last executing test programs:

58.220377315s ago: executing program 3 (id=411):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
futex_waitv(0x0, 0x0, 0x2, 0x0, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0x80111500, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r5 = socket$igmp6(0xa, 0x3, 0x2)
getsockopt$inet6_IPV6_IPSEC_POLICY(r5, 0x29, 0x30, 0x0, &(0x7f0000000040)=0xb3)
futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f0000000080)=0x1, 0x80, 0xfffffd, 0x0, 0x0, 0xfffffffc)
shutdown(0xffffffffffffffff, 0x3)
ioctl$SNDRV_TIMER_IOCTL_START(r3, 0x54a0)
r6 = fsopen(&(0x7f0000000100)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000000)='source', &(0x7f0000000740)='//\xf2b\x06\b\xba\xdfXo\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b/Q9\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce\x14/8\\//\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o\xe5\xa8Q\xc9\xe75Q\xea\xd8\xa2=F\x9b\x8f\x8d\xfc\' {e\x949X\xda\xe8H\x1a\x85\xd7%\x93?w}\xfb\xd9t\xea\xbb\xbe\x9b\\\xd7\xd7\xd4\xe2\xd6c(`(r\xd2\xb1G\xe3\xda&\xca\xaa\xba\v\xc5\xa3H\xb1\x11G\xab\xa2\x1f\xa0\xc3\xd9\xcd\xfb\x1a,\x13S\xf1\xfe\xe5F\xf4\xfb\xc8|\x89\x0fNq\x97J\xb9J\x88S\xc5\xb8\x12\x93\xbe\xb9b\xc7\xbc\x03\x03.E\xab\x82\x1c\xbc1\x9d\x14\xfa\x1f\xdd\x1e*\x03`\x91\xe8x\x0f\x05\x1e\xf5\xbfNo\xd4\x0f]S\x85\x89@\xa9f\x05\xfe\x9fkM\xa5\xf6\xc2\x04\xbf\xc7', 0x0)
readv(r1, &(0x7f0000000200)=[{&(0x7f0000003140)=""/4096, 0x1000}], 0x1)
r7 = userfaultfd(0x0)
ioctl$UFFDIO_API(r7, 0xc018aa3f, 0x0)
ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000000), 0x0, 0x4)
shmget$private(0x0, 0x3000, 0x0, &(0x7f00001e7000/0x3000)=nil)
shmat(0x0, &(0x7f00001eb000/0x4000)=nil, 0x7000)
syz_clone(0x1100, 0x0, 0x0, 0x0, 0x0, 0x0)

57.747685224s ago: executing program 3 (id=412):
sched_setscheduler(0x0, 0x5, &(0x7f000000d380))
r0 = openat$audio(0xffffffffffffff9c, &(0x7f00000001c0), 0x400000000c0201, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000100)=0x6)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000040))
gettid()
io_uring_setup(0x1f0f, &(0x7f0000000540)={0x0, 0x4995, 0x8, 0x3, 0x2e1})
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000500)={0xa00, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
get_mempolicy(0x0, 0x0, 0x0, &(0x7f00002aa000/0x3000)=nil, 0x2)
futex(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
socket$inet6(0xa, 0x3, 0x5)
socket$l2tp6(0xa, 0x2, 0x73)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff})
recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
socket$packet(0x11, 0x2, 0x300)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000a00)=ANY=[@ANYBLOB="70010000100033060000000000000000ffffffff000000000000000000000000e000200200000000000000000000000000000000000000000000000000002000", @ANYRES32=0x0, @ANYRES32=0x0], 0x170}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'netdevsim0\x00', <r5=>0x0})
sendmsg$nl_xfrm(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000002c0)=ANY=[@ANYBLOB="44010000100001000000000000000000fe800000000000000000000000000000ac1e000100"/64, @ANYRES32=r5, @ANYRES32=0x0, @ANYBLOB="fc0100000000000000000000000000000000000032000000e000000200000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000a000000000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001c00", @ANYRES32=r5, @ANYBLOB="0000120000"], 0x144}}, 0x40002)
syz_open_dev$usbfs(&(0x7f0000000500), 0x76, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)

28.912189197s ago: executing program 3 (id=413):
syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
execve(0x0, 0x0, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000400)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x3, 0x0, 0x30, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr, @broadcast}, {0x0, 0x883e, 0x1c, 0x0, @gue={{0x2, 0x0, 0x0, 0x7}, "2b23ca5ed9707954c7310801"}}}}}}, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000404c05d50310000200000109022400010000000009041200010300000009210000000122010009058103"], 0x0)
r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$sequencer(0xffffffffffffffff, 0x0, 0x0)
write$UHID_CREATE(r2, &(0x7f0000000240)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000040)=""/2, 0x2}}, 0x120)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000140)={0x4}, 0x10)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0xa, 0x1340, 0xffffffffffffffff, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
recvmsg$unix(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)=""/114, 0x72}, {&(0x7f00000002c0)=""/252, 0xfc}], 0x2, &(0x7f0000000540)=[@cred={{0x1c}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x140}, 0x1)
ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x20001400)
ioctl$TUNSETOFFLOAD(r4, 0x8004745a, 0x2000000c)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = openat$cgroup_subtree(r6, &(0x7f0000000200), 0x2, 0x0)
write$cgroup_subtree(r7, &(0x7f0000000400)=ANY=[@ANYBLOB='-cpu'], 0x5)
write$cgroup_subtree(r7, &(0x7f0000000040)={[{0x2b, 'cpu'}, {0x2b, 'pids'}]}, 0xb)
write(r3, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000ff020002000200000800040001000000", 0x24)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r3, 0x10e, 0x5, &(0x7f00000000c0)=0x5, 0x4)
syz_usb_control_io$hid(r1, &(0x7f0000000240)={0x14, &(0x7f0000000440)=ANY=[@ANYBLOB="40032000080007befd81ef8858c3cd9c2bf33f2a89011f5e9a6c2926e3f1d71f1dfd63e170387dad014830a565fb12aace0aa4e0a3a2b1c9d4011bb0ef46092f17b3023ba15372b4d92b"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)

25.215533281s ago: executing program 3 (id=476):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xfffd)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000040)=ANY=[], 0x34}}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x20000023896)
gettid()
timer_create(0x0, 0x0, 0x0)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
getgroups(0x16, 0xfffffffffffffffe)
r4 = msgget$private(0x0, 0xfffffffffffffffd)
msgsnd(r4, &(0x7f00000001c0)=ANY=[], 0x1a8, 0x0)
msgsnd(0x0, &(0x7f0000000d00)=ANY=[@ANYRESHEX], 0x401, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r5, &(0x7f00000021c0)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_INIT(r5, &(0x7f0000000040)={0x50, 0x0, r6, {0x7, 0x1f, 0x0, 0x90c20}}, 0x50)
newfstatat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x4000)
msgsnd(0x0, &(0x7f0000001280)={0x1, "9d1729c0a34506e82ff9b5276f1f1488904fe4e427228ab75f5e5970ca3f7e70bb0c5a485c34f32ec3bd80465177c7a05beee1b2d476ed82ca76f8c03fa2cdff5682260714df3a4138b8596dc1b3fbd8c2bf45df2a5b14c6195bffd42b5e65fea1805ba1be7a99146e8f9dbf342ba274b39e69ee1adfa3ca92ea2e7e3ff1ac41907c4a7af2b300fc66c13273373b046353d31a9fd4270f1e4d9dcb65484c9dd7a0742da36f8f3e76f0629db82e78c77176ce4fac5ad07c6c8110af71cde70c8a4a39b25237462b955b98446af8e97ba3ce3db2d2be36079b60092a6ff467537aff1561d6f8eb538e4b36de844aa3273159cdf851704cd5817336d6df03f7f657d1af3068965dcdc649a0ea752513c9477fbb40c03bddae06ed6405392ac2b1c502155127dd835c1f67de9b3bba3c46c243fb8a6883e9bea7281b00a0c7b77512fe5cc6780da72be6802265f2d4ef7ed913751b3188ae98044552150f6b103976cd3b6a1c9dd9a136f5c7c21ace40de1f363ad28b76267b9a9cc7ada6afc4ed02e4d850baf019987bde7ad11d81d3bee159368f3c9842348163bf4adb0821ac680a4f55e5618fcd499b7cd60c0e9e6c5407ef955df362a76d68d32246463c60671d8b703886270bd902cf26a57f274f808a8f8e229446cfba93d7ea903b01ecd30518c507afddfc431171e66eb30ee055d72b74f776dd2e7433c69c02b93db5a21fd60982b2e354d36739684e5bbb097ad4b4e40491d9b93a38ec905457afc2090fadb62cd1a0e0ef2110bf56f79ebb9d9ebc58a11ce0ce70cd04f262ffa2c86d57edfb3d4a1335474dbcdd414254e2b6a2c9bbccf744fa05861e66a27b5c751bf13d35be778f97c8fefa7a842e7f99c9c5b120923e279001944f378d5a4cb1992c91832ebf69543f571d0efe1e776549f0c68a2430de9b63f2d73a11bf4ed215647f3ea41bd3836c3abd2d0c8e03f96e284f2e80417555e6a49a51016b749c0ed5639153d88c7716fc05935771e8b0130686798b1729f29dc4304d65972c68dffdd40981d59442357cc64b22cb3f653fa71fb89a2fbffb49e0ddd62fbb50e581ca05cee487b4531ed7d07fca7b81af2b706f8263532f4fd6e417ab3536674553b486061c4bbd6e15d27d57883dd2539047c17f7563d93c41f94b80b3bd4b18bab2ff92518c6f6e19a7ab883c0626d3223b4f3e6b8a2095a97e249be03938acb365d331522ac40b43a671948bb644a3f5d731fd719b2595842c0334a546e0449cdf16d8fd169a47f8df308af2c9a10ff495b7fa06187d107d5a58bdd5b5938963a5b73e97cb5cc41c8557c90e003e28e68b7fb1c752b4d8c8bf4fcc981dc779c6aa936bcc59e3ab4bae67b51f424994d349a7ee087a542713ddaaac431b5fea94eb56416aa4afa5d01895"}, 0x3f2, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000002440)={{0x1}, 0x167, 0x80000000})
chmod(&(0x7f0000000180)='./file0\x00', 0x0)

23.903812619s ago: executing program 3 (id=480):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00')
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x7c8c, 0x4, &(0x7f00000000c0), 0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0xfffd)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0)
r3 = syz_open_dev$dri(0x0, 0x1ff, 0x0)
setresuid(0xee01, 0x0, 0x0)
setresuid(0xffffffffffffffff, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r2, 0xc01c64a3, &(0x7f0000000040)={0x0, r4, 0x0, 0x0, 0xb, 0x1fd, 0x1})
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}}], {0x14}}, 0x88}}, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000040c0)="68c5ac4472cf4c55a95a4033efea47aaa2166bc5bf26041d530b7a8093f52a799ed64f7d388329e03a7263761a603ac78dc4f00e76854b0bf547b01d6e4b755c86cbd1f79f2b52aa37b394b12c8adadea9f0303e786c4f5d1a003d0dd2105d7f913c8b0b37db87660db041e3ef02e74014e152bec1a59404691f8d5536f907db385e0c10b26f5e4b1cb3649b4851fd9497b8a5a46d92ae939db388e9dd4221d56445365516ba4afbaf71f0a1f283af35f6bf0335d4ee45d206eb7d27b9c1b57700cea4b6df1b78b32cc210ce8f9cbd51c6061f5020b25140978d87feeb8fcfebd36bfa26edb914734c8d62cc770ccd47e39e83d37d61e1e40c8dd5c57595c1a1b676b47e61c57e044b80a2115571bfa525911abea7c4dd544f144a54edcffad16f0c4f97a24103cdda4985c5b2f24121e093bd6dea99e8e82285219bf32e7f31cfa72c619e439d9b30963baae00cfa75c343dec4ded492e2be126e8a4a028a4bd8a31c816082689bf4f24a1bb992fcbc6021820e64dc0c5b49700b939032cd0850e99fcd18987f49ddcba704f696c620e134d4952668e0b26f3e38b50eee1b9cc4040a73ac78478fa14f02288fe6703875c0e2588d120cce70e239c0d625c2dff76eebadf2e4abf3b48b14592be27efe6901a7b9a3e368afe0bc9eacc385df9fc50d8d511cd3563546c3e3eac6888282dc18aa0dd5ca8f6c9fa553329a824fc926357bee26103a7d6f6f97aaf40a74f9895a32572cad2f847d3a43dd46e56366bef0ac50075fa0dd4ca9112cb2d1f5ff104d07e045e0f52d501fdfb4d8b5b25ddda0d50a9dd227ea44f65aa187e42ef04f81c03ef7b98d87c6aa528a23aa03633b6f8851932a293c3cff455d7492ad2d624468dba864a0bca66e73dd10e30c9b92af9ebb918dbc47cdade725f4cbfa5bcd41f7165363a375918de916506cf34debb32c73c07912186604f0643fe9cdc48df54382dffbd6618fde5cd539ed66017501cb19341578197eb1c628c2bd66d6c0492dac5287e8151341e04b5233bdb75c76115929012e85624457e6fdc01a76586ab1fae4ca66f3e8cfadc12de75de7c7136ec1c81fc63fdd904646b549b745882a6a4fdc6be24069ed96506ba98175c72d111173a4605b468e09d27a03372a6ddd41cd0258a0376bd4a7fdbb81bcc96b0a74f5995a5441bbb3eb56c0a5fc95fc6174526c7eb733781abccf374886e5660300220475bdd90868bba8fbe24f28f4562d2f16717e78508754332d6f631d3ab1db0a1dab327a062c3425d05205ec2e501d88557976dfccef49da5374fcca03faa2965af1fed40bcc38c9224ae2b690ca770a48535bd12ad48e3b67ca34a568aa77a4054796ca54d9fa166735aac622f70f30f54170c28a8945575a90c6b6c060174544d2d0c6e0ba45d7e119539fec300b38c20ab49ec49bf966d5195dde7b62dd5d732b590743ebf83ca79e20d3a7a96cfcd3d5ed362116501d6c7829aeb373d75c34885f97cc7d46c232eaa8eb766fe7b4f5dc544018e53acd585aa3fc37fa2f5da0598de6fb4fbe6e853e0399e1161849bf28c7f3e70fe586d90f6e23ca784f9a62a6fb26a30fc4b0daab410f40985b2ccf33fa3b134c46018d5f490e19a1a6358fb64fca2262b40605226f736a419120eb12d9839ae5e00dda82b0e38d035aba5b7c64bad62690d0be82644c4bc3389a50e778c57f5d565c7325ae1d26191b0b35718f98d0703203cd15f797e9d0851f08a5043d38c7b70afa73d03d76c1b3a0beb2883e7071ae392255eb93f8b7766aa8e8476154cad09543d5663f5218a4ccb1d5221aa2b5ff384fa2deebd3bee5bd59498de9e69fc0312a0e9f95d473c3a0114cef6be8e83f13dad24feaf8e0202ae31d9d72d8adc898f5efa2056188c911b62362b78570cb388d72d0fb66e9f51327074c76b6a811ec56e325cbad4fd7e1688567a5832e559bcf9054f74e35c72c0645e76414395f305a5c20093d51aaced12f8f41c91c1fc105c48ab6eb5a6ea98d2feeba9fca5f6f87c1ecda7ede362a7b3f549437863ca0b3d718ac440156c63913b0dcd593f6c7194467cb4f4ce53c100dc0802e3a05523fc34ea3745449317db3eadf1f24a35f7230323148c4daa3cb3b200a696dec875dff60ff8d934a081a3492542db94c02ae1e1fee8e9b4ed05ba7bd522e8d93f3e0258cf709ca23ec1f0da74cee30f06703844746954a63eb05f013e1c3e0b52867d4d4c28ce4a3b8e1810f7af52d3f9aa4a1890f4b102664fcb3e47e2d1e84aab2498f8e356dc08c1b6bc126527ed6a052eb514c5e4447683f810f9061aee5b88a76b6cc75194babb655bc89bbd44bc114f93f086a2591fcb566dcb3e25afc921b0347977824069fab2670a72604e9771ba8c0c1b11bb70f021a16e90a5e38e4ad8b5bcdf09728f55342333ba41d0c15af22fbe225949bb86d353954ec9943d1735b54a764ab78b4700b49d3cc753c93b288d167441b89d8e8cc7e0c42d32ba882e2a49d72dae5c6b6a4bfbaef4a7ac70a0de2ee03e74da5857fef687bbe890a84136b6ab1c6359eb7d46d3cb085e907188e43b21024d6585eaea577bd2134bd7cfa1b31171b6a6c91092e4ca87bebb09c37114a834084616b69c07feca46761ef8f3581c7c17bce4d43153848feb4c87f1888e1a7da3972613d8564db52b7254331d6250b4402a0b2cc6bf52f21df0fc62a0b8b4038b95df7a6c1a472fbe8269463e337e98b4f751953d9b560abf3f281bd08a8204236bdc30dddf518f23d77eaeca327aba62fdf164f91cd921b4a8fc8d357081cc878907bbbe7b669fab8dca504194918ecc0a2fe549a4d8d4cca9e2d946491f90e7a4ae4004c12f0eb3641573c3ebdc2b2c51608d6861dd7a143b36a6ebc237ca80460050a39f6402cea2d9e22ba27ef59ae86b8365bc4fb7286a34febdebbb7960346ac78549b77b5d828cb6731b7065956530b488ec59c6181a6eeaf2b64f6f1be35a7b11498b9950248affd379fddce489f96fdbeed3838a616800e7dc31c1592d7760a9643c6dcf195ed0b1092accac7597f088a7495cbb9baaa8b786b6f6e2f0791c5ae2ed6e54a47e49bed986fe4f09bdf0620b6d2b1968cc71d732f470fef4c29fdd106d3e456a53b104c3e16e1ce512885342f74ee9390633c39026cf20f6e6125dff27b78d4d5057e9fcc2168732ee53744a38bb5bccdd5e40c846eaae97508da077ca88adee6a1752cddb600ae257054a87317da6352ea18fef0d97ac2c7311fc0917b1086f03ec63cadbaa49e58a23845dd134d419a4f9905dfbb8b111bbbf28a485e3f43f9fea4934266304b7451f54b2110b3488ab09ccf76d290323e1f8a55d098c70a0489934c9e3edbb874da666b04e2335c0d5692eb3a862b74cd1e856539acc2432b29eb792f8a52b44aabe44646c8afe30a2431be20b68323250825804796c98936b4c6bc8f86dadac011bf1157a9c195e67ef6e571d8f4465b049f860d5b3a13851cfd9f3bf0c2de3d8f3e361a0587acd6bdc4f2f4184f53308eaeea10812b14d6c1396144466e92c13bcc1b0f145b889b00110ae004dbc56ad5a7dcb69e74db5030b91cf60fbe1f02c8e18f68289b7c60a4a91e4c1fecbd72334e4ac06554524e3f8e40a9970859d817c2ec53adc69f4ec496ce597532341a1389efafd8cc29e79e69e31dcc7b2d106f5540189429dd718e63368c51e07a2f759d083c0c47f5a0c6ef5a912998a73b14a6a82c72dc7a747345b6c946433cbe7e135dac30cc61fb2f10bada9434b12c037a4961ab3265931707a630c68e9860c2007fbdfca0d8af7256e8c57a0dd72f6e97ea1da8177077e5e02ab281450f82712557caecac0a45e4b695c33f2194dc58c38dbe45015193949ac1bc50839955472681fcf7f61d9ae2ce569fbfe0a9d33819237fdc3be6be6139a5d1b275752487e9fbf1f55ea26c36eda979c4f576a471f55eaf683401a36ea4e86405ff0a49009ae8634d7e40b771f1e7342dee3ee6f8677dbeaff8e4b58a7890ac9ba677bbfef7b568cb819ba5cd6362efc1e8611a51582d7b649499ffcbabed51c7b5f135ea77d2e9a2730f7ee6ba40ed8c0006eb841d101f16709ae0b9c5e0330beb60d95bd538233cf8cdb93aaff3716de59bdff6c4f170fa7166b19535f07566a64f6d1f8dc2a8a0ef2c6437aa4a0d601102e9550e219071452b894b41ccbb55ad4bf7b9c36783e5b21bf90a327e688e39b9e9e9dd2939fe49b960d8cff11beeb3eeb261befc3981892c7a7f0dc94b0e05ce45398e6c4aacda0141cba0ef0d23e206b1f8b960b94865719b841dc92cab8d3686e39841a4b28b4521621c5e826e0a507b44f703b9ea7bba1da00ddfd926e33c9a8737b5edeafa54fe7b64e50084801ecd94e277ffeac3cfa6eeecbdd61a2e68b2881907c9c3531d9cb6d74467cb875336c12e0fcbf040e4cab8e8a1fc10e7b7ba177adffa841ed3b327040660da4a723939cfde767368beda6ef96e773c65c4779b4828e5eadb479150090869a4a2ffaf69e674c93d2359051a7852bcf193b6bfc360a657d17e60bbc76d379ceddb4077875e4a2ed867e5f278a6d2f553fce9609e61efd95f60278e3fc1fbc5accaf738fd468a5a056045e97192aa8550a0e0f22dab20a86ce61c4382263e8fd9a7659145b84c69eb848a7397b466691afa117448e2d709d0b8dd567bafd04a71bb0fa8ac3a632e51bdd129d7f7df9da302e6a93ed1b648bb3b0f4eb761ca305dc03883c10933ace4079437ccd203a5e02d5457e6b761543ad18230e093bd704c9052ef9c830afc2866bf54896051085c412bc52c20de7700f1e3526ea14ca7fb1a30b854ffdd2c79c5d644a50e39344f18306aa0b78e8d6e581d4953fea60a1db321c26f51b0f467868014f5b2f9c95205bd51079662d95dd62224b108ca1a71e2c9a036954948cae0fc4675085ac39cf4c7c495987d619e73479fb758dadee1b3d64435d6852bd22c19623d323369aa48aaeefdefb784cc6c12da1e6107102ba00dff80f054c197994b53eecc339fa0dc91bb9f6649beae160dd5b46370bb1765f1cb38b065bcbbebb2e889fa185f842ba4f886d67362770b1da9f9c813ce5092b548683a0a37d1e7b58e5b81add8352c0572122d54df87e54960d8bbdf2787e7df4c114770a9b9ab6c064ea9bf69fd82173687dd28bd876d872271e7e3c013adbc6fbc30d9c8f3ba0e84604e7b738a38b5b8ef09ecc826cec351a88a0fbdb46de5c44d18b678503efe0c3510d5c1398565a9db761a7448852237ec3919c451a53c7f801661521942a0db0d5304da01299ce01a1590ce669d94244b7c69340e0f2d0094730ef1ca5c4db59926d01644a52b728c5ebc6f071abd696b469cd70ca9f713d572b8f4a825722c53711df8a4e15fd1602647253ff75412c12569217ae1531819ea9422259308867c8759c4b800c58f2c278ac51ce37af1aa85bfc42a7b64a23e103079c2bdf58e3ba34d636e3085e2f489e3771eee2b38b59a1186809bbd4b2b5e963f641158e0153e25f921995b272fe85041629702e7b61ff331240c2ac370eb0b797a58975f19508486c2fa57fa41737894040208c6e62a7ed933c3bb76c123b6d1cfbb058f24ac2fefeb09c4cc7cae6df049d26edea0f38021528c75022ce57342da08d9ab983e4276057c6a699f5e8e6243fd950e7d59fa00f532e2f1e0f8420a933ce2393385b0b84d3e7aceb722007d49e7a5a1b43f30edc966679bc33c5323f5882eb31c6410eedcc9fafea9374b16cacb4a24351d8b8fdb6d829567aa6f12063c3eca1a1be9061541a6e9b0964b32956d33c0df56663a788e44fb66b2535df13645b824ddef690cd46a6291f595fce6d59814f043b479037c3005d2484a7a1069411a05e939b16311565cb1741d455671e70c4485fa3c5e136494d894a40c2c147f8be1ce7e775cc904b09ae44d8384970290282c1fd5197842c0354caa4a7cba9164479303b4053936cea416023db6191bdd4b03d3b7d6ca55d613ec58279bb6d9bd875f5c7ea469c2fcdf54a2fbb0622a4a927bfe5523c2ec27997827811c5281f55df9cc8538abead1fbcdc068d8568e8bc4424365253202c7e76d9a51bb48f4dbb289016a732f0f4211ddb09ba818bf1bec3628619319497a150b8a65586aa757773af88db9784e9dabf778d5b09b608a468350f71543423a5cbf88158fe223cce6af6dabdfa400d15a22225a77afa0b0fec0b4fb1304e73fd44aea3e215902eb850e3c585a624e902c1a6e8972657b023f6e0ab493b7297047469643d95ff763949d4ab33d24a391bb625ac1efa7062911a192a8f3c06b43c1ca5d10417a263e3475908e069e5a374918c3c938a8f246fe581a834fc284612d3b55674e0ef9311c70fcf55032f284be632dbabe9e9d90dc7b91808acf2d33e7ebce1c5347c1449b1701c14f7abd2e9a120d2b8325186820dcd20049f421acf4b19e8f24dee6b237f4322e6eeafe7f75545ee4242a2794ce32ab53f7e8313b2784208ba382c357592eac2edefe82e8d9a36dcd63ed7925b0723aeec09b692f95ee010b1292d5930ff73c9d359011f95c5d3cd1fd3584d80c179c3611473fc40dad4518e2a662bd150eaf90c50e0391762061b40a6b7d3709119d18c6dcf8b53a9b2d74c5b130961e297420f539a0da0792792cb00c1fd6bafad8c24181200a430fbf4bf7355f2a06000a9f7c5d23fd3857c644e5d98e1681e8ee930b36a42d809393d4337ac2f72f380a7d94a61f36d54a80acd8361b3eb716ad5b09b5c6cb1963705acf3e2a7f5e5af3ed4a8f80c717356f52b456d7e970baed1b39923af27a455d8ae6148a5ffb2390d8397fc3c6c2f7ee54a840bc31b60bac09f9c4c0126bce7bfa9afee7aff42bb14fbcb9e51190ca7fd1edcdcc56d25784cff1cb251b6100248a1fe5e3d61e7df77399aa6d64fc5557da61a11e99d6525c61d03857f967f7aff81af11036610d811066208950a2be49ee30a2c14ff33d6f42aa0e89189c0086b91fb1c2f571029f57901579a4acb371dd0f263c761a6f208a643774fd9a8fa8080fd4d8058527a6b86742527b2c656937fb97e55debbafc1da4649df7472295e89de7c51324be4149f659c7d148ee1d063aaf7d02653aec9d34be17667c6c8d590bcf9ab0dc01c9ea80ad46822d73245f02d6673b20f102e7aeb5d241917545b0cdda940c5f0149f3b994c9830b3e0e9632d85b89b816a7e09abde0f001185e3d63a271d8a2b201fd3beb487f7599893a98388ec32b85ac3b1ee9eccdfd5ee7d318ae11686ed418d34aaef9c02e6e2ca8b0384d03b2f17d4168bb5762159ae47bb84854568e0881ca4ccfb7cd4dc5dcd4224185df690d6078f9975cb1d5c249ec71f3fa1b7ea06c4d412cf662bc0acee9a798d67367acf05ff2f9440e92aebe8370e4ba4c6e560d561a7531d05bd761a53d93ace41c225eb7ffa6076028727d4cdd5e54fa6c9a4bc12ca7f51418a9d79f531a1ece25c2d60826ef0e026c7662e3b86a459c2bda5be2d7d5991ef9f5983d652aa654abb4c40b6ca0b78991edbf1c9461016e3c2b917f45d1b30b9958b92a895bf116f54e95542a5ec249179f124210f5d08ac1c2943c87baf3b63a82c437737fe028ee4f0e0bb202b662e2e6f45978c2b8ec1e1e73f6cb9eb104026cb19b2af09882235bef526584a173068bf812bd3a98492743c9b6c02b811a5904ef8dbb74790a613a117a8f0de1239bc9bf76d20af0790b1a5c1c32dea9ed7b559437ba3d4acd7302705d1867485863e195eece8b6ff5f05f1f890a5f5e4063e9881f258f7e909fcab8de8f726e99c70acf7b974ec90df19e32c5d889f7a91f7261adef9fad4838dbddf5d0b5c092159e63f651160f90d1c419671da093bab5de537209f4e15f0c4c64bf1a4bd233aea1fda7123e2f2b7c516d2b4ebf1be4effb25bbb47abfed29384935e3e2c9fb2e2f4056114e6e15d536978badf22f0a3834a64cf18ef735c5ae60c9fb9e207023c7dbcf060d2fbc2ab7398eb9f885e4d60745f62fe0fed8dd200622ac9de04279471c7e76befcf7846c4fa9e62f08adb115212beb18c4505fcf246474a11b8332b84152302d4c1bbc63384d66d88d57bd250458af60cd1cffb7567b061faba64b6229ace6cca6b8a18bd5ba0c112776c6908945261b8f22e66da0884461c173db4864416879e50d99209505ad473fbc5ea4def2bd1d2d321b52172c5d343acc6c695fd2a1e9ba2ce8a5291e22c6187c9de3880a8f2889773cc1240b6062ae26697462c457c4404fb619a37f354b1b2d0b0f473b3bbe224c4edb086cd2551f44566d47021909752b8775f975dcd8f6e1a405cf9371301d94d7ab3fbe7bbbf59b809b175eb7362a22102090379e94bd1a65bc0541f9ad62da71efc3a52e718216d29524da58314f3a046f9f4bf35fa87a9b3371a6d967d5f24619c17a07a8781f4dc4573220bba38513f40bab1e68575505f6efb5d211553b6acb6fea501c3a6f3db27e7c1a674deb3a72ae211ab824ad12fdfe539d7e4fc91491dd3b3fae852d02bfa24780bf65b766b02461b3c67b1b78cbd620b5e1834647ab9b24128f6bdb861e1ab1fcae97394c786f4a0a0621b62200a01910ebb62d2e580341866b1e7b5e32d25695fe1d7ad65c4b2e6bbfa3120ff1948753d655e0196ef732f1a4e4e338db8bdf8a04cc14eb81a0e0f6c9fe3fb6b71b36a1c751ae07656bc92a9c6a0b8007fb20aa81c0ee58f0135d5e0e76ab7ad40d21539896366f75e0aa8370c86bbc6363177f29d8df2bde1a116449557211f750d855171e78724da4832ebd5ad6a9db8983f4487caa28dea46e6c36b2b154f31148c017f1683374bd064a3fd87b1de0c6f6c301cd80f2a45928e3d501117783a8ad5d19402b0c41945abefbfa9df42f7b74129a76d336633bc46a475b374223eb8e5f440fc5868a149902cf49aed4ba1e074d02fd40aa80f901fc9fe628008a76ca11caca96f0a2f3756ab5ad6d194bad87e6b6a458b904130f53aee1e50be878f972252004e877e490902d337e5b7432fc0138e3ee00af73a57a3160438717cd49fcb836e76603adfd1530966aa81589bc205bf33a5330848d90421907ef08118a4833f8fcaf7cfc73bf0d34e01fdc9965e594e74c5012f415f59e9ed37b039f9fd6a27627ba334bed66848eabdf59fa6ae1cb42a5ed6cc2805b249ffedc786ffbb312dc5456689c202a62d2334c6b52c87eeb3a0189c4ab5c9b08593e372321bfa326db3f6fb54a879966ecd4a69b5e00deac54449aac8c88ba667595d066d555dbe78cbdecf7dd436ce367a8fb9a560b4902ca23b9923632015a254ea4c470f018a33d670b196a4a1e370f24da7e0791325fb605099fc40e2d8e63bf6a179f4a063580b8ea973f52bed8dce4a5ae2ff9b8d7dc87b40cd898560c49ab4a3295e8dd857f2b9a9bd38634e50ce762a2c8c9f793f1835fd54db70437e7b86b492f9aa8d689229357720af9afbe773ac15fa78966aecf59fbab6833622044d2b463ed3b3a7401bb4845e5bada82d7ae06e229a3a2b661a85b1441b665c44463fb909b3233794a0b5836ed1dc6301f06d899197c7400354569c5fb2ea10d4c08598da5601522a976696e2ecd637315a19b3ba0e97c05071d8ac7aed1eed8fecbf774b317fc24c6923e2fba45153d1e715aeaca9d5891b59b91664a791f94bb9b0de217233a6bfe9777998171dad5422f6bbb33f1e624300c64414e1f1f4887a8832c64ab728ac2469df9820a282b58efe68cb1e57d08b61b255ba99a190f1f07903c8e3ec89d6211c8a5db67a0ba1e656839e3eadac62aab949cd0251b0e0d71d96dda94c229e126534bb76db1a4010418d115504c2e4226a767c5b8da95ca5fb3bad2ccaa6a96463d8b3b9566e17bb905b064261e2974b02eedbf161a1e0aee7c4fdfe1da891d64565929724dd06d5aedb8b0f7266ecd7a8fe6c73037ce1f281762e14d7571b0b242dd850863812d29a2be7239486273bc6a7f64cd6b37ee19413a11435fa4c03a69772d335f9ab857c662557f5aa2123354bf8bdfe5131997e1569edc7aade81e38b191ac4c53e027edd561025d3cf4c343d33489cb180c66502b5f59cd2593e656ecdbb40cf4ef2206830b10ffb7256fd326b4e97fbefcbec53c6798723af5aef968c78c02c20bb95d9c869109eb56f448fba7358cee5fe2d55852862842d14415debb083540e98c786a9f394ac83280ea617945d0710f18a363d74bd00518d965fa259e94be3b788eac72aaa9311ea21ed5e147df112bae4eed8eeaa649c41084b422a5230281adb7464772d25ee9f2b20d5e605a063bb78a87608680480224ec99df76eeae08e087bfec48fb44caab5daa10e728a853e18c8ffaadad491dbb0150393f5043e6f5fb6addb3f9c14c1c4fab2e93f8a4feb3e8619489f8a4ad6b6a42dd510f0519f130fad212ddb0f251e333e032b9995b39b49336762507b35e3172a098fde0baa7a1f114dc5fd4431dad05bdc98c0ac0e797ba9b0835c649639f8e6cc9279e3057a98fdac02a28d5861443e2e720bd5e189b74bfc0fc0883cd8ec96d810bcf1dca9e094a39aa584e368663fedb50bde86db9dd1511c40d0ed07a6d6ca2712861f6a55549545386203e340f943eaeb4c6ccb51deb3b470b43e748fa3d8101fd7793e831d869b0d0f558ad54da3eb430735a1a91da099cb4843c3e6a7b0f055b0a5388a0d8adb5c36ea98bb152ba0cb90ebb9b5a8c97b2918b0837984076c9a4615991f1b618d622f94ca9c166545e5b316344db4bb73d1625a375781e7b6365feeb6b9859bbf8c51f3d523172141f2e2d3154124848838e62342f683b44b4e7c2fef827cd7fd999c41edd95400cd0ecf9fbe1b33474801f0fad95db381c6445628649ec39f6ab48f99e232a6d51dd403611ad476c546d13460e38a5ef2f3a00e44ceefc771dfdf0cbc6a0c253389a17356ef5fd63175e3e3ea52361180acf40e0eff1c4ee15c9e97ce2f62e56eb606ee726320cedbb8e48341aa6fc9b9600b96d24683caef4269d008be2f02fc97060e04dec3ab800ab82140a36685d107f9dbdecc4bacb24d1cf346f9eb7b04c811474aeb75feba8b2ce9cd4a3b050e77947329d680e0435c8d034aadd19df1f88f552af461fdb5c629a337d00cc668a56df09e8a98c4d1e162709d8b1d3d878819e1c8973cc1fda03faea0bd732a861c3280fb5f1415a448d4e3abfdf3f5064ec08c84f8ef3d47ac8f654c56e17d5914fb6e1f566bf672e35cd3c5e58c36e31c162f84ae7de76329b59b364e0017c7d56f732660c80594a045f64294118d8a9c8963a99df25739d25b04ffc39415a501854bfd7600adac2eba25cecaae12ba5158f2777a98ccd24db124d1c7163f87d8a91c690b50ccd18e364cf495d89e4bc545ed2089928fdaafcaa6b8e544f713a988e2b7e5636736259fab99a6e3443adcd670a76cadacc8f31e0a0afdc0a592175e20b190300b33e2fd30cd1e338eefe9b4014e7bb53494b410bb77da41b9be11c00893be01f888c2d57f3e1d2db0a1abbca39247a8396ead29a6447422ce3", 0x2000, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x8)
r9 = dup(r8)
ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="02000000050000f58f"])
read$FUSE(r0, &(0x7f0000002140)={0x2020}, 0x10c8)

23.448145251s ago: executing program 3 (id=483):
syz_usb_connect(0x0, 0x24, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000abbe6740e9174e8b089c000000010902120001000000000904000000ff"], 0x0)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

13.850494182s ago: executing program 1 (id=505):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback, 0x7ff}], 0x2c)
sendto$inet6(r1, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x73)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000580)={0x41}, 0xe)
recvmmsg(r1, &(0x7f00000007c0), 0x10, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000700)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r5], 0x38}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r7 = syz_open_procfs(0x0, &(0x7f0000000480)='net/ip6_tables_targets\x00')
read(r7, &(0x7f0000000000)=""/185, 0xb9)
r8 = open(&(0x7f0000002000)='./bus\x00', 0x14b142, 0x0)
sendfile(r8, r7, 0x0, 0x3)
r9 = socket$inet6(0xa, 0x3, 0x4)
setsockopt$inet6_IPV6_XFRM_POLICY(r9, 0x29, 0x43, &(0x7f0000000340)={{{@in=@local, @in6=@loopback}}, {{@in=@private}, 0x0, @in=@dev}}, 0xe8)
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000940)={0x290, r6, 0x1, 0x0, 0x1, {{0x8}, {@void, @void}}, [@NL80211_ATTR_FRAME={0x262, 0x33, @assoc_req={{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, {}, @device_b, @broadcast, @from_mac=@device_b, {0xb, 0xff9}, @value=@ver_80211n={0x0, 0x3584, 0x2, 0x0, 0x0, 0x1, 0x1}}, 0x7124, 0x8, {0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x5, [{0x1b, 0x1}, {0x5}, {0x12, 0x1}, {0x60, 0x1}, {0x60}]}, @void, [{0xdd, 0x5e, "a1a51fdd868e7e520a46ef8332828070ee9e40854f2af90f264277531bd68c0fdeacb9b5d28e81b4a9a5bc2118cf6f525a7d9249d888b9f5fd12ffd1629b7d036ae01a433afe0b2846eeaf1f72433062e13b5999e62c59c695272a83ae52"}, {0xdd, 0xcb, "b624305579deaa5f95355c8cac5bbd67b2463fdf91b867f5dc79d6dafe3c5495898ee4f9bdfb66c3296942328c637b37a296e5b9eb2e272486f08af08f231336e7eef29ec09cb620a2cbfd37382ca47a36d45c9bf142253533134437572e00d7ca823d1dca7aed1688068f789ba72457a4515b0f018a8b87b7be6ac519fd04148a8bacbdb81c642087ac6751c9c38b3655f2b05de0541da8cb573d60fbc56d28a496720d4f33dd0211c7128bbe352cc9692480585cb62495ece9a6134b3986e2c7b580a453831024462f3c"}, {0xdd, 0x50, "20c7fd848e3e30c9f20378e59c74a43e808c2400000072c65343ba2838373f1ed0d2d566b90fb1a098056282ed1030b6b419465e32ef11efeed88db1b2221e1f11adbc5b4f5a23020c2094bdb2ec0506"}, {0xdd, 0x79, "5779c86e79567e045cfcc2c520f83ff227b8d3ae6f2edd501b3e4925ea041a29eaecb6071399ddca490d58bcbd5a8a8123e04cc8ccfa9834416fb866276442fdb6d33f830a50363450d3a4eb707d75a4f8ade3436719ef2433b407d1368ee40f03ea077f456ae48e0fd9628db3bd01fa42a102a3abaa6e575a"}, {0xdd, 0x33, "07411cc81876520fa6eebd3d6a0712e5e7c49f4fa7fbb4a34f718675c96e48f76f2dbed83f838b90db6c6a41c8f995b64bb7be"}]}}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x7eb}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x4f}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}]}, 0x290}, 0x1, 0x0, 0x0, 0x44}, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000002000010000000000fedbdf250200000000000000"], 0x30}, 0x1, 0x0, 0x0, 0x6000011}, 0x24008884)
socket$nl_route(0x10, 0x3, 0x0)
r11 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r11, 0x6, 0x19, &(0x7f0000000000)=0x800, 0x4)
sendmmsg$inet6(r0, &(0x7f0000000880)=[{{&(0x7f00000003c0)={0xa, 0x4e23, 0x9, @loopback, 0xfffffffa}, 0x1c, &(0x7f0000001bc0), 0x0, &(0x7f0000000280)=[@hopopts={{0x58, 0x29, 0x36, {0x51, 0x8, '\x00', [@generic, @calipso={0x7, 0x10, {0x1, 0x2, 0xe, 0x1, [0x40]}}, @calipso={0x7, 0x10, {0x2, 0x2, 0x81, 0x3, [0x7]}}, @calipso={0x7, 0x18, {0x3, 0x4, 0x7b, 0xfff9, [0x9, 0x5]}}]}}}, @dstopts_2292={{0x28, 0x29, 0x4, {0x3b, 0x1, '\x00', [@enc_lim={0x4, 0x1, 0xe}, @pad1, @jumbo={0xc2, 0x4, 0x3}]}}}, @rthdr_2292={{0x18, 0x29, 0x39, {0x1d, 0x0, 0x0, 0x5}}}], 0x98}}], 0x1, 0x804)
setsockopt$MRT_DEL_VIF(r11, 0x0, 0xcb, &(0x7f00000000c0)={0x0, 0x4, 0x9, 0x27b, @vifc_lcl_ifindex, @multicast1}, 0x10)

12.557713838s ago: executing program 1 (id=510):
mknod(0x0, 0x8000, 0xfffffffd)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{0x0}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYRESHEX], 0x82)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="580000000606010100000000000000000000000005000100070000000900020073797a30000000000c000780080008400000001011000300686173683a69702c6d61726b000000000500040001000000050004000000000008d80c59c941ee5000f714770600000000000000f8e61b9c60f5d8c94d35ba21a427a922d3af99b7d79eaebe00130b5cf5ba1dc0079453c85f0de8505f9c2e2a47618def575d60ce543ddf6655d9fc13136861444c0f6bdf757bf1cddeb9b8915e1d0e88"], 0x58}}, 0x0)
sendmsg$IPSET_CMD_SAVE(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)={0x1c, 0x8, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
rename(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)='./file0\x00')
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0xa082, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f00000005c0)="8ab6a1a3d9397116c2485dd1a366cd6571a551cf06329df827e60f11f1f7cef32034a69b60add1376d93fe6890e681463944a96a524609fe5d6ae5517e09f20bc6c7928b25f724f6cbaa9e9971453b74752998416bae4dab27b838242c06dcd03a7baa5a48bc9726bcbfaeb743a0afe5a9504a54b1f5492d3ee153ff87ea44cce35929c5ac965debe7cbdfd46b0057392f1f98f8ce6bdfdf3ab6dc024d7489ad23999617c87b615ae0", 0xa9)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x51, 0x0, 0x0)
clock_adjtime(0x0, &(0x7f00000004c0)={0xc5})
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4018aee3, &(0x7f0000000140))
ioctl$KVM_RUN(r5, 0xae80, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)

12.128600107s ago: executing program 2 (id=513):
syz_usb_connect(0x0, 0x24, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000abbe6740e9174e8b089c000000010902120001000000000904000000ff"], 0x0)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

11.758297185s ago: executing program 1 (id=514):
r0 = userfaultfd(0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x10ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r2, 0xc04064aa, &(0x7f0000005000)={0x0, 0x0})
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x80000, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
ioctl$UFFDIO_API(r0, 0xc018aa3f, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000b00)={0x0}}, 0x0)
r4 = socket$inet6(0xa, 0x805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000080)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private1}]}, &(0x7f00000002c0)=0x10)
r5 = fsopen(&(0x7f0000000040)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000080)='iocharset', &(0x7f0000000200)='%\x8bR\xafH\xd6e\x11\'\xec\xbb\xcb\xa0/\x1f\x16\xcf\xe2\xb5\xfc\xeb1\x12\xfdC\xb8\xa0\x01\xa3~\x971W\x96\xec\xaf\x1c\x91\xeb\xa8e\xfe\x17\x02xEA\x0f\x14\r\xae\xc1\xfe\x06\x12\beSb{~R\xf0\x06\x00\x00\x00\xf92\xce\x81p\x1fC\n\x9f(\x00\xc5\x1d\x9c\xccCq\x06\x1b-\f\xc9\xd9+\xa4\x14\xd8\xf4\xef\xf5^2\x14\xb8=\x03\x00\xd5M\x04\xf4{H\xd0\xc8\xf7\x10\xe1R \x9a^\xdfq*L\xc4lP6\x8f\xff&>\x94\x882\x1c\x00\x00\xc5\xbdD(\xa5\x17\x11\xd6\t\x12\x7fe\xba\xfc\x93\xf4\xd8\xb5\x04\xcb\x98\xd1QF\xe5\x1b\xb30x/\x86\x02\x1ct\xc7\x88\xd2\xce\xd5\x9e1\xef`\xad\x05\x11\xc9\xd8<\xc6~\x97\xd5\xde\xe3Eh\\\x84\x14\x9e\b\xe1\x9b\x00\'\xe8!\x8c\xc3\x97\x8a\xcf\xfc\x8fe\xa6\x0f\x8b\x912c\x1b>8\xc5\xa3_\xab\xf1\xf5\r\xb6\f\xfcS9\xd1.\x8b\xf3\xbc,?\xb2\x9aBDPY=r\xfa8I\x16\xa2\x18\xd4\xa5\x8b\xaf\xd1\x8a\xbb\x0e\x15O\xc9p@\xadaw\x84\xc9\xdd\x87a[\xdf\xc2\xa4\xf9@T/\xf5\xd1t\xc7\xeb\x04', 0x0)
getsockopt$bt_hci(r4, 0x84, 0x81, &(0x7f0000000080)=""/4076, &(0x7f00000010c0)=0xfec)
unshare(0x2a000400)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000001100)={{{@in=@private, @in6=@mcast1}}, {{@in6=@dev}, 0x0, @in6=@mcast1}}, &(0x7f0000001080)=0xe8)
ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0x1000a)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, 0x0, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, 0x0)

10.70992394s ago: executing program 1 (id=518):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0x4, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, [@sadb_sa={0x2}]}, 0x20}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000980)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x89901)
fchdir(r1)
r2 = socket$packet(0x11, 0x2, 0x300)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000004580)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000004500)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}]}})
chmod(&(0x7f0000000240)='./file0\x00', 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', <r4=>0x0})
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r4, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0)
landlock_create_ruleset(&(0x7f0000000140)={0x2c96}, 0x10, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
r10 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap$binder(&(0x7f0000000000/0x4000)=nil, 0x1fffff, 0x1, 0x11, r10, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0xe)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

10.567974677s ago: executing program 2 (id=519):
syz_open_dev$midi(0x0, 0x2, 0x0)
syz_open_dev$amidi(&(0x7f0000000000), 0x4, 0x0)
shutdown(0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r3, 0xc0305710, &(0x7f0000000040)={0x1, 0xff, 0x1f})
r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0)
read$midi(r3, 0x0, 0x0)
ioctl$SNDCTL_SEQ_PANIC(r4, 0x5100)
ioctl$SNDCTL_SEQ_RESET(r4, 0x5100)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r5 = msgget$private(0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(r5, &(0x7f0000000480)=ANY=[@ANYBLOB="0200000000000000"], 0x8, 0x0)
msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0)
msgsnd(0x0, &(0x7f0000000280)={0x1, "740fcd895d2e093ee990500acea16ba970f88116648d309cee62a4d2400f5ba41ac6d9a5837194a384c4e7f9922408c03f9ec8219f09d061b4ec4218e26f2077bc6dccdb4d860cac7165e18e75418a88dcb76c60bacd702195d0c9077c6114a24fe6c9e3b991656dd79f72d008d1fb360619f695cefd9365f253fe6fffaa8d188f08bd0eb04148219eeaf7ad76afd1fa"}, 0x98, 0x0)
msgctl$IPC_RMID(0x0, 0x0)
r6 = openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SNDCTL_SEQ_RESET(r6, 0x5100)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2800007, 0x8010, r7, 0x68576000)
r8 = dup(r2)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)

10.377903805s ago: executing program 4 (id=520):
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
socket$pppoe(0x18, 0x1, 0x0)
socket$pppoe(0x18, 0x1, 0x0)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="120100009e173610ef171e7206de0102030109021200010000000009040000000206"], 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x378, 0xffffffff, 0x1c0, 0xf8, 0x1c0, 0xffffffff, 0xffffffff, 0x2e0, 0x2e0, 0x2e0, 0xffffffff, 0x4, 0x0, {[{{@ip={@empty, @loopback, 0x0, 0x0, 'veth0_to_batadv\x00', 'wlan0\x00', {}, {}, 0x11}, 0x0, 0xd0, 0xf8, 0x0, {0x100000000000000}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x2, 0x0, 0xf}}, @common=@unspec=@connmark={{0x30}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}}]}, @common=@inet=@SET1={0x28}}, {{@ip={@rand_addr, @loopback, 0x0, 0x0, 'batadv_slave_0\x00', 'veth1\x00'}, 0x0, 0xe0, 0x120, 0x0, {}, [@common=@osf={{0x50}, {'syz0\x00'}}, @common=@socket0={{0x20}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000480)={0x2c, &(0x7f0000000000)=ANY=[@ANYBLOB="00000700000035da08"], 0x0, 0x0, 0x0, 0x0})
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000c40), 0x12)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200)=0x1, 0x12)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000180), 0x12)
name_to_handle_at(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x800)
socket$qrtr(0x2a, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
epoll_create1(0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)

9.463884562s ago: executing program 1 (id=521):
openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket(0x15, 0x5, 0x0)
getsockopt(r0, 0x200000000114, 0x2719, &(0x7f0000000600)=""/4, &(0x7f00000006c0)=0x4)
add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000080), &(0x7f0000000100)=0x4)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000008c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
r2 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @remote}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYRES16=r2], 0x18}, 0x44)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000900)=ANY=[@ANYBLOB="b8000000", @ANYRES16=r4, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r5, @ANYBLOB="99003300800000000802110000010802110000005050505050500000000000020000000000001450000100000001000000000000000000055204ae00b1c63dd7b491c177437106ee993b2fea6481428d6527ca2e7de1304562418971140f333d67d150364234b3364c3f2cdfc554649b0a1b937587cb6010de5a210a89207e0c48d9eab32923619bbf252d25030000002a01003c040003a1040000009c404f215f56e5a5e6fbb5"], 0xb8}}, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r6, 0x8955, 0x0)
r7 = socket$inet6(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r7, 0x29, 0x1a, &(0x7f0000000040)=0x9, 0x4)
syz_emit_ethernet(0x4e, &(0x7f00000004c0)=ANY=[@ANYBLOB="0180c20000000180c200000086dd6000af0000183a00fe8100000000000000000000000000bbff02000000000000000000000000000188009078000000000000000000000000a353c1e0b652782a"], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000002680)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
sync()

9.075532815s ago: executing program 1 (id=522):
r0 = userfaultfd(0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x10ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r2, 0xc04064aa, &(0x7f0000005000)={0x0, 0x0})
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x80000, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
ioctl$UFFDIO_API(r0, 0xc018aa3f, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000b00)={0x0}}, 0x0)
r4 = socket$inet6(0xa, 0x805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000080)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private1}]}, &(0x7f00000002c0)=0x10)
r5 = fsopen(&(0x7f0000000040)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000080)='iocharset', &(0x7f0000000200)='%\x8bR\xafH\xd6e\x11\'\xec\xbb\xcb\xa0/\x1f\x16\xcf\xe2\xb5\xfc\xeb1\x12\xfdC\xb8\xa0\x01\xa3~\x971W\x96\xec\xaf\x1c\x91\xeb\xa8e\xfe\x17\x02xEA\x0f\x14\r\xae\xc1\xfe\x06\x12\beSb{~R\xf0\x06\x00\x00\x00\xf92\xce\x81p\x1fC\n\x9f(\x00\xc5\x1d\x9c\xccCq\x06\x1b-\f\xc9\xd9+\xa4\x14\xd8\xf4\xef\xf5^2\x14\xb8=\x03\x00\xd5M\x04\xf4{H\xd0\xc8\xf7\x10\xe1R \x9a^\xdfq*L\xc4lP6\x8f\xff&>\x94\x882\x1c\x00\x00\xc5\xbdD(\xa5\x17\x11\xd6\t\x12\x7fe\xba\xfc\x93\xf4\xd8\xb5\x04\xcb\x98\xd1QF\xe5\x1b\xb30x/\x86\x02\x1ct\xc7\x88\xd2\xce\xd5\x9e1\xef`\xad\x05\x11\xc9\xd8<\xc6~\x97\xd5\xde\xe3Eh\\\x84\x14\x9e\b\xe1\x9b\x00\'\xe8!\x8c\xc3\x97\x8a\xcf\xfc\x8fe\xa6\x0f\x8b\x912c\x1b>8\xc5\xa3_\xab\xf1\xf5\r\xb6\f\xfcS9\xd1.\x8b\xf3\xbc,?\xb2\x9aBDPY=r\xfa8I\x16\xa2\x18\xd4\xa5\x8b\xaf\xd1\x8a\xbb\x0e\x15O\xc9p@\xadaw\x84\xc9\xdd\x87a[\xdf\xc2\xa4\xf9@T/\xf5\xd1t\xc7\xeb\x04', 0x0)
getsockopt$bt_hci(r4, 0x84, 0x81, &(0x7f0000000080)=""/4076, &(0x7f00000010c0)=0xfec)
unshare(0x2a000400)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000001100)={{{@in=@private, @in6=@mcast1}}, {{@in6=@dev}, 0x0, @in6=@mcast1}}, &(0x7f0000001080)=0xe8)
ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0x1000a)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=ANY=[], 0x60}, 0x1, 0x7}, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, 0x0)

8.500982218s ago: executing program 2 (id=524):
execve(0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0xfffd)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, 0x0, 0x0)
userfaultfd(0x801)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000012edfffebfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff000000003e040000000000002d000500000000003404000001ed0a0025200000170000006e040000000000007b0a00fe000000006e04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be3619184a0b139d8d4209c8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efd2a102ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc532ef58de3c1b7646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff095edc710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf28bf6d8e8afcb913466aaa7f6df70252e79166d8582755a314d31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040b96e37c4f46010400000000c3da29faf75ddd1aa96960bca97af133824b881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c163fc8706869ada11390d4dbcf840fa68e7d7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e224e67f1231bd236ed200073824d93c4e1a0f50a74bb4850486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347926a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9efe8e671c4f251cafffe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa5771f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f80893220800c523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe917d1767e38ba49e3e57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c827e02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007fe79d2d25e30830b92fca00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d07d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b53208ad8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb6f5137bdaa075f1488d22230592a79000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462ea2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783f26d0a52aefb0a5ef0b41e14a6fe6b8306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9f0284405e3127dde7e41285fbe0bdd370c06c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd6d6ab7e0e843591d2618e2d2cdc7081c8fafffe9c3500800000087de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119dcf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af24e2bb7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8374337ab4d130619d93c5ef37e7ddd0b2da147e6e513415b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c796369f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed90000800847683c08bfda74a143c855030ae004ac797c575c202d8091eb77565212548ead770d6800000000005e1895f1ebfb177c8ec0f6c81e359e6d12fe9c8138ffa79922b19d72e7770840d9bc32408f7d4756cc7602693c6b497860db830f6767a1eaad41accb95e77983634d1c736ac77d190e901964e6533d35682ed268c678d4d069c7a4b69681338e406ca43974d50952888915191c54da38ca33cedafb206c194ce1a8e3415ddf61"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x64, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
epoll_create1(0x0)
syz_open_dev$evdev(0x0, 0x0, 0x0)
pselect6(0x0, 0x0, 0x0, &(0x7f0000000680)={0x7ff}, 0x0, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x505400, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x0, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r2, &(0x7f0000001ac0)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000400)="316f825a3d29f96a2093a917017b4cd300000000bee70035ed313e19d6dd1fb41a20baf7f7343067fd40cdd4b16742e94b62f4eb1c5d9faab7f3028100ae8180db94b9de7456ae62b0e6fe7766a0842912179154a96fa88e161d4adf77a486e10d1d50e44155790748b7226fa4bb5d77e85729336ba6369a4c33ac53b45d46a92db9fda99af4429dc23db6a1706328df4e75eb173a81bd4af8b89d1870c9b2382a759d67b1cd03b076bf90286b63eb7aaea4cbb1280955e9a59cd8e5e8ac68c27da3d542aece", 0xc6}], 0x1}}, {{0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f0000001080)="63c3b174ab06077f6ee67ac1310d86586b13d2c9e203a9da866b81e20e9fe5c43219396d489c1459ce9cd14fa3b43a0b9b6004118a35444790d70af5c873561aad55af7f9f8551103f694e2a22346ca675898ce02a665ecc07e153e3949b954c1d74b105", 0x64}, {&(0x7f00000003c0)="03d54d843173", 0x6}], 0x2}}, {{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000700)="acc841985992b79554acfc02163bb0fb2bb293e68702bb40b6b870bde5700d368744361ae9fce3a4ff6bb3", 0x2b}, {&(0x7f0000000740)="b1f56ee29c433328d3b2a83bd97e37007087acae7568edff43ed556d76770122635aea1dc487553859348d48e6fc49d81c71590cd542e796cc2669e2af442a03760c5cdfc691b3da35ad6a8d2ef9c2baa53a8dec36a2e434d46e643a1277b1dd932f3ef2cf46c257d6a19523b8b789ef34b46e461725b5e437323385b88c368f8bb5b95e269169f5f7b51dd5319b8016623d1863d70581691a79a6678db1e5e7fa1c98c5b9e4a87272e9c4a1bde5fbc390c7ccb9d3c1020e80bd0659e82d861dc6fe4c62639134c54e708601eae992000000", 0xd2}, {&(0x7f0000000940)="5be3b011e12323e4ab88c0472fd012198c3c61bb81e71ba62134303d2db9740143b0374a0d0be875789932cfd4855c4cc243dae723789d8a9a16be3135c5f82691837c90ab19645f7a1dcf1449fd34eecae5f52fba1e89d6d34b39297bbbc258c2ea547d47f2d89ad6e36e737691a1c6bdd164b2a85cbaaf648c91", 0x7b}, {&(0x7f0000000a40)="bd2f6aa36cea0e62ac00a4539dd80281164750339fcc3cd1f7bb1b74e98dbbe81e997d4847ee5d06a72e6f1c6b8a873c7ea7760f102483b578526af9775e51b84818d03da71c7a9a2b18fac6dde3bbf18625abe82bdc6e47e081c06eb1d6ab55a68e53e8fbb1e88e1f41a7", 0x6b}], 0x4}}, {{0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f00000011c0)="93bffce623851797a8dc79018d7716840ffc6941c667f6d345b18bc896d8f016f5f206bb2b0eb2fe32d2f0048678cd35ef833c35225ff95a94770a6845b091e69f243dea0d601c54e9c93ee3568b89a3427c84262ff67b679ccac305b5cea1dcd151d7bb5754603b6b0e362d8041bdc61529260e6c4046d55927c96dcce1609b9c4f8424b9da760270a470f95b99ebb6fc40b5d175e86ac0b7a9fd7f1748af98902340eb", 0xa4}], 0x1}}], 0x4, 0xc0)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r2, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)
r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200), 0x80001, 0x0)
syz_usb_connect$hid(0x4, 0x36, &(0x7f0000000180)=ANY=[], 0x0)
close(r3)

8.187783421s ago: executing program 4 (id=526):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB, @ANYRESDEC=0x0])
r1 = landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x10, 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x200000, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000200)={0x100, r2}, 0x0)
close(r2)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)

7.96154102s ago: executing program 4 (id=527):
openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket(0x15, 0x5, 0x0)
getsockopt(r0, 0x200000000114, 0x2719, &(0x7f0000000600)=""/4, &(0x7f00000006c0)=0x4)
add_key(0x0, 0x0, &(0x7f0000000080), 0x0, 0xffffffffffffffff)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000080), &(0x7f0000000100)=0x4)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000008c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @remote}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYRES16], 0x18}, 0x44)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000900)=ANY=[@ANYBLOB="b8000000", @ANYRES16=r3, @ANYBLOB="010000000000000000003b000000080003", @ANYRES32=r4, @ANYBLOB="99003300800000000802110000010802110000005050505050500000000000020000000000001450000100000001000000000000000000055204ae00b1c63dd7b491c177437106ee993b2fea6481428d6527ca2e7de1304562418971140f333d67d150364234b3364c3f2cdfc554649b0a1b937587cb6010de5a210a89207e0c48d9eab32923619bbf252d25030000002a01003c040003a1040000009c404f215f56e5a5e6fbb5"], 0xb8}}, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r5, 0x8955, &(0x7f00000000c0)={{0x2, 0x4e23, @empty}, {0x1, @broadcast}, 0x8, {0x2, 0x4e21, @broadcast}, 'dummy0\x00'})
r6 = socket$inet6(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r6, 0x29, 0x1a, &(0x7f0000000040)=0x9, 0x4)
syz_emit_ethernet(0x4e, &(0x7f00000004c0)=ANY=[@ANYBLOB="0180c20000000180c200000086dd6000af0000183a00fe8100000000000000000000000000bbff02000000000000000000000000000188009078000000000000000000000000a353c1e0b652782a"], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000002680)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
sync()

7.294210674s ago: executing program 0 (id=528):
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, 0x0, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
recvfrom(r2, &(0x7f00000001c0)=""/45, 0x2d, 0x40000140, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f0000000040)={'veth0_vlan\x00'})
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000100)={'veth1_vlan\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x2c, 0x2}})
ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f00000000c0)={'veth1_vlan\x00'})
r6 = socket$kcm(0x10, 0xf, 0x0)
r7 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
write$UHID_GET_REPORT_REPLY(r7, &(0x7f00000000c0)={0xa, {0x0, 0x3, 0x11}}, 0xa)
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc1013a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x2e}], 0x1}, 0x0)
getsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000200), &(0x7f0000000940)=0x4)
sendmsg$kcm(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a", 0x23}], 0x1, 0x0, 0x0, 0xc9e}, 0x25000000)
ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, 0x0)
read(r0, &(0x7f0000000040)=""/148, 0xffffff96)

6.743763478s ago: executing program 4 (id=529):
r0 = socket(0x15, 0x5, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000040)=0x3, 0x4)
epoll_create1(0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000006, 0x31, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
openat$cgroup_devices(r1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
r5 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_DEL_VIF(r5, 0x0, 0x21, 0x0, 0x0)
ioctl$VIDIOC_ENUMOUTPUT(r4, 0xc0485630, &(0x7f0000000040)={0x0, "2a4d274344c9b258f4c308956b8efcfd0319dac0fa4abe51d047e5742eb28bf7"})
r6 = dup2(r4, r3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r6}, 0x10)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r8=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r7, 0x84, 0x84, &(0x7f0000000000)={r8, @in={{0x2, 0x0, @empty}}}, 0x90)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r6, 0x84, 0x73, &(0x7f00000000c0)={r8, 0x4, 0x30, 0x2, 0x74bb}, &(0x7f00000001c0)=0x18)
process_mrelease(0xffffffffffffffff, 0x2)
sendmsg$NFT_BATCH(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a34000000000a4f1c0000000000000000020000000900010073797a300000000008000240000000020900010073797a310000000014000000110001"], 0x5c}}, 0x4008000)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000020000000000000000000a30000000030a010800000000000000000200000008000b400000000008000a40000000040900010073797a310000000014000000110001"], 0x58}}, 0x0)
syz_io_uring_setup(0x0, &(0x7f000000ac00)={0x0, 0x0, 0x0, 0x0, 0x259}, &(0x7f0000000040), 0xfffffffffffffffc)

5.716558743s ago: executing program 4 (id=530):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x3e, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
sync()
prlimit64(0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(0xffffffffffffffff, 0xc10c5541, 0x0)
gettid()
r3 = socket$inet6(0xa, 0x2, 0x8000)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r5, 0x84, 0x13, &(0x7f0000000540)=0x1, 0x4)
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r5, 0x84, 0x13, &(0x7f0000000580)={<r6=>0x0}, &(0x7f00000005c0)=0x8)
setsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000080)=@assoc_value={r6}, 0x8)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r2, 0x8982, &(0x7f00000001c0)={0x1, 'nicvf0\x00', {}, 0x5})
getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r7, 0x84, 0x21, &(0x7f0000000100), &(0x7f0000000180)=0x4)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r4, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r4, 0x84, 0x79, &(0x7f00000000c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="02000000e4b9b6d763a805d78fff0357f214f1714f17a19db11b4331ff7a888ba4a54b0002b841d44f6fca5e22b4c65c0ee916894b867176ae95fad1"], 0x8)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7b13000000000000200012800b00010067656e657665000010000280060005004e20"], 0x48}}, 0x0)

5.28993202s ago: executing program 2 (id=531):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000491000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000140))
r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0)
write$sndseq(r2, &(0x7f00000005c0)=[{0x6, 0x0, 0x0, 0x0, @tick=0x1000, {}, {}, @result={0x6, 0x2}}, {0x0, 0x0, 0x0, 0x0, @tick=0xb35, {}, {0xfd}, @queue}, {0x3, 0x0, 0x0, 0x0, @time, {0x4}, {}, @time=@time}, {0x0, 0x3, 0x0, 0x0, @tick, {0x0, 0xff}}], 0x70)
r3 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000e5cf01406e0510401c20000000010902120001000000000904"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000000dc0)={0x84, &(0x7f0000000740)=ANY=[@ANYBLOB="20059f000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000c40)={0x40, 0x21, 0x1}})
syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f0000000440)={0x44, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00+2'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x1, @dev={0xfe, 0x80, '\x00', 0x22}, 0x14}]}, &(0x7f0000000140)=0x10)
listen(r5, 0xfff)
r6 = syz_open_dev$evdev(&(0x7f00000001c0), 0x0, 0x0)
ioctl$EVIOCSMASK(r6, 0x40104593, &(0x7f0000000080)={0x0, 0x0, 0x0})
ioctl$EVIOCSKEYCODE_V2(r6, 0x80104592, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xf773, "00207d2000000020201b14700c1e0ac74f000000001200000000000900"})
accept4(r5, 0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000001180))
mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0xb, 0x12, r4, 0x0)
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r4, &(0x7f0000000180))
ioctl$SNDCTL_DSP_GETOPTR(r4, 0x5008, 0x0)

4.582974606s ago: executing program 0 (id=532):
syz_genetlink_get_family_id$fou(&(0x7f0000000040), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$FOU_CMD_GET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c000000", @ANYRES64], 0x1c}}, 0x0)
unshare(0x400)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
fsetxattr$system_posix_acl(0xffffffffffffffff, 0x0, 0x0, 0x24, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r2, 0x0, 0x0)
pipe2(0x0, 0x0)
sendmsg$NFT_MSG_GETOBJ(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="50000000130a010f00090000000000000300e948df9ebebcd420f100020900010073797a3100000000170008008d4e7f40036388ee8e808fe955c13c54000c0006400000000000000004090001000000"], 0x50}}, 0x4000005)
preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x1)
r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f00000013c0)={0x8, 0x2, 0x2, {0x5, @vbi={0xb5, 0x0, 0x3, 0x32314142, [0x0, 0x8000000], [0x8200, 0x1], 0x2}}})
ioctl$VIDIOC_QBUF(r3, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "8000"}, 0x0, 0x2, {}, 0x18603})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
mount_setattr(0xffffffffffffffff, 0x0, 0x900, 0x0, 0x0)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'macvlan0\x00', <r5=>0x0})
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="800000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000580012800c0001006d6163766c616e00480002800800010010000000280005800a000400aaaaaaaaaabb00000a000400aaaaaaaaaa0000000a000400aaaaaaaaaa00000008000300030000000a000400aaaaaaaaaabb000008000500", @ANYRES32=r5], 0x80}}, 0x0)

3.425529383s ago: executing program 0 (id=533):
r0 = socket(0x15, 0x5, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000040)=0x3, 0x4)
epoll_create1(0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000006, 0x31, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
openat$cgroup_devices(r1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
r5 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_DEL_VIF(r5, 0x0, 0x21, &(0x7f00000002c0)={0x0, 0x0, 0x3, 0x0, @vifc_lcl_addr=@dev, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
ioctl$VIDIOC_ENUMOUTPUT(r4, 0xc0485630, &(0x7f0000000040)={0x0, "2a4d274344c9b258f4c308956b8efcfd0319dac0fa4abe51d047e5742eb28bf7"})
r6 = dup2(r4, r3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r6}, 0x10)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r8=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r7, 0x84, 0x84, &(0x7f0000000000)={r8, @in={{0x2, 0x0, @empty}}}, 0x90)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r6, 0x84, 0x73, &(0x7f00000000c0)={r8, 0x4, 0x30, 0x2, 0x74bb}, &(0x7f00000001c0)=0x18)
process_mrelease(0xffffffffffffffff, 0x2)
sendmsg$NFT_BATCH(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a34000000000a4f1c0000000000000000020000000900010073797a300000000008000240000000020900010073797a310000000014000000110001"], 0x5c}}, 0x4008000)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000020000000000000000000a30000000030a010800000000000000000200000008000b400000000008000a40000000040900010073797a310000000014000000110001"], 0x58}}, 0x0)
syz_io_uring_setup(0x0, &(0x7f000000ac00)={0x0, 0x0, 0x0, 0x0, 0x259}, &(0x7f0000000040), 0xfffffffffffffffc)

2.468481383s ago: executing program 4 (id=534):
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000580)=[{&(0x7f0000000640)=""/102396, 0xfffffd6e}, {&(0x7f0000019740)=""/242}], 0x2, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x1e, 0x4, 0x0, 0x0, 0x78, 0x64, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x14, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0]}, @timestamp_addr={0x44, 0x4, 0x7e, 0x1, 0x3}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x0, [{@local}, {@remote}, {@multicast2}, {@private}, {}, {@broadcast}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xb, 0x0, [@rand_addr, @multicast1]}]}}}}})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x5, 0x3, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = socket$kcm(0x29, 0x5, 0x0)
getsockopt$kcm_KCM_RECV_DISABLE(r2, 0x119, 0x2, 0x0, 0x20000007)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_io_uring_setup(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2, 0x0, 0x0, r0}, &(0x7f0000000100), &(0x7f0000000140))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x7ffc0002}]})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x6}, 0x0)
r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
unshare(0x2a020400)
ioctl$SNDRV_CTL_IOCTL_TLV_READ(r3, 0xc008551a, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r5 = accept$alg(r4, 0x0, 0x0)
sendmsg$alg(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@assoc={0x18, 0x117, 0x4, 0x7f}], 0x18, 0x44}, 0x0)
write$binfmt_script(r5, &(0x7f0000000600), 0xfec8)
recvmmsg(r5, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000640)=""/236, 0xec}], 0x1, 0x0, 0x0, 0x2000000}}], 0x1, 0x0, 0x0)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
unshare(0x44020400)
socket$nl_netfilter(0x10, 0x3, 0xc)

2.342394492s ago: executing program 0 (id=535):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB, @ANYRESDEC=0x0])
r1 = landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x10, 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x200000, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000200)={0x100, r2}, 0x0)
close(r2)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)

1.968907163s ago: executing program 0 (id=536):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x80000, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socket$can_raw(0x1d, 0x3, 0x1)
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = fsopen(&(0x7f0000000040)='cgroup\x00', 0x0)
pipe2(&(0x7f0000000000)={<r3=>0xffffffffffffffff}, 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f0000000000)='cpu', 0x0, r3)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
bind$alg(r1, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes192\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$inet6(0xa, 0x3, 0x7)
sendmmsg$alg(r5, &(0x7f0000000240)=[{0x20000000, 0xff00, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="d8000000000000002900000002000000c2000000e96193cd6e99fd7d3a0ce260"], 0xd8}], 0x1, 0x0)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001880), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_GET(r4, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000018c0)={0x14, r6, 0x215}, 0x14}}, 0x0)
syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="04223dbb000000000000"], 0x22)
r7 = socket$unix(0x1, 0x2, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000240)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x40, r9, 0x1, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_TX_RATES={0x2c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x28, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x19, 0x1, [0x1b, 0x36, 0x6, 0x18, 0x6c, 0xb, 0x36, 0x48, 0x16, 0x4, 0x48, 0xc, 0x24, 0x9, 0x3, 0x5, 0x30, 0x24, 0x16, 0x48, 0xc]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x264f6809d43caf0b}]}]}]}, 0x40}}, 0x0)
r10 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000007ec0), 0x2, 0x0)
ioctl$VIDIOC_S_PARM(r10, 0xc0cc5616, &(0x7f0000007f00)={0x8, @raw_data="cd70076897d98b3f2cd1d76c2d9008b2408b8d9462f13cebeac056ee759e2f69def5ad2abc42b4a52f6b26be3e6fe8f5af4a0241defef1ba8f55cdbe6918de29e8fe1759d96b6cb2c37b56896e1ea18d9eb8b25cb3805b69fadbfcfc6b033d0b06cc3d00c2afaca091de03984ccfa2715ffe5de02f53b96288cf9ccf508f1096cdec174f91fbff6ccd37847c850abc034e02575ef27404669de57f7899e124e044fc9b2dce5a36f83de0cb8af8be3d66acf8955e9332a8a23eafee514c4e84160ac8154ec0672765"})

336.514699ms ago: executing program 2 (id=537):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000240)=0x1c, 0xe879d3a3f37cb1eb)
getsockopt$inet6_int(r0, 0x29, 0x10, &(0x7f0000000280), &(0x7f00000002c0)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='ufshcd_clk_gating\x00'}, 0x10)
r1 = add_key$keyring(&(0x7f0000000500), &(0x7f0000000540)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$get_persistent(0x9, 0xffffffffffffffff, r1)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r3 = openat(r2, &(0x7f0000000580)='./bus\x00', 0x0, 0xa0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r5 = mq_open(0x0, 0x6e93ebbbcc0884f2, 0x0, 0x0)
r6 = epoll_create1(0x0)
mq_timedsend(r5, 0x0, 0x0, 0x4e, 0x0)
mq_timedsend(r5, &(0x7f0000000100)="81759ca44c2963f17c2dd886328c7c6e9c0ec5e6d0484af0fb8e1374eda6457be87c78ae90546bd3483710e93af48ecabc9665197e52363a65595765788ce9adbb44d40978ea3b683b7d5d65c34b0f2b76c6bcb9bbc2d447c729bc979deb69dcda1099619eab9a3192e9cf978da8101de3c90cda2524b2f471eafdaa4e27b17613b49d04f86b4d08bc01f6b66054491708bd33e5a64eb04869015d02b5bb93eb59f0b6748335abbb6f6d8dbbae0b59165a96b8162d2d5b1b4fa300b5f226", 0xbe, 0x8001, &(0x7f00000001c0)={0x77359400})
mq_notify(r5, &(0x7f0000000400)={0x0, 0x8035, 0x4, @thr={&(0x7f0000000a40)="007aeca0672a1a933f977316b436391262cc3f9d42cdb2d9c785720cc92cf3b945b15e45f83c35fd81e86977a8cca90bec791e96167b41ca66a1cf0659a6558652170b2f8ebd404a6e87c18d690aa925ec5aeef4534205c62f8778853e76444e6a8734b4ea20aa46fb588f22c601cb46685319dcc98002b57a2d7356746c349189c782a38258748e4e694b2a7f282a3f2ec9de5578300fb76001747dc2354b5d", &(0x7f0000000900)="27f8a6deb45d518fc79fcb5f047cfcef43cdb880f48f3b24c6cd5cf83b0cc89501f9c0a92fd7975cf330ae66327b0d852b0159f66703b62f02b26d9ee9ab95e1d666705bc6ff66a55301a76274224ee489e00bc4c36671755d613860d4c48d35a11e806ebf18812239b65c17d7f4a57d9d887beb81b772c5bfbc68d1ab7731eb5cf0cb1f734ba085d2ed6506f6807bde36ee6986caea1eb45149458d091466d7fe6ffbb2f79f0900944eba3fe88c00000000000000"}})
mq_timedsend(r3, &(0x7f0000000800)="108fc0b53740b67d9bf402aab3ddaf5700944d70a260f2372e15a432d2f33e3134285877f9b8a022318727a1dabf9d3b0c363c54317fbc2fbafb0da28c19f8a4719cf94988ceb7f058e00e6aed471ece1fa4d7a22745df187230d40c632daac868f7d62d39743575a2e3ad58b1573e1916754f8380d6691cfa0339a5083c8f47f50400000000000000000000000000e7c21c549d72993e0dab19db750e363a31459486ae0a9daae54030abed3a710551b04a7575167a10f6154b604eeaab5ca2e6ce54ecdc579ead72d9e04044047e8aa4208f", 0xd3, 0x200000000000002, &(0x7f0000000200)={0x77359400})
sync_file_range(r6, 0x7f, 0x7be6, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000000040))
mq_notify(r5, &(0x7f0000000000))
mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={<r7=>0x0, <r8=>0x0})
mq_timedsend(r5, &(0x7f0000000640)="0b438b4c0787d8c02b179c13959e838fe9ac740785a50d21f9cd9b6c514552b8650aa997135029ff4bd9580eb2edea22b230ac76c9ffa079baeb98953937a01da8ad1e57a8f7b05438bc2684d18f8efca929b5f4f56f61a73cb7130d23b2f9bb167900329bfe3d260daf3d477edd27f3b052db938d975c282bb74b1dafd1cce84adf42504144a8436d226dbbf134a82bcbbf2ab8a396c0b92880157580004a6dae6d7e37164b2e6736f11c8f2cc05a30cb2270cfd172ab18c18ca95555ea3bc73613cd28f18f3c2a3a6216a859026edd2f58cfe6c51b2470ceef654eed97fc8ae4303cfc846f03ec906b19ed90ca935ce56c48a6b1b0a2961f", 0xf9, 0x4, &(0x7f0000000280)={r7, r8+60000000})
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x200002, 0x0)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000600)={{0x1, 0x1, 0x0, 0xffffffffffffffff, {<r10=>0xffffffffffffffff}}})
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000005c0)={0x80000010})
epoll_pwait(r3, &(0x7f0000000300), 0x0, 0x583, &(0x7f00000002c0)={[0x8000000000000004]}, 0x8)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r10, 0xc0502100, &(0x7f0000000740)={<r11=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f00000007c0)={r11, 0x2, r9, 0x1})
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r4, 0x40082102, &(0x7f0000000080)=r11)

204.376617ms ago: executing program 2 (id=538):
r0 = socket(0x15, 0x5, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000040)=0x3, 0x4)
epoll_create1(0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000006, 0x31, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
openat$cgroup_devices(r1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
r5 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_DEL_VIF(r5, 0x0, 0x21, 0x0, 0x0)
ioctl$VIDIOC_ENUMOUTPUT(r4, 0xc0485630, &(0x7f0000000040)={0x0, "2a4d274344c9b258f4c308956b8efcfd0319dac0fa4abe51d047e5742eb28bf7"})
r6 = dup2(r4, r3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r6}, 0x10)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r8=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r7, 0x84, 0x84, &(0x7f0000000000)={r8, @in={{0x2, 0x0, @empty}}}, 0x90)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r6, 0x84, 0x73, &(0x7f00000000c0)={r8, 0x4, 0x30, 0x2, 0x74bb}, &(0x7f00000001c0)=0x18)
process_mrelease(0xffffffffffffffff, 0x2)
sendmsg$NFT_BATCH(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a34000000000a4f1c0000000000000000020000000900010073797a300000000008000240000000020900010073797a310000000014000000110001"], 0x5c}}, 0x4008000)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000020000000000000000000a30000000030a010800000000000000000200000008000b400000000008000a40000000040900010073797a310000000014000000110001"], 0x58}}, 0x0)
syz_io_uring_setup(0x0, &(0x7f000000ac00)={0x0, 0x0, 0x0, 0x0, 0x259}, &(0x7f0000000040), 0xfffffffffffffffc)

0s ago: executing program 0 (id=539):
syz_usb_connect(0x0, 0x24, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000abbe6740e9174e8b089c000000010902120001000000000904000000ff"], 0x0)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000002c0)=0xa0000)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000004000038008000140000000002c0003801400010076657468310000000000000000000000140001007665746a9a5f746f5f68737200000000080002"], 0xfc}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000880)={'netdevsim0\x00', <r3=>0x0})
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r4, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10)
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000003c0), 0x0, 0x4000000)
r5 = userfaultfd(0x801)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000580)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x80000, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0))
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000300)={0x1, 0x1, &(0x7f0000000240)=""/127, &(0x7f0000000180)=""/25, &(0x7f00000004c0)=""/229, 0x3000})
r6 = socket$kcm(0x10, 0x2, 0x4)
r7 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r7, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x3000c041)
sendmsg$kcm(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="89000000120081ae08060cdc030ec0007f03e3f70000000100e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000380)={@ifindex=r3, 0xffffffffffffffff, 0x15, 0x0, 0x0, @link_fd=r4}, 0x20)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x2000004c)
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r5, 0xc028aa05, &(0x7f0000000000)={&(0x7f0000acf000/0x1000)=nil, &(0x7f0000a55000/0x2000)=nil, 0x1000, 0x0, 0x2})
r8 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(0xffffffffffffffff, 0x7a5, 0x0)

kernel console output (not intermixed with test programs):

  inactive
[  203.985013][    T9] usb 1-1: Manufacturer: syz
[  203.993401][    T9] usb 1-1: SerialNumber: syz
[  204.002397][ T7234] vivid-002: RDS Radio Text:  inactive
[  204.029574][    T9] usb 1-1: config 0 descriptor??
[  204.067195][ T7234] vivid-002: RDS Traffic Announcement: false inactive
[  204.082441][ T7234] vivid-002: RDS Traffic Program: false inactive
[  204.091693][ T5282] usb 5-1: new full-speed USB device number 13 using dummy_hcd
[  204.099466][ T7234] vivid-002: RDS Music: false inactive
[  204.150119][ T7234] vivid-002: ==================  END STATUS  ==================
[  204.318169][ T5282] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  204.329815][ T5282] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  204.351154][ T5282] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64
[  204.371213][ T5230] Bluetooth: hci0: Malformed HCI Event: 0x22
[  204.398957][ T5282] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  204.416282][ T5282] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  204.432600][ T5282] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  204.443994][ T5282] usb 5-1: SerialNumber: syz
[  204.454982][ T7225] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  204.486613][ T5282] cdc_acm 5-1:1.0: Control and data interfaces are not separated!
[  204.510954][ T5282] cdc_acm 5-1:1.0: probe with driver cdc_acm failed with error -12
[  204.814214][ T7227] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  204.834335][ T7043] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  204.914329][ T7227] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  204.931623][ T7043] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  204.966289][ T5230] Bluetooth: hci3: command tx timeout
[  205.007072][ T7043] bond0 (unregistering): Released all slaves
[  205.108689][ T7217] netlink: 'syz.4.315': attribute type 10 has an invalid length.
[  205.334829][ T7043] : left promiscuous mode
[  205.609636][    T9] usb 1-1: Firmware version (0.0) predates our first public release.
[  205.640122][    T9] usb 1-1: Please update to version 0.2 or newer
[  205.896019][    T8] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  206.091447][    T8] usb 3-1: Using ep0 maxpacket: 32
[  206.119902][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  206.164899][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  206.196017][    T8] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  206.205120][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.253887][    T8] usb 3-1: config 0 descriptor??
[  206.266160][   T25] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  206.295743][    T9] usb 5-1: USB disconnect, device number 13
[  206.306761][    T8] hub 3-1:0.0: USB hub found
[  206.486237][   T25] usb 4-1: Using ep0 maxpacket: 8
[  206.498934][   T25] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  206.532988][   T25] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  206.557433][   T58] usb 1-1: USB disconnect, device number 9
[  206.580858][   T25] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  206.614741][   T25] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  206.635320][   T25] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  206.680533][   T25] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  206.723378][   T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.753649][ T7043] hsr_slave_0: left promiscuous mode
[  206.813194][ T7043] hsr_slave_1: left promiscuous mode
[  206.861896][ T7043] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  206.914096][ T7043] batman_adv: batadv0: Removing interface: batadv_slave_0
[  206.962502][ T7043] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  206.991102][   T25] usb 4-1: usb_control_msg returned -32
[  207.004540][ T7043] batman_adv: batadv0: Removing interface: batadv_slave_1
[  207.028424][   T25] usbtmc 4-1:16.0: can't read capabilities
[  207.046086][ T5230] Bluetooth: hci3: command tx timeout
[  207.101951][ T7043] veth1_macvtap: left promiscuous mode
[  207.107885][ T7043] veth0_macvtap: left promiscuous mode
[  207.117436][ T7043] veth1_vlan: left promiscuous mode
[  207.136161][ T7043] veth0_vlan: left allmulticast mode
[  207.142644][ T7043] veth0_vlan: left promiscuous mode
[  207.429412][ T7279] usbtmc 4-1:16.0: usb_control_msg returned -32
[  207.468832][ T7257] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  207.524716][ T7257] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  208.269167][ T7043] team0 (unregistering): Port device vlan0 removed
[  208.744431][    T8] hub 3-1:0.0: config failed, can't read hub descriptor (err -22)
[  208.788929][    T8] usbhid 3-1:0.0: can't add hid device: -71
[  208.796254][    T8] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  208.882491][    T8] usb 3-1: USB disconnect, device number 11
[  209.126280][ T5230] Bluetooth: hci3: command tx timeout
[  209.331320][ T5283] usb 4-1: USB disconnect, device number 10
[  209.456022][    T8] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  209.472385][ T7043] team0 (unregistering): Port device team_slave_1 removed
[  209.605587][ T7043] team0 (unregistering): Port device team_slave_0 removed
[  209.699099][    T8] usb 3-1: config 0 has an invalid interface number: 18 but max is 0
[  209.722516][    T8] usb 3-1: config 0 has no interface number 0
[  209.729341][    T8] usb 3-1: config 0 interface 18 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  209.761688][    T8] usb 3-1: config 0 interface 18 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  209.796949][    T8] usb 3-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.10
[  209.806325][    T8] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  209.814556][    T8] usb 3-1: Manufacturer: syz
[  209.894773][    T8] usb 3-1: config 0 descriptor??
[  210.177622][    T9] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  210.207096][ T7293] QAT: Device 0 not found
[  210.216039][    T9] hid-generic 0000:0000:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  210.732898][    T8] input: syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.18/0003:054C:03D5.0009/input/input8
[  210.992916][    T8] sony 0003:054C:03D5.0009: input,hidraw1: USB HID v0.00 Joystick [syz] on usb-dummy_hcd.2-1/input18
[  211.206170][ T5230] Bluetooth: hci3: command tx timeout
[  211.912805][ T7224] chnl_net:caif_netlink_parms(): no params data found
[  211.936854][ T5282] usb 3-1: reset high-speed USB device number 12 using dummy_hcd
[  212.990376][ T7224] bridge0: port 1(bridge_slave_0) entered blocking state
[  213.014203][ T7043] IPVS: stop unused estimator thread 0...
[  213.047786][ T7224] bridge0: port 1(bridge_slave_0) entered disabled state
[  213.066955][ T7224] bridge_slave_0: entered allmulticast mode
[  213.074522][ T7224] bridge_slave_0: entered promiscuous mode
[  213.182011][ T7224] bridge0: port 2(bridge_slave_1) entered blocking state
[  213.202405][ T7224] bridge0: port 2(bridge_slave_1) entered disabled state
[  213.227091][ T7224] bridge_slave_1: entered allmulticast mode
[  213.238107][ T7224] bridge_slave_1: entered promiscuous mode
[  213.369675][ T7224] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  213.379481][    T8] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  213.421540][ T7224] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  213.582298][    T8] usb 1-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=a1.c9
[  213.602558][    T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  213.631298][    T8] usb 1-1: Product: syz
[  213.640607][ T7347] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  213.646749][    T8] usb 1-1: Manufacturer: syz
[  213.647627][ T7347] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  213.655972][    T8] usb 1-1: SerialNumber: syz
[  213.703407][ T7347] vhci_hcd vhci_hcd.0: Device attached
[  213.761545][    T8] usb 1-1: config 0 descriptor??
[  213.784353][    T8] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  213.850902][   T25] usb 3-1: USB disconnect, device number 12
[  213.949162][ T7224] team0: Port device team_slave_0 added
[  213.972247][ T5284] usb 13-1: new high-speed USB device number 2 using vhci_hcd
[  214.023365][ T7224] team0: Port device team_slave_1 added
[  214.174075][   T29] kauditd_printk_skb: 2 callbacks suppressed
[  214.174121][   T29] audit: type=1326 audit(1726004177.309:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7332 comm="syz.0.333" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f15c2b7def9 code=0x0
[  214.220115][ T7224] batman_adv: batadv0: Adding interface: batadv_slave_0
[  214.277261][ T7224] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  214.303204][    C1] vkms_vblank_simulate: vblank timer overrun
[  214.330320][    T8] gspca_vc032x: reg_r err -110
[  214.342445][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  214.357549][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  214.400794][ T7356] netlink: 44 bytes leftover after parsing attributes in process `syz.0.333'.
[  214.420005][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  214.425453][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  214.444987][ T7224] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  214.458633][ T7356] netlink: 12 bytes leftover after parsing attributes in process `syz.0.333'.
[  214.465945][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  214.494947][ T7356] netlink: 20 bytes leftover after parsing attributes in process `syz.0.333'.
[  214.518897][ T7224] batman_adv: batadv0: Adding interface: batadv_slave_1
[  214.526647][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  214.562531][ T7224] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  214.588638][    C1] vkms_vblank_simulate: vblank timer overrun
[  214.625108][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  214.639967][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  214.651835][ T7224] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  214.713786][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  214.724192][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  214.724509][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  214.724877][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  214.724892][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  214.724905][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  214.725043][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  214.725058][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  214.725070][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  214.725082][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  214.725094][    T8] gspca_vc032x: Unknown sensor...
[  214.725180][    T8] vc032x 1-1:0.0: probe with driver vc032x failed with error -22
[  214.858895][ T7364] "syz.4.337" (7364) uses obsolete ecb(arc4) skcipher
[  215.013153][ T7224] hsr_slave_0: entered promiscuous mode
[  215.047085][ T7224] hsr_slave_1: entered promiscuous mode
[  215.072136][ T7224] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  215.091430][ T7224] Cannot create hsr debugfs directory
[  215.097415][ T7350] vhci_hcd: connection reset by peer
[  215.135011][ T7021] vhci_hcd: stop threads
[  215.156068][ T5282] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  215.166651][ T7021] vhci_hcd: release socket
[  215.197434][ T7021] vhci_hcd: disconnect device
[  215.376038][ T5282] usb 4-1: Using ep0 maxpacket: 32
[  215.415682][ T5282] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[  215.445640][ T5282] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  215.483145][ T5282] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[  215.514441][ T5282] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  215.536014][ T5282] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  215.562081][ T5282] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  215.585957][ T5282] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  215.626116][ T1170] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  215.656589][ T5282] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  215.683153][ T5282] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  215.714608][ T5282] usb 4-1: config 0 descriptor??
[  215.852132][ T1170] usb 3-1: New USB device found, idVendor=058f, idProduct=3820, bcdDevice=bf.93
[  215.874312][ T1170] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  215.913724][ T1170] usb 3-1: Product: syz
[  215.929030][ T1170] usb 3-1: Manufacturer: syz
[  215.945819][ T1170] usb 3-1: SerialNumber: syz
[  215.985571][ T1170] usb 3-1: config 0 descriptor??
[  216.174635][ T5282] usb 1-1: USB disconnect, device number 10
[  216.656141][ T1170] usb 3-1: USB disconnect, device number 13
[  217.448071][ T7395] syz.0.341 (7395): drop_caches: 1
[  217.766601][   T25] usb 4-1: USB disconnect, device number 11
[  218.098874][ T7224] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  218.204049][ T7224] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  218.233668][ T7224] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  218.271264][ T7224] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  218.315778][ T7410] dccp_invalid_packet: P.Data Offset(0) too small
[  218.722121][ T7224] 8021q: adding VLAN 0 to HW filter on device bond0
[  218.870614][ T7224] 8021q: adding VLAN 0 to HW filter on device team0
[  218.942385][ T7043] bridge0: port 1(bridge_slave_0) entered blocking state
[  218.949608][ T7043] bridge0: port 1(bridge_slave_0) entered forwarding state
[  219.008471][ T7043] bridge0: port 2(bridge_slave_1) entered blocking state
[  219.015706][ T7043] bridge0: port 2(bridge_slave_1) entered forwarding state
[  219.062521][   T29] audit: type=1400 audit(1726004182.199:84): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=381CD2A12F2F pid=7422 comm="syz.2.346"
[  219.126568][ T5284] vhci_hcd: vhci_device speed not set
[  219.456079][ T1170] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  219.655401][ T7224] 8021q: adding VLAN 0 to HW filter on device batadv0
[  219.686228][ T1170] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 255, changing to 11
[  219.754254][ T1170] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 59391, setting to 1024
[  219.867311][ T1170] usb 3-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  219.910736][ T1170] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  219.962089][ T7224] veth0_vlan: entered promiscuous mode
[  219.977495][ T1170] usb 3-1: config 0 descriptor??
[  220.005136][ T7426] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  220.043401][ T7224] veth1_vlan: entered promiscuous mode
[  220.052941][ T1170] gspca_main: spca561-2.14.0 probing abcd:cdee
[  220.235674][ T7224] veth0_macvtap: entered promiscuous mode
[  220.289966][ T7426] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  220.308998][ T7224] veth1_macvtap: entered promiscuous mode
[  220.380720][ T7426] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  220.422935][ T7224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  220.503950][ T7224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  220.529900][ T7224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  220.544324][ T7224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  220.596629][ T1170] spca561 3-1:0.0: probe with driver spca561 failed with error -22
[  220.610215][ T7224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  220.632635][ T1170] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  220.643364][ T7224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  220.659433][ T1170] usb 3-1: MIDIStreaming interface descriptor not found
[  220.685972][ T7224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  220.746949][ T7224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  220.794541][ T7224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  220.806982][ T7224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  220.850783][ T7224] batman_adv: batadv0: Interface activated: batadv_slave_0
[  221.103952][ T7224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  221.103981][ T7224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  221.103996][ T7224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  221.104013][ T7224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  221.104027][ T7224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  221.104042][ T7224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  221.104058][ T7224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  221.104075][ T7224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  221.104089][ T7224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  221.104105][ T7224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  221.130584][ T7224] batman_adv: batadv0: Interface activated: batadv_slave_1
[  221.155191][ T7224] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  221.155282][ T7224] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  221.155315][ T7224] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  221.155346][ T7224] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  221.487788][ T7043] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  221.487817][ T7043] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  221.642871][ T7043] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  221.642901][ T7043] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  221.987651][ T5282] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  222.006719][ T5230] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0
[  222.006822][ T5230] Bluetooth: hci5: Injecting HCI hardware error event
[  222.009257][ T4623] Bluetooth: hci5: hardware error 0x00
[  222.187748][ T5282] usb 1-1: Using ep0 maxpacket: 32
[  222.193440][ T5282] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  222.193467][ T5282] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  222.193484][ T5282] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  222.193519][ T5282] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  222.193536][ T5282] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  222.193555][ T5282] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  222.193572][ T5282] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  222.193589][ T5282] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  222.193622][ T5282] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  222.193640][ T5282] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  222.211217][ T5282] usb 1-1: config 0 descriptor??
[  222.283773][ T7482] wireguard0: entered promiscuous mode
[  222.428362][ T7482] wireguard0: entered allmulticast mode
[  222.444259][ T5282] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 11 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  222.725250][ T5284] usb 3-1: USB disconnect, device number 14
[  222.755517][   T58] usb 1-1: USB disconnect, device number 11
[  222.818650][   T58] usblp0: removed
[  223.518867][ T7519] netlink: 4 bytes leftover after parsing attributes in process `syz.3.360'.
[  223.547747][ T5284] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  223.561794][ T7519] netlink: 'syz.3.360': attribute type 10 has an invalid length.
[  223.618636][ T7519] team0: Failed to send options change via netlink (err -105)
[  223.661837][ T7519] team0: Port device netdevsim0 added
[  223.677423][ T7047] team0: Failed to send port change of device netdevsim0 via netlink (err -105)
[  223.751630][ T7519] netlink: 12 bytes leftover after parsing attributes in process `syz.3.360'.
[  223.778912][ T5284] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  223.808512][ T5284] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  223.829755][ T5284] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  223.878113][ T7519] netlink: 'syz.3.360': attribute type 22 has an invalid length.
[  223.886041][ T5284] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  223.925809][ T5284] usb 5-1: config 0 descriptor??
[  224.166566][ T4623] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[  224.427930][ T7512] netlink: 'syz.4.358': attribute type 10 has an invalid length.
[  224.611719][ T7512] 8021q: adding VLAN 0 to HW filter on device batadv0
[  224.663622][ T7512] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  224.793978][ T1170] usb 5-1: USB disconnect, device number 14
[  224.950954][ T7043] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.177462][ T7043] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.337834][ T7539] netlink: 4 bytes leftover after parsing attributes in process `syz.2.366'.
[  225.349806][ T7043] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.544316][ T7043] team0: Port device netdevsim0 removed
[  225.587185][ T7043] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.606539][ T5282] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  225.806055][ T5282] usb 1-1: Using ep0 maxpacket: 16
[  225.818848][ T5282] usb 1-1: New USB device found, idVendor=1397, idProduct=00bd, bcdDevice=c5.66
[  225.839312][ T5282] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.883593][ T5282] usb 1-1: config 0 descriptor??
[  225.926361][ T5282] usb 1-1: invalid MIDI EP
[  225.945441][ T5282] usb 1-1: snd-bcd2000: error during probing
[  225.971722][ T5282] snd-bcd2000 1-1:0.0: probe with driver snd-bcd2000 failed with error -22
[  225.985180][ T5230] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  226.002307][ T5230] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  226.011627][ T5230] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  226.020493][ T5230] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  226.028769][ T5230] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  226.036524][ T5230] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  226.069346][   T29] audit: type=1800 audit(1726004189.209:85): pid=7554 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.367" name="/" dev="fuse" ino=1 res=0 errno=0
[  226.130830][   T29] audit: type=1800 audit(1726004189.259:86): pid=7556 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.367" name="/" dev="fuse" ino=1 res=0 errno=0
[  226.284901][ T7552] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  226.317042][ T7043] bridge_slave_1: left allmulticast mode
[  226.328545][ T7043] bridge_slave_1: left promiscuous mode
[  226.366220][ T7043] bridge0: port 2(bridge_slave_1) entered disabled state
[  226.382109][ T7043] bridge_slave_0: left allmulticast mode
[  226.392387][ T7043] bridge_slave_0: left promiscuous mode
[  226.402939][ T7043] bridge0: port 1(bridge_slave_0) entered disabled state
[  227.816830][ T7043] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  227.834394][ T7043] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  227.880545][ T7043] bond0 (unregistering): Released all slaves
[  228.088742][ T4623] Bluetooth: hci2: command tx timeout
[  228.546100][    T8] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  228.560715][ T5284] usb 1-1: USB disconnect, device number 12
[  228.809873][    T8] usb 3-1: Using ep0 maxpacket: 32
[  228.819875][ T7043] hsr_slave_0: left promiscuous mode
[  228.837283][ T7043] hsr_slave_1: left promiscuous mode
[  228.857357][ T7043] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  228.870975][    T8] usb 3-1: config index 0 descriptor too short (expected 29220, got 36)
[  228.900019][    T8] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  228.905988][ T7043] batman_adv: batadv0: Removing interface: batadv_slave_0
[  228.918812][    T8] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81
[  228.938413][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  228.949246][    T8] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  228.959311][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  228.961116][ T7043] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  228.970230][    T8] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  228.994228][    T8] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  229.011968][    T8] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  229.022827][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  229.035343][ T7043] batman_adv: batadv0: Removing interface: batadv_slave_1
[  229.066318][    T8] usb 3-1: config 0 descriptor??
[  229.144279][ T7043] veth1_macvtap: left promiscuous mode
[  229.161967][ T7043] veth0_macvtap: left promiscuous mode
[  229.173541][ T7043] veth1_vlan: left promiscuous mode
[  229.238909][ T7043] veth0_vlan: left promiscuous mode
[  229.287589][    T8] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 15 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  229.564822][    T9] usb 3-1: USB disconnect, device number 15
[  229.603161][    T9] usblp0: removed
[  229.726332][ T5281] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  229.928236][ T5281] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  229.950892][ T5281] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  229.963556][ T5230] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  229.978945][ T5230] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  229.988433][ T5230] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  230.001605][ T5230] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  230.003020][ T5281] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  230.038515][ T5230] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  230.046311][ T5230] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  230.069221][ T5281] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  230.120872][ T5281] usb 1-1: config 0 descriptor??
[  230.170290][ T5230] Bluetooth: hci2: command tx timeout
[  230.738110][ T7043] team0 (unregistering): Port device team_slave_1 removed
[  230.802500][ T7043] team0 (unregistering): Port device team_slave_0 removed
[  231.667952][ T7598] netlink: 'syz.0.377': attribute type 10 has an invalid length.
[  231.739810][ T7598] 8021q: adding VLAN 0 to HW filter on device batadv0
[  231.806585][ T7598] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  231.857252][ T5284] usb 1-1: USB disconnect, device number 13
[  232.109891][   T29] audit: type=1800 audit(1726004195.219:87): pid=7610 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.381" name="/" dev="fuse" ino=1 res=0 errno=0
[  232.128800][    C1] vkms_vblank_simulate: vblank timer overrun
[  232.177896][ T5230] Bluetooth: hci5: command tx timeout
[  232.195846][   T29] audit: type=1800 audit(1726004195.239:88): pid=7611 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.381" name="/" dev="fuse" ino=1 res=0 errno=0
[  232.246370][ T5230] Bluetooth: hci2: command tx timeout
[  232.274237][ T7610] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  232.401688][ T7562] chnl_net:caif_netlink_parms(): no params data found
[  232.665751][ T7562] bridge0: port 1(bridge_slave_0) entered blocking state
[  232.696314][ T7562] bridge0: port 1(bridge_slave_0) entered disabled state
[  232.703652][ T7562] bridge_slave_0: entered allmulticast mode
[  232.735347][ T7562] bridge_slave_0: entered promiscuous mode
[  232.779995][ T7562] bridge0: port 2(bridge_slave_1) entered blocking state
[  232.825742][ T7562] bridge0: port 2(bridge_slave_1) entered disabled state
[  232.844687][ T5281] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  232.853570][ T7562] bridge_slave_1: entered allmulticast mode
[  232.884543][ T7562] bridge_slave_1: entered promiscuous mode
[  232.951087][ T7603] chnl_net:caif_netlink_parms(): no params data found
[  233.067922][ T5281] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  233.081176][ T5281] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  233.109761][ T5281] usb 3-1: config 1 interface 1 has no altsetting 0
[  233.128558][ T5281] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  233.157929][ T5281] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.202209][ T5281] usb 3-1: Product: syz
[  233.215431][ T5281] usb 3-1: Manufacturer: syz
[  233.232349][ T5281] usb 3-1: SerialNumber: syz
[  233.243407][ T7562] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  233.293349][ T5281] usb 3-1: selecting invalid altsetting 1
[  233.316065][ T5281] usb 3-1: selecting invalid altsetting 0
[  233.321960][ T5281] usb 3-1: selecting invalid altsetting 0
[  233.365169][ T7562] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  233.386119][ T5281] cdc_ncm 3-1:1.0: bind() failure
[  233.395828][ T5281] usb 3-1: selecting invalid altsetting 0
[  233.466148][ T5281] cdc_ncm 3-1:1.1: probe with driver cdc_ncm failed with error -22
[  233.474438][ T5281] usb 3-1: selecting invalid altsetting 0
[  233.521745][ T5281] cdc_mbim 3-1:1.1: probe with driver cdc_mbim failed with error -22
[  233.557203][ T5281] usb 3-1: selecting invalid altsetting 0
[  233.563106][ T5281] usbtest 3-1:1.1: probe with driver usbtest failed with error -22
[  233.584423][ T7633] xt_connbytes: Forcing CT accounting to be enabled
[  233.633252][ T7633] xt_NFQUEUE: number of total queues is 0
[  233.791231][ T7562] team0: Port device team_slave_0 added
[  233.831631][ T7562] team0: Port device team_slave_1 added
[  234.006637][ T7603] bridge0: port 1(bridge_slave_0) entered blocking state
[  234.024347][ T7603] bridge0: port 1(bridge_slave_0) entered disabled state
[  234.044707][ T7603] bridge_slave_0: entered allmulticast mode
[  234.059363][ T7603] bridge_slave_0: entered promiscuous mode
[  234.182658][ T7043] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  234.257174][ T5230] Bluetooth: hci5: command tx timeout
[  234.336153][ T5230] Bluetooth: hci2: command tx timeout
[  234.340416][ T7562] batman_adv: batadv0: Adding interface: batadv_slave_0
[  234.379567][ T7562] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  234.406557][ T7562] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  234.416226][ T4623] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  234.427862][ T4623] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  234.438560][ T4623] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  234.449298][ T4623] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  234.457270][ T4623] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  234.464815][ T4623] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  234.491664][ T7603] bridge0: port 2(bridge_slave_1) entered blocking state
[  234.506115][ T7603] bridge0: port 2(bridge_slave_1) entered disabled state
[  234.513477][ T7603] bridge_slave_1: entered allmulticast mode
[  234.522768][ T7603] bridge_slave_1: entered promiscuous mode
[  234.609806][ T7043] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  234.681598][ T7562] batman_adv: batadv0: Adding interface: batadv_slave_1
[  234.696084][ T7562] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  234.756135][ T7562] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  234.927548][ T7043] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.010611][ T7603] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  235.043431][ T7603] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  235.059139][ T5281] usb 3-1: USB disconnect, device number 16
[  235.184906][ T7043] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.295044][ T7562] hsr_slave_0: entered promiscuous mode
[  235.304576][ T7562] hsr_slave_1: entered promiscuous mode
[  235.367242][ T7603] team0: Port device team_slave_0 added
[  235.458210][ T7603] team0: Port device team_slave_1 added
[  235.696129][ T7603] batman_adv: batadv0: Adding interface: batadv_slave_0
[  235.717685][ T7603] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  235.753432][ T7603] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  235.798947][ T7603] batman_adv: batadv0: Adding interface: batadv_slave_1
[  235.806194][ T7603] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  235.833763][ T7603] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  236.041447][ T7603] hsr_slave_0: entered promiscuous mode
[  236.061518][ T7603] hsr_slave_1: entered promiscuous mode
[  236.074014][ T7603] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  236.086295][ T7603] Cannot create hsr debugfs directory
[  236.327493][ T4623] Bluetooth: hci5: command tx timeout
[  236.548165][ T7043] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.566335][ T4623] Bluetooth: hci3: command tx timeout
[  236.852257][ T7043] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.992149][   T29] audit: type=1326 audit(1726004200.129:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7676 comm="syz.0.388" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f15c2b7def9 code=0x0
[  237.045256][ T7043] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  237.118892][ T7043] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  237.299716][ T7651] chnl_net:caif_netlink_parms(): no params data found
[  237.916295][ T5282] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  238.165485][ T5282] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  238.221023][ T7043] bridge_slave_1: left allmulticast mode
[  238.232228][ T5282] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  238.247906][ T7043] bridge_slave_1: left promiscuous mode
[  238.253596][ T5282] usb 3-1: Product: syz
[  238.264576][ T5282] usb 3-1: Manufacturer: syz
[  238.269863][ T7043] bridge0: port 2(bridge_slave_1) entered disabled state
[  238.286093][ T5282] usb 3-1: SerialNumber: syz
[  238.312298][ T5282] usb 3-1: config 0 descriptor??
[  238.321888][ T7043] bridge_slave_0: left allmulticast mode
[  238.348060][ T7043] bridge_slave_0: left promiscuous mode
[  238.359919][ T7043] bridge0: port 1(bridge_slave_0) entered disabled state
[  238.393002][ T7043] bridge_slave_1: left allmulticast mode
[  238.413826][ T7043] bridge_slave_1: left promiscuous mode
[  238.413991][ T4623] Bluetooth: hci5: command tx timeout
[  238.424113][ T7043] bridge0: port 2(bridge_slave_1) entered disabled state
[  238.492774][ T7043] bridge_slave_0: left allmulticast mode
[  238.517525][ T7043] bridge_slave_0: left promiscuous mode
[  238.556292][ T7043] bridge0: port 1(bridge_slave_0) entered disabled state
[  238.647555][ T4623] Bluetooth: hci3: command tx timeout
[  238.765188][ T7685] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  238.780834][ T7685] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  238.814784][ T7685] netlink: 24 bytes leftover after parsing attributes in process `syz.2.389'.
[  239.735275][ T7043] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  239.752998][ T7043] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  239.772910][ T7043] bond0 (unregistering): Released all slaves
[  239.989281][ T7043] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  240.021999][ T7043] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  240.051790][ T7043] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  240.063756][ T7043] bond0 (unregistering): Released all slaves
[  240.159351][ T7651] bridge0: port 1(bridge_slave_0) entered blocking state
[  240.177377][ T7651] bridge0: port 1(bridge_slave_0) entered disabled state
[  240.185714][ T7651] bridge_slave_0: entered allmulticast mode
[  240.250279][ T7651] bridge_slave_0: entered promiscuous mode
[  240.323674][ T7651] bridge0: port 2(bridge_slave_1) entered blocking state
[  240.356797][ T7651] bridge0: port 2(bridge_slave_1) entered disabled state
[  240.369593][ T7651] bridge_slave_1: entered allmulticast mode
[  240.385348][ T7651] bridge_slave_1: entered promiscuous mode
[  240.530649][ T5281] usb 3-1: USB disconnect, device number 17
[  240.726327][ T4623] Bluetooth: hci3: command tx timeout
[  240.828859][   T29] audit: type=1326 audit(1726004203.969:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7696 comm="syz.2.392" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f32da57def9 code=0x0
[  240.919269][ T7651] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  241.031568][ T7705] Dead loop on virtual device ip6_vti0, fix it urgently!
[  241.040618][ T7705] Dead loop on virtual device ip6_vti0, fix it urgently!
[  241.050940][ T7705] Dead loop on virtual device ip6_vti0, fix it urgently!
[  241.060496][ T7705] Dead loop on virtual device ip6_vti0, fix it urgently!
[  241.068908][ T7705] Dead loop on virtual device ip6_vti0, fix it urgently!
[  241.078382][ T7705] Dead loop on virtual device ip6_vti0, fix it urgently!
[  241.161694][ T7562] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  241.200317][ T7651] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  241.348559][ T7562] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  241.432105][ T7714] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  241.452700][ T7651] team0: Port device team_slave_0 added
[  241.544297][ T7562] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  241.597524][ T7562] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  241.680317][ T7651] team0: Port device team_slave_1 added
[  242.099756][ T7651] batman_adv: batadv0: Adding interface: batadv_slave_0
[  242.145050][ T7651] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  242.227940][ T7651] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  242.259195][ T7043] hsr_slave_0: left promiscuous mode
[  242.270859][ T7043] hsr_slave_1: left promiscuous mode
[  242.281308][ T7043] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  242.288921][ T7043] batman_adv: batadv0: Removing interface: batadv_slave_0
[  242.297217][ T7043] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  242.304641][ T7043] batman_adv: batadv0: Removing interface: batadv_slave_1
[  242.317421][ T7043] hsr_slave_0: left promiscuous mode
[  242.324987][ T7043] hsr_slave_1: left promiscuous mode
[  242.331524][ T7043] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  242.339282][ T7043] batman_adv: batadv0: Removing interface: batadv_slave_0
[  242.351776][ T7043] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  242.360579][ T7043] batman_adv: batadv0: Removing interface: batadv_slave_1
[  242.423056][ T7043] veth1_macvtap: left promiscuous mode
[  242.431243][ T7043] veth0_macvtap: left promiscuous mode
[  242.437877][ T7043] veth1_vlan: left promiscuous mode
[  242.449215][ T7043] veth0_vlan: left promiscuous mode
[  242.462022][ T7043] veth1_macvtap: left promiscuous mode
[  242.473266][ T7043] veth0_macvtap: left promiscuous mode
[  242.484877][ T7043] veth1_vlan: left promiscuous mode
[  242.499786][ T7043] veth0_vlan: left promiscuous mode
[  242.806071][ T4623] Bluetooth: hci3: command tx timeout
[  242.919559][ T7731] xt_cgroup: invalid path, errno=-2
[  243.182137][   T58] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  243.366168][   T58] usb 1-1: Using ep0 maxpacket: 16
[  243.385471][   T58] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  243.419131][   T58] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  243.430024][   T58] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  243.439612][   T58] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  243.473466][   T58] usb 1-1: config 0 descriptor??
[  243.797442][ T7043] team0 (unregistering): Port device team_slave_1 removed
[  243.855476][ T7043] team0 (unregistering): Port device team_slave_0 removed
[  244.042968][   T58] savu 0003:1E7D:2D5A.000A: hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0
[  244.282565][ T7738] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  244.297391][ T7738] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  244.344173][ T7738] netlink: 12 bytes leftover after parsing attributes in process `syz.0.397'.
[  245.000379][ T7043] team0 (unregistering): Port device team_slave_1 removed
[  245.051627][ T7043] team0 (unregistering): Port device team_slave_0 removed
[  245.655432][ T7651] batman_adv: batadv0: Adding interface: batadv_slave_1
[  245.669669][ T7651] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  245.696484][ T7651] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  245.874120][ T5284] usb 1-1: USB disconnect, device number 14
[  246.004030][ T7651] hsr_slave_0: entered promiscuous mode
[  246.023971][ T7651] hsr_slave_1: entered promiscuous mode
[  246.041482][ T7651] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  246.051344][ T7651] Cannot create hsr debugfs directory
[  246.097554][ T7603] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  246.112144][ T7603] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  246.188368][ T7603] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  246.204318][ T7603] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  246.471152][ T7562] 8021q: adding VLAN 0 to HW filter on device bond0
[  246.604722][ T7562] 8021q: adding VLAN 0 to HW filter on device team0
[  246.743270][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  246.750491][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  246.919805][ T7047] bridge0: port 2(bridge_slave_1) entered blocking state
[  246.927089][ T7047] bridge0: port 2(bridge_slave_1) entered forwarding state
[  246.980663][ T7603] 8021q: adding VLAN 0 to HW filter on device bond0
[  247.228676][ T7603] 8021q: adding VLAN 0 to HW filter on device team0
[  247.319030][ T7039] bridge0: port 1(bridge_slave_0) entered blocking state
[  247.326280][ T7039] bridge0: port 1(bridge_slave_0) entered forwarding state
[  247.449317][ T7039] bridge0: port 2(bridge_slave_1) entered blocking state
[  247.456565][ T7039] bridge0: port 2(bridge_slave_1) entered forwarding state
[  247.659968][ T7043] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  247.897311][ T5230] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  247.930589][ T5230] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  247.947532][ T5230] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  247.961648][ T7043] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  247.979137][ T5230] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  247.996970][ T5230] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  248.015112][ T5230] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  248.117783][ T7043] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.157419][ T7764] netlink: 8 bytes leftover after parsing attributes in process `syz.0.403'.
[  248.175682][ T7651] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  248.190142][ T7651] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  248.205497][ T7651] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  248.221435][ T7651] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  248.255410][ T7043] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.280834][ T7764] netlink: 'syz.0.403': attribute type 63 has an invalid length.
[  248.288997][ T7764] netlink: 9 bytes leftover after parsing attributes in process `syz.0.403'.
[  248.342250][ T7562] 8021q: adding VLAN 0 to HW filter on device batadv0
[  248.699221][ T7043] bridge_slave_1: left allmulticast mode
[  248.704913][ T7043] bridge_slave_1: left promiscuous mode
[  248.713568][ T7043] bridge0: port 2(bridge_slave_1) entered disabled state
[  248.739259][ T7043] bridge_slave_0: left allmulticast mode
[  248.744974][ T7043] bridge_slave_0: left promiscuous mode
[  248.756314][ T7043] bridge0: port 1(bridge_slave_0) entered disabled state
[  249.462414][ T7043] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  249.476440][ T7043] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  249.487925][ T7043] bond0 (unregistering): Released all slaves
[  249.540162][ T7562] veth0_vlan: entered promiscuous mode
[  249.666780][ T7562] veth1_vlan: entered promiscuous mode
[  249.684251][ T7603] 8021q: adding VLAN 0 to HW filter on device batadv0
[  249.807938][   T29] audit: type=1326 audit(1726004212.949:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7789 comm="syz.0.405" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f15c2b7def9 code=0x0
[  249.959421][ T7765] chnl_net:caif_netlink_parms(): no params data found
[  250.086283][ T5230] Bluetooth: hci0: command tx timeout
[  250.112219][ T7043] hsr_slave_0: left promiscuous mode
[  250.124046][ T7043] hsr_slave_1: left promiscuous mode
[  250.142278][ T7043] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  250.152845][ T7043] batman_adv: batadv0: Removing interface: batadv_slave_0
[  250.166386][ T7043] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  250.183145][ T7043] batman_adv: batadv0: Removing interface: batadv_slave_1
[  250.219128][ T7043] veth1_macvtap: left promiscuous mode
[  250.225831][ T7043] veth0_macvtap: left promiscuous mode
[  250.231615][ T7043] veth1_vlan: left promiscuous mode
[  250.238395][ T7043] veth0_vlan: left promiscuous mode
[  251.005366][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  251.495744][ T7043] team0 (unregistering): Port device team_slave_1 removed
[  251.628325][ T7043] team0 (unregistering): Port device team_slave_0 removed
[  252.170071][ T5230] Bluetooth: hci0: command tx timeout
[  252.382720][ T7562] veth0_macvtap: entered promiscuous mode
[  252.405907][ T7562] veth1_macvtap: entered promiscuous mode
[  252.517115][ T7651] 8021q: adding VLAN 0 to HW filter on device bond0
[  252.674223][ T7868] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  252.747764][ T7765] bridge0: port 1(bridge_slave_0) entered blocking state
[  252.755048][ T7765] bridge0: port 1(bridge_slave_0) entered disabled state
[  252.774040][ T7765] bridge_slave_0: entered allmulticast mode
[  252.783496][ T7765] bridge_slave_0: entered promiscuous mode
[  252.805019][ T7603] veth0_vlan: entered promiscuous mode
[  252.827676][ T7562] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  252.838452][ T7562] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.852036][ T7562] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  252.872285][ T7562] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.900880][ T7562] batman_adv: batadv0: Interface activated: batadv_slave_0
[  252.909831][ T7865] veth0_to_bridge: entered promiscuous mode
[  252.919914][ T7562] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  252.931005][ T7562] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.941477][ T7562] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  252.954045][ T7562] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.972218][ T7562] batman_adv: batadv0: Interface activated: batadv_slave_1
[  252.982922][ T7765] bridge0: port 2(bridge_slave_1) entered blocking state
[  252.991060][ T7765] bridge0: port 2(bridge_slave_1) entered disabled state
[  252.998916][ T7765] bridge_slave_1: entered allmulticast mode
[  253.006388][ T7765] bridge_slave_1: entered promiscuous mode
[  253.136053][ T7651] 8021q: adding VLAN 0 to HW filter on device team0
[  253.145428][ T7562] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  253.155831][ T7562] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  253.164617][ T7562] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  253.174609][ T7562] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  253.202557][ T7765] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  253.216258][ T7864] veth0_to_bridge: left promiscuous mode
[  253.259407][ T7765] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  253.319457][ T7603] veth1_vlan: entered promiscuous mode
[  253.396780][ T7765] team0: Port device team_slave_0 added
[  253.405431][ T7765] team0: Port device team_slave_1 added
[  253.449667][   T65] bridge0: port 1(bridge_slave_0) entered blocking state
[  253.456883][   T65] bridge0: port 1(bridge_slave_0) entered forwarding state
[  253.617982][ T7039] bridge0: port 2(bridge_slave_1) entered blocking state
[  253.625134][ T7039] bridge0: port 2(bridge_slave_1) entered forwarding state
[  253.640053][ T7765] batman_adv: batadv0: Adding interface: batadv_slave_0
[  253.668570][ T7765] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  253.740531][ T7765] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  253.813247][ T7875] tipc: Started in network mode
[  253.833372][ T7875] tipc: Node identity c6ec35dd3fe1, cluster identity 4711
[  253.842138][ T7875] tipc: Enabled bearer <eth:hsr0>, priority 10
[  253.863540][   T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  253.888597][   T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  253.912480][ T7765] batman_adv: batadv0: Adding interface: batadv_slave_1
[  253.923286][ T7765] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  253.953278][ T7765] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  254.118154][ T7603] veth0_macvtap: entered promiscuous mode
[  254.138821][ T7047] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  254.173708][ T7047] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  254.220818][ T7765] hsr_slave_0: entered promiscuous mode
[  254.256197][ T5230] Bluetooth: hci0: command tx timeout
[  254.272757][ T7765] hsr_slave_1: entered promiscuous mode
[  254.297394][ T7765] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  254.312659][ T7765] Cannot create hsr debugfs directory
[  254.353105][ T7603] veth1_macvtap: entered promiscuous mode
[  254.576258][ T7603] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  254.596882][ T7603] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  254.621676][ T7603] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  254.643747][ T7603] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  254.692282][ T7603] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  254.705519][ T7603] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  254.739585][ T7603] batman_adv: batadv0: Interface activated: batadv_slave_0
[  254.877909][ T7907] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_bridge, syncid = 0, id = 0
[  254.896153][ T7603] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  254.910153][ T7603] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  254.924449][ T7603] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  254.939897][ T7603] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  254.950236][ T7603] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  254.958793][   T58] tipc: Node number set to 4178392541
[  254.961118][ T7603] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  254.979739][ T7603] batman_adv: batadv0: Interface activated: batadv_slave_1
[  255.152111][ T7603] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  255.162890][ T7603] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  255.171925][ T7603] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  255.181829][ T7603] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  255.480581][ T7651] 8021q: adding VLAN 0 to HW filter on device batadv0
[  255.700216][ T7047] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  255.930768][ T1269] ieee802154 phy0 wpan0: encryption failed: -22
[  255.937446][ T1269] ieee802154 phy1 wpan1: encryption failed: -22
[  256.069610][ T7047] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.282665][ T7047] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.326464][ T5230] Bluetooth: hci0: command tx timeout
[  256.392617][ T7651] veth0_vlan: entered promiscuous mode
[  256.440059][ T4623] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  256.451114][ T4623] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  256.466284][ T4623] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  256.481247][ T4623] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  256.483870][ T7047] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.501205][ T4623] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  256.510553][ T4623] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  256.664321][ T7651] veth1_vlan: entered promiscuous mode
[  256.690255][ T7043] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  256.736836][ T7043] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  256.953813][ T7765] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  256.981069][ T7765] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  257.086948][ T7765] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  257.089340][ T7028] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  257.125494][ T7028] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  257.130273][ T7765] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  257.217505][ T7047] bridge_slave_1: left allmulticast mode
[  257.223219][ T7047] bridge_slave_1: left promiscuous mode
[  257.281427][ T7047] bridge0: port 2(bridge_slave_1) entered disabled state
[  257.325056][ T7047] bridge_slave_0: left allmulticast mode
[  257.338401][ T7047] bridge_slave_0: left promiscuous mode
[  257.358462][ T7047] bridge0: port 1(bridge_slave_0) entered disabled state
[  257.519243][ T7944] vivid-004: =================  START STATUS  =================
[  257.531505][ T7944] vivid-004: Radio HW Seek Mode: Bounded
[  257.540611][ T7944] vivid-004: Radio Programmable HW Seek: false
[  257.546998][ T7944] vivid-004: RDS Rx I/O Mode: Block I/O
[  257.558758][ T7944] vivid-004: Generate RBDS Instead of RDS: false
[  257.566227][ T7944] vivid-004: RDS Reception: true
[  257.571312][ T7944] vivid-004: RDS Program Type: 0 inactive
[  257.588738][ T7944] vivid-004: RDS PS Name:  inactive
[  257.603634][ T7944] vivid-004: RDS Radio Text:  inactive
[  257.610459][ T7944] vivid-004: RDS Traffic Announcement: false inactive
[  257.633362][ T7944] vivid-004: RDS Traffic Program: false inactive
[  257.643431][ T7944] vivid-004: RDS Music: false inactive
[  257.650270][ T7944] vivid-004: ==================  END STATUS  ==================
[  258.484832][ T7047] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  258.531160][ T7047] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  258.566779][ T4623] Bluetooth: hci2: command tx timeout
[  258.577685][ T7047] bond0 (unregistering): Released all slaves
[  258.650982][ T7651] veth0_macvtap: entered promiscuous mode
[  258.786889][ T7651] veth1_macvtap: entered promiscuous mode
[  259.224891][ T7651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  259.242476][ T7651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.272824][ T7651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  259.303889][ T7651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.336037][ T7651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  259.347317][ T7651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.358227][ T7651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  259.372218][ T7651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.389336][ T7651] batman_adv: batadv0: Interface activated: batadv_slave_0
[  259.454670][ T7047] hsr_slave_0: left promiscuous mode
[  259.476808][ T7047] hsr_slave_1: left promiscuous mode
[  259.501939][ T7047] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  259.521834][ T7047] batman_adv: batadv0: Removing interface: batadv_slave_0
[  259.544975][ T7047] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  259.554544][ T7047] batman_adv: batadv0: Removing interface: batadv_slave_1
[  259.619159][ T7047] veth1_macvtap: left promiscuous mode
[  259.632523][ T7047] veth0_macvtap: left promiscuous mode
[  259.643823][ T7047] veth1_vlan: left promiscuous mode
[  259.654230][ T7047] veth0_vlan: left promiscuous mode
[  259.982008][ T7988] netlink: 168 bytes leftover after parsing attributes in process `syz.4.418'.
[  260.009005][ T7988] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7)
[  260.015615][ T7988] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  260.046621][ T7988] vhci_hcd vhci_hcd.0: Device attached
[  260.075276][ T7990] vhci_hcd: cannot find a urb of seqnum 0 max seqnum 0
[  260.077477][ T7039] vhci_hcd: stop threads
[  260.105800][ T7039] vhci_hcd: release socket
[  260.105830][ T7039] vhci_hcd: disconnect device
[  260.226058][ T7994] input: syz1 as /devices/virtual/input/input9
[  260.649263][ T4623] Bluetooth: hci2: command tx timeout
[  261.200287][ T7047] team0 (unregistering): Port device team_slave_1 removed
[  261.261311][ T7047] team0 (unregistering): Port device team_slave_0 removed
[  261.700289][ T7999] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  262.166831][ T7993] dvmrp0: entered allmulticast mode
[  262.172733][ T7998] netlink: 8 bytes leftover after parsing attributes in process `syz.4.419'.
[  262.182530][ T8001] netlink: 24 bytes leftover after parsing attributes in process `syz.4.419'.
[  262.268222][ T7651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  262.278820][ T7651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  262.290529][ T7651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  262.304277][ T7651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  262.329885][ T7651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  262.344890][ T7651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  262.375016][ T7651] batman_adv: batadv0: Interface activated: batadv_slave_1
[  262.551765][ T7651] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  262.561817][ T7651] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  262.573605][ T7651] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  262.591686][ T7651] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  262.622724][ T8009] vim2m vim2m.0: Fourcc format (0x42474752) invalid.
[  262.728288][ T4623] Bluetooth: hci2: command tx timeout
[  262.868953][ T7928] chnl_net:caif_netlink_parms(): no params data found
[  263.598807][ T7928] bridge0: port 1(bridge_slave_0) entered blocking state
[  263.627202][ T7928] bridge0: port 1(bridge_slave_0) entered disabled state
[  263.660527][ T7928] bridge_slave_0: entered allmulticast mode
[  263.681588][ T7928] bridge_slave_0: entered promiscuous mode
[  263.709212][ T7928] bridge0: port 2(bridge_slave_1) entered blocking state
[  263.720861][ T7928] bridge0: port 2(bridge_slave_1) entered disabled state
[  263.737830][ T7928] bridge_slave_1: entered allmulticast mode
[  263.745147][ T7928] bridge_slave_1: entered promiscuous mode
[  263.830178][ T7043] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  263.863092][ T7765] 8021q: adding VLAN 0 to HW filter on device bond0
[  263.881612][ T7043] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  263.972714][ T7928] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  263.994632][ T7928] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  264.145233][ T7041] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  264.154994][ T7041] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  264.184486][ T7928] team0: Port device team_slave_0 added
[  264.211487][ T7928] team0: Port device team_slave_1 added
[  264.320530][ T7765] 8021q: adding VLAN 0 to HW filter on device team0
[  264.368259][ T7928] batman_adv: batadv0: Adding interface: batadv_slave_0
[  264.390523][ T7928] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  264.457203][ T7928] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  264.498080][ T7928] batman_adv: batadv0: Adding interface: batadv_slave_1
[  264.537278][ T7928] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  264.657771][ T7928] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  264.765325][ T7043] bridge0: port 1(bridge_slave_0) entered blocking state
[  264.772500][ T7043] bridge0: port 1(bridge_slave_0) entered forwarding state
[  264.806622][ T4623] Bluetooth: hci2: command tx timeout
[  265.052154][ T8048] netdevsim netdevsim0: Direct firmware load for ng failed with error -2
[  265.070488][ T8048] netdevsim netdevsim0: Falling back to sysfs fallback for: ng
[  265.097604][ T7043] bridge0: port 2(bridge_slave_1) entered blocking state
[  265.104834][ T7043] bridge0: port 2(bridge_slave_1) entered forwarding state
[  265.363387][ T7928] hsr_slave_0: entered promiscuous mode
[  265.399219][ T7928] hsr_slave_1: entered promiscuous mode
[  266.013401][ T7765] 8021q: adding VLAN 0 to HW filter on device batadv0
[  266.066030][ T5283] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  266.248425][ T5283] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  266.248467][ T5283] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  266.248509][ T5283] usb 2-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00
[  266.248536][ T5283] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  266.251981][ T5283] usb 2-1: config 0 descriptor??
[  266.713429][ T5283] petalynx 0003:18B1:0037.000B: unknown main item tag 0x0
[  266.732908][ T7765] veth0_vlan: entered promiscuous mode
[  266.745378][ T5283] petalynx 0003:18B1:0037.000B: unknown main item tag 0x0
[  266.776123][ T5283] petalynx 0003:18B1:0037.000B: unknown main item tag 0x0
[  266.792692][ T5283] petalynx 0003:18B1:0037.000B: unknown main item tag 0x0
[  266.876117][ T5283] petalynx 0003:18B1:0037.000B: unknown main item tag 0x0
[  266.903765][ T5283] petalynx 0003:18B1:0037.000B: unknown main item tag 0x0
[  266.914112][ T5283] petalynx 0003:18B1:0037.000B: unknown main item tag 0x0
[  266.976402][ T5283] petalynx 0003:18B1:0037.000B: hidraw0: USB HID v0.00 Device [HID 18b1:0037] on usb-dummy_hcd.1-1/input0
[  267.162356][ T8090] vivid-004: =================  START STATUS  =================
[  267.177435][ T8090] vivid-004: Radio HW Seek Mode: Bounded
[  267.188613][ T8090] vivid-004: Radio Programmable HW Seek: false
[  267.195080][ T8090] vivid-004: RDS Rx I/O Mode: Block I/O
[  267.202746][ T8090] vivid-004: Generate RBDS Instead of RDS: false
[  267.214076][ T8090] vivid-004: RDS Reception: true
[  267.241389][ T8090] vivid-004: RDS Program Type: 0 inactive
[  267.266051][ T8090] vivid-004: RDS PS Name:  inactive
[  267.271407][ T8090] vivid-004: RDS Radio Text:  inactive
[  267.278086][ T7765] veth1_vlan: entered promiscuous mode
[  267.294028][ T8090] vivid-004: RDS Traffic Announcement: false inactive
[  267.304495][ T8090] vivid-004: RDS Traffic Program: false inactive
[  267.315216][ T8090] vivid-004: RDS Music: false inactive
[  267.365394][ T8090] vivid-004: ==================  END STATUS  ==================
[  267.496967][ T7765] veth0_macvtap: entered promiscuous mode
[  267.595557][ T7765] veth1_macvtap: entered promiscuous mode
[  267.988981][ T7765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  268.041318][ T7765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  268.102897][ T7765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  268.135468][ T7765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  268.179688][ T7765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  268.225933][ T7765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  268.260099][ T7765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  268.290427][ T5282] usb 2-1: USB disconnect, device number 13
[  268.300874][ T7765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  268.353327][ T7765] batman_adv: batadv0: Interface activated: batadv_slave_0
[  268.430564][ T7928] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  268.471433][ T7928] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  268.514595][ T7765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  268.554443][ T7765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  268.580627][ T7765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  268.604313][ T7765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  268.626620][ T7765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  268.640832][ T7765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  268.666291][ T7765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  268.689108][ T7765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  268.721983][ T7765] batman_adv: batadv0: Interface activated: batadv_slave_1
[  268.745220][ T7928] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  268.772313][ T7928] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  268.818343][ T7765] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  268.829549][ T7765] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  268.844441][ T7765] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  268.904681][ T7765] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  269.509564][ T7041] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  269.534870][ T7041] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  269.656664][ T5284] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  269.762598][ T7039] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  269.896108][ T5284] usb 1-1: Using ep0 maxpacket: 8
[  269.938243][ T5284] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  269.972027][ T5284] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  270.021732][ T5284] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  270.070856][ T5284] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  270.108245][ T7039] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  270.126021][ T5284] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  270.165694][ T5284] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  270.210289][ T7047] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  270.241291][ T7047] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  270.434205][ T7039] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  270.449545][ T5284] usb 1-1: GET_CAPABILITIES returned 0
[  270.477802][ T5284] usbtmc 1-1:16.0: can't read capabilities
[  270.492778][ T4623] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  270.549972][ T8136] netlink: 'syz.1.437': attribute type 5 has an invalid length.
[  270.631687][ T7928] 8021q: adding VLAN 0 to HW filter on device bond0
[  270.661296][   T29] audit: type=1326 audit(1726004233.789:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8135 comm="syz.1.437" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4e5d57def9 code=0x0
[  270.770009][ T7039] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  270.833705][ T8140] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10)
[  270.840356][ T8140] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  270.850688][ T8140] vhci_hcd vhci_hcd.0: Device attached
[  270.895300][ T7928] 8021q: adding VLAN 0 to HW filter on device team0
[  270.908367][ T8146] usbtmc 1-1:16.0: send_request_dev_dep_msg_in returned -90
[  270.936686][ T8140] netlink: 8 bytes leftover after parsing attributes in process `syz.1.437'.
[  271.027581][ T7043] bridge0: port 1(bridge_slave_0) entered blocking state
[  271.034782][ T7043] bridge0: port 1(bridge_slave_0) entered forwarding state
[  271.066252][ T1170] vhci_hcd: vhci_device speed not set
[  271.121221][ T8140] netlink: 'syz.1.437': attribute type 1 has an invalid length.
[  271.143069][ T8140] netlink: 4 bytes leftover after parsing attributes in process `syz.1.437'.
[  271.175163][ T1170] usb 11-1: new full-speed USB device number 2 using vhci_hcd
[  271.233502][ T8140] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  271.254079][ T8140] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  271.265236][ T8140] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  271.282871][ T8140] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  271.287630][ T8141] vhci_hcd: connection reset by peer
[  271.327896][ T7021] vhci_hcd: stop threads
[  271.340971][ T7021] vhci_hcd: release socket
[  271.351949][ T7021] vhci_hcd: disconnect device
[  271.413702][ T8150] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  271.423126][ T8150] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  271.431903][ T8150] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  271.440681][ T8150] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  271.480494][ T5230] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  271.498833][ T5230] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  271.511124][ T5230] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  271.521124][ T5230] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  271.537053][ T5230] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  271.544601][ T5230] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  271.577266][ T7043] bridge0: port 2(bridge_slave_1) entered blocking state
[  271.584481][ T7043] bridge0: port 2(bridge_slave_1) entered forwarding state
[  272.107624][ T7039] bridge_slave_1: left allmulticast mode
[  272.126558][ T7039] bridge_slave_1: left promiscuous mode
[  272.132971][ T7039] bridge0: port 2(bridge_slave_1) entered disabled state
[  272.158678][ T8166] vivid-000: =================  START STATUS  =================
[  272.166966][ T8166] vivid-000: Radio HW Seek Mode: Bounded
[  272.173421][ T8166] vivid-000: Radio Programmable HW Seek: false
[  272.180394][ T8166] vivid-000: RDS Rx I/O Mode: Block I/O
[  272.186619][ T8166] vivid-000: Generate RBDS Instead of RDS: false
[  272.193133][ T8166] vivid-000: RDS Reception: true
[  272.194320][ T7039] bridge_slave_0: left allmulticast mode
[  272.228247][ T8166] vivid-000: RDS Program Type: 0 inactive
[  272.234220][ T8166] vivid-000: RDS PS Name:  inactive
[  272.234392][ T7039] bridge_slave_0: left promiscuous mode
[  272.247893][ T8166] vivid-000: RDS Radio Text:  inactive
[  272.253653][ T8166] vivid-000: RDS Traffic Announcement: false inactive
[  272.254073][ T7039] bridge0: port 1(bridge_slave_0) entered disabled state
[  272.269592][ T8166] vivid-000: RDS Traffic Program: false inactive
[  272.276316][ T8166] vivid-000: RDS Music: false inactive
[  272.283664][ T8166] vivid-000: ==================  END STATUS  ==================
[  272.686036][    T8] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  272.791971][ T5281] usb 1-1: USB disconnect, device number 15
[  272.927309][    T8] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  272.965374][    T8] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  273.026216][    T8] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  273.065140][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  273.089527][ T8174] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  273.104267][    T8] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  273.613984][ T5230] Bluetooth: hci5: command tx timeout
[  273.814479][ T5282] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  274.052353][ T5282] usb 1-1: Using ep0 maxpacket: 8
[  274.073650][ T5282] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  274.095925][ T5282] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  274.105819][ T5282] usb 1-1: New USB device found, idVendor=04d8, idProduct=f372, bcdDevice= 0.00
[  274.115202][ T5282] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  274.134482][ T5282] usb 1-1: config 0 descriptor??
[  274.135097][ T7039] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  274.162007][ T7039] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  274.195144][ T7039] bond0 (unregistering): Released all slaves
[  274.219018][ T7039] bond1 (unregistering): Released all slaves
[  274.286961][ T8191] netlink: 8 bytes leftover after parsing attributes in process `syz.0.440'.
[  274.303789][ T8191] netlink: 12 bytes leftover after parsing attributes in process `syz.0.440'.
[  274.633610][ T5282] hid-led 0003:04D8:F372.000C: hidraw0: USB HID v0.00 Device [HID 04d8:f372] on usb-dummy_hcd.0-1/input0
[  274.711598][ T8206] netlink: 20 bytes leftover after parsing attributes in process `syz.2.442'.
[  274.755430][ T7928] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  274.875589][ T5282] hid-led 0003:04D8:F372.000C: Greynut Luxafor initialized
[  275.171900][ T7039] hsr_slave_0: left promiscuous mode
[  275.200949][ T7039] hsr_slave_1: left promiscuous mode
[  275.228257][ T7039] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  275.254990][ T7039] batman_adv: batadv0: Removing interface: batadv_slave_0
[  275.304832][    T8] usb 2-1: USB disconnect, device number 14
[  275.336805][ T7039] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  275.374429][ T7039] batman_adv: batadv0: Removing interface: batadv_slave_1
[  275.472191][   T29] audit: type=1326 audit(1726004238.609:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8217 comm="syz.1.444" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4e5d57def9 code=0x0
[  275.485716][ T7039] veth1_macvtap: left promiscuous mode
[  275.506934][ T7039] veth0_macvtap: left promiscuous mode
[  275.512916][ T7039] veth1_vlan: left promiscuous mode
[  275.528526][ T7039] veth0_vlan: left promiscuous mode
[  275.686813][ T5230] Bluetooth: hci5: command tx timeout
[  276.020483][ T5282] usb 1-1: USB disconnect, device number 16
[  276.077659][   T25] leds luxafor0:blue:led5: Setting an LED's brightness failed (-38)
[  276.104960][   T25] leds luxafor0:green:led5: Setting an LED's brightness failed (-38)
[  276.128154][   T25] leds luxafor0:red:led5: Setting an LED's brightness failed (-38)
[  276.159147][   T25] leds luxafor0:blue:led4: Setting an LED's brightness failed (-38)
[  276.180284][   T25] leds luxafor0:green:led4: Setting an LED's brightness failed (-38)
[  276.195053][   T25] leds luxafor0:red:led4: Setting an LED's brightness failed (-38)
[  276.211973][   T25] leds luxafor0:blue:led3: Setting an LED's brightness failed (-38)
[  276.235129][   T25] leds luxafor0:green:led3: Setting an LED's brightness failed (-38)
[  276.247679][   T25] leds luxafor0:red:led3: Setting an LED's brightness failed (-38)
[  276.269176][   T25] leds luxafor0:blue:led2: Setting an LED's brightness failed (-38)
[  276.280549][   T25] leds luxafor0:green:led2: Setting an LED's brightness failed (-38)
[  276.300062][   T25] leds luxafor0:red:led2: Setting an LED's brightness failed (-38)
[  276.329063][   T25] leds luxafor0:blue:led1: Setting an LED's brightness failed (-38)
[  276.338965][ T1170] vhci_hcd: vhci_device speed not set
[  276.358257][   T25] leds luxafor0:green:led1: Setting an LED's brightness failed (-38)
[  276.375498][   T25] leds luxafor0:red:led1: Setting an LED's brightness failed (-38)
[  276.391101][   T25] leds luxafor0:blue:led0: Setting an LED's brightness failed (-38)
[  276.402473][   T25] leds luxafor0:green:led0: Setting an LED's brightness failed (-38)
[  276.418774][ T5284] leds luxafor0:red:led0: Setting an LED's brightness failed (-38)
[  276.796697][   T29] audit: type=1326 audit(1726004239.929:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8233 comm="syz.0.446" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f15c2b7def9 code=0x0
[  277.090062][ T8238] fuse: Bad value for 'fd'
[  277.155434][ T7039] team0 (unregistering): Port device team_slave_1 removed
[  277.254998][ T7039] team0 (unregistering): Port device team_slave_0 removed
[  277.763845][ T8244] vivid-003: =================  START STATUS  =================
[  277.772354][ T5230] Bluetooth: hci5: command tx timeout
[  277.796093][ T8244] vivid-003: Radio HW Seek Mode: Bounded
[  277.801860][ T8244] vivid-003: Radio Programmable HW Seek: false
[  277.809290][ T8244] vivid-003: RDS Rx I/O Mode: Block I/O
[  277.815072][ T8244] vivid-003: Generate RBDS Instead of RDS: false
[  277.826184][ T8244] vivid-003: RDS Reception: true
[  277.833273][ T8244] vivid-003: RDS Program Type: 0 inactive
[  277.845248][ T8244] vivid-003: RDS PS Name:  inactive
[  277.860857][ T8244] vivid-003: RDS Radio Text:  inactive
[  277.870497][ T8244] vivid-003: RDS Traffic Announcement: false inactive
[  277.884761][ T8244] vivid-003: RDS Traffic Program: false inactive
[  277.920487][ T8244] vivid-003: RDS Music: false inactive
[  277.926508][ T8244] vivid-003: ==================  END STATUS  ==================
[  278.362820][ T8238] netlink: 12 bytes leftover after parsing attributes in process `syz.0.447'.
[  278.482462][ T5230] Bluetooth: hci0: unexpected cc 0x1408 length: 57 > 4
[  278.526180][    T8] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  278.651630][ T7928] 8021q: adding VLAN 0 to HW filter on device batadv0
[  278.728979][    T8] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  278.757544][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  278.788556][ T8159] chnl_net:caif_netlink_parms(): no params data found
[  278.808274][    T8] usb 2-1: config 0 descriptor??
[  279.030632][ T7928] veth0_vlan: entered promiscuous mode
[  279.176102][ T1170] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  279.240080][ T8159] bridge0: port 1(bridge_slave_0) entered blocking state
[  279.284342][ T8159] bridge0: port 1(bridge_slave_0) entered disabled state
[  279.311185][ T8159] bridge_slave_0: entered allmulticast mode
[  279.324938][ T8159] bridge_slave_0: entered promiscuous mode
[  279.352202][ T8274] netlink: 'syz.1.450': attribute type 10 has an invalid length.
[  279.406158][ T1170] usb 1-1: Using ep0 maxpacket: 16
[  279.467338][ T8274] 8021q: adding VLAN 0 to HW filter on device batadv0
[  279.482001][ T1170] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  279.521547][ T8274] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  279.530764][ T1170] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  279.581659][ T7928] veth1_vlan: entered promiscuous mode
[  279.595422][ T1170] usb 1-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00
[  279.626461][ T8159] bridge0: port 2(bridge_slave_1) entered blocking state
[  279.644154][ T1170] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  279.661279][ T8159] bridge0: port 2(bridge_slave_1) entered disabled state
[  279.684518][ T8159] bridge_slave_1: entered allmulticast mode
[  279.699510][ T1170] usb 1-1: config 0 descriptor??
[  279.723450][ T8159] bridge_slave_1: entered promiscuous mode
[  279.846680][ T5230] Bluetooth: hci5: command tx timeout
[  279.908975][ T8280] futex_wake_op: syz.2.454 tries to shift op by -1; fix this program
[  279.947426][    T8] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00
[  279.969631][ T8159] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  280.007894][    T8] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[  280.036855][    T8] [drm:udl_init] *ERROR* Selecting channel failed
[  280.060769][ T8159] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  280.111660][    T8] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2
[  280.145976][    T8] [drm] Initialized udl on minor 2
[  280.182524][    T8] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  280.214523][    T8] udl 2-1:0.0: [drm] Cannot find any crtc or sizes
[  280.242205][ T5281] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  280.264895][    T8] usb 2-1: USB disconnect, device number 15
[  280.284072][ T5281] udl 2-1:0.0: [drm] Cannot find any crtc or sizes
[  280.352101][ T8159] team0: Port device team_slave_0 added
[  280.441740][ T8159] team0: Port device team_slave_1 added
[  280.643070][ T8159] batman_adv: batadv0: Adding interface: batadv_slave_0
[  280.704249][ T8159] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  280.738101][ T8159] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  280.888515][   T29] audit: type=1326 audit(1726004244.029:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8290 comm="syz.2.455" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f05b617def9 code=0x0
[  281.022958][ T8159] batman_adv: batadv0: Adding interface: batadv_slave_1
[  281.058990][ T8159] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  281.132384][ T8159] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  281.358204][ T7928] veth0_macvtap: entered promiscuous mode
[  281.395589][ T8159] hsr_slave_0: entered promiscuous mode
[  281.413897][ T8159] hsr_slave_1: entered promiscuous mode
[  281.428780][ T8159] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  281.441548][ T8159] Cannot create hsr debugfs directory
[  281.476603][ T7928] veth1_macvtap: entered promiscuous mode
[  281.658206][ T8297] netlink: 8 bytes leftover after parsing attributes in process `syz.1.456'.
[  281.952361][ T1170] usbhid 1-1:0.0: can't add hid device: -71
[  281.997131][ T7928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  282.016511][ T1170] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  282.027577][ T7928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  282.046147][ T7928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  282.050965][ T1170] usb 1-1: USB disconnect, device number 17
[  282.078420][ T7928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  282.115265][ T7928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  282.135407][ T7928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  282.146971][ T7928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  282.160331][ T7928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  282.173528][ T7928] batman_adv: batadv0: Interface activated: batadv_slave_0
[  282.227532][ T7928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  282.279680][ T7928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  282.301121][ T7928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  282.316174][ T7928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  282.329116][ T7928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  282.340816][ T7928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  282.354845][ T7928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  282.361236][ T8318] xt_TPROXY: Can be used only with -p tcp or -p udp
[  282.367829][ T7928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  282.399204][ T7928] batman_adv: batadv0: Interface activated: batadv_slave_1
[  282.413563][ T8318] syz.2.459: attempt to access beyond end of device
[  282.413563][ T8318] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0
[  282.466687][ T7928] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  282.506020][ T7928] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  282.530862][ T7928] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  282.561664][ T7928] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  282.567281][ T5230] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  282.580186][ T5230] Bluetooth: hci0: Injecting HCI hardware error event
[  282.589543][ T4623] Bluetooth: hci0: hardware error 0x00
[  283.535298][ T8331] netlink: 'syz.2.462': attribute type 10 has an invalid length.
[  283.612445][   T29] audit: type=1326 audit(1726004246.749:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8330 comm="syz.2.462" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f05b617def9 code=0x0
[  283.665465][ T8331] team0: Port device dummy0 added
[  283.873768][ T7043] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  283.906758][ T7043] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  283.940702][ T8336] netlink: 'syz.0.463': attribute type 10 has an invalid length.
[  284.050563][ T7043] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  284.080778][ T7043] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  284.105776][ T8342] capability: warning: `syz.1.464' uses deprecated v2 capabilities in a way that may be insecure
[  284.206390][ T8159] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  284.235361][ T8159] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  284.284113][ T8159] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  284.351675][ T8159] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  284.689201][   T29] audit: type=1326 audit(1726004247.819:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8352 comm="syz.2.465" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f05b617def9 code=0x0
[  284.730099][ T4623] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  284.749972][ T5284] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  284.836904][ T8356] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  284.921588][ T8159] 8021q: adding VLAN 0 to HW filter on device bond0
[  284.982596][ T8159] 8021q: adding VLAN 0 to HW filter on device team0
[  285.026955][ T5284] usb 4-1: config 0 has an invalid interface number: 18 but max is 0
[  285.048584][ T7039] bridge0: port 1(bridge_slave_0) entered blocking state
[  285.055761][ T7039] bridge0: port 1(bridge_slave_0) entered forwarding state
[  285.079221][ T5284] usb 4-1: config 0 has no interface number 0
[  285.095598][ T5284] usb 4-1: config 0 interface 18 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  285.142809][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  285.150089][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  285.158769][ T5284] usb 4-1: config 0 interface 18 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  285.191689][ T5284] usb 4-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.10
[  285.242712][ T5284] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  285.272531][ T5284] usb 4-1: Manufacturer: syz
[  285.315458][ T5284] usb 4-1: config 0 descriptor??
[  285.374604][ T8159] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  285.593469][ T5282] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[  285.629617][ T5282] hid-generic 0000:0000:0000.000D: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  285.899246][ T8159] 8021q: adding VLAN 0 to HW filter on device batadv0
[  286.159807][ T8159] veth0_vlan: entered promiscuous mode
[  286.241398][ T8389] vivid-001: =================  START STATUS  =================
[  286.299417][ T8159] veth1_vlan: entered promiscuous mode
[  286.314765][ T8389] vivid-001: Radio HW Seek Mode: Bounded
[  286.321573][ T8389] vivid-001: Radio Programmable HW Seek: false
[  286.343139][ T8389] vivid-001: RDS Rx I/O Mode: Block I/O
[  286.430979][ T8389] vivid-001: Generate RBDS Instead of RDS: false
[  286.447708][ T8389] vivid-001: RDS Reception: true
[  286.507352][ T8389] vivid-001: RDS Program Type: 0 inactive
[  286.543146][ T8159] veth0_macvtap: entered promiscuous mode
[  286.549172][ T8397] tipc: Failed to remove unknown binding: 65,0,0/0:2821112001/2821112002
[  286.571387][ T8389] vivid-001: RDS PS Name:  inactive
[  286.590539][ T8159] veth1_macvtap: entered promiscuous mode
[  286.602219][ T8389] vivid-001: RDS Radio Text:  inactive
[  286.609552][ T8389] vivid-001: RDS Traffic Announcement: false inactive
[  286.617345][ T8389] vivid-001: RDS Traffic Program: false inactive
[  286.623951][ T8389] vivid-001: RDS Music: false inactive
[  286.638550][ T8389] vivid-001: ==================  END STATUS  ==================
[  286.747369][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  286.778489][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  286.822579][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  286.857529][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  286.888850][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  286.924913][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  286.985269][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  287.014113][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  287.031309][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  287.116812][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  287.134925][ T8159] batman_adv: batadv0: Interface activated: batadv_slave_0
[  287.225083][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  287.270277][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  287.323192][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  287.364050][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  287.426085][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  287.465529][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  287.502606][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  287.528312][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  287.545131][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  287.595427][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  287.637859][ T8159] batman_adv: batadv0: Interface activated: batadv_slave_1
[  287.727242][ T8159] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  287.752151][ T8159] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  287.770375][ T5284] usbhid 4-1:0.18: can't add hid device: -71
[  287.794651][ T5284] usbhid 4-1:0.18: probe with driver usbhid failed with error -71
[  287.807375][ T8159] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  287.826068][    T8] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  287.833846][ T8159] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  287.853694][ T5284] usb 4-1: USB disconnect, device number 12
[  288.036068][    T8] usb 1-1: Using ep0 maxpacket: 16
[  288.070472][    T8] usb 1-1: config 0 has an invalid interface number: 214 but max is 0
[  288.094824][    T8] usb 1-1: config 0 has no interface number 0
[  288.127235][    T8] usb 1-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64
[  288.183282][    T8] usb 1-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  288.210846][   T29] audit: type=1326 audit(1726004251.339:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8426 comm="syz.1.477" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4e5d57def9 code=0x0
[  288.212584][ T7028] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  288.233358][    T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  288.305640][    T8] usb 1-1: Product: syz
[  288.305656][ T7028] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  288.356247][    T8] usb 1-1: Manufacturer: syz
[  288.381772][    T8] usb 1-1: SerialNumber: syz
[  288.418404][    T8] usb 1-1: config 0 descriptor??
[  288.452388][ T7047] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  288.488331][ T7047] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  288.570609][   T29] audit: type=1326 audit(1726004251.709:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8438 comm="syz.1.478" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4e5d57def9 code=0x0
[  288.612327][ T1170] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0
[  288.648381][ T1170] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0
[  288.703161][ T1170] hid-generic 0000:0000:0000.000E: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  289.099971][ T8414] netlink: 32 bytes leftover after parsing attributes in process `syz.0.473'.
[  289.145276][    C0] Unknown status report in ack skb
[  289.238328][    T8] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.214/input/input10
[  289.317044][ T8451] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  289.600521][   T25] usb 1-1: USB disconnect, device number 18
[  289.807006][ T5284] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  289.860939][ T7043] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  289.896215][    T8] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  289.998785][ T7043] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  290.019021][ T5284] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  290.029100][ T5284] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  290.055610][ T5284] usb 5-1: config 0 descriptor??
[  290.098372][    T8] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  290.129622][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  290.209041][    T8] usb 2-1: config 0 descriptor??
[  290.268113][ T7043] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  290.429423][ T7043] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  290.928326][ T7043] bridge_slave_1: left allmulticast mode
[  290.946689][ T7043] bridge_slave_1: left promiscuous mode
[  290.958803][ T7043] bridge0: port 2(bridge_slave_1) entered disabled state
[  291.008394][ T7043] bridge_slave_0: left allmulticast mode
[  291.029246][ T7043] bridge_slave_0: left promiscuous mode
[  291.048054][ T7043] bridge0: port 1(bridge_slave_0) entered disabled state
[  291.296962][   T29] audit: type=1326 audit(1726004254.439:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8468 comm="syz.2.487" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f05b617def9 code=0x0
[  291.426450][ T5284] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00
[  291.480753][ T5284] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[  291.511952][ T5284] [drm:udl_init] *ERROR* Selecting channel failed
[  291.559705][ T5284] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2
[  291.578845][ T5284] [drm] Initialized udl on minor 2
[  291.612687][ T5230] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  291.614772][ T5284] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  291.630835][ T5230] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  291.642421][ T5230] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  291.655433][ T8471] xt_l2tp: missing protocol rule (udp|l2tpip)
[  291.662120][ T5230] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  291.677087][    T8] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00
[  291.687065][ T5230] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  291.696888][    T8] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[  291.704749][ T5230] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  291.713502][    T8] [drm:udl_init] *ERROR* Selecting channel failed
[  291.731677][    T8] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 3
[  291.747295][    T8] [drm] Initialized udl on minor 3
[  291.753306][    T8] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  291.764104][    T8] udl 2-1:0.0: [drm] Cannot find any crtc or sizes
[  291.801922][   T58] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  291.812433][    T8] usb 2-1: USB disconnect, device number 16
[  291.818606][   T58] udl 2-1:0.0: [drm] Cannot find any crtc or sizes
[  291.854747][ T5284] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[  291.927884][ T5284] usb 5-1: USB disconnect, device number 15
[  291.943108][ T5282] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  291.972366][ T5282] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed
[  292.042812][ T5282] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[  292.716009][   T58] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  292.746948][ T8486] syz.1.491 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  292.823520][   T29] audit: type=1326 audit(1726004255.959:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8487 comm="syz.0.492" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f15c2b7def9 code=0x0
[  292.867759][    T8] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[  292.879256][    T8] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[  292.891417][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  292.916712][    T8] hid-generic 0000:0000:0000.000F: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  292.968532][   T58] usb 5-1: Using ep0 maxpacket: 32
[  292.982581][   T58] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  293.012620][   T58] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  293.033258][   T58] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  293.059459][   T58] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  293.071384][   T58] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  293.087237][   T58] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  293.100431][   T58] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  293.120110][   T58] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  293.172562][   T58] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  293.196710][   T58] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  293.236024][   T58] usb 5-1: config 0 descriptor??
[  293.373196][ T7043] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  293.411896][ T7043] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  293.455394][ T7043] bond0 (unregistering): Released all slaves
[  293.493240][   T58] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 16 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  293.552135][   T58] usb 5-1: USB disconnect, device number 16
[  293.580177][ T8486] netlink: 168 bytes leftover after parsing attributes in process `syz.1.491'.
[  293.628484][   T58] usblp0: removed
[  293.776064][ T4623] Bluetooth: hci2: command tx timeout
[  294.601773][ T7043] hsr_slave_0: left promiscuous mode
[  294.670591][ T7043] hsr_slave_1: left promiscuous mode
[  294.713781][ T7043] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  294.764801][ T7043] batman_adv: batadv0: Removing interface: batadv_slave_0
[  294.787460][ T7043] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  294.806842][ T7043] batman_adv: batadv0: Removing interface: batadv_slave_1
[  294.882506][ T7043] veth1_macvtap: left promiscuous mode
[  294.903340][ T7043] veth0_macvtap: left promiscuous mode
[  294.923402][ T7043] veth1_vlan: left promiscuous mode
[  294.932549][ T7043] veth0_vlan: left promiscuous mode
[  295.514525][   T29] audit: type=1326 audit(1726004258.629:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8525 comm="syz.0.498" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f15c2b7def9 code=0x0
[  295.849300][ T4623] Bluetooth: hci2: command tx timeout
[  296.808311][ T1170] usb 1-1: new low-speed USB device number 19 using dummy_hcd
[  296.963503][   T25] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  296.966158][ T8545] PKCS7: Unknown OID: [5] 0.0
[  297.006220][ T8545] PKCS7: Only support pkcs7_signedData type
[  297.040644][ T1170] usb 1-1: too many configurations: 21, using maximum allowed: 8
[  297.060734][ T1170] usb 1-1: unable to read config index 0 descriptor/start: -61
[  297.075995][ T1170] usb 1-1: can't read configurations, error -61
[  297.196023][   T25] usb 5-1: Using ep0 maxpacket: 32
[  297.218172][   T25] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  297.234125][   T25] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 22
[  297.250087][ T1170] usb 1-1: new low-speed USB device number 20 using dummy_hcd
[  297.265508][   T25] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  297.270146][ T7043] team0 (unregistering): Port device team_slave_1 removed
[  297.304960][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  297.326042][   T25] usb 5-1: SerialNumber: syz
[  297.357080][   T25] cdc_acm 5-1:1.0: Control and data interfaces are not separated!
[  297.376343][   T25] cdc_acm 5-1:1.0: This needs exactly 3 endpoints
[  297.414035][   T25] cdc_acm 5-1:1.0: probe with driver cdc_acm failed with error -22
[  297.436766][ T1170] usb 1-1: too many configurations: 21, using maximum allowed: 8
[  297.466977][ T1170] usb 1-1: unable to read config index 0 descriptor/start: -61
[  297.495229][ T1170] usb 1-1: can't read configurations, error -61
[  297.511328][ T1170] usb usb1-port1: attempt power cycle
[  297.517177][ T7043] team0 (unregistering): Port device team_slave_0 removed
[  297.929444][ T4623] Bluetooth: hci2: command tx timeout
[  297.986693][ T1170] usb 1-1: new low-speed USB device number 21 using dummy_hcd
[  298.063599][ T1170] usb 1-1: too many configurations: 21, using maximum allowed: 8
[  298.088880][ T1170] usb 1-1: unable to read config index 0 descriptor/start: -61
[  298.101614][ T1170] usb 1-1: can't read configurations, error -61
[  298.306013][ T1170] usb 1-1: new low-speed USB device number 22 using dummy_hcd
[  298.344217][ T1170] usb 1-1: too many configurations: 21, using maximum allowed: 8
[  298.374769][ T1170] usb 1-1: unable to read config index 0 descriptor/start: -61
[  298.398779][ T1170] usb 1-1: can't read configurations, error -61
[  298.413807][ T1170] usb usb1-port1: unable to enumerate USB device
[  298.573968][ T8521] bridge0: entered allmulticast mode
[  298.611360][ T8532] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  298.864222][ T8553] netlink: 'syz.2.504': attribute type 1 has an invalid length.
[  298.883634][ T8478] chnl_net:caif_netlink_parms(): no params data found
[  299.004453][   T29] audit: type=1326 audit(1726004262.139:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8549 comm="syz.1.503" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4e5d57def9 code=0x0
[  299.039167][ T1170] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0
[  299.071958][ T8554] x_tables: unsorted underflow at hook 3
[  299.075971][ T1170] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0
[  299.144833][ T1170] hid-generic 0000:0000:0000.0010: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  299.214595][   T29] audit: type=1326 audit(1726004262.349:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8551 comm="syz.2.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05b617def9 code=0x7ffc0000
[  299.332627][   T29] audit: type=1326 audit(1726004262.349:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8551 comm="syz.2.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7f05b617def9 code=0x7ffc0000
[  299.456816][   T29] audit: type=1326 audit(1726004262.349:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8551 comm="syz.2.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05b617def9 code=0x7ffc0000
[  299.507386][   T29] audit: type=1326 audit(1726004262.349:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8551 comm="syz.2.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05b617def9 code=0x7ffc0000
[  299.531568][   T29] audit: type=1326 audit(1726004262.349:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8551 comm="syz.2.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f05b617def9 code=0x7ffc0000
[  299.577092][   T29] audit: type=1326 audit(1726004262.349:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8551 comm="syz.2.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05b617def9 code=0x7ffc0000
[  299.613078][ T8478] bridge0: port 1(bridge_slave_0) entered blocking state
[  299.629058][ T8478] bridge0: port 1(bridge_slave_0) entered disabled state
[  299.654666][ T8568] netlink: 28 bytes leftover after parsing attributes in process `syz.1.505'.
[  299.677335][   T29] audit: type=1326 audit(1726004262.349:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8551 comm="syz.2.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05b617def9 code=0x7ffc0000
[  299.718021][ T8478] bridge_slave_0: entered allmulticast mode
[  299.755649][ T8478] bridge_slave_0: entered promiscuous mode
[  299.781801][   T29] audit: type=1326 audit(1726004262.349:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8551 comm="syz.2.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f05b617def9 code=0x7ffc0000
[  299.795312][ T8478] bridge0: port 2(bridge_slave_1) entered blocking state
[  299.841276][ T8478] bridge0: port 2(bridge_slave_1) entered disabled state
[  299.874092][ T8478] bridge_slave_1: entered allmulticast mode
[  299.887184][ T8478] bridge_slave_1: entered promiscuous mode
[  299.901313][   T58] usb 5-1: USB disconnect, device number 17
[  299.921180][   T29] audit: type=1326 audit(1726004262.409:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8551 comm="syz.2.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05b617def9 code=0x7ffc0000
[  300.008756][ T4623] Bluetooth: hci2: command tx timeout
[  300.153614][ T8568] netlink: 20 bytes leftover after parsing attributes in process `syz.1.505'.
[  300.307638][ T8478] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  300.362330][ T8478] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  300.632352][ T8478] team0: Port device team_slave_0 added
[  300.661641][ T8478] team0: Port device team_slave_1 added
[  300.839321][ T8478] batman_adv: batadv0: Adding interface: batadv_slave_0
[  300.863249][ T8478] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  300.954270][ T8478] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  301.143534][ T8601] kvm: pic: non byte write
[  301.150998][ T8597] vxlan0: entered promiscuous mode
[  301.242907][ T8478] batman_adv: batadv0: Adding interface: batadv_slave_1
[  301.273967][ T8478] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  301.342158][ T8478] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  301.475958][    T8] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  301.537506][ T8478] hsr_slave_0: entered promiscuous mode
[  301.550754][ T8478] hsr_slave_1: entered promiscuous mode
[  301.669488][    T8] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  301.701826][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  301.751284][    T8] usb 3-1: config 0 descriptor??
[  301.938506][ T1170] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[  301.962637][ T1170] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[  301.990362][ T1170] hid-generic 0000:0000:0000.0011: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  301.994228][    T8] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00
[  302.061764][    T8] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[  302.108189][    T8] [drm:udl_init] *ERROR* Selecting channel failed
[  302.195801][    T8] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 2
[  302.225726][    T8] [drm] Initialized udl on minor 2
[  302.247647][    T8] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  302.273425][    T8] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  302.298816][ T5283] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  302.314300][    T8] usb 3-1: USB disconnect, device number 18
[  302.341726][ T5283] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  302.640159][ T8626] vlan2: entered allmulticast mode
[  302.727825][ T5283] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  302.928781][ T5283] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  302.958289][ T5283] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  303.002665][ T5283] usb 1-1: config 0 descriptor??
[  303.176129][    T8] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  303.406024][    T8] usb 5-1: Using ep0 maxpacket: 16
[  303.438463][    T8] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  303.453280][ T8646] netlink: 'syz.0.517': attribute type 10 has an invalid length.
[  303.467193][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  303.501673][    T8] usb 5-1: Product: syz
[  303.527874][    T8] usb 5-1: Manufacturer: syz
[  303.582352][    T8] usb 5-1: SerialNumber: syz
[  303.614627][    T8] r8152-cfgselector 5-1: Unknown version 0x0000
[  303.630151][    T8] r8152-cfgselector 5-1: config 0 descriptor??
[  303.696956][ T8478] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  303.734531][ T8478] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  303.763886][ T8478] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  303.811232][ T8478] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  303.885021][ T8637] x_tables: ip_tables: ah match: only valid for protocol 51
[  303.937434][    T8] r8152-cfgselector 5-1: Unknown version 0x0000
[  303.967406][    T8] r8152-cfgselector 5-1: bad CDC descriptors
[  303.983888][ T5283] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00
[  304.030047][ T5283] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[  304.063567][ T5283] [drm:udl_init] *ERROR* Selecting channel failed
[  304.126630][ T5283] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 2
[  304.141740][ T5283] [drm] Initialized udl on minor 2
[  304.156836][ T5283] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  304.171803][ T5283] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[  304.179557][    T8] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  304.220909][ T5283] usb 1-1: USB disconnect, device number 23
[  304.236135][    T8] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  304.244246][    T8] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[  304.338927][    T8] r8152-cfgselector 5-1: USB disconnect, device number 18
[  304.458212][   T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  304.473657][   T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  304.698314][   T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  304.727808][   T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  304.894104][   T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  304.921680][   T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  305.226288][   T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  305.257796][ T8668] random: crng reseeded on system resumption
[  305.273465][   T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  305.407428][ T8672] netlink: 156 bytes leftover after parsing attributes in process `syz.4.527'.
[  305.422096][ T8478] 8021q: adding VLAN 0 to HW filter on device bond0
[  305.563736][ T8478] 8021q: adding VLAN 0 to HW filter on device team0
[  305.593988][ T7028] bridge0: port 1(bridge_slave_0) entered blocking state
[  305.601224][ T7028] bridge0: port 1(bridge_slave_0) entered forwarding state
[  305.831310][ T7043] bridge0: port 2(bridge_slave_1) entered blocking state
[  305.838501][ T7043] bridge0: port 2(bridge_slave_1) entered forwarding state
[  305.932939][   T12] bridge_slave_1: left allmulticast mode
[  305.953984][   T12] bridge_slave_1: left promiscuous mode
[  305.977045][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  306.012306][   T12] bridge_slave_0: left allmulticast mode
[  306.023954][   T12] bridge_slave_0: left promiscuous mode
[  306.034551][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  306.346726][ T5230] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  306.363412][ T5230] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  306.372998][ T5230] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  306.383381][ T5230] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  306.393570][ T5230] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  306.401220][ T5230] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  307.855242][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  307.903945][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  307.968917][   T12] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  308.016709][   T12] bond0 (unregistering): Released all slaves
[  308.219119][ T8713] netlink: 8 bytes leftover after parsing attributes in process `syz.4.530'.
[  308.238542][ T8713] netlink: 4 bytes leftover after parsing attributes in process `syz.4.530'.
[  308.305001][ T8713] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  308.355189][ T8713] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  308.367484][ T8713] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  308.388756][ T8713] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  308.406041][ T8713] geneve2: entered promiscuous mode
[  308.412009][ T8713] geneve2: entered allmulticast mode
[  308.486099][ T4623] Bluetooth: hci3: command tx timeout
[  309.215301][   T12] hsr_slave_0: left promiscuous mode
[  309.230273][   T12] hsr_slave_1: left promiscuous mode
[  309.255803][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  309.282579][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  309.304817][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  309.325032][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  309.433823][   T12] veth1_macvtap: left promiscuous mode
[  309.440102][   T12] veth0_macvtap: left promiscuous mode
[  309.452170][   T12] veth1_vlan: left promiscuous mode
[  309.460408][   T12] veth0_vlan: left promiscuous mode
[  309.736017][    T9] usb 3-1: new full-speed USB device number 19 using dummy_hcd
[  309.960053][    T9] usb 3-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  310.010024][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  310.056385][    T9] usb 3-1: config 0 descriptor??
[  310.566241][ T4623] Bluetooth: hci3: command tx timeout
[  311.730809][   T12] team0 (unregistering): Port device team_slave_1 removed
[  311.901155][   T12] team0 (unregistering): Port device team_slave_0 removed
[  311.928455][    T9] pegasus 3-1:0.0: probe with driver pegasus failed with error -110
[  312.478241][    T9] usb 3-1: USB disconnect, device number 19
[  312.646291][ T4623] Bluetooth: hci3: command tx timeout
[  313.120845][ T8478] 8021q: adding VLAN 0 to HW filter on device batadv0
[  313.506122][ T5284] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  313.528737][   T30] INFO: task syz.4.188:6387 blocked for more than 143 seconds.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  313.553689][   T30]       Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0
[  313.589038][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  313.617884][   T30] task:syz.4.188       state:D stack:25328 pid:6387  tgid:6387  ppid:5239   flags:0x00000004
[  313.623610][ T8692] chnl_net:caif_netlink_parms(): no params data found
[  313.708573][   T30] Call Trace:
[  313.708573][ T5284] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  313.708621][ T5284] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  313.711912][   T30]  <TASK>
[  313.711942][   T30]  __schedule+0x1800/0x4a60
[  313.810156][ T5284] usb 1-1: config 0 descriptor??
[  313.817836][   T30]  ? __pfx___schedule+0x10/0x10
[  313.822790][   T30]  ? __pfx_lock_release+0x10/0x10
[  313.855895][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  313.861454][   T30]  ? schedule+0x90/0x320
[  313.865756][   T30]  schedule+0x14b/0x320
[  313.932049][   T30]  schedule_preempt_disabled+0x13/0x30
[  313.949613][   T30]  __mutex_lock+0x6a4/0xd70
[  313.954334][   T30]  ? __mutex_lock+0x527/0xd70
[  313.965166][   T30]  ? hugetlb_fault+0x56f/0x3770
[  313.970191][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  313.975368][   T30]  ? __lock_acquire+0x137a/0x2040
[  313.980579][   T30]  hugetlb_fault+0x56f/0x3770
[  313.985344][   T30]  ? __pfx_hugetlb_fault+0x10/0x10
[  313.991797][   T30]  ? reacquire_held_locks+0x3eb/0x690
[  313.997381][   T30]  ? lock_vma_under_rcu+0x2f9/0x6e0
[  314.003365][   T30]  ? __pfx_reacquire_held_locks+0x10/0x10
[  314.010404][   T30]  handle_mm_fault+0x1901/0x1bc0
[  314.015426][   T30]  ? mtree_range_walk+0x6fd/0x8e0
[  314.021018][   T30]  ? __pfx_lock_release+0x10/0x10
[  314.034932][   T30]  ? lock_vma_under_rcu+0x2f9/0x6e0
[  314.040393][   T30]  ? __pfx_handle_mm_fault+0x10/0x10
[  314.045741][   T30]  ? lock_vma_under_rcu+0x592/0x6e0
[  314.055965][   T30]  ? lock_vma_under_rcu+0x18a/0x6e0
[  314.061249][   T30]  ? __pfx_lock_vma_under_rcu+0x10/0x10
[  314.074398][   T30]  ? exc_page_fault+0x113/0x8c0
[  314.079957][   T30]  exc_page_fault+0x459/0x8c0
[  314.084800][   T30]  asm_exc_page_fault+0x26/0x30
[  314.102455][   T30] RIP: 0033:0x7fb07494597c
[  314.112039][   T30] RSP: 002b:00007fb074c5fb88 EFLAGS: 00010246
[  314.124072][   T30] RAX: 0000000020000d00 RBX: 0000000000000004 RCX: 8000000000000010
[  314.132321][   T30] RDX: 0000000000000010 RSI: 00007fb0744005d5 RDI: 0000000020000d00
[  314.145909][   T30] RBP: 00007fb074b37a80 R08: 00007fb074800000 R09: 0000000000000001
[  314.153959][   T30] R10: 0000000000000001 R11: 0000000000000009 R12: 0000000000025e6e
[  314.169968][   T30] R13: 00007fb074c5fc90 R14: 0000000000000032 R15: fffffffffffffffe
[  314.195929][   T30]  </TASK>
[  314.199168][   T30] INFO: task syz.4.188:6388 blocked for more than 144 seconds.
[  314.223922][   T30]       Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0
[  314.235570][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  314.255236][   T30] task:syz.4.188       state:D stack:23960 pid:6388  tgid:6387  ppid:5239   flags:0x00004006
[  314.265985][   T30] Call Trace:
[  314.269316][   T30]  <TASK>
[  314.272283][   T30]  __schedule+0x1800/0x4a60
[  314.277797][   T30]  ? __pfx___schedule+0x10/0x10
[  314.282722][   T30]  ? __pfx_lock_release+0x10/0x10
[  314.295897][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  314.301439][   T30]  ? schedule+0x90/0x320
[  314.305739][   T30]  schedule+0x14b/0x320
[  314.319871][   T30]  schedule_preempt_disabled+0x13/0x30
[  314.325395][   T30]  __mutex_lock+0x6a4/0xd70
[  314.337477][   T30]  ? __mutex_lock+0x527/0xd70
[  314.342225][   T30]  ? hugetlb_wp+0x104d/0x3a90
[  314.350125][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  314.355224][   T30]  ? __pfx_up_write+0x10/0x10
[  314.360282][   T30]  ? do_raw_spin_unlock+0x13c/0x8b0
[  314.365532][   T30]  ? vma_interval_tree_iter_next+0x193/0x340
[  314.371890][   T30]  hugetlb_wp+0x104d/0x3a90
[  314.376518][   T30]  ? mark_lock+0x9a/0x350
[  314.380963][   T30]  ? __pfx_hugetlb_wp+0x10/0x10
[  314.385907][   T30]  ? __pfx___might_resched+0x10/0x10
[  314.391237][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  314.396416][   T30]  ? do_raw_spin_lock+0x14f/0x370
[  314.401487][   T30]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  314.407291][   T30]  ? __filemap_get_folio+0x769/0xc10
[  314.413223][   T30]  hugetlb_fault+0x27b2/0x3770
[  314.418149][   T30]  ? __pfx_hugetlb_fault+0x10/0x10
[  314.423311][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  314.429372][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  314.435772][   T30]  ? handle_mm_fault+0x1b44/0x1bc0
[  314.442123][   T30]  handle_mm_fault+0x1901/0x1bc0
[  314.447178][   T30]  ? mt_find+0x62d/0x850
[  314.451459][   T30]  ? mt_find+0x226/0x850
[  314.455727][   T30]  ? __pfx_mt_find+0x10/0x10
[  314.460485][   T30]  ? __pfx_handle_mm_fault+0x10/0x10
[  314.465820][   T30]  ? find_vma+0xf9/0x170
[  314.470165][   T30]  ? __pfx_find_vma+0x10/0x10
[  314.474881][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  314.481398][   T30]  ? lock_mm_and_find_vma+0x9c/0x2f0
[  314.486803][   T30]  exc_page_fault+0x2b9/0x8c0
[  314.491539][   T30]  asm_exc_page_fault+0x26/0x30
[  314.496584][   T30] RIP: 0010:rep_movs_alternative+0x4a/0x70
[  314.502434][   T30] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 <f3> a4 c3 cc cc cc cc 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1
[  314.523492][   T30] RSP: 0018:ffffc9000429fad0 EFLAGS: 00050246
[  314.529716][   T30] RAX: ffffffff84b29701 RBX: 000000002000ee00 RCX: 0000000000000040
[  314.537934][   T30] RDX: 0000000000000000 RSI: ffffc9000429fb60 RDI: 000000002000edc0
[  314.547499][   T30] RBP: ffffc9000429fc10 R08: ffffc9000429fb9f R09: 1ffff92000853f73
[  314.555559][   T30] R10: dffffc0000000000 R11: fffff52000853f74 R12: 0000000000000040
[  314.563938][   T30] R13: 000000000000e780 R14: 000000002000edc0 R15: ffffc9000429fb60
[  314.572227][   T30]  ? _copy_to_user+0x11/0xb0
[  314.577232][   T30]  _copy_to_user+0x86/0xb0
[  314.581700][   T30]  rng_dev_read+0x3be/0x6d0
[  314.587372][   T30]  ? __pfx_rng_dev_read+0x10/0x10
[  314.592484][   T30]  ? security_file_permission+0x7f/0xa0
[  314.598404][   T30]  ? rw_verify_area+0x52a/0x6b0
[  314.603302][   T30]  vfs_readv+0x6c2/0xa90
[  314.607880][   T30]  ? __pfx_rng_dev_read+0x10/0x10
[  314.612953][   T30]  ? __pfx_vfs_readv+0x10/0x10
[  314.618721][   T30]  ? __fget_files+0x29/0x470
[  314.623435][   T30]  __x64_sys_preadv+0x1c7/0x2d0
[  314.628630][   T30]  ? __pfx___x64_sys_preadv+0x10/0x10
[  314.634050][   T30]  ? do_syscall_64+0x100/0x230
[  314.639193][   T30]  ? do_syscall_64+0xb6/0x230
[  314.643921][   T30]  do_syscall_64+0xf3/0x230
[  314.648970][   T30]  ? clear_bhb_loop+0x35/0x90
[  314.653790][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.661337][   T30] RIP: 0033:0x7fb07497def9
[  314.665818][   T30] RSP: 002b:00007fb075852038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  314.674363][   T30] RAX: ffffffffffffffda RBX: 00007fb074b35f80 RCX: 00007fb07497def9
[  314.682469][   T30] RDX: 0000000000000002 RSI: 0000000020000580 RDI: 0000000000000005
[  314.690506][   T30] RBP: 00007fb0749f09f6 R08: 0000000000000000 R09: 0000000000000000
[  314.698625][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  314.706737][   T30] R13: 0000000000000000 R14: 00007fb074b35f80 R15: 00007fb074c5fa28
[  314.714758][   T30]  </TASK>
[  314.736022][ T4623] Bluetooth: hci3: command tx timeout
[  314.736699][   T30] INFO: task syz.4.188:6389 blocked for more than 144 seconds.
[  314.778026][   T30]       Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0
[  314.785734][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  314.794831][   T30] task:syz.4.188       state:D stack:22296 pid:6389  tgid:6387  ppid:5239   flags:0x00004006
[  314.805424][   T30] Call Trace:
[  314.809721][   T30]  <TASK>
[  314.816101][   T30]  __schedule+0x1800/0x4a60
[  314.821260][   T30]  ? __pfx___schedule+0x10/0x10
[  314.826577][   T30]  ? __pfx_lock_release+0x10/0x10
[  314.831667][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  314.837971][   T30]  ? schedule+0x90/0x320
[  314.842304][   T30]  schedule+0x14b/0x320
[  314.846840][   T30]  io_schedule+0x8d/0x110
[  314.851302][   T30]  folio_wait_bit_common+0x882/0x12b0
[  314.866143][   T30]  ? __pfx_folio_wait_bit_common+0x10/0x10
[  314.872011][   T30]  ? __pfx_wake_page_function+0x10/0x10
[  314.895902][   T30]  ? _raw_spin_unlock+0x28/0x50
[  314.900841][   T30]  ? __vma_reservation_common+0x498/0x7d0
[  314.915905][   T30]  __filemap_get_folio+0xb7/0xc10
[  314.921021][   T30]  hugetlb_fault+0x1b72/0x3770
[  314.945980][   T30]  ? __pfx_hugetlb_fault+0x10/0x10
[  314.951205][   T30]  ? mt_find+0x226/0x850
[  314.955478][   T30]  ? __pfx_lock_release+0x10/0x10
[  314.995891][   T30]  handle_mm_fault+0x1901/0x1bc0
[  315.000930][   T30]  ? mt_find+0x62d/0x850
[  315.005208][   T30]  ? mt_find+0x226/0x850
[  315.056097][   T30]  ? __pfx_mt_find+0x10/0x10
[  315.060777][   T30]  ? __pfx_handle_mm_fault+0x10/0x10
[  315.095975][   T30]  ? find_vma+0xf9/0x170
[  315.100404][   T30]  ? __pfx_find_vma+0x10/0x10
[  315.105129][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  315.185882][   T30]  ? lock_mm_and_find_vma+0x9c/0x2f0
[  315.191269][   T30]  exc_page_fault+0x2b9/0x8c0
[  315.226041][   T30]  asm_exc_page_fault+0x26/0x30
[  315.231598][   T30] RIP: 0010:__put_user_8+0x11/0x20
[  315.275892][   T30] Code: 84 00 00 00 00 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <48> 89 01 31 c9 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90
[  315.339734][   T30] RSP: 0018:ffffc90003627778 EFLAGS: 00050202
[  315.358754][   T30] RAX: 0000000000800000 RBX: 0000000000000000 RCX: 0000000020000020
[  315.375890][   T30] RDX: 0000000000000000 RSI: ffffffff8c0ae6e0 RDI: ffffffff8c608f40
[  315.383936][   T30] RBP: ffffc90003627ec8 R08: ffffffff901875ef R09: 1ffffffff2030ebd
[  315.399910][   T30] R10: dffffc0000000000 R11: fffffbfff2030ebe R12: 1ffff920006c4f7d
[  315.408115][   T30] R13: 1ffff920006c4f08 R14: 0000000020800000 R15: 0000000000800000
[  315.416201][   T30]  userfaultfd_ioctl+0x28e7/0x70a0
[  315.421468][   T30]  ? stack_trace_save+0x118/0x1d0
[  315.426660][   T30]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  315.432175][   T30]  ? stack_depot_save_flags+0x29/0x830
[  315.438379][   T30]  ? kasan_save_track+0x51/0x80
[  315.443280][   T30]  ? kasan_save_track+0x3f/0x80
[  315.448795][   T30]  ? kasan_save_free_info+0x40/0x50
[  315.454048][   T30]  ? poison_slab_object+0xe0/0x150
[  315.460406][   T30]  ? __kasan_slab_free+0x37/0x60
[  315.465392][   T30]  ? kfree+0x149/0x360
[  315.469614][   T30]  ? tomoyo_path_number_perm+0x68d/0x880
[  315.475466][   T30]  ? security_file_ioctl+0x75/0xb0
[  315.486339][   T30]  ? __se_sys_ioctl+0x47/0x170
[  315.491154][   T30]  ? do_syscall_64+0xf3/0x230
[  315.505813][   T30]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.512526][   T30]  ? do_vfs_ioctl+0xf0e/0x2e50
[  315.517684][   T30]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  315.522775][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  315.529849][   T30]  ? tomoyo_path_number_perm+0x208/0x880
[  315.535554][   T30]  ? __pfx_lock_release+0x10/0x10
[  315.541286][   T30]  ? kfree+0x149/0x360
[  315.545521][   T30]  ? tomoyo_path_number_perm+0x208/0x880
[  315.551374][   T30]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  315.557632][   T30]  ? __fget_files+0x29/0x470
[  315.562262][   T30]  ? __fget_files+0x3f6/0x470
[  315.568194][   T30]  ? __fget_files+0x29/0x470
[  315.572836][   T30]  ? bpf_lsm_file_ioctl+0x9/0x10
[  315.577908][   T30]  ? security_file_ioctl+0x87/0xb0
[  315.583100][   T30]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  315.588681][   T30]  __se_sys_ioctl+0xfc/0x170
[  315.593309][   T30]  do_syscall_64+0xf3/0x230
[  315.597966][   T30]  ? clear_bhb_loop+0x35/0x90
[  315.602694][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.608858][   T30] RIP: 0033:0x7fb07497def9
[  315.613308][   T30] RSP: 002b:00007fb075831038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  315.622594][   T30] RAX: ffffffffffffffda RBX: 00007fb074b36058 RCX: 00007fb07497def9
[  315.631067][   T30] RDX: 0000000020000000 RSI: 00000000c028aa03 RDI: 0000000000000009
[  315.639878][   T30] RBP: 00007fb0749f09f6 R08: 0000000000000000 R09: 0000000000000000
[  315.648111][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  315.656303][   T30] R13: 0000000000000000 R14: 00007fb074b36058 R15: 00007fb074c5fa28
[  315.664355][   T30]  </TASK>
[  315.668799][   T30] 
[  315.668799][   T30] Showing all locks held in the system:
[  315.705441][   T30] 5 locks held by kworker/u8:1/12:
[  315.711057][   T30]  #0: ffff88801bae5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  315.722330][   T30]  #1: ffffc90000117d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  315.733060][   T30]  #2: ffffffff8fc7f750 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[  315.743664][   T30]  #3: ffff88805e6ad428 (&wg->device_update_lock){+.+.}-{3:3}, at: wg_destruct+0x110/0x2e0
[  315.753992][   T30]  #4: ffffffff8e93d5c0 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x4c/0x530
[  315.764336][   T30] 1 lock held by khungtaskd/30:
[  315.769613][   T30]  #0: ffffffff8e938320 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[  315.779635][   T30] 3 locks held by kworker/u8:4/65:
[  315.784780][   T30]  #0: ffff88802faa1148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  315.796609][   T30]  #1: ffffc900020afd00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  315.810633][   T30]  #2: ffffffff8fc8c308 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0
[  315.820223][   T30] 1 lock held by dhcpcd/4899:
[  315.824925][   T30]  #0: ffffffff8fc8c308 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x2ce/0x1bc0
[  315.834246][   T30] 2 locks held by getty/4984:
[  315.838983][   T30]  #0: ffff88803054c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  315.849738][   T30]  #1: ffffc900034c32f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6ac/0x1e00
[  315.859985][   T30] 5 locks held by kworker/1:5/5284:
[  315.865212][   T30]  #0: ffff8880226f6948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  315.878139][   T30]  #1: ffffc900042cfd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  315.890553][   T30]  #2: ffff888028ef4190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150
[  315.899751][   T30]  #3: ffff888067a3b190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520
[  315.909409][   T30]  #4: ffff88805b0cc160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520
[  315.919352][   T30] 2 locks held by syz.4.188/6387:
[  315.924632][   T30]  #0: ffff88805f377d18 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x2f9/0x6e0
[  315.935138][   T30]  #1: ffff888020ebe068 (&hugetlb_fault_mutex_table[i]){+.+.}-{3:3}, at: hugetlb_fault+0x56f/0x3770
[  315.946148][   T30] 2 locks held by syz.4.188/6388:
[  315.951798][   T30]  #0: ffff888033f80198 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock_killable+0x1d/0x70
[  315.962118][   T30]  #1: ffff888020ebe068 (&hugetlb_fault_mutex_table[i]){+.+.}-{3:3}, at: hugetlb_wp+0x104d/0x3a90
[  315.972892][   T30] 3 locks held by syz.4.188/6389:
[  315.978020][   T30]  #0: ffff888033f80198 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock_killable+0x1d/0x70
[  315.988229][   T30]  #1: ffff888020ebe068 (&hugetlb_fault_mutex_table[i]){+.+.}-{3:3}, at: hugetlb_fault+0x56f/0x3770
[  315.999213][   T30]  #2: ffff88803277f4e8 (&resv_map->rw_sema){++++}-{3:3}, at: hugetlb_fault+0x675/0x3770
[  316.009442][   T30] 2 locks held by kworker/u8:25/7051:
[  316.014936][   T30]  #0: ffff8880b883e9d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb0/0x140
[  316.025020][   T30]  #1: ffff8880b8928948 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x441/0x770
[  316.037635][   T30] 3 locks held by syz-executor/8478:
[  316.042959][   T30]  #0: ffff8880707fcd80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510
[  316.053994][   T30]  #1: ffff8880707fc078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x572/0x11a0
[  316.063907][   T30]  #2: ffffffff8e93d6f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830
[  316.074931][   T30] 3 locks held by syz-executor/8692:
[  316.080289][   T30]  #0: ffff888066714d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510
[  316.091101][   T30]  #1: ffff888066714078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x572/0x11a0
[  316.101045][   T30]  #2: ffffffff8fdf7e28 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240
[  316.111312][   T30] 3 locks held by syz.4.534/8760:
[  316.116548][   T30]  #0: ffffffff8fc7f750 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0
[  316.126142][   T30]  #1: ffffffff8fc8c308 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90
[  316.136272][   T30]  #2: ffffffff8e93d6f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830
[  316.148491][   T30] 1 lock held by syz.2.538/8776:
[  316.154085][   T30]  #0: ffffffff8fc8c308 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0
[  316.163228][   T30] 1 lock held by syz.0.539/8779:
[  316.168435][   T30]  #0: ffffffff8fc8c308 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0
[  316.185231][   T30] 
[  316.189662][   T30] =============================================
[  316.189662][   T30] 
[  316.203101][   T30] NMI backtrace for cpu 1
[  316.207583][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0
[  316.218117][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  316.228183][   T30] Call Trace:
[  316.231468][   T30]  <TASK>
[  316.234404][   T30]  dump_stack_lvl+0x241/0x360
[  316.239099][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  316.244310][   T30]  ? __pfx__printk+0x10/0x10
[  316.248930][   T30]  ? vprintk_emit+0x667/0x7c0
[  316.253624][   T30]  ? __pfx_vprintk_emit+0x10/0x10
[  316.258681][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[  316.263655][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  316.269127][   T30]  ? _printk+0xd5/0x120
[  316.273305][   T30]  ? __pfx__printk+0x10/0x10
[  316.277928][   T30]  ? __wake_up_klogd+0xcc/0x110
[  316.282805][   T30]  ? __pfx__printk+0x10/0x10
[  316.287423][   T30]  ? __rcu_read_unlock+0xa1/0x110
[  316.292466][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  316.298467][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[  316.304471][   T30]  watchdog+0xff4/0x1040
[  316.308740][   T30]  ? watchdog+0x1ea/0x1040
[  316.313193][   T30]  ? __pfx_watchdog+0x10/0x10
[  316.317885][   T30]  kthread+0x2f0/0x390
[  316.321960][   T30]  ? __pfx_watchdog+0x10/0x10
[  316.326648][   T30]  ? __pfx_kthread+0x10/0x10
[  316.331329][   T30]  ret_from_fork+0x4b/0x80
[  316.335757][   T30]  ? __pfx_kthread+0x10/0x10
[  316.340361][   T30]  ret_from_fork_asm+0x1a/0x30
[  316.345151][   T30]  </TASK>
[  316.349743][   T30] Sending NMI from CPU 1 to CPUs 0:
[  316.356767][    C0] NMI backtrace for cpu 0
[  316.356784][    C0] CPU: 0 UID: 0 PID: 7039 Comm: kworker/u8:19 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0
[  316.356810][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  316.356825][    C0] Workqueue: events_unbound cfg80211_wiphy_work
[  316.356860][    C0] RIP: 0010:unwind_next_frame+0x527/0x2a00
[  316.356896][    C0] Code: 75 34 48 63 2b 48 01 dd 48 89 ef 4c 89 f6 e8 b0 62 52 00 48 8d 43 04 4c 39 f5 4c 0f 46 e8 48 8d 43 fc 4c 0f 47 e0 4c 0f 46 fb <4d> 39 e5 77 1d e8 2f 60 52 00 eb 96 89 d9 80 e1 07 80 c1 03 38 c1
[  316.356914][    C0] RSP: 0018:ffffc90003d97088 EFLAGS: 00000283
[  316.356931][    C0] RAX: ffffffff90310f48 RBX: ffffffff90310f4c RCX: ffff888071518000
[  316.356949][    C0] RDX: 0000000000000000 RSI: ffffffff81faa0e7 RDI: ffffffff81faa05a
[  316.356964][    C0] RBP: ffffffff81faa05a R08: ffffffff81412c60 R09: ffffc90003d97250
[  316.356981][    C0] R10: 0000000000000003 R11: ffffffff817f2f80 R12: ffffffff90310f50
[  316.356996][    C0] R13: ffffffff90310f50 R14: ffffffff81faa0e7 R15: ffffffff90310f4c
[  316.357013][    C0] FS:  0000000000000000(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000
[  316.357031][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  316.357046][    C0] CR2: 0000562bbcfec950 CR3: 000000000e734000 CR4: 00000000003506f0
[  316.357065][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  316.357079][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  316.357093][    C0] Call Trace:
[  316.357101][    C0]  <NMI>
[  316.357110][    C0]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[  316.357138][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  316.357171][    C0]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  316.357199][    C0]  ? nmi_handle+0x2a/0x5a0
[  316.357231][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  316.357258][    C0]  ? nmi_handle+0x14f/0x5a0
[  316.357279][    C0]  ? nmi_handle+0x2a/0x5a0
[  316.357300][    C0]  ? unwind_next_frame+0x527/0x2a00
[  316.357328][    C0]  ? default_do_nmi+0x63/0x160
[  316.357357][    C0]  ? exc_nmi+0x123/0x1f0
[  316.357384][    C0]  ? end_repeat_nmi+0xf/0x53
[  316.357411][    C0]  ? __kasan_kmalloc+0x97/0xb0
[  316.357441][    C0]  ? __kasan_kmalloc+0xa/0xb0
[  316.357469][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  316.357497][    C0]  ? unwind_next_frame+0x510/0x2a00
[  316.357535][    C0]  ? __kasan_kmalloc+0x97/0xb0
[  316.357559][    C0]  ? __kasan_kmalloc+0xa/0xb0
[  316.357583][    C0]  ? unwind_next_frame+0x527/0x2a00
[  316.357616][    C0]  ? unwind_next_frame+0x527/0x2a00
[  316.357650][    C0]  ? unwind_next_frame+0x527/0x2a00
[  316.357682][    C0]  </NMI>
[  316.357689][    C0]  <TASK>
[  316.357700][    C0]  ? __kasan_kmalloc+0x97/0xb0
[  316.357732][    C0]  ? __kasan_kmalloc+0x98/0xb0
[  316.357761][    C0]  ? __kasan_kmalloc+0x98/0xb0
[  316.357790][    C0]  ? __kernel_text_address+0xd/0x40
[  316.357812][    C0]  ? __kasan_kmalloc+0x98/0xb0
[  316.357836][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  316.357860][    C0]  arch_stack_walk+0x151/0x1b0
[  316.357887][    C0]  ? __kasan_kmalloc+0x98/0xb0
[  316.357920][    C0]  stack_trace_save+0x118/0x1d0
[  316.357948][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  316.357972][    C0]  ? deref_stack_reg+0x1c7/0x260
[  316.358006][    C0]  ? validate_chain+0x11e/0x5900
[  316.358026][    C0]  ? __read_once_word_nocheck+0x9/0x20
[  316.358058][    C0]  ? deref_stack_reg+0x1c7/0x260
[  316.358091][    C0]  kasan_save_track+0x3f/0x80
[  316.358114][    C0]  ? kasan_save_track+0x3f/0x80
[  316.358138][    C0]  ? __kasan_kmalloc+0x98/0xb0
[  316.358205][    C0]  __kasan_kmalloc+0x98/0xb0
[  316.358235][    C0]  ? ieee802_11_parse_elems_full+0xdb/0x2880
[  316.358267][    C0]  ? ieee802_11_parse_elems_full+0xdb/0x2880
[  316.358300][    C0]  __kmalloc_noprof+0x1fc/0x400
[  316.358327][    C0]  ieee802_11_parse_elems_full+0xdb/0x2880
[  316.358369][    C0]  ? __pfx_validate_chain+0x10/0x10
[  316.358389][    C0]  ? ret_from_fork_asm+0x1a/0x30
[  316.358418][    C0]  ? __pfx_validate_chain+0x10/0x10
[  316.358439][    C0]  ? __kernel_text_address+0xd/0x40
[  316.358459][    C0]  ? ret_from_fork_asm+0x1a/0x30
[  316.358484][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  316.358507][    C0]  ? arch_stack_walk+0x17b/0x1b0
[  316.358535][    C0]  ? __pfx_ieee802_11_parse_elems_full+0x10/0x10
[  316.358572][    C0]  ? stack_trace_save+0x118/0x1d0
[  316.358601][    C0]  ? mark_lock+0x9a/0x350
[  316.358639][    C0]  ieee80211_ibss_rx_queued_mgmt+0x4c8/0x2d70
[  316.358680][    C0]  ? __pfx_ieee80211_ibss_rx_queued_mgmt+0x10/0x10
[  316.358715][    C0]  ? mark_lock+0x9a/0x350
[  316.358743][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  316.358770][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  316.358796][    C0]  ? do_raw_spin_unlock+0x13c/0x8b0
[  316.358831][    C0]  ieee80211_iface_work+0x8a5/0xf20
[  316.358865][    C0]  cfg80211_wiphy_work+0x2db/0x490
[  316.358892][    C0]  ? process_scheduled_works+0x945/0x1830
[  316.358916][    C0]  process_scheduled_works+0xa2c/0x1830
[  316.358960][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  316.358990][    C0]  ? assign_work+0x364/0x3d0
[  316.359016][    C0]  worker_thread+0x86d/0xd10
[  316.359049][    C0]  ? __kthread_parkme+0x169/0x1d0
[  316.359077][    C0]  ? __pfx_worker_thread+0x10/0x10
[  316.359104][    C0]  kthread+0x2f0/0x390
[  316.359120][    C0]  ? __pfx_worker_thread+0x10/0x10
[  316.359143][    C0]  ? __pfx_kthread+0x10/0x10
[  316.359160][    C0]  ret_from_fork+0x4b/0x80
[  316.359184][    C0]  ? __pfx_kthread+0x10/0x10
[  316.359200][    C0]  ret_from_fork_asm+0x1a/0x30
[  316.359238][    C0]  </TASK>
[  316.455913][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  316.455940][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0
[  316.455969][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  316.455985][   T30] Call Trace:
[  316.455995][   T30]  <TASK>
[  316.456006][   T30]  dump_stack_lvl+0x241/0x360
[  316.456044][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  316.456072][   T30]  ? __pfx__printk+0x10/0x10
[  316.456094][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  316.456137][   T30]  ? vscnprintf+0x5d/0x90
[  316.456170][   T30]  panic+0x349/0x860
[  316.456197][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  316.456230][   T30]  ? __pfx_panic+0x10/0x10
[  316.456250][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[  316.456279][   T30]  ? __irq_work_queue_local+0x137/0x410
[  316.456313][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  316.456340][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  316.456371][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[  316.456406][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[  316.456441][   T30]  watchdog+0x1033/0x1040
[  316.456478][   T30]  ? watchdog+0x1ea/0x1040
[  316.456518][   T30]  ? __pfx_watchdog+0x10/0x10
[  316.456551][   T30]  kthread+0x2f0/0x390
[  316.456573][   T30]  ? __pfx_watchdog+0x10/0x10
[  316.456607][   T30]  ? __pfx_kthread+0x10/0x10
[  316.456630][   T30]  ret_from_fork+0x4b/0x80
[  316.456663][   T30]  ? __pfx_kthread+0x10/0x10
[  316.456686][   T30]  ret_from_fork_asm+0x1a/0x30
[  316.456737][   T30]  </TASK>
[  316.461497][   T30] Kernel Offset: disabled
[  317.049707][   T30] Rebooting in 86400 seconds..