659040][ T9000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  313.659124][ T9000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  313.665652][ T9000] batman_adv: batadv0: Interface activated: batadv_slave_0
[  313.744950][ T5274] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  313.755772][ T9000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  313.767231][ T5274] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  313.823776][ T5274] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  313.827278][ T9000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  313.837480][ T5274] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  313.884350][ T5274] usb 3-1: Product: syz
[  313.899453][ T5274] usb 3-1: Manufacturer: syz
[  313.907505][ T9000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  313.924409][ T5274] usb 3-1: SerialNumber: syz
[  313.938001][ T5274] usb 3-1: config 0 descriptor??
[  313.955104][ T9000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  313.955920][ T5274] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  313.987384][ T9000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  313.999636][ T5274] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[  314.027297][ T9000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  314.067181][ T9000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  314.118056][ T9000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  314.152935][ T9000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  314.195369][ T9000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  314.201642][ T9195] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1570'.
[  314.223258][ T9000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  314.242794][ T9000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  314.257437][ T9000] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  314.269616][ T9000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  314.289563][ T9000] batman_adv: batadv0: Interface activated: batadv_slave_1
[  314.333902][ T9000] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  314.377404][ T9000] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  314.390657][ T9000] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  314.403207][ T9000] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  314.618346][ T5274] em28xx 3-1:0.0: unknown em28xx chip ID (249)
[  314.758104][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  314.787304][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  314.837771][ T5274] em28xx 3-1:0.0: Config register raw data: 0xf9
[  314.857153][ T5274] em28xx 3-1:0.0: I2S Audio (5 sample rate(s))
[  314.882824][ T5274] em28xx 3-1:0.0: No AC97 audio processor
[  314.892785][ T9202] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  314.925671][ T9202] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  314.940131][ T9202] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  314.952681][ T9202] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  314.969216][ T9202] netdevsim netdevsim1 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0
[  314.982348][ T9202] netdevsim netdevsim1 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0
[  314.994553][ T9202] netdevsim netdevsim1 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0
[  315.007202][ T9202] netdevsim netdevsim1 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0
[  315.033187][ T5274] usb 3-1: USB disconnect, device number 22
[  315.041044][ T9202] geneve2: entered promiscuous mode
[  315.054614][ T9202] geneve2: entered allmulticast mode
[  315.099390][ T2523] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  315.110890][ T2523] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  315.903691][ T2523] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  316.256989][ T5303] kernel write not supported for file /vcs (pid: 5303 comm: kworker/0:6)
[  316.285852][ T5238] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  316.311117][ T2523] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  316.333872][ T5238] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  316.367554][ T5238] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  316.382714][ T5238] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  316.407867][ T5238] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  316.416889][ T5238] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  316.742180][ T2523] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  316.803141][ T9231] futex_wake_op: syz.2.1585 tries to shift op by -1; fix this program
[  316.885803][ T2523] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  316.902809][   T29] audit: type=1326 audit(1727998743.858:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9226 comm="syz.3.1584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32857dff9 code=0x7fc00000
[  316.931330][    C0] vkms_vblank_simulate: vblank timer overrun
[  317.288121][ T9219] chnl_net:caif_netlink_parms(): no params data found
[  317.377522][ T2523] bridge_slave_1: left allmulticast mode
[  317.384444][ T2523] bridge_slave_1: left promiscuous mode
[  317.407302][ T2523] bridge0: port 2(bridge_slave_1) entered disabled state
[  317.463384][ T2523] bridge_slave_0: left allmulticast mode
[  317.477371][ T2523] bridge_slave_0: left promiscuous mode
[  317.484458][ T2523] bridge0: port 1(bridge_slave_0) entered disabled state
[  317.540050][   T29] audit: type=1326 audit(1727998744.498:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9226 comm="syz.3.1584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa32857dff9 code=0x7fc00000
[  317.973141][ T9250] netlink: 'syz.3.1592': attribute type 3 has an invalid length.
[  318.052640][ T9250] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1592'.
[  318.540660][ T5238] Bluetooth: hci0: command tx timeout
[  318.967363][   T29] audit: type=1400 audit(1727998745.908:640): avc:  denied  { read } for  pid=9253 comm="syz.0.1594" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  319.061584][   T29] audit: type=1400 audit(1727998745.908:641): avc:  denied  { open } for  pid=9253 comm="syz.0.1594" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  319.240272][   T29] audit: type=1400 audit(1727998746.198:642): avc:  denied  { ioctl } for  pid=9264 comm="syz.0.1598" path="socket:[25858]" dev="sockfs" ino=25858 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  319.288330][ T2523] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  319.345985][ T2523] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  319.394396][ T2523] bond0 (unregistering): Released all slaves
[  319.531615][ T9267] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1598'.
[  320.197516][   T29] audit: type=1400 audit(1727998747.138:643): avc:  denied  { connect } for  pid=9282 comm="syz.1.1604" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  320.597216][ T5238] Bluetooth: hci0: command 0x041b tx timeout
[  321.092833][ T9219] bridge0: port 1(bridge_slave_0) entered blocking state
[  321.116883][ T9219] bridge0: port 1(bridge_slave_0) entered disabled state
[  321.137481][ T9219] bridge_slave_0: entered allmulticast mode
[  321.158937][ T9219] bridge_slave_0: entered promiscuous mode
[  321.191576][ T5274] IPVS: starting estimator thread 0...
[  321.221440][ T9219] bridge0: port 2(bridge_slave_1) entered blocking state
[  321.245303][ T5274] IPVS: starting estimator thread 0...
[  321.249903][ T9219] bridge0: port 2(bridge_slave_1) entered disabled state
[  321.275599][ T9219] bridge_slave_1: entered allmulticast mode
[  321.318498][ T9219] bridge_slave_1: entered promiscuous mode
[  321.337565][ T9315] IPVS: using max 15 ests per chain, 36000 per kthread
[  321.352598][ T9316] IPVS: using max 14 ests per chain, 33600 per kthread
[  321.389057][ T9314] tipc: Started in network mode
[  321.395739][ T9314] tipc: Node identity ac1414aa, cluster identity 4711
[  321.412665][ T9314] tipc: Enabled bearer <udp:s>, priority 10
[  321.470110][ T2523] hsr_slave_0: left promiscuous mode
[  321.490030][ T2523] hsr_slave_1: left promiscuous mode
[  321.531658][ T2523] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  321.550365][ T2523] batman_adv: batadv0: Removing interface: batadv_slave_0
[  321.558867][   T29] audit: type=1400 audit(1727998748.508:644): avc:  denied  { setopt } for  pid=9319 comm="syz.3.1618" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  321.609566][ T2523] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  321.634568][ T2523] batman_adv: batadv0: Removing interface: batadv_slave_1
[  321.744483][ T2523] veth1_macvtap: left promiscuous mode
[  321.763347][ T2523] veth0_macvtap: left promiscuous mode
[  321.770862][ T2523] veth1_vlan: left promiscuous mode
[  321.779385][ T2523] veth0_vlan: left promiscuous mode
[  322.297228][ T5303] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  322.488982][ T5303] usb 3-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b
[  322.507207][ T5303] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  322.534954][ T5215] tipc: Node number set to 2886997162
[  322.545531][ T5303] usb 3-1: config 0 descriptor??
[  322.677807][   T54] Bluetooth: hci0: command 0x041b tx timeout
[  323.470947][ T2523] team0 (unregistering): Port device team_slave_1 removed
[  323.572642][ T2523] team0 (unregistering): Port device team_slave_0 removed
[  323.652418][ T5303] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  323.677330][ T5303] asix 3-1:0.0: probe with driver asix failed with error -71
[  323.706127][ T5303] usb 3-1: USB disconnect, device number 23
[  324.760447][   T54] Bluetooth: hci0: command 0x041b tx timeout
[  324.991674][ T9219] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  325.011174][ T9219] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  325.308417][ T9357] rdma_op ffff88807aaae9f0 conn xmit_rdma 0000000000000000
[  325.328411][ T9219] team0: Port device team_slave_0 added
[  325.361832][ T9359] netlink: 'syz.2.1634': attribute type 3 has an invalid length.
[  325.394960][ T9219] team0: Port device team_slave_1 added
[  325.582927][ T9219] batman_adv: batadv0: Adding interface: batadv_slave_0
[  325.596872][ T9219] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  325.686366][ T9219] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  325.703385][ T9219] batman_adv: batadv0: Adding interface: batadv_slave_1
[  325.729492][ T9219] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  325.780502][ T9365] Bluetooth: MGMT ver 1.23
[  325.843679][ T9219] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  326.192087][ T9219] hsr_slave_0: entered promiscuous mode
[  326.241682][ T9219] hsr_slave_1: entered promiscuous mode
[  326.274719][ T9219] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  326.288545][ T9219] Cannot create hsr debugfs directory
[  326.662035][   T29] audit: type=1400 audit(1727998753.618:645): avc:  denied  { connect } for  pid=9401 comm="syz.0.1649" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  326.828828][   T29] audit: type=1400 audit(1727998753.618:646): avc:  denied  { write } for  pid=9401 comm="syz.0.1649" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  326.857555][   T54] Bluetooth: hci0: command 0x041b tx timeout
[  327.280626][ T9436] ALSA: mixer_oss: invalid OSS volume ''
[  328.522096][ T9219] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  328.545509][ T9219] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  328.580818][ T9219] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  328.652497][ T9219] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  328.722065][   T29] audit: type=1400 audit(1727998755.678:647): avc:  denied  { connect } for  pid=9466 comm="syz.1.1664" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  328.807274][ T5215] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  328.950489][ T9219] 8021q: adding VLAN 0 to HW filter on device bond0
[  329.002341][ T1269] ieee802154 phy0 wpan0: encryption failed: -22
[  329.003585][ T5215] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  329.042583][ T9219] 8021q: adding VLAN 0 to HW filter on device team0
[  329.053160][ T5215] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.074756][ T9438] bridge0: port 1(bridge_slave_0) entered blocking state
[  329.084441][ T9438] bridge0: port 1(bridge_slave_0) entered forwarding state
[  329.108888][ T5215] usb 1-1: Product: syz
[  329.115546][ T5215] usb 1-1: Manufacturer: syz
[  329.135070][ T5215] usb 1-1: SerialNumber: syz
[  329.155465][   T82] bridge0: port 2(bridge_slave_1) entered blocking state
[  329.165217][   T82] bridge0: port 2(bridge_slave_1) entered forwarding state
[  329.188328][ T5215] usb 1-1: config 0 descriptor??
[  329.501595][    T9] usb 1-1: USB disconnect, device number 22
[  329.765459][ T9219] 8021q: adding VLAN 0 to HW filter on device batadv0
[  330.427539][   T25] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  330.603501][   T25] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  330.621041][   T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  330.654941][ T9219] veth0_vlan: entered promiscuous mode
[  330.678661][   T25] usb 2-1: Product: syz
[  330.702441][   T25] usb 2-1: Manufacturer: syz
[  330.728588][ T9219] veth1_vlan: entered promiscuous mode
[  330.735570][   T25] usb 2-1: SerialNumber: syz
[  330.764107][   T25] usb 2-1: config 0 descriptor??
[  330.912043][ T9219] veth0_macvtap: entered promiscuous mode
[  330.928050][ T9219] veth1_macvtap: entered promiscuous mode
[  330.958279][ T9219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  330.971810][ T9219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  330.982722][ T9219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  330.998343][ T9219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  331.012668][ T9219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  331.025635][ T9219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  331.036964][ T9219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  331.054382][ T9219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  331.065331][ T9219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  331.079790][ T9219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  331.092647][ T9219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  331.105548][ T9219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  331.118498][ T9219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  331.132496][ T9219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  331.148428][ T9219] batman_adv: batadv0: Interface activated: batadv_slave_0
[  331.162083][ T9219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  331.176090][ T9219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  331.189245][ T9219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  331.200737][ T9219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  331.214750][ T9219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  331.226595][ T9219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  331.238630][ T9219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  331.250228][ T9219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  331.262517][ T9219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  331.274905][ T9219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  331.288862][ T9219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  331.300391][ T9219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  331.313126][ T9219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  331.324704][ T9219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  331.338046][ T9219] batman_adv: batadv0: Interface activated: batadv_slave_1
[  331.352398][ T9219] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  331.364128][ T9219] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  331.375016][ T9219] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  331.385359][ T9219] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  331.979714][   T29] audit: type=1400 audit(1727998758.938:648): avc:  denied  { ioctl } for  pid=9504 comm="syz.2.1676" path="socket:[25522]" dev="sockfs" ino=25522 ioctlcmd=0x8907 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  332.089641][ T1114] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  332.108186][   T25] usb 2-1: Firmware version (0.0) predates our first public release.
[  332.127315][ T1114] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  332.132238][   T25] usb 2-1: Please update to version 0.2 or newer
[  332.187310][   T25] usb 2-1: Firmware: build 
[  332.327204][ T1849] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  332.376668][ T1114] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  332.397499][ T1114] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  332.430948][   T25] usb 2-1: USB disconnect, device number 20
[  332.507463][ T1849] usb 1-1: Using ep0 maxpacket: 32
[  332.531116][ T1849] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  332.545057][ T1849] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  332.572107][ T1849] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  332.605363][ T1849] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  332.672550][ T1849] usb 1-1: config 0 descriptor??
[  332.698382][ T1849] hub 1-1:0.0: USB hub found
[  332.905363][ T1849] hub 1-1:0.0: config failed, hub has too many ports! (err -19)
[  333.108526][ T1849] usbhid 1-1:0.0: can't add hid device: -71
[  333.116194][ T1849] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  333.168343][ T1849] usb 1-1: USB disconnect, device number 23
[  334.244507][   T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  334.391398][ T9532] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1683'.
[  334.437282][ T9532] netlink: 'syz.1.1683': attribute type 7 has an invalid length.
[  334.467266][ T9532] netlink: 'syz.1.1683': attribute type 8 has an invalid length.
[  334.476823][ T9532] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1683'.
[  334.638867][ T5273] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  334.687343][   T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  334.825273][ T5273] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  334.862185][ T5273] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  334.903848][ T5273] usb 3-1: New USB device found, idVendor=6666, idProduct=8801, bcdDevice= 0.00
[  334.937497][ T5273] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.954269][ T5238] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  334.972653][ T5273] usb 3-1: config 0 descriptor??
[  334.977925][   T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  334.979170][ T5238] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  335.006427][ T5238] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  335.027797][ T5238] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  335.040778][ T5238] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  335.050232][ T5238] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  335.061500][ T9548] input: syz1 as /devices/virtual/input/input26
[  335.330973][   T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  335.439587][ T5273] smartjoyplus 0003:6666:8801.001A: unknown main item tag 0x0
[  335.470644][ T5273] smartjoyplus 0003:6666:8801.001A: ignoring exceeding usage max
[  335.501954][ T5273] smartjoyplus 0003:6666:8801.001A: usage index exceeded
[  335.537359][ T5273] smartjoyplus 0003:6666:8801.001A: item 0 0 2 0 parsing failed
[  335.567879][ T5273] smartjoyplus 0003:6666:8801.001A: parse failed
[  335.576661][ T5273] smartjoyplus 0003:6666:8801.001A: probe with driver smartjoyplus failed with error -22
[  335.663913][   T29] audit: type=1400 audit(1727998762.618:649): avc:  denied  { getopt } for  pid=9555 comm="syz.0.1693" lport=38406 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  335.692587][    C0] vkms_vblank_simulate: vblank timer overrun
[  335.733190][ T1849] usb 3-1: USB disconnect, device number 24
[  335.793704][ T9558] Bluetooth: MGMT ver 1.23
[  335.834594][ T9558] Bluetooth: hci0: load_link_keys: expected 51203 bytes, got 7 bytes
[  336.020252][   T12] bridge_slave_1: left allmulticast mode
[  336.060822][   T12] bridge_slave_1: left promiscuous mode
[  336.081325][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  336.127428][   T25] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  336.144437][   T12] bridge_slave_0: left allmulticast mode
[  336.157137][   T12] bridge_slave_0: left promiscuous mode
[  336.172240][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  336.307317][   T25] usb 1-1: Using ep0 maxpacket: 16
[  336.321545][   T25] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  336.349629][   T25] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  336.385210][   T25] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  336.409602][   T25] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  336.421524][   T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  336.436848][   T25] usb 1-1: Product: syz
[  336.450147][   T25] usb 1-1: Manufacturer: syz
[  336.465927][   T25] usb 1-1: SerialNumber: syz
[  336.900365][   T25] usb 1-1: 0:2 : does not exist
[  337.128005][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  337.145797][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  337.157710][ T5238] Bluetooth: hci0: command tx timeout
[  337.196652][   T12] bond0 (unregistering): Released all slaves
[  337.511487][   T25] usb 1-1: 1:0: failed to get current value for ch 0 (-22)
[  337.577482][   T25] usb 1-1: USB disconnect, device number 24
[  337.850192][ T9544] chnl_net:caif_netlink_parms(): no params data found
[  338.077188][   T29] audit: type=1400 audit(1727998764.998:650): avc:  denied  { ioctl } for  pid=9576 comm="syz.1.1700" path="socket:[26757]" dev="sockfs" ino=26757 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  338.107758][    C0] vkms_vblank_simulate: vblank timer overrun
[  338.228038][   T29] audit: type=1400 audit(1727998765.178:651): avc:  denied  { connect } for  pid=9578 comm="syz.3.1701" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  338.257608][    C0] vkms_vblank_simulate: vblank timer overrun
[  338.442746][   T29] audit: type=1400 audit(1727998765.398:652): avc:  denied  { write } for  pid=9585 comm="syz.0.1703" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  338.570305][ T9544] bridge0: port 1(bridge_slave_0) entered blocking state
[  338.574272][   T29] audit: type=1400 audit(1727998765.528:653): avc:  denied  { unmount } for  pid=8947 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  338.603181][ T9544] bridge0: port 1(bridge_slave_0) entered disabled state
[  338.603739][ T9544] bridge_slave_0: entered allmulticast mode
[  338.605370][ T9544] bridge_slave_0: entered promiscuous mode
[  338.730585][ T9544] bridge0: port 2(bridge_slave_1) entered blocking state
[  338.768403][ T9544] bridge0: port 2(bridge_slave_1) entered disabled state
[  338.776618][ T9544] bridge_slave_1: entered allmulticast mode
[  338.804770][ T9544] bridge_slave_1: entered promiscuous mode
[  338.827121][ T9591] netlink: 'syz.0.1705': attribute type 19 has an invalid length.
[  338.935028][   T12] hsr_slave_0: left promiscuous mode
[  338.952784][   T12] hsr_slave_1: left promiscuous mode
[  338.974962][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  338.989260][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  339.011780][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  339.037106][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  339.089925][   T12] veth1_macvtap: left promiscuous mode
[  339.107164][   T12] veth0_macvtap: left promiscuous mode
[  339.114643][   T12] veth1_vlan: left promiscuous mode
[  339.129010][   T12] veth0_vlan: left promiscuous mode
[  339.243184][ T5238] Bluetooth: hci0: command tx timeout
[  339.956058][   T29] audit: type=1400 audit(1727998766.908:654): avc:  denied  { write } for  pid=9610 comm="syz.0.1713" laddr=::1 lport=51774 faddr=::1 fport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  339.990488][    C0] vkms_vblank_simulate: vblank timer overrun
[  340.017168][    T9] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  340.197759][    T9] usb 2-1: Using ep0 maxpacket: 16
[  340.223016][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  340.266404][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  340.306574][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  340.360373][    T9] usb 2-1: New USB device found, idVendor=056a, idProduct=0022, bcdDevice= 0.00
[  340.391421][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  340.439291][    T9] usb 2-1: config 0 descriptor??
[  340.520671][   T11] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  340.881232][    T9] wacom 0003:056A:0022.001B: Unknown device_type for 'HID 056a:0022'. Assuming pen.
[  340.928375][    T9] wacom 0003:056A:0022.001B: hidraw0: USB HID v0.00 Device [HID 056a:0022] on usb-dummy_hcd.1-1/input0
[  340.977616][    T9] input: Wacom Intuos 9x12 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:0022.001B/input/input27
[  341.095771][    T9] usb 2-1: USB disconnect, device number 21
[  341.317524][ T5238] Bluetooth: hci0: command tx timeout
[  341.722488][   T12] team0 (unregistering): Port device team_slave_1 removed
[  341.952634][   T12] team0 (unregistering): Port device team_slave_0 removed
[  342.643565][   T29] audit: type=1400 audit(1727998769.598:655): avc:  denied  { bind } for  pid=9640 comm="syz.1.1725" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  342.675270][    C0] vkms_vblank_simulate: vblank timer overrun
[  343.307363][ T5273] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  343.398232][ T5238] Bluetooth: hci0: command tx timeout
[  343.483489][ T5273] usb 1-1: Using ep0 maxpacket: 8
[  343.492929][ T5273] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  343.505418][ T5273] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  343.536767][ T5273] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  343.552027][ T5273] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  343.602135][ T5273] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  343.667188][ T5273] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  343.705334][ T5273] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  343.967182][ T5273] usb 1-1: usb_control_msg returned -32
[  343.984333][ T5273] usbtmc 1-1:16.0: can't read capabilities
[  344.216400][ T9544] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  344.261393][ T9646] netlink: 'syz.1.1727': attribute type 5 has an invalid length.
[  344.310200][ T9544] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  345.251523][ T9544] team0: Port device team_slave_0 added
[  345.264941][ T9544] team0: Port device team_slave_1 added
[  345.429901][   T25] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  345.587394][   T25] usb 2-1: Using ep0 maxpacket: 16
[  345.610363][   T25] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  345.639906][   T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  345.687087][   T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  345.719430][   T25] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  345.787769][   T25] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  345.827778][   T25] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  345.840134][   T25] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  345.876721][ T9544] batman_adv: batadv0: Adding interface: batadv_slave_0
[  345.895613][ T9544] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  345.928904][   T25] usb 2-1: Manufacturer: syz
[  345.950499][   T25] usb 2-1: config 0 descriptor??
[  346.050149][ T9544] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  346.067984][ T9544] batman_adv: batadv0: Adding interface: batadv_slave_1
[  346.076470][ T9544] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  346.108338][ T9544] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  346.237286][    T9] usb 1-1: USB disconnect, device number 25
[  346.347286][   T25] rc_core: IR keymap rc-hauppauge not found
[  346.354010][   T25] Registered IR keymap rc-empty
[  346.385157][   T25] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  346.427238][   T25] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  346.456488][ T9544] hsr_slave_0: entered promiscuous mode
[  346.484303][ T9544] hsr_slave_1: entered promiscuous mode
[  346.497797][   T25] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  346.515878][ T9544] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  346.534491][   T25] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input30
[  346.551807][ T9544] Cannot create hsr debugfs directory
[  346.578931][   T25] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  346.630928][   T25] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  346.697529][   T25] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  346.741216][   T25] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  346.789761][ T9671] Dead loop on virtual device ip6_vti0, fix it urgently!
[  346.789810][   T25] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  346.818144][   T25] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  346.847995][ T9671] Dead loop on virtual device ip6_vti0, fix it urgently!
[  346.885863][ T9671] Dead loop on virtual device ip6_vti0, fix it urgently!
[  346.900155][   T25] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  346.919076][ T9671] Dead loop on virtual device ip6_vti0, fix it urgently!
[  346.937819][ T9671] Dead loop on virtual device ip6_vti0, fix it urgently!
[  346.957406][   T25] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  346.965064][ T9671] Dead loop on virtual device ip6_vti0, fix it urgently!
[  346.987660][   T25] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  347.017402][   T25] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  347.058815][   T25] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  347.109509][   T25] mceusb 2-1:0.0: Registered И with mce emulator interface version 90
[  347.133088][   T25] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  347.184719][   T25] usb 2-1: USB disconnect, device number 22
[  347.214685][   T12] bridge_slave_1: left allmulticast mode
[  347.226904][   T12] bridge_slave_1: left promiscuous mode
[  347.278702][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  347.297551][   T12] bridge_slave_0: left allmulticast mode
[  347.304517][   T12] bridge_slave_0: left promiscuous mode
[  347.313811][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  347.607280][ T5302] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  348.155501][   T12] gretap0 (unregistering): left promiscuous mode
[  348.357495][ T5302] usb 3-1: too many configurations: 9, using maximum allowed: 8
[  348.390950][ T5302] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  348.402609][ T5302] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  348.418923][ T5302] usb 3-1: config 0 interface 0 has no altsetting 0
[  348.456784][ T5302] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  348.469854][ T5302] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  348.486676][ T5302] usb 3-1: config 0 interface 0 has no altsetting 0
[  348.508739][ T5302] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  348.521326][ T5302] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  348.535562][ T5302] usb 3-1: config 0 interface 0 has no altsetting 0
[  348.576151][ T5302] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  348.586266][ T5302] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  348.600660][ T5302] usb 3-1: config 0 interface 0 has no altsetting 0
[  348.611056][ T5302] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  348.622295][ T5302] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  348.636217][ T5302] usb 3-1: config 0 interface 0 has no altsetting 0
[  348.667994][   T29] audit: type=1400 audit(1727998775.618:656): avc:  denied  { mount } for  pid=9691 comm="syz.3.1744" name="/" dev="rpc_pipefs" ino=27110 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  348.671912][ T5302] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  348.719386][ T5302] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  348.742051][ T5302] usb 3-1: config 0 interface 0 has no altsetting 0
[  348.752205][ T5302] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  348.772507][   T29] audit: type=1400 audit(1727998775.678:657): avc:  denied  { watch } for  pid=9691 comm="syz.3.1744" path="/168/file0" dev="rpc_pipefs" ino=27110 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=dir permissive=1
[  348.803243][ T5302] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  348.819431][ T5302] usb 3-1: config 0 interface 0 has no altsetting 0
[  348.827305][   T29] audit: type=1400 audit(1727998775.678:658): avc:  denied  { unmount } for  pid=9691 comm="syz.3.1744" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  348.865858][ T5302] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  348.877250][ T5302] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  348.892592][ T5302] usb 3-1: config 0 interface 0 has no altsetting 0
[  348.904950][ T5302] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  348.918224][ T5302] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  348.927504][ T5302] usb 3-1: Product: syz
[  348.932691][ T5302] usb 3-1: Manufacturer: syz
[  348.940804][ T5302] usb 3-1: SerialNumber: syz
[  348.958884][ T5302] usb 3-1: config 0 descriptor??
[  348.974754][ T5302] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0
[  349.209036][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  349.274423][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  349.329364][   T12] bond0 (unregistering): Released all slaves
[  349.345594][ T5302] usb 3-1: USB disconnect, device number 25
[  349.355959][ T5302] yurex 3-1:0.0: USB YUREX #0 now disconnected
[  350.027343][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  350.036904][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  350.049033][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  350.059853][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  350.073466][    T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!!
[  350.171951][   T29] audit: type=1400 audit(1727998777.128:659): avc:  denied  { mount } for  pid=9710 comm="syz.2.1751" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1
[  350.729762][   T12] batadv_slave_1: left promiscuous mode
[  350.868289][   T12] hsr_slave_0: left promiscuous mode
[  350.893188][   T12] hsr_slave_1: left promiscuous mode
[  350.910463][   T12] batman_adv: batadv0: Removing interface: team0
[  351.056318][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  351.075858][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  351.120482][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  351.171843][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  351.319355][   T12] veth1_macvtap: left promiscuous mode
[  351.325750][   T12] veth0_macvtap: left promiscuous mode
[  351.364172][   T12] veth1_vlan: left promiscuous mode
[  351.376733][   T12] veth0_vlan: left promiscuous mode
[  351.808078][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  352.677369][ T5273] usb 4-1: new full-speed USB device number 15 using dummy_hcd
[  352.850279][ T5273] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  352.862980][ T5273] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 64
[  352.916519][ T5273] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  352.965614][ T5273] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  353.002641][ T5273] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  353.045556][ T5273] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  353.063277][ T5273] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 64
[  353.089501][ T5273] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  353.117729][ T5273] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  353.145087][ T5273] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  353.171017][ T5273] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  353.179520][ T5273] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 64
[  353.220026][ T5273] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  353.255120][ T5273] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  353.292615][ T5273] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  353.340109][ T5273] usb 4-1: string descriptor 0 read error: -22
[  353.350603][ T5273] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  353.370665][ T5273] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  353.439685][ T5273] usb 4-1: can't set config #168, error -71
[  353.475924][ T5273] usb 4-1: USB disconnect, device number 15
[  353.510454][   T12] team0 (unregistering): Port device team_slave_1 removed
[  353.690495][   T12] team0 (unregistering): Port device team_slave_0 removed
[  353.983529][ T9763] netlink: 'syz.2.1770': attribute type 9 has an invalid length.
[  354.004934][ T9763] netlink: 134640 bytes leftover after parsing attributes in process `syz.2.1770'.
[  355.122634][ T9748] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1764'.
[  355.137919][ T9748] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1764'.
[  355.678625][   T29] audit: type=1800 audit(1727998782.608:660): pid=9783 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.1778" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  355.748957][ T9544] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  355.851147][ T9544] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  356.037876][ T9544] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  356.076430][ T9544] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  356.564640][ T9544] 8021q: adding VLAN 0 to HW filter on device bond0
[  356.586397][ T9544] 8021q: adding VLAN 0 to HW filter on device team0
[  356.652500][ T9438] bridge0: port 1(bridge_slave_0) entered blocking state
[  356.661228][ T9438] bridge0: port 1(bridge_slave_0) entered forwarding state
[  356.703895][ T9438] bridge0: port 2(bridge_slave_1) entered blocking state
[  356.713922][ T9438] bridge0: port 2(bridge_slave_1) entered forwarding state
[  356.972718][   T29] audit: type=1400 audit(1727998783.928:661): avc:  denied  { override_creds } for  pid=9805 comm="syz.3.1787" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  356.999154][    C0] vkms_vblank_simulate: vblank timer overrun
[  357.280631][   T25] usb 1-1: new full-speed USB device number 26 using dummy_hcd
[  357.384577][ T9544] 8021q: adding VLAN 0 to HW filter on device batadv0
[  357.492898][   T25] usb 1-1: config 0 has no interfaces?
[  357.501194][   T25] usb 1-1: New USB device found, idVendor=1668, idProduct=0323, bcdDevice=5f.ca
[  357.543025][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  357.576802][   T25] usb 1-1: config 0 descriptor??
[  357.667565][ T1849] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  357.850638][   T25] usb 1-1: USB disconnect, device number 26
[  357.878516][ T1849] usb 4-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4
[  357.917084][ T1849] usb 4-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0
[  357.944913][ T1849] usb 4-1: Manufacturer: syz
[  357.980334][ T1849] usb 4-1: config 0 descriptor??
[  358.016004][   T29] audit: type=1400 audit(1727998784.968:662): avc:  denied  { ioctl } for  pid=9832 comm="syz.1.1794" path="socket:[27387]" dev="sockfs" ino=27387 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  358.047831][    C0] vkms_vblank_simulate: vblank timer overrun
[  358.192293][ T9544] veth0_vlan: entered promiscuous mode
[  358.248985][ T9544] veth1_vlan: entered promiscuous mode
[  358.306716][ T9544] veth0_macvtap: entered promiscuous mode
[  358.330754][ T9544] veth1_macvtap: entered promiscuous mode
[  358.439775][ T1849] gs_usb 4-1:0.0: Configuring for 1 interfaces
[  358.443832][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  358.517690][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  358.589100][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  358.626280][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  358.677227][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  358.723127][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  358.746236][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  358.765282][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  358.779390][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  358.794902][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  358.807938][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  358.844469][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  358.915998][ T9544] batman_adv: batadv0: Interface activated: batadv_slave_0
[  359.025659][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  359.078992][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  359.109575][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  359.144752][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  359.179769][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  359.210400][ T9846] vcan0: tx drop: invalid sa for name 0x0000000000000002
[  359.231301][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  359.274294][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  359.277205][   T25] usb 4-1: USB disconnect, device number 16
[  359.327254][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  359.343786][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  359.376354][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  359.426069][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  359.452181][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  359.479034][ T9544] batman_adv: batadv0: Interface activated: batadv_slave_1
[  359.534458][    T9] ==================================================================
[  359.543929][    T9] BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x14c/0x1c0
[  359.556780][    T9] Read of size 8 at addr ffff888012fd1708 by task kworker/0:1/9
[  359.566905][    T9] 
[  359.570669][    T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.12.0-rc1-syzkaller-00113-g8c245fe7dde3 #0
[  359.584987][    T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  359.597295][    T9] Workqueue: events binder_deferred_func
[  359.604339][    T9] Call Trace:
[  359.607766][    T9]  <TASK>
[  359.612418][    T9]  dump_stack_lvl+0x116/0x1f0
[  359.618692][    T9]  print_report+0xc3/0x620
[  359.623740][    T9]  ? __virt_addr_valid+0x5e/0x590
[  359.629485][    T9]  ? __phys_addr+0xc6/0x150
[  359.635792][    T9]  kasan_report+0xd9/0x110
[  359.640598][    T9]  ? __list_del_entry_valid_or_report+0x14c/0x1c0
[  359.649613][    T9]  ? __list_del_entry_valid_or_report+0x14c/0x1c0
[  359.657501][    T9]  __list_del_entry_valid_or_report+0x14c/0x1c0
[  359.664950][    T9]  binder_release_work+0x9b/0x490
[  359.671363][    T9]  binder_deferred_func+0xe6e/0x12e0
[  359.677902][    T9]  process_one_work+0x9c5/0x1ba0
[  359.684403][    T9]  ? __pfx_vmstat_update+0x10/0x10
[  359.690304][    T9]  ? __pfx_process_one_work+0x10/0x10
[  359.697795][    T9]  ? assign_work+0x1a0/0x250
[  359.702913][    T9]  worker_thread+0x6c8/0xf00
[  359.708265][    T9]  ? __kthread_parkme+0x148/0x220
[  359.713991][    T9]  ? __pfx_worker_thread+0x10/0x10
[  359.719603][    T9]  kthread+0x2c1/0x3a0
[  359.723951][    T9]  ? _raw_spin_unlock_irq+0x23/0x50
[  359.730006][    T9]  ? __pfx_kthread+0x10/0x10
[  359.735543][    T9]  ret_from_fork+0x45/0x80
[  359.740242][    T9]  ? __pfx_kthread+0x10/0x10
[  359.747352][    T9]  ret_from_fork_asm+0x1a/0x30
[  359.754432][    T9]  </TASK>
[  359.758353][    T9] 
[  359.761940][    T9] Allocated by task 9848:
[  359.766774][    T9]  kasan_save_stack+0x33/0x60
[  359.772411][    T9]  kasan_save_track+0x14/0x30
[  359.777589][    T9]  __kasan_kmalloc+0xaa/0xb0
[  359.783831][    T9]  binder_thread_write+0xe19/0x4c60
[  359.789559][    T9]  binder_ioctl+0x265b/0x6fa0
[  359.794762][    T9]  __x64_sys_ioctl+0x18f/0x220
[  359.801177][    T9]  do_syscall_64+0xcd/0x250
[  359.807286][    T9]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.814129][    T9] 
[  359.818141][    T9] Freed by task 9:
[  359.822334][    T9]  kasan_save_stack+0x33/0x60
[  359.829637][    T9]  kasan_save_track+0x14/0x30
[  359.834899][    T9]  kasan_save_free_info+0x3b/0x60
[  359.841170][    T9]  __kasan_slab_free+0x51/0x70
[  359.846363][    T9]  kfree+0x14f/0x4b0
[  359.851039][    T9]  binder_deferred_func+0xdd7/0x12e0
[  359.858109][    T9]  process_one_work+0x9c5/0x1ba0
[  359.863600][    T9]  worker_thread+0x6c8/0xf00
[  359.869623][    T9]  kthread+0x2c1/0x3a0
[  359.875963][    T9]  ret_from_fork+0x45/0x80
[  359.882112][    T9]  ret_from_fork_asm+0x1a/0x30
[  359.888451][    T9] 
[  359.891412][    T9] The buggy address belongs to the object at ffff888012fd1700
[  359.891412][    T9]  which belongs to the cache kmalloc-64 of size 64
[  359.911186][    T9] The buggy address is located 8 bytes inside of
[  359.911186][    T9]  freed 64-byte region [ffff888012fd1700, ffff888012fd1740)
[  359.929588][    T9] 
[  359.933438][    T9] The buggy address belongs to the physical page:
[  359.941114][    T9] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12fd1
[  359.951447][    T9] ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  359.960180][    T9] page_type: f5(slab)
[  359.964552][    T9] raw: 00fff00000000000 ffff88801b0418c0 ffffea00009de840 dead000000000007
[  359.975041][    T9] raw: 0000000000000000 0000000000200020 00000001f5000000 0000000000000000
[  359.984801][    T9] page dumped because: kasan: bad access detected
[  359.992452][    T9] page_owner tracks the page as allocated
[  360.001015][    T9] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5221, tgid 5221 (syz-executor), ts 140970610796, free_ts 140903184150
[  360.030817][    T9]  post_alloc_hook+0x2d1/0x350
[  360.037740][    T9]  get_page_from_freelist+0x101e/0x3070
[  360.044335][    T9]  __alloc_pages_noprof+0x223/0x25c0
[  360.050163][    T9]  alloc_pages_mpol_noprof+0x2c9/0x610
[  360.057919][    T9]  new_slab+0x2ba/0x3f0
[  360.062529][    T9]  ___slab_alloc+0xdac/0x1880
[  360.068182][    T9]  __slab_alloc.constprop.0+0x56/0xb0
[  360.075990][    T9]  __kmalloc_cache_node_noprof+0xf1/0x350
[  360.084491][    T9]  __get_vm_area_node+0xe1/0x2d0
[  360.090122][    T9]  __vmalloc_node_range_noprof+0x26a/0x15a0
[  360.099466][    T9]  vzalloc_noprof+0x6b/0x90
[  360.104406][    T9]  do_arpt_get_ctl+0x67a/0x9a0
[  360.111443][    T9]  nf_getsockopt+0x79/0xe0
[  360.117063][    T9]  ip_getsockopt+0x18e/0x1e0
[  360.122216][    T9]  tcp_getsockopt+0x9e/0x100
[  360.127521][    T9]  do_sock_getsockopt+0x3fe/0x800
[  360.133916][    T9] page last free pid 5874 tgid 5873 stack trace:
[  360.141904][    T9]  free_unref_folios+0x956/0x1310
[  360.148992][    T9]  folios_put_refs+0x551/0x750
[  360.155486][    T9]  free_pages_and_swap_cache+0x45f/0x510
[  360.162309][    T9]  __tlb_batch_free_encoded_pages+0xf9/0x290
[  360.168753][    T9]  tlb_finish_mmu+0x168/0x7b0
[  360.174010][    T9]  exit_mmap+0x3df/0xb30
[  360.179959][    T9]  __mmput+0x12a/0x480
[  360.185405][    T9]  mmput+0x62/0x70
[  360.189902][    T9]  do_exit+0x9bf/0x2d70
[  360.195827][    T9]  do_group_exit+0xd3/0x2a0
[  360.200867][    T9]  get_signal+0x25fb/0x2770
[  360.206487][    T9]  arch_do_signal_or_restart+0x90/0x7e0
[  360.213058][    T9]  syscall_exit_to_user_mode+0x150/0x2a0
[  360.221348][    T9]  do_syscall_64+0xda/0x250
[  360.227571][    T9]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.235096][    T9] 
[  360.238858][    T9] Memory state around the buggy address:
[  360.245007][    T9]  ffff888012fd1600: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[  360.256107][    T9]  ffff888012fd1680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  360.265109][    T9] >ffff888012fd1700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  360.274383][    T9]                       ^
[  360.279896][    T9]  ffff888012fd1780: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[  360.290462][    T9]  ffff888012fd1800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  360.301235][    T9] ==================================================================
[  360.310904][    C0] vkms_vblank_simulate: vblank timer overrun
[  360.322353][    T9] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  360.331412][    T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.12.0-rc1-syzkaller-00113-g8c245fe7dde3 #0
[  360.345371][    T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  360.356293][    T9] Workqueue: events binder_deferred_func
[  360.364734][    T9] Call Trace:
[  360.371040][    T9]  <TASK>
[  360.375368][    T9]  dump_stack_lvl+0x3d/0x1f0
[  360.383536][    T9]  panic+0x71d/0x800
[  360.389632][    T9]  ? __pfx_panic+0x10/0x10
[  360.394887][    T9]  ? check_panic_on_warn+0x1f/0xb0
[  360.400970][    T9]  check_panic_on_warn+0xab/0xb0
[  360.407211][    T9]  end_report+0x117/0x180
[  360.413213][    T9]  kasan_report+0xe9/0x110
[  360.418246][    T9]  ? __list_del_entry_valid_or_report+0x14c/0x1c0
[  360.425432][    T9]  ? __list_del_entry_valid_or_report+0x14c/0x1c0
[  360.432666][    T9]  __list_del_entry_valid_or_report+0x14c/0x1c0
[  360.440128][    T9]  binder_release_work+0x9b/0x490
[  360.445856][    T9]  binder_deferred_func+0xe6e/0x12e0
[  360.453333][    T9]  process_one_work+0x9c5/0x1ba0
[  360.458749][    T9]  ? __pfx_vmstat_update+0x10/0x10
[  360.465027][    T9]  ? __pfx_process_one_work+0x10/0x10
[  360.470915][    T9]  ? assign_work+0x1a0/0x250
[  360.475805][    T9]  worker_thread+0x6c8/0xf00
[  360.481116][    T9]  ? __kthread_parkme+0x148/0x220
[  360.486748][    T9]  ? __pfx_worker_thread+0x10/0x10
[  360.492368][    T9]  kthread+0x2c1/0x3a0
[  360.497050][    T9]  ? _raw_spin_unlock_irq+0x23/0x50
[  360.504518][    T9]  ? __pfx_kthread+0x10/0x10
[  360.509572][    T9]  ret_from_fork+0x45/0x80
[  360.515609][    T9]  ? __pfx_kthread+0x10/0x10
[  360.522292][    T9]  ret_from_fork_asm+0x1a/0x30
[  360.528478][    T9]  </TASK>
[  360.532952][    T9] Kernel Offset: disabled
[  360.538846][    T9] Rebooting in 86400 seconds..