last executing test programs:

18.184259137s ago: executing program 2 (id=7275):
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xb, 0x39f})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
creat(0x0, 0x0)
syz_mount_image$fuse(&(0x7f0000002d00), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000001a80)={0x2020}, 0x2020)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000001c0)={0x6, @sliced={0x0, [0x0, 0xfffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfbf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc68d]}})
r1 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100))
openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x88602, 0x0)
r2 = getpid()
syz_pidfd_open(r2, 0x0)
r3 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_REWIND(r3, 0xc0844123, &(0x7f0000000300))
ftruncate(0xffffffffffffffff, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, 0x0, 0x0)
bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000d40)=[@rdma_map={0x30, 0x114, 0x3, {{0x0}, 0x0}}, @mask_cswp={0x58, 0x114, 0x9, {{}, 0x0, 0x0}}], 0x88}, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, 0x0)
connect$pppoe(0xffffffffffffffff, &(0x7f0000000400)={0x18, 0x0, {0x0, @dev, 'lo\x00'}}, 0x1e)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="e40000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000222803001c0012800c0001006d6163766c616e000c000280080001000800000008000500", @ANYRES32, @ANYBLOB='\b\x00?'], 0xe4}}, 0x0)

17.809183405s ago: executing program 0 (id=7276):
r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x9)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00'})
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, 0x0, 0x20044001)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x2c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98f}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x2c}}, 0x0)
sendmsg$NL80211_CMD_GET_STATION(r3, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000440)={0x4c, r6, 0x100, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_STA_FLAGS2={0xc, 0x43, {0x4, 0x4}}, @NL80211_ATTR_STA_AID={0x6}, @NL80211_ATTR_STA_WME={0x24, 0x81, [@NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x5}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x3}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x29}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x5}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20040000}, 0x40000)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000180)={'batadv0\x00', <r9=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r10=>0x0})
r11 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r3)
sendmsg$BATADV_CMD_SET_HARDIF(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000e00)={0x2c, r11, 0x18fe2a01ed25d92f, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r9}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r10}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}]}, 0x2c}}, 0x0)
r12 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$UI_BEGIN_FF_ERASE(r12, 0x4004556b, &(0x7f0000000000))
syz_usbip_server_init(0x5)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'wlan1\x00'})
ioctl$UI_SET_EVBIT(r12, 0x40045564, 0x15)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x4, 0x1, 0x0, "9611e6d6ffc88885163200000000000000000000050000000000000083df5dbe"})

16.473746333s ago: executing program 2 (id=7279):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x1d, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x401, 0x1000, 0x0, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@multicast2}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast, 0x8000}, {@empty}, {@multicast1, 0xffd200}, {@private=0xfffffffd, 0x7}]}, @noop, @noop, @lsrr={0x83, 0xb, 0x0, [@private, @rand_addr]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 18)
sendto$inet(0xffffffffffffffff, &(0x7f0000000e40)="bd3119fab037020de607352a978727cdd46a7ad7671829c16bb1339d3f711b7c5da66f48a8b5842dad66eedf75899eb65d733423ca5651013e1db97f5d192e302ac583ccd19e1e8a3e7812af51f0eea31c5e05cec737cc11a38936d67d4c7cd78351177f51dab5ebe8523e54dd8db33ab6214499c610051df74b67669c9b554b25c70c3238ffaa908675df728ef76e7ae5ee938e025ed07603ec4cc86ee67be10ef6087e7ff0017b358ebee016f08b756cfd2645ccdf335d8b62b630939ba724776a5f2caa487586527f2066b2845e52758b6da2ce07de99165195af70ea9659005901a0f28e90b49a0803ab10698ade4c07337535c2600c45b8c497ab6863ad984815f375df57e5940e5322d90d66c84937e9b7f2356a6e16a026b2393670d370759a4567a87fd2a4d0d5857b9e2559a5a0a857b845f0e1495e8d9b574b0f4d1a55ec8d93c148a50c5c4228c653be69a7d728fa497ee129ec4e7b821ce041be389d37efd40b81a9704e5182b9cdca1f2d3312351e9edaa8ac96088c465a953e0ec3e8f26aa17ea3e1913b4d147141d1aef80b3ed959d14fad4ead4de92e10f0faca7acdce7c712ab95a11ff4c72798565f0794d7bc50f5082b52b34a1de7c5609e31e1fcc05fc7dbd73973b5dfc92896f57f5b76fd9df5067eb273f0960560df3dfd00ba068e28812244f700d76da4197bb332245f00112b73659c63dfb854eb8eed1a9881e5c49399b2c6932b540d3464d470cabb6", 0x216, 0x0, 0x0, 0x0)

15.901608636s ago: executing program 0 (id=7280):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000680)=ANY=[@ANYBLOB="020100000000004058041a500000000000010902240001000000000906000001030000000921000000012205000905810300000000007f29b31798072003ffd808e9a5da4bc0604b618a3ab564b786ad8b0a7ef154887e809fb639089a5e89d87ce066"], 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000630000000000000000000000000a20000000000a0101000000000000000001000000090001007379"], 0xcc}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
r0 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c)
listen(r0, 0x80080400)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @loopback=0x7f000002}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'ipvlan0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x144}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r3}]}, 0x3c}}, 0x0)
getsockopt$inet_int(r1, 0x10d, 0xe, &(0x7f00000000c0), &(0x7f0000000140)=0x4)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0xff41)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000098c0), 0x0, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
r4 = socket$inet6(0xa, 0x80002, 0x0)
ioctl$EXT4_IOC_CHECKPOINT(r4, 0x4004662b, &(0x7f0000000040)=0x3)
syz_open_dev$vim2m(&(0x7f0000000000), 0x7fff, 0x2)
r5 = syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
unlinkat(0xffffffffffffffff, 0x0, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r5, 0xc0585605, &(0x7f0000000080)={0x1, 0x1, @raw_data=[0x0, 0x0, 0x100b]})

13.905739623s ago: executing program 2 (id=7283):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_genetlink_get_family_id$nl80211(&(0x7f0000004200), 0xffffffffffffffff)
sendmmsg(0xffffffffffffffff, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
recvmmsg$unix(0xffffffffffffffff, &(0x7f00000027c0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)=""/104, 0x68}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

12.527805397s ago: executing program 0 (id=7284):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000002080)={0x2020}, 0x2020)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d)
r4 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000a00)=@newqdisc={0x888, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r5, {0x0, 0xffe0}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x85c, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x875, 0x1, 0x1ff, 0x6, 0x3, 0x101, 0xd, 0xd, 0x3, 0x8, 0xb33, 0x23, 0x3, 0x8, 0x6, 0xe, 0xd, 0x8, 0x3, 0x7, 0x6, 0x0, 0x2, 0x3, 0x0, 0xe, 0x20000008, 0xf, 0x0, 0x80000001, 0xd, 0x7, 0x4f51, 0x7fff, 0x6, 0x0, 0x6, 0x0, 0xfffd, 0x9, 0x0, 0xd, 0x81, 0x38, 0x100008, 0x81, 0x8000, 0x1000, 0x4, 0x0, 0x1000, 0x9, 0x4, 0x4, 0x0, 0x3, 0x81, 0x6, 0xb8, 0x0, 0x1ff, 0x2cb, 0x14a, 0x5, 0x9, 0x2, 0x3, 0x0, 0x21ab782f, 0x1, 0x1000, 0x1, 0x7, 0x3, 0x6, 0x6fec530c, 0x7, 0xb, 0x7, 0xc2e, 0x7, 0x0, 0x2, 0x4000007, 0x3, 0x1, 0x3ff, 0x3, 0xf40, 0x3, 0x14, 0x8, 0x6, 0xc2a80000, 0xdf, 0x3, 0x1, 0x82, 0x5, 0xb, 0x1000, 0x6, 0x4, 0xffff206d, 0x7fff, 0xcaa60000, 0xffffffff, 0x9, 0x9, 0x7, 0x1, 0x9, 0x992, 0x9, 0x1, 0xa957, 0xfffffffb, 0x48aa5bd0, 0x7, 0xfffffffc, 0x49327aa2, 0x800, 0x93aa, 0xfff, 0xe5, 0xfffffff6, 0xfffff001, 0x1, 0xfffffffb, 0x80, 0x4, 0x4, 0xffffff6f, 0x7023, 0x4, 0x7, 0x2, 0x8a0, 0x8, 0x81, 0x8, 0xa01, 0x7fff, 0x4, 0x81, 0x0, 0xb, 0x8, 0x8, 0x4, 0x4, 0x30, 0x7, 0x0, 0x66, 0x2, 0x9, 0x5, 0xa, 0x9, 0x1, 0xa, 0x3e, 0x4, 0x7ff, 0xc5fb, 0x100, 0xb141, 0x3, 0x32, 0x81, 0x4, 0x0, 0xfffffff7, 0x2f, 0x0, 0xe, 0x801, 0x6, 0x80000001, 0x891, 0x2, 0x1, 0x0, 0x8000, 0x94eb, 0x3, 0x6, 0x9, 0x1, 0x2dba, 0x8001, 0x1ff, 0x2, 0x93, 0xffffffc0, 0xa02, 0x4, 0x8, 0x6, 0x101, 0x80000000, 0x3, 0x546a, 0x2, 0xf05, 0x2, 0x800, 0x0, 0x8, 0xffff, 0x3, 0x81, 0x3, 0x3b, 0x0, 0x4, 0xf, 0x84b, 0xb, 0x1, 0xfe6, 0xe, 0x0, 0xf46, 0x180, 0x1, 0x4, 0xfffffffc, 0xac4, 0x1, 0x7, 0xffffffff, 0x0, 0x4, 0x1, 0x1, 0xd65c, 0x5, 0xffff2d65, 0x1, 0x10001, 0x80000000, 0x7, 0x6, 0xc65a, 0xfffffffa, 0x100, 0x80000001, 0x0, 0xff, 0x935, 0x0, 0x9b4, 0x3375, 0x6]}, @TCA_TBF_RATE64={0xc, 0x4, 0xf049d23aa0f411c}, @TCA_TBF_PRATE64={0xc, 0x5, 0x3d5653a0b35cd406}, @TCA_TBF_PBURST={0x8, 0x7, 0x1ae}, @TCA_TBF_BURST={0x8, 0x6, 0x1}, @TCA_TBF_PTAB={0x404, 0x3, [0x7, 0x7, 0x8000, 0x80000001, 0x8, 0x1, 0x5, 0x5, 0x8, 0xa, 0x5, 0x8, 0x6, 0xffffffff, 0x7, 0x0, 0x0, 0x7, 0x5, 0xffffffff, 0x2, 0x9, 0x8, 0x5, 0x336, 0x80000000, 0x6, 0x5, 0x3, 0x5, 0x239, 0x6, 0x12, 0x4a, 0x2, 0x3, 0x4, 0x6, 0x7f, 0x570e, 0x3, 0x9, 0x1000007, 0x80, 0x4, 0x364, 0x4, 0x7fffffff, 0x1, 0xf7, 0x5, 0x8, 0xb3f, 0xc11, 0xb, 0xfffffdb5, 0x4, 0xc2, 0x9, 0x9, 0x3, 0x1000, 0x2, 0x7, 0xa, 0xffffffff, 0x7, 0x3, 0xfff, 0xffffffff, 0x80000001, 0x0, 0xdeff, 0x10, 0xa61, 0x3, 0xc3, 0x9, 0x7fff, 0xbc, 0x6, 0x1, 0x0, 0x3, 0x273005e4, 0x9, 0x9, 0x4, 0x8001, 0x3, 0x0, 0x6, 0x10, 0xcd0, 0x6, 0xfffffff7, 0xd, 0x4, 0x4, 0xd, 0x3, 0x6, 0x6, 0x2, 0xd, 0x8, 0x7, 0x6, 0x10007, 0x80000000, 0xffffffff, 0x7ff, 0x3, 0x5, 0x0, 0x40, 0x3545882, 0x7fffffff, 0x0, 0xfffffff7, 0x5, 0xa, 0x7fff, 0xfff, 0x0, 0x2, 0x29, 0x4, 0x6, 0x9, 0x4, 0xfffffffc, 0xfffffffe, 0x4, 0x8, 0x5, 0x7, 0x800, 0x2, 0x0, 0x2, 0xa, 0x0, 0xfffff9f5, 0xfffff001, 0x401, 0x8, 0x8, 0x4, 0x0, 0x1, 0x7, 0x1, 0x2, 0x2f2e, 0x0, 0x4, 0x2, 0x3, 0x9, 0x5, 0x1, 0x3, 0x5, 0x2, 0x4, 0x8000, 0x2, 0xfff, 0x0, 0x9, 0xa, 0x3, 0x0, 0x8, 0x7, 0xffffb32b, 0x81, 0xfffffffc, 0x2, 0x5, 0x8, 0x3, 0x7, 0xa35e, 0x2, 0x2, 0x8, 0xa, 0x400, 0x177, 0x7fff, 0x1, 0x7ff, 0x3, 0x0, 0x4e5d, 0x100, 0x4, 0x7, 0xccd, 0xc5, 0x5, 0xe, 0x8, 0xf5bc, 0x9, 0x4, 0xfffffffb, 0x2, 0x4, 0x9, 0x6, 0xfffff50b, 0x3, 0x2, 0x0, 0x2, 0x6, 0x3, 0x5, 0x9, 0x1, 0x3, 0x2, 0x5, 0x36c0, 0x401, 0xff, 0x7, 0x80000000, 0x80000000, 0x80, 0x3, 0xffff8000, 0x4, 0x9, 0x4, 0x6, 0xa, 0xffff, 0x4, 0x80, 0x7, 0x1, 0x4, 0x1004, 0x40, 0xa25d, 0x400, 0x80000000, 0x7, 0xffffffff, 0x36, 0x5]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x6, 0x1, 0x0, 0x8, 0x1, 0xc}, {0xd, 0x1, 0x0, 0x5, 0x5e1d, 0x8}, 0x80000000, 0x0, 0x99}}]}}]}, 0x888}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000000080)={0xa, 0xce22, 0x0, @empty}, 0x1c)
listen(r6, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r7, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r7, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x401)
preadv(r8, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102394, 0x19045}], 0x1, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)

11.250291017s ago: executing program 1 (id=7288):
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xb, 0x39f})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
creat(0x0, 0x0)
syz_mount_image$fuse(&(0x7f0000002d00), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000001a80)={0x2020}, 0x2020)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000001c0)={0x6, @sliced={0x0, [0x0, 0xfffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfbf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc68d]}})
r1 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100))
openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x88602, 0x0)
r2 = getpid()
syz_pidfd_open(r2, 0x0)
r3 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_REWIND(r3, 0xc0844123, &(0x7f0000000300))
ftruncate(0xffffffffffffffff, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, 0x0, 0x0)
bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000d40)=[@rdma_map={0x30, 0x114, 0x3, {{0x0}, 0x0}}, @mask_cswp={0x58, 0x114, 0x9, {{}, 0x0, 0x0}}], 0x88}, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, 0x0)
connect$pppoe(0xffffffffffffffff, &(0x7f0000000400)={0x18, 0x0, {0x0, @dev, 'lo\x00'}}, 0x1e)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="e40000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000222803001c0012800c0001006d6163766c616e000c000280080001000800000008000500", @ANYRES32, @ANYBLOB='\b\x00?'], 0xe4}}, 0x0)

10.059584346s ago: executing program 1 (id=7291):
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000980)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581d3b3"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
preadv(r0, 0x0, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_IRQ_LINE_STATUS(r2, 0xc008ae67, &(0x7f0000000000)={0x9, 0x5}) (fail_nth: 2)
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f00000003c0)={0x0, 0x0, @ioapic={0x4, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {0xe0}, {0x0, 0x0, 0x1}, {0x0, 0xfc}, {}, {0x0, 0xb, 0xff, '\x00', 0x6c}, {0x0, 0x0, 0x0, '\x00', 0x9}, {}, {}, {0x0, 0x20}, {}, {}, {}, {}, {0x1}]}})
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
fchdir(0xffffffffffffffff)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x5, 0x0, &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r4}, 0xffffffffffffffb1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f000000b500), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_TID_CONFIG(r5, &(0x7f000000d040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x1c, r6, 0x8de13c6b70ae92c3, 0x0, 0x0, {{0x5d}, {@val={0x8, 0x3, r7}, @void}}}, 0x1c}}, 0x0)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, 0x0, 0x0)
r9 = accept4(r8, 0x0, 0x0, 0x0)
sendmsg$alg(r9, &(0x7f0000000700)={0x0, 0x0, 0x0}, 0x0)
dup3(r4, r3, 0x0)
lgetxattr(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r10, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00'})

8.262683969s ago: executing program 2 (id=7293):
syz_emit_ethernet(0x11, &(0x7f00000002c0)={@remote, @random="6b8e22dbf1a0", @void, {@llc_tr={0x11, {@llc={0x0, 0x0, "bf"}}}}}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r6, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r6, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r6, 0x0, 0x0)
syz_usb_control_io(r6, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r6, 0x0, &(0x7f00000012c0)={0x2c, &(0x7f0000001000)={0x0, 0x0, 0x4, "a77b2dd8"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r7, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
sendmsg$L2TP_CMD_SESSION_GET(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000280)={0x38, r4, 0x1, 0x0, 0x0, {0x7}, [@L2TP_ATTR_IFNAME={0x14}, @L2TP_ATTR_SEND_SEQ={0x5}, @L2TP_ATTR_LNS_MODE={0x5}]}, 0x38}}, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r8 = dup(r1)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_RUN(r9, 0xae80, 0x0)

8.157164356s ago: executing program 3 (id=7294):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x0, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b405000000000000711041000000"], &(0x7f0000003ff6)='GPL\x00', 0x0, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x42, '\x00', 0x0, 0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x8}, 0x10}, 0x90)
bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x5, 0xfffffffe)
sendmsg$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_buf(r1, 0x29, 0x6, &(0x7f0000000140), 0x300)
preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x800)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = gettid()
prctl$PR_SET_PTRACER(0x59616d61, r2)
r3 = inotify_init1(0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
fcntl$getownex(r3, 0x10, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
dup(0xffffffffffffffff)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="440000001000090400"/19, @ANYRES32=0x0, @ANYBLOB="00000000401000002400128009000100626f6e64000000001400028008000a000000000008000b00", @ANYRES32=0x0, @ANYBLOB="4a5f6f8edc451fd2fc55d1ea46bed8863fac0b542765f782f2b33faf55022ff93c58aad5056f0010afdcaacc6a66e1e812"], 0x44}}, 0x0)
ptrace$getregs(0xe, 0x0, 0x0, 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
io_setup(0x222, 0x0)
io_submit(0x0, 0x2, &(0x7f00000000c0)=[&(0x7f0000000200)={0x0, 0x0, 0x8, 0x0, 0x0, r5, &(0x7f0000000000)='%', 0x1a000}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}])

7.089444126s ago: executing program 4 (id=7296):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f00000000c0)={0x1, &(0x7f0000000300)=[{0x2}]})
ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000180)={'geneve0\x00'})
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000002300), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r2 = socket$kcm(0x10, 0x3, 0x10)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')
getdents(r3, 0x0, 0x48)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xfffffdf2, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003e000b05d25a806c8c6f94f90324fc60350005000a000200053582c137153e37000c0980fc0b10000300", 0x33fe0}], 0x1}, 0x0)
fsetxattr$system_posix_acl(r0, &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f0000000480)=ANY=[@ANYBLOB="020000000100000200000000040028700783d481ea180000000000802000000000000000"], 0x24, 0x0)
socket$key(0xf, 0x3, 0x2)
pipe(&(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
write(r1, &(0x7f0000000780)="31ac92000000000000005a4694a27dc32b5875f8412fe079426d04658d0500221a0000000000000000000000000000bb2e1d9d139459ff1019d3de197d0d52664af931e0a900000000000000095a77a5f10251396142dcdee5c912fb89f51557783df9b52f9683d133fb722600df34f3a769d5b7dc87cea1aa8650cd180a6baa4c92cc079022111fd14577a5374f56c5f78628d2b76d17a155a7a2b207f40063c03cc79120713b6c1441c412b22e7ebc14cc13ec17691cfade977f0f0f43e85f9efc9737b53b8c3d82d69befa8fa40b3867561bd207c618b0000000000000000000000000000000000000000000000000000d6af299c502e5cb08a2ffe09d96ba372efed2dba833d6d9c60acf6bd67c7b99b5320c9995db66b84870fded9f30000000000000000", 0x127)
io_setup(0x3ff, &(0x7f0000000500)=<r6=>0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x7, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
io_submit(r6, 0x1, &(0x7f0000000140)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x8, 0x0, r5, &(0x7f0000000080)="4e8fc38e71", 0x5}])
io_submit(r6, 0x1, &(0x7f0000000040)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0}])
vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x25, &(0x7f0000000100)=0x3915, 0x4)
bind$inet(r7, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r7, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newlink={0x34, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc}]}]}]}, 0x34}}, 0x0)
sendmmsg(r7, &(0x7f0000007fc0), 0x2d, 0x0)
recvmmsg(r7, &(0x7f0000000040), 0x401, 0x45833af96e4b39fe, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000000ac0)=""/4096, &(0x7f0000000380)=""/31, 0x2})

6.986452739s ago: executing program 1 (id=7297):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10)
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, 0x0, &(0x7f0000000080))
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000140)={r3}, 0x8)
timer_create(0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r1, &(0x7f00000007c0)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r5 = fanotify_init(0x202, 0x0)
fanotify_mark(r5, 0x1, 0x4800003e, r4, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r6)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r7, 0x6)
syz_emit_ethernet(0x42, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c2000000080045000034000000000056058ae91414bbac1414aa00004e22cc9784a202ee67d91158df6bbea1d709e8b4f3a8b7e76692270385aa2fb22aeabe8962401bbe78aacf2f309f0aee724423d7cd282481076f465aed4e2b9789caf2c69fbfbfc33ff14fad8be3f2e9786b189061", @ANYBLOB="cf87fcf02af9ef9442f308e3a41d0b78bec80da5bf79d8be1737817d8dc0e643a4bd141e9fa7a24bf0d249e0a91062e8761f577b409d4554e2cea1624bcdcc9cbe8207dbc7d66ec1891009b3dbaae0199c0083c2ffe2cd25a732499e345b416f53fc2a6c4f29b5b1c132b8e2fb7172f85d5cae969cd0efecfd9d2e140c42ca4b576d2e485378571dccd415b8a7259b9a3cf2f499ec7b6ff9b24c5fb38caed7e8abbed1b3619cc2cb0bc5e7534af37876ae8e4d3e9347241aaf373dc35ccb200cfb17631bd2d9a83dc2e3f8ab", @ANYRES32=0x41424344, @ANYBLOB="8cc20000907800001eca262af737deeae5dd4cf20c100000000000000000003884943ded0eed11c2ed0db9b2c0cbc4ae2b780095e742a0de1cc3d9e1aa09f631d16bbec41263115f8710335586375c1eb61fc434a45dcae4ad3ae9a82be71413cfd62f4254709933d29f3f047fce07209dc8dbfbcecf136f863c2bdbd8e08b3bb74a4fb19c7fe4bcc861c8b967e9faf1b77ebe261c1c0ca664ff0b3e7341ff9e02e4ff387aa77ef6668b154365c8fc6ef9cb"], 0x0)
r8 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r8, 0x10e, 0xc, &(0x7f0000000080)={0x5}, 0x10)
write(r8, &(0x7f0000000000)="240000001a005f0214f9f4070d0903001f00000000000005000000000800040001000000", 0x24)
dup(0xffffffffffffffff)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x600)
write$binfmt_script(r9, &(0x7f0000000180), 0xfecc)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)

6.470220662s ago: executing program 3 (id=7298):
r0 = socket(0x1e, 0x1, 0x0)
connect$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x2, {{0x1, 0x1}}}, 0x10)
write$UHID_CREATE(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[], 0x2000011a)
poll(0x0, 0x0, 0x2)
recvmsg(0xffffffffffffffff, 0x0, 0x0)
sendmsg$SEG6_CMD_SET_TUNSRC(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYRESHEX, @ANYRES8], 0x14}, 0x1, 0x0, 0x0, 0x8001}, 0x20040810)
syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, 0x0, 0x0)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000940)=ANY=[], 0x102c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
bind$alg(0xffffffffffffffff, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-generic\x00'}, 0x58)

5.441250008s ago: executing program 1 (id=7299):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00222200000096231306e53f070c0000002a9000070d00be0083"], 0x0}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[], 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
setrlimit(0x2, &(0x7f00000000c0)={0x2, 0x2400000})
mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000001000/0x1000)=nil)
r3 = socket$inet6(0xa, 0x80002, 0x0)
sendmmsg$inet(r3, &(0x7f0000000880)=[{{&(0x7f0000000040)={0x2, 0x1, @dev}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000900)="e4f9aabcdc885746f079f3927e64da27008753aaa40539ce410c697224a939514662b2a0e6f641294ce6c0541d2936addd2aee32de2878dffe07f25811d71151a2408f65d14b4743ca0a24da7d8cd58341ef97b398b6eb452246430bd92a280ae9b88173d819abcf28d77ef7b5381950f518bc89a876a10b6233ac6958477d486f6ab556c6f68040c3196eb31543ce56d4fd6cab6cac3c9e1572f3393de5880ac74041008cfa5669a380260a5c229fcfc3b5a7ab39e02b78a04404b645d79125a53fb56aa3376fb145125309a753dd099f4e7bcbed08264c84a96afbd5727bd2851df243ebaa208bfc4fc552a953645ed97893c556c67f6d35c13a088ac03144ad7897a36cd73dcddc6b36a7ef1a72f066c4e0f9b242a2215b2a942634e472ba16ed34d032a1c09ae37687efed42898d62346f774e248f89b65e3288568fa17ad1ac763a49386d9420a997dd4b71d53279c1f2b8fbbaa9a46ab2d59edd69baf64382fb39bb85367a5e82138eb9135d65073fc092a0b18b010ab6215fcdbce646837d959621704862b16c19202cd2ce9bd5271ecefb4d76d25a8ba7ba820bdf25a37bff949df7b433499c2a0e1fa2cd69ad9a26e0d91ed726b271a715646496a474828ef7735c07726ceb97a6e890137562a098614abe609e99721ba21eda01e6018db80e29f1d3f42460724cf061abdac03905abf298b310838140d5b6b968b91c5a85f4ea6e4954dae5c53c338d1a65052f7b874438aa5bb429c7d973bd028f61bce9bbeb85d358a665eb290ddbb329a56480e019aef4304516ad55046f7b51a8ca044e510b07962b15e734081b7c224cd9de873507aa00d7f3cb13ad768ab92b247dcf405301991e5d445303b890bb7e972d9f3ef4537887c7f53737f265a4c8b9dfa789e2dad8e8cb0b3f88036ac37071af73be99504769a4c42af83d2371db648cef1a429040dd7f652546588e20143a2f984a883cd7798ca8033847adb6212e0efef984eefffe31695c4d7eb48cbd300b366e14686aa51954f0ed66d982df18f75f58cbfe24b8082631e6ec31d5e36d3924bb6690e9661799af31786c731a023a91a549015690aa8c9df755882c6ec305bed415e7ea99df9b0a14c5b2c0a4bb991ebfb3eaef6e07336e2d51c6a2dddd88d6c411d257021161c09c89ad384698a76c8b3a3af0800b6957a868cd54c93c8f5b15d0793d57651d71f43960299ae47d4b5f72d4876b0d9bba2d1f67f07e0c1d3011e3745cc4b38479387573a7a8b2686040ff8f37ef0eb6e27ac180c7d937312ecb186c91361a5361ce297e3c6fe7acf9ac2b2e70f00181109bcd709d32ce1c88aac3e7fbf3b21d438f014fd2a31074ea1d81039a5a8d1b611796acb4f5e1c0afb08586f9b62090371933c4380952c62da7b77719d6be3a80c3bc01aea9fee7f3adce9e59af5fc3a83cc612d450e202d61b6f99d9859025b951fee1190e41e214b07d70b4c837bff0028efafdaefdbb791bdc8853d53085849b283a14603d1ce4dd205184628aaa51492e37c83095ebb2c89705f6b8745d512247636e724c439a053f4abd72c0e01f101121eaae4f3079ca5f2553221da250fe0e9e6659166cc18409ce88b132e70f7730afc8ad68c808b6e53c1bc1b0dc9155eb9f190b2993810e352fd54d9c63ba51f5122992de868239d3af97a61e4e5c7d4a4bca164e6ee100562c0564bc142e8625879cc1af9d5ddbab5d0659380621fc20bccd69d0afb3df71f98a624fc452547c3a756ed5894a928b5d6ec5c15f183b84f735a9b8c685c7f8fee1bd9be932bee62ddd1236ee01353e0f7bd815850900cbe7270f7f7a4c5f584713662d945e00ffb403471d40dc989e7d6ee631940d6eb71ab72db934298d83472d6c2a2173ea74aa1a2d589d74b0dc44098d89bc903e7a031a3569baa61858806c0e52248fca8ebb7e70acdde9e40796da68fe5dd874993d90adb40e058fb249be32be28b715b0cf4321f2342b756ff93c90e4a114603ed28ca5353f8c19883d3e2c2270781a0224e6b1b3951fbb4925afe0b6f40b231f4adc66223a9b53b21006fdc38f4396dd74e6af9399ce53d5de98130077424eed1606a8dedfaf40500821b9ddb23f976fc7657fd130f0b26ea8e89819323e13d44414ac9f045463fe1c948919232d42b9c1671c55b273b1f568efe23fab85002e845fac2fbf98c51d39032ef659140b4f9d8a37836a98ce62f3a1a0818fabf4adb3aae508ccf0611f98338e7768ae4033ef240af4e7dce0059c1deca6aae430ec235418154b4a434e35f4695032f857504e54fd3840d616b23206fd340b768eaba7cabf53c18d6654bb5e1227ef5f676e96eb8d682d29e217051fefb842c4df50c52f813dd7124bc7f35cc73b36ea439807022291e707241f7ff5b38a7493c07e719632f54d9a5e06069770c1d6041c440af92b969c05fa780633249f148e523443cdfc1b551ed7225e8fcbfa0fef72fdb6c36f71e796947c6bcad1966f072b3689d38e13533f25e244f685fbd4843426fed6f2", 0x701}], 0x1}}], 0x1, 0x0)

5.370048634s ago: executing program 4 (id=7300):
pipe(&(0x7f0000001780)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x8000002}, 0x1c)
sendto$inet6(r1, 0x0, 0x0, 0x2200c041, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendto$inet6(r1, &(0x7f0000000080), 0x0, 0x1, 0x0, 0x0)
splice(r1, 0x0, r0, 0x0, 0x1ff, 0x0)

5.075180707s ago: executing program 3 (id=7301):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000f59ffc)=0x4, 0x4)
bind$inet6(r0, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c)
r1 = syz_open_dev$vim2m(&(0x7f0000000040), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x3, 0x2, 0x1})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
syz_open_dev$dri(0x0, 0xfffffffffffffffb, 0x0)
syz_emit_vhci(&(0x7f0000001ac0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_EXIT_PERIODIC_INQ={{}, 0x81}}}, 0x7)
bind$can_j1939(r3, &(0x7f0000001200)={0x1d, 0x0, 0x0, {0x0, 0x0, 0x4}}, 0x18)
connect$can_j1939(r3, &(0x7f0000000080), 0x18)
writev(r3, &(0x7f0000000240)=[{&(0x7f0000000000)='h', 0xfdef}], 0x1)
setsockopt$SO_J1939_FILTER(r3, 0x6b, 0x1, &(0x7f0000000700)=[{0x2, 0x3}, {}], 0x40)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000240)={'vxcan0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=@getchain={0x24, 0x11, 0x839, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

4.879233898s ago: executing program 0 (id=7302):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000180)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000200)=[{0x6}]})
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0)
shutdown(0xffffffffffffffff, 0x0)

3.722033827s ago: executing program 0 (id=7303):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_genetlink_get_family_id$nl80211(&(0x7f0000004200), 0xffffffffffffffff)
sendmmsg(0xffffffffffffffff, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
recvmmsg$unix(0xffffffffffffffff, &(0x7f00000027c0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)=""/104, 0x68}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

3.677454522s ago: executing program 3 (id=7304):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa08, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})

3.099790536s ago: executing program 1 (id=7305):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newtaction={0x70, 0x30, 0x800, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_ct={0x58, 0x0, 0x0, 0x0, {{0x7}, {0x4}, {0x2d, 0x6, "7692f8bd1f3512fc77bc02c00fb651bed78541f9f4714034e1960bfac955b72b02181229835ee64e13"}, {0xc}, {0xc}}}]}]}, 0x70}}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
setfsgid(0xee00)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c000000030800000000000000000000000000000900010073797a31000000001c0004800800034000000000080005400c00000008"], 0x3c}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05604, &(0x7f0000000080)={0x0, @sdr})
sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[], 0x78}}, 0x0)

2.319827257s ago: executing program 2 (id=7306):
futex(&(0x7f0000000000)=0x2, 0x2, 0x10, 0x0, 0x0, 0x0)
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
ioctl$TIOCGDEV(r0, 0x80045432, &(0x7f0000000080))

2.26028668s ago: executing program 3 (id=7307):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socket$inet6(0xa, 0x3, 0x39)
socket$nl_route(0x10, 0x3, 0x0)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0) (fail_nth: 3)

2.005849651s ago: executing program 4 (id=7308):
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, 0x0, 0x0)

1.830976804s ago: executing program 4 (id=7309):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000180)='{', 0x1, 0x0, 0x0, 0x0)
sendmmsg$inet(r0, &(0x7f0000003400)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f00000002c0)="ce5b550b14dd04c2fa638125e6a08c8afc9544e026080580cd85c3eb2f86929b595b54111a0a8cbb8153b116dbc45fd564375e23c77253e437b511198d77aa69b31a693980b2c127a3436d9b55b08171de831554e27f6e7ce17c453bee12d9ad0b358e1f15586bca82f46501b3c5a531a7ab82770e354d8259f25dd23781314174a7cbdcc14506b95aaaa380d307c46ab27a1bc0b8f53339b2abf7600029e3886ccb38733b", 0xa5}, {&(0x7f0000000380)="f7ef0c2e3fa8667b6e", 0x9}, {&(0x7f00000003c0)="c2a68dacc669ca0bfab693837620e09b1768f23f0456a00677a414", 0x1b}, {&(0x7f0000000e80)="06987728e729ecb494924da9913d596cb581d832ab199384137f164cc9d8f2eb0c2fade94b8aefad67a53c4c9156a4832a4e0e90e3e1e9dc0f2acc20598fd58f57a34db4b44479e52edbd8c946a0f25d9fa32717aafdad752136eba890ac1830cc7c6e57ceb18a738f3dcc19c2559e6c2a19dbdc2ba64e56c37b2449a96847d1c9c4c9995966aee50ac537a665c40773628b174417c5b56c8cc39a928cd97ce7f042b82551363cb60ec44905c3c1e435df90e4634ac4d641514343743aae1e3a8df492e31d5c8661e099965a778b3b8d637a6290f41f5e42118c36e5914f0ff8b20b0bc5e7b512485e5cd9711af4db73a97105ec8ff23f0e85bff5f5716d52ab1b2cb80123da2852c9575bc6b63430adebcfdb91a0a5e50d833a0e707d789e34cc04e708659c7a9ef8b225a4e41267c20361d28a89f9eb6182759cb83ff9b8531784bb01a1f30d252647c3da9bb2c56c5ab3735d70073868001e777da158143ad476588a3835b5d4bbb9e9ad82a19fc9a532b42081518722359b09a31176fb61fdf5d2e5e917b4ff968023f2a5fe735caece86c4fdda8b94859750343ba9a52d7c670ce5cadab0e5f21e5ff3eee1eb97f17cfd3a79024c177a6e9aad3c22e5aba833751b185bde64b9fcadf78ea3e89fec4f1b36278af8db12620b75de8cdf1e0cd2f6430d3a5b4c55eb3a421a1f6e25511dd58db94cb7c60e048e811c9c6beaa8f7f45fdfecc4778fb7016a9d3d4a14f021e512abc65afb5a8ec10e40d2f5e8a21f098e3d9805e53666c27b3bb5ecda8a9eac41125d8c86cd38", 0x23a}], 0x4}}], 0x1, 0x0)
sendmmsg$inet(r0, &(0x7f0000000e40)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000880)="d51bea8a3a7a9f11bdb6a37b69751f4fc9b43c211d9dccf8de698ab41303e10068ea5deb65e3a8e78dce6207179f92118585938a4509c5fb36a6519358da1cffd32cec80da48998b2a98c0bbec29a972cb61bed21830a974b9e0303beea60607d728888c6ffbfc04446df912c9e5f02ddc1000c77480edb8a30e9badfe45fbfe26f1aeff4e9a6b61762060c40c99a293a8403760985ae64734abda01e8ede5a55d675385f6c3477a76fa39e9c4214f943d638ea03f71b9c191678e7519fb352d4055b405", 0xc4}], 0x1}, 0x1200}], 0x1, 0x0)

1.530395095s ago: executing program 2 (id=7310):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fc00101}]})
epoll_create1(0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000002280)={<r1=>0x0})
r2 = syz_io_uring_setup(0x5169, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000000)=<r3=>0x0)
syz_io_uring_setup(0xa94, &(0x7f0000000280), &(0x7f0000000040)=<r4=>0x0, &(0x7f00000005c0))
syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0xd4fa, 0x0, 0x8, 0x8}]})
r8 = dup(r7)
ioctl$KVM_SET_CPUID2(r8, 0x4008ae90, &(0x7f0000000000)=ANY=[@ANYBLOB="02000000000000030100000000000000000000000100000000000000760f00001d00002000000000000000000000000007"])
io_uring_enter(r2, 0xb15, 0x0, 0x0, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000300)={r1})

1.241200323s ago: executing program 4 (id=7311):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x0, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b405000000000000711041000000"], &(0x7f0000003ff6)='GPL\x00', 0x0, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x42, '\x00', 0x0, 0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x8}, 0x10}, 0x90)
bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x5, 0xfffffffe)
sendmsg$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_buf(r1, 0x29, 0x6, &(0x7f0000000140), 0x300)
preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x800)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = gettid()
prctl$PR_SET_PTRACER(0x59616d61, r2)
r3 = inotify_init1(0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
fcntl$getownex(r3, 0x10, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
dup(0xffffffffffffffff)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="440000001000090400"/19, @ANYRES32=0x0, @ANYBLOB="00000000401000002400128009000100626f6e64000000001400028008000a000000000008000b00", @ANYRES32=0x0, @ANYBLOB="4a5f6f8edc451fd2fc55d1ea46bed8863fac0b542765f782f2b33faf55022ff93c58aad5056f0010afdcaacc6a66e1e812"], 0x44}}, 0x0)
ptrace$getregs(0xe, 0x0, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
io_setup(0x222, &(0x7f0000000180)=<r5=>0x0)
io_submit(r5, 0x0, 0x0)

1.240834187s ago: executing program 3 (id=7312):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
socket(0x18, 0xa, 0x1000)
r1 = syz_open_dev$video4linux(&(0x7f0000000040), 0x10000, 0x0)
ioctl$CAPI_REGISTER(r1, 0xc0585604, &(0x7f0000000140)={0x2})
socket$packet(0x11, 0x2, 0x300)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000100))
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000400)={&(0x7f0000000000)=""/74, 0x32b000, 0x1000}, 0x81)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x4)
close(r3)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000140)="5c00000011006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac004000202080002000300010004000200eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}, {&(0x7f0000000240)="e5a64b1de69ad8ca0a0856698424883c9e8178b472525d3a7f0b46f78366dcbadc5fd602ac748b8ee5b2eb33c6b98750918e76e4fffa5c8ad8a7e67596c6f293642b70695d5fff81a9f22f5b646397040452d12fce99b943fc153f82591cfc5824b0ed3e98131fb1cb7f22d4a5a7acaf9debae6372fbecd5e5e0fff49fb8a8434ee2fe16976f20d9ae33b89af46033f90de3dabbb2703310e38263a411d29622acb45e032f6b76039c5f0851500aa23bd4dbd7e025a125857a1b24fca59949f483ba78d4c2962bc1a1a3a4e71933e577b52183ec6ad7e49497a7f48772c281382859011b7cb93de7d21adc67ae39ee1acd8381", 0xf3}, {&(0x7f00000001c0)="d3acc69731a03f194d08d8db8c80a53454a3d2af93279afbd2e97aa0b230070002000082310c7fdfe2fb6d", 0x2b}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r6 = socket$unix(0x1, 0x5, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000080)=0x100000001, 0x4)
connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f0000000540), 0x4)
setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x303, 0x37}, "475566172f45f011", "bd14060000000000000092f94413582b", "a4774ec6", "15b188e5e74e13ed"}, 0x28)
r8 = dup2(r6, r5)
close_range(r8, 0xffffffffffffffff, 0x0)

164.391711ms ago: executing program 1 (id=7313):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000180)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000200)=[{0x6}]})
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0)
shutdown(0xffffffffffffffff, 0x0)

8.479838ms ago: executing program 0 (id=7314):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00222200000096231306e53f070c0000002a9000070d00be0083"], 0x0}, 0x0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[], 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
setrlimit(0x2, &(0x7f00000000c0)={0x2, 0x2400000})
mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000001000/0x1000)=nil)
r4 = socket$inet6(0xa, 0x80002, 0x0)
sendmmsg$inet(r4, &(0x7f0000000880)=[{{&(0x7f0000000040)={0x2, 0x1, @dev}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000900)="e4f9aabcdc885746f079f3927e64da27008753aaa40539ce410c697224a939514662b2a0e6f641294ce6c0541d2936addd2aee32de2878dffe07f25811d71151a2408f65d14b4743ca0a24da7d8cd58341ef97b398b6eb452246430bd92a280ae9b88173d819abcf28d77ef7b5381950f518bc89a876a10b6233ac6958477d486f6ab556c6f68040c3196eb31543ce56d4fd6cab6cac3c9e1572f3393de5880ac74041008cfa5669a380260a5c229fcfc3b5a7ab39e02b78a04404b645d79125a53fb56aa3376fb145125309a753dd099f4e7bcbed08264c84a96afbd5727bd2851df243ebaa208bfc4fc552a953645ed97893c556c67f6d35c13a088ac03144ad7897a36cd73dcddc6b36a7ef1a72f066c4e0f9b242a2215b2a942634e472ba16ed34d032a1c09ae37687efed42898d62346f774e248f89b65e3288568fa17ad1ac763a49386d9420a997dd4b71d53279c1f2b8fbbaa9a46ab2d59edd69baf64382fb39bb85367a5e82138eb9135d65073fc092a0b18b010ab6215fcdbce646837d959621704862b16c19202cd2ce9bd5271ecefb4d76d25a8ba7ba820bdf25a37bff949df7b433499c2a0e1fa2cd69ad9a26e0d91ed726b271a715646496a474828ef7735c07726ceb97a6e890137562a098614abe609e99721ba21eda01e6018db80e29f1d3f42460724cf061abdac03905abf298b310838140d5b6b968b91c5a85f4ea6e4954dae5c53c338d1a65052f7b874438aa5bb429c7d973bd028f61bce9bbeb85d358a665eb290ddbb329a56480e019aef4304516ad55046f7b51a8ca044e510b07962b15e734081b7c224cd9de873507aa00d7f3cb13ad768ab92b247dcf405301991e5d445303b890bb7e972d9f3ef4537887c7f53737f265a4c8b9dfa789e2dad8e8cb0b3f88036ac37071af73be99504769a4c42af83d2371db648cef1a429040dd7f652546588e20143a2f984a883cd7798ca8033847adb6212e0efef984eefffe31695c4d7eb48cbd300b366e14686aa51954f0ed66d982df18f75f58cbfe24b8082631e6ec31d5e36d3924bb6690e9661799af31786c731a023a91a549015690aa8c9df755882c6ec305bed415e7ea99df9b0a14c5b2c0a4bb991ebfb3eaef6e07336e2d51c6a2dddd88d6c411d257021161c09c89ad384698a76c8b3a3af0800b6957a868cd54c93c8f5b15d0793d57651d71f43960299ae47d4b5f72d4876b0d9bba2d1f67f07e0c1d3011e3745cc4b38479387573a7a8b2686040ff8f37ef0eb6e27ac180c7d937312ecb186c91361a5361ce297e3c6fe7acf9ac2b2e70f00181109bcd709d32ce1c88aac3e7fbf3b21d438f014fd2a31074ea1d81039a5a8d1b611796acb4f5e1c0afb08586f9b62090371933c4380952c62da7b77719d6be3a80c3bc01aea9fee7f3adce9e59af5fc3a83cc612d450e202d61b6f99d9859025b951fee1190e41e214b07d70b4c837bff0028efafdaefdbb791bdc8853d53085849b283a14603d1ce4dd205184628aaa51492e37c83095ebb2c89705f6b8745d512247636e724c439a053f4abd72c0e01f101121eaae4f3079ca5f2553221da250fe0e9e6659166cc18409ce88b132e70f7730afc8ad68c808b6e53c1bc1b0dc9155eb9f190b2993810e352fd54d9c63ba51f5122992de868239d3af97a61e4e5c7d4a4bca164e6ee100562c0564bc142e8625879cc1af9d5ddbab5d0659380621fc20bccd69d0afb3df71f98a624fc452547c3a756ed5894a928b5d6ec5c15f183b84f735a9b8c685c7f8fee1bd9be932bee62ddd1236ee01353e0f7bd815850900cbe7270f7f7a4c5f584713662d945e00ffb403471d40dc989e7d6ee631940d6eb71ab72db934298d83472d6c2a2173ea74aa1a2d589d74b0dc44098d89bc903e7a031a3569baa61858806c0e52248fca8ebb7e70acdde9e40796da68fe5dd874993d90adb40e058fb249be32be28b715b0cf4321f2342b756ff93c90e4a114603ed28ca5353f8c19883d3e2c2270781a0224e6b1b3951fbb4925afe0b6f40b231f4adc66223a9b53b21006fdc38f4396dd74e6af9399ce53d5de98130077424eed1606a8dedfaf40500821b9ddb23f976fc7657fd130f0b26ea8e89819323e13d44414ac9f045463fe1c948919232d42b9c1671c55b273b1f568efe23fab85002e845fac2fbf98c51d39032ef659140b4f9d8a37836a98ce62f3a1a0818fabf4adb3aae508ccf0611f98338e7768ae4033ef240af4e7dce0059c1deca6aae430ec235418154b4a434e35f4695032f857504e54fd3840d616b23206fd340b768eaba7cabf53c18d6654bb5e1227ef5f676e96eb8d682d29e217051fefb842c4df50c52f813dd7124bc7f35cc73b36ea439807022291e707241f7ff5b38a7493c07e719632f54d9a5e06069770c1d6041c440af92b969c05fa780633249f148e523443cdfc1b551ed7225e8fcbfa0fef72fdb6c36f71e796947c6bcad1966f072b3689d38e13533f25e244f685fbd4843426fed6f2", 0x701}], 0x1}}], 0x1, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
read$hidraw(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$evdev(0x0, 0x0, 0x200040)

0s ago: executing program 4 (id=7315):
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
socket$alg(0x26, 0x5, 0x0)
socket$kcm(0x10, 0x0, 0x10)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newqdisc={0xbc, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x8c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x28, 0x2, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_CMD={0x5}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0xe}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x80}]}]}]}}]}, 0xbc}}, 0x0)

kernel console output (not intermixed with test programs):

tes leftover after parsing attributes in process `syz.4.7005'.
[ 2159.924513][ T5328] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[ 2159.964298][ T9985] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 2159.994117][ T9985] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[ 2160.049684][ T9985] usb 2-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[ 2160.095991][T15060] netlink: 4616 bytes leftover after parsing attributes in process `syz.4.7005'.
[ 2160.104049][ T9985] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2160.106941][ T5328] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[ 2160.136683][T15060] netlink: 4616 bytes leftover after parsing attributes in process `syz.4.7005'.
[ 2160.178345][ T9985] usb 2-1: config 0 descriptor??
[ 2160.184120][ T5328] em28xx 1-1:0.0: board has no eeprom
[ 2160.274087][ T5328] em28xx 1-1:0.0: Identified as Kaiomy TVnPC U2 (card=63)
[ 2160.284112][ T5328] em28xx 1-1:0.0: analog set to bulk mode.
[ 2160.299978][T12464] em28xx 1-1:0.0: Registering V4L2 extension
[ 2160.397229][ T9985] hdpvr 2-1:0.0: unexpected answer of status request, len 0
[ 2160.418631][ T5328] usb 1-1: USB disconnect, device number 11
[ 2160.441920][ T5328] em28xx 1-1:0.0: Disconnecting em28xx
[ 2160.456893][ T9985] hdpvr 2-1:0.0: device init failed
[ 2160.492992][ T9985] hdpvr 2-1:0.0: probe with driver hdpvr failed with error -12
[ 2160.631159][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[ 2160.645411][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[ 2160.914406][T12464] i2c i2c-1: Invalid 7-bit I2C address 0x00
[ 2161.058432][T15020] ɶƣ0GC�: entered promiscuous mode
[ 2161.153787][T12464] tuner: 1-0061: Tuner -1 found with type(s) Radio TV.
[ 2161.636913][T12464] DVB: Unable to find symbol xc2028_attach()
[ 2161.690703][T12464] tuner: 1-0061: Tuner has no way to set tv freq
[ 2161.741036][T12464] em28xx 1-1:0.0: Config register raw data: 0xffffffed
[ 2161.785799][T12464] em28xx 1-1:0.0: AC97 chip type couldn't be determined
[ 2161.816881][ T9985] usb 3-1: USB disconnect, device number 103
[ 2161.853629][T12464] em28xx 1-1:0.0: No AC97 audio processor
[ 2161.879221][T12464] tuner: 1-0061: Tuner has no way to set tv freq
[ 2162.008575][T21044] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2162.027120][T12464] em28xx 1-1:0.0: Registered radio device as radio32
[ 2162.076466][T12464] usb 1-1: Decoder not found
[ 2162.134212][T12464] em28xx 1-1:0.0: failed to create media graph
[ 2162.195007][T12464] em28xx 1-1:0.0: V4L2 device radio32 deregistered
[ 2162.268053][T12464] em28xx 1-1:0.0: V4L2 device video71 deregistered
[ 2162.359765][T12464] em28xx 1-1:0.0: Registering input extension
[ 2162.391837][ T5328] em28xx 1-1:0.0: Closing input extension
[ 2162.422384][ T9985] usb 2-1: USB disconnect, device number 112
[ 2162.498933][  T691] usb 5-1: USB disconnect, device number 104
[ 2162.541053][ T5328] em28xx 1-1:0.0: Freeing device
[ 2162.649067][T21044] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2163.215952][T29601] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[ 2163.228547][T21044] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2163.260711][T15159] program syz.2.7014 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 2163.322499][T12464] usb 2-1: new high-speed USB device number 113 using dummy_hcd
[ 2163.424169][T29601] usb 4-1: Using ep0 maxpacket: 32
[ 2163.432668][T29601] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2163.485541][T21044] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2163.504257][T29601] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 2163.543365][T29601] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2163.568082][T12464] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 2163.587423][T29601] usb 4-1: config 0 descriptor??
[ 2163.595195][T12464] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2163.597946][T29601] hub 4-1:0.0: bad descriptor, ignoring hub
[ 2163.647892][T29601] hub 4-1:0.0: probe with driver hub failed with error -5
[ 2163.649513][T12464] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 2163.660917][T29601] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[ 2163.754141][T12464] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2163.820388][T12464] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 2163.861157][T12464] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 2163.923723][T12464] usb 2-1: Product: syz
[ 2163.972760][T12464] usb 2-1: Manufacturer: syz
[ 2164.002290][T21044] bridge_slave_1: left allmulticast mode
[ 2164.007360][T12464] cdc_wdm 2-1:1.0: skipping garbage
[ 2164.034933][T12464] cdc_wdm 2-1:1.0: skipping garbage
[ 2164.045776][T21044] bridge_slave_1: left promiscuous mode
[ 2164.067671][T21044] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2164.095981][T12464] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[ 2164.112698][ T4618] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 2164.128800][ T4618] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 2164.143214][T12464] cdc_wdm 2-1:1.0: Unknown control protocol
[ 2164.143274][ T4618] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 2164.173499][ T4618] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 2164.183635][ T4618] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 2164.194522][ T4618] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 2164.195503][T21044] bridge_slave_0: left allmulticast mode
[ 2164.344036][T21044] bridge_slave_0: left promiscuous mode
[ 2164.381098][T21044] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2165.207366][  T691] usb 2-1: USB disconnect, device number 113
[ 2165.492943][T15230] netlink: 60 bytes leftover after parsing attributes in process `syz.2.7019'.
[ 2166.080193][ T5279] usb 4-1: USB disconnect, device number 12
[ 2166.294811][T28663] Bluetooth: hci1: command tx timeout
[ 2166.461595][T21044] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2166.504993][T21044] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2166.544849][T21044] bond0 (unregistering): Released all slaves
[ 2167.932636][T12464] usb 3-1: new high-speed USB device number 104 using dummy_hcd
[ 2168.145283][T12464] usb 3-1: Using ep0 maxpacket: 8
[ 2168.158021][T21044] hsr_slave_0: left promiscuous mode
[ 2168.196155][T21044] hsr_slave_1: left promiscuous mode
[ 2168.216338][T12464] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 2168.237576][T21044] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2168.253971][T12464] usb 3-1: can't read configurations, error -61
[ 2168.270994][T21044] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2168.299834][T21044] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2168.326244][T21044] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2168.374353][T28663] Bluetooth: hci1: command tx timeout
[ 2168.433811][T21044] veth1_macvtap: left promiscuous mode
[ 2168.441723][T12464] usb 3-1: new high-speed USB device number 105 using dummy_hcd
[ 2168.494701][T21044] veth0_macvtap: left promiscuous mode
[ 2168.501253][T21044] veth1_vlan: left promiscuous mode
[ 2168.527294][T21044] veth0_vlan: left promiscuous mode
[ 2168.694466][T12464] usb 3-1: Using ep0 maxpacket: 8
[ 2168.706754][T12464] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 2168.771159][T12464] usb 3-1: can't read configurations, error -61
[ 2168.804667][T12464] usb usb3-port1: attempt power cycle
[ 2169.316038][ T8422] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[ 2169.334266][T12464] usb 3-1: new high-speed USB device number 106 using dummy_hcd
[ 2169.388576][ T4618] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 2169.402281][T12464] usb 3-1: Using ep0 maxpacket: 8
[ 2169.414931][ T4618] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 2169.439512][ T4618] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 2169.452302][T12464] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 2169.462783][ T4618] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 2169.484103][T12464] usb 3-1: can't read configurations, error -61
[ 2169.484193][ T4618] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 2169.502352][ T4618] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 2169.537688][ T8422] usb 4-1: Using ep0 maxpacket: 32
[ 2169.556803][ T8422] usb 4-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[ 2169.575368][ T8422] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2169.594773][ T8422] usb 4-1: config 0 descriptor??
[ 2169.606361][ T8422] gspca_main: nw80x-2.14.0 probing 055f:d001
[ 2169.694502][T12464] usb 3-1: new high-speed USB device number 107 using dummy_hcd
[ 2169.764137][T12464] usb 3-1: Using ep0 maxpacket: 8
[ 2169.792801][T12464] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 2169.835560][T12464] usb 3-1: can't read configurations, error -61
[ 2169.865293][T12464] usb usb3-port1: unable to enumerate USB device
[ 2170.215659][   T29] kauditd_printk_skb: 4 callbacks suppressed
[ 2170.215719][   T29] audit: type=1326 audit(1722659405.427:2245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15304 comm="syz.3.7032" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb7e6f779f9 code=0x0
[ 2170.457658][ T4618] Bluetooth: hci1: command tx timeout
[ 2170.723369][T15330] netlink: 60 bytes leftover after parsing attributes in process `syz.2.7034'.
[ 2170.824729][ T8422] gspca_nw80x: reg_r err -110
[ 2170.832514][ T8422] nw80x 4-1:0.0: probe with driver nw80x failed with error -110
[ 2170.845041][T21044] team0 (unregistering): Port device team_slave_1 removed
[ 2170.992632][T21044] team0 (unregistering): Port device team_slave_0 removed
[ 2171.579506][ T4618] Bluetooth: hci3: command tx timeout
[ 2172.535361][ T4618] Bluetooth: hci1: command tx timeout
[ 2172.763312][T15196] chnl_net:caif_netlink_parms(): no params data found
[ 2173.015242][T12465] usb 4-1: USB disconnect, device number 13
[ 2173.653093][T21044] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2173.667126][ T4618] Bluetooth: hci3: command tx timeout
[ 2173.934671][T15494] netlink: 36 bytes leftover after parsing attributes in process `syz.2.7038'.
[ 2173.954191][T15318] chnl_net:caif_netlink_parms(): no params data found
[ 2174.128414][T21044] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2174.172110][T15196] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2174.201561][T15196] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2174.244869][T15196] bridge_slave_0: entered allmulticast mode
[ 2174.252548][T15196] bridge_slave_0: entered promiscuous mode
[ 2174.301098][T15196] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2174.330719][T15196] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2174.355167][T15196] bridge_slave_1: entered allmulticast mode
[ 2174.378498][T15196] bridge_slave_1: entered promiscuous mode
[ 2174.583763][T21044] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2174.837416][T21044] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2175.076719][T15196] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2175.186625][T15196] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2175.522087][   T29] audit: type=1326 audit(1722659410.727:2246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15706 comm="syz.3.7049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7e6f779f9 code=0x7ffc0000
[ 2175.645963][   T29] audit: type=1326 audit(1722659410.727:2247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15706 comm="syz.3.7049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7e6f779f9 code=0x7ffc0000
[ 2175.734108][ T4618] Bluetooth: hci3: command tx timeout
[ 2175.741119][   T29] audit: type=1326 audit(1722659410.727:2248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15706 comm="syz.3.7049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb7e6f779f9 code=0x7ffc0000
[ 2175.765817][   T29] audit: type=1326 audit(1722659410.727:2249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15706 comm="syz.3.7049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7e6f779f9 code=0x7ffc0000
[ 2175.812079][T15196] team0: Port device team_slave_0 added
[ 2175.824040][   T29] audit: type=1326 audit(1722659410.757:2250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15706 comm="syz.3.7049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb7e6f779f9 code=0x7ffc0000
[ 2175.855074][T15318] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2175.863483][T15318] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2175.875068][T12464] usb 2-1: new high-speed USB device number 114 using dummy_hcd
[ 2175.886779][   T29] audit: type=1326 audit(1722659410.757:2251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15706 comm="syz.3.7049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7e6f779f9 code=0x7ffc0000
[ 2175.913004][T15318] bridge_slave_0: entered allmulticast mode
[ 2175.931887][   T29] audit: type=1326 audit(1722659410.757:2252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15706 comm="syz.3.7049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7e6f779f9 code=0x7ffc0000
[ 2175.956476][T15318] bridge_slave_0: entered promiscuous mode
[ 2175.972882][   T29] audit: type=1326 audit(1722659410.757:2253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15706 comm="syz.3.7049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb7e6f79817 code=0x7ffc0000
[ 2176.055826][T15196] team0: Port device team_slave_1 added
[ 2176.083293][   T29] audit: type=1326 audit(1722659410.757:2254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15706 comm="syz.3.7049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fb7e6f7978c code=0x7ffc0000
[ 2176.106934][T12464] usb 2-1: Using ep0 maxpacket: 8
[ 2176.127884][T12464] usb 2-1: New USB device found, idVendor=061d, idProduct=c120, bcdDevice=e3.67
[ 2176.150555][T12464] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2176.175493][T12464] usb 2-1: config 0 descriptor??
[ 2176.187807][   T29] audit: type=1326 audit(1722659410.757:2255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15706 comm="syz.3.7049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fb7e6f796c4 code=0x7ffc0000
[ 2176.195685][T15318] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2176.215233][T12464] quatech2 2-1:0.0: Quatech 2nd gen USB to Serial Driver converter detected
[ 2176.294436][T15318] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2176.334732][T15318] bridge_slave_1: entered allmulticast mode
[ 2176.359076][T15318] bridge_slave_1: entered promiscuous mode
[ 2176.755654][T15196] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2176.774569][T15196] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2176.903171][T15196] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2177.036030][T15318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2177.216658][T15196] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2177.253747][T15196] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2177.331893][T15196] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2177.389322][T15318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2177.586272][ T4618] Bluetooth: hci5: command tx timeout
[ 2177.587197][T12464] usb 2-1: qt2_attach - failed to power on unit: -71
[ 2177.636317][T21044] bridge_slave_1: left allmulticast mode
[ 2177.642010][T21044] bridge_slave_1: left promiscuous mode
[ 2177.698197][T12464] quatech2 2-1:0.0: probe with driver quatech2 failed with error -71
[ 2177.786666][T21044] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2177.814154][T28663] Bluetooth: hci3: command tx timeout
[ 2177.816507][T12464] usb 2-1: USB disconnect, device number 114
[ 2177.913838][T21044] bridge_slave_0: left allmulticast mode
[ 2177.968299][T21044] bridge_slave_0: left promiscuous mode
[ 2177.992696][T21044] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2179.572341][T21044] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2179.602430][T21044] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2179.645833][T21044] bond0 (unregistering): Released all slaves
[ 2179.660766][T28663] Bluetooth: hci5: command 0x0406 tx timeout
[ 2179.864749][T15318] team0: Port device team_slave_0 added
[ 2179.896268][T21044] ɶƣ0GC�: left promiscuous mode
[ 2180.013420][ T5279] usb 3-1: new high-speed USB device number 108 using dummy_hcd
[ 2180.162980][T15318] team0: Port device team_slave_1 added
[ 2180.224160][ T5279] usb 3-1: Using ep0 maxpacket: 32
[ 2180.250136][ T5279] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[ 2180.270837][ T5279] usb 3-1: config 0 has no interface number 0
[ 2180.274496][T15196] hsr_slave_0: entered promiscuous mode
[ 2180.291535][ T5279] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2180.326882][T15196] hsr_slave_1: entered promiscuous mode
[ 2180.345297][ T5279] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2180.358651][ T5279] usb 3-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[ 2180.365309][T15951] xt_CONNSECMARK: invalid mode: 0
[ 2180.369750][ T5279] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2180.372851][T15196] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2180.372877][T15196] Cannot create hsr debugfs directory
[ 2180.465931][ T5279] usb 3-1: config 0 descriptor??
[ 2180.621006][ T9687] usb 2-1: new high-speed USB device number 115 using dummy_hcd
[ 2180.661488][T15318] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2180.703821][T15318] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2180.804230][T15318] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2180.850571][T15318] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2180.879067][T15318] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2180.895647][ T9687] usb 2-1: New USB device found, idVendor=0547, idProduct=6801, bcdDevice=43.6f
[ 2180.974505][ T9687] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2180.983912][T15318] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2181.047698][ T9687] usb 2-1: Product: syz
[ 2181.114559][ T9687] usb 2-1: Manufacturer: syz
[ 2181.120127][ T9687] usb 2-1: SerialNumber: syz
[ 2181.159496][ T9687] usb 2-1: config 0 descriptor??
[ 2181.174374][ T5279] uclogic 0003:28BD:0094.008A: pen parameters not found
[ 2181.183025][ T5279] uclogic 0003:28BD:0094.008A: interface is invalid, ignoring
[ 2181.211476][ T9687] gspca_main: touptek-2.14.0 probing 0547:6801
[ 2181.270047][ T5279] usb 3-1: USB disconnect, device number 108
[ 2181.768983][T15318] hsr_slave_0: entered promiscuous mode
[ 2181.790626][T15318] hsr_slave_1: entered promiscuous mode
[ 2181.818878][T15318] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2181.829610][T15318] Cannot create hsr debugfs directory
[ 2181.882056][T21044] hsr_slave_0: left promiscuous mode
[ 2181.901698][T21044] hsr_slave_1: left promiscuous mode
[ 2181.919075][T21044] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2181.961857][T21044] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2181.998056][T21044] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2182.032494][T21044] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2182.254698][T21044] veth1_macvtap: left promiscuous mode
[ 2182.260273][T21044] veth0_macvtap: left promiscuous mode
[ 2182.303051][T21044] veth1_vlan: left promiscuous mode
[ 2182.326711][T21044] veth0_vlan: left promiscuous mode
[ 2183.315341][T12465] usb 2-1: USB disconnect, device number 115
[ 2184.604737][T21044] team0 (unregistering): Port device team_slave_1 removed
[ 2184.816449][T21044] team0 (unregistering): Port device team_slave_0 removed
[ 2186.730993][T16112] netlink: 152 bytes leftover after parsing attributes in process `syz.3.7072'.
[ 2186.824518][T16114] sch_tbf: burst 1 is lower than device lo mtu (65550) !
[ 2186.990095][T16132] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7073'.
[ 2187.150059][T16165] fuse: Bad value for 'fd'
[ 2187.228479][T16158] team0: mtu less than device minimum
[ 2189.558326][T15196] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 2189.632050][T15196] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 2189.769755][T15196] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 2189.825800][T15196] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 2190.463172][T15196] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2190.508426][T15196] 8021q: adding VLAN 0 to HW filter on device team0
[ 2190.577596][ T9687] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2190.585625][ T9687] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2190.643759][ T9687] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2190.652298][ T9687] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2190.721944][T16330] netlink: 152 bytes leftover after parsing attributes in process `syz.2.7082'.
[ 2191.107020][T15318] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 2191.167714][T15318] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 2191.236387][T16352] team0: mtu less than device minimum
[ 2191.276736][T15318] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 2191.285549][T16357] fuse: Bad value for 'fd'
[ 2191.335799][T15318] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 2191.651219][T15196] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2192.017732][T15196] veth0_vlan: entered promiscuous mode
[ 2192.129004][T15318] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2192.223673][T15318] 8021q: adding VLAN 0 to HW filter on device team0
[ 2192.262229][T15196] veth1_vlan: entered promiscuous mode
[ 2192.289528][ T5328] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2192.296730][ T5328] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2192.363916][ T5328] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2192.371080][ T5328] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2192.534920][T15196] veth0_macvtap: entered promiscuous mode
[ 2192.578163][T15196] veth1_macvtap: entered promiscuous mode
[ 2192.679577][T15196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2192.732176][T15196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2192.762692][T15196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2192.802392][T15196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2192.835578][T15196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2192.884056][T15196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2192.917350][T15196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2192.959239][T15196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2192.994127][T15196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2193.026664][T15196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2193.057825][T15196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2193.083996][T15196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2193.123731][T15196] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2193.173656][T15196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2193.223925][T15196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2193.274339][T15196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2193.307042][T15196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2193.331620][T15196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2193.355079][T15196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2193.385297][ T4618] Bluetooth: hci5: Malformed MSFT vendor event: 0x02
[ 2193.391474][T15196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2193.404187][ T4618] Bluetooth: hci5: SCO packet for unknown connection handle 14
[ 2193.436217][T15196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2193.477443][   T29] kauditd_printk_skb: 60 callbacks suppressed
[ 2193.477460][   T29] audit: type=1326 audit(1722659428.677:2316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16403 comm="syz.1.7094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccaed779f9 code=0x7ffc0000
[ 2193.526315][T15196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2193.563925][T15196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2193.593404][   T29] audit: type=1326 audit(1722659428.677:2317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16403 comm="syz.1.7094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=301 compat=0 ip=0x7fccaed779f9 code=0x7ffc0000
[ 2193.619074][T15196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2193.652658][T15196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2193.684968][   T29] audit: type=1326 audit(1722659428.677:2318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16403 comm="syz.1.7094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccaed779f9 code=0x7ffc0000
[ 2193.710089][T15196] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2193.776024][T15196] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2193.815250][T15196] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2193.826529][   T29] audit: type=1326 audit(1722659428.677:2319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16403 comm="syz.1.7094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccaed779f9 code=0x7ffc0000
[ 2193.884109][T15196] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2193.923635][T15196] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2193.948659][   T29] audit: type=1326 audit(1722659428.677:2320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16403 comm="syz.1.7094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fccaed779f9 code=0x7ffc0000
[ 2194.021124][T15318] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2194.050434][T16416] FAULT_INJECTION: forcing a failure.
[ 2194.050434][T16416] name failslab, interval 1, probability 0, space 0, times 0
[ 2194.065996][   T29] audit: type=1326 audit(1722659428.677:2321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16403 comm="syz.1.7094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccaed779f9 code=0x7ffc0000
[ 2194.122189][T16416] CPU: 0 UID: 0 PID: 16416 Comm: syz.3.7095 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 2194.133001][T16416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 2194.143068][T16416] Call Trace:
[ 2194.146367][T16416]  <TASK>
[ 2194.149307][T16416]  dump_stack_lvl+0x241/0x360
[ 2194.154010][T16416]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2194.159230][T16416]  ? __pfx__printk+0x10/0x10
[ 2194.163836][T16416]  ? fs_reclaim_acquire+0x93/0x140
[ 2194.168963][T16416]  ? __pfx___might_resched+0x10/0x10
[ 2194.174274][T16416]  should_fail_ex+0x3b0/0x4e0
[ 2194.178985][T16416]  ? tomoyo_encode+0x26f/0x540
[ 2194.183766][T16416]  should_failslab+0xac/0x100
[ 2194.188466][T16416]  ? tomoyo_encode+0x26f/0x540
[ 2194.193246][T16416]  __kmalloc_noprof+0xd8/0x400
[ 2194.198033][T16416]  tomoyo_encode+0x26f/0x540
[ 2194.202650][T16416]  tomoyo_realpath_from_path+0x59e/0x5e0
[ 2194.208319][T16416]  tomoyo_path_number_perm+0x23a/0x880
[ 2194.213810][T16416]  ? tomoyo_path_number_perm+0x208/0x880
[ 2194.219466][T16416]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2194.225511][T16416]  ? __fget_files+0x29/0x470
[ 2194.230125][T16416]  ? __fget_files+0x3f6/0x470
[ 2194.234822][T16416]  ? __fget_files+0x29/0x470
[ 2194.239445][T16416]  security_file_ioctl+0x75/0xb0
[ 2194.244405][T16416]  __se_sys_ioctl+0x47/0x170
[ 2194.249018][T16416]  do_syscall_64+0xf3/0x230
[ 2194.253542][T16416]  ? clear_bhb_loop+0x35/0x90
[ 2194.258243][T16416]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2194.264157][T16416] RIP: 0033:0x7fb7e6f779f9
[ 2194.268590][T16416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2194.288219][T16416] RSP: 002b:00007fb7e7db1048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2194.296658][T16416] RAX: ffffffffffffffda RBX: 00007fb7e7105f80 RCX: 00007fb7e6f779f9
[ 2194.304648][T16416] RDX: 0000000020000e80 RSI: 000000004008744b RDI: 0000000000000003
[ 2194.312631][T16416] RBP: 00007fb7e7db10a0 R08: 0000000000000000 R09: 0000000000000000
[ 2194.320616][T16416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2194.328599][T16416] R13: 000000000000000b R14: 00007fb7e7105f80 R15: 00007fb7e722fa38
[ 2194.336605][T16416]  </TASK>
[ 2194.345882][   T29] audit: type=1326 audit(1722659428.677:2322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16403 comm="syz.1.7094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccaed779f9 code=0x7ffc0000
[ 2194.444151][   T29] audit: type=1326 audit(1722659428.687:2323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16403 comm="syz.1.7094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fccaed779f9 code=0x7ffc0000
[ 2194.515323][T16416] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2194.542746][   T29] audit: type=1326 audit(1722659428.687:2324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16403 comm="syz.1.7094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccaed779f9 code=0x7ffc0000
[ 2194.576510][   T29] audit: type=1326 audit(1722659428.687:2325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16403 comm="syz.1.7094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7fccaed779f9 code=0x7ffc0000
[ 2194.748963][T15318] veth0_vlan: entered promiscuous mode
[ 2194.813302][T15318] veth1_vlan: entered promiscuous mode
[ 2194.911453][T16442] team0: mtu less than device minimum
[ 2194.965425][  T140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2194.973573][T16442] fuse: Bad value for 'fd'
[ 2195.020349][  T140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2195.197438][T19256] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2195.242686][T19256] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2195.267081][T15318] veth0_macvtap: entered promiscuous mode
[ 2195.321252][T15318] veth1_macvtap: entered promiscuous mode
[ 2195.386799][T12465] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[ 2195.496371][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2195.540436][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2195.594009][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2195.606548][T12465] usb 4-1: Using ep0 maxpacket: 16
[ 2195.627432][T12465] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2195.644131][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2195.674491][T12465] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2195.684671][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2195.703473][T12465] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 2195.724926][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2195.740303][T12465] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 2195.927384][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2195.949447][T12465] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2195.961463][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2195.986399][T12465] usb 4-1: config 0 descriptor??
[ 2196.002358][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2196.033919][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2196.068688][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2196.113312][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2196.139221][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2196.178648][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2196.231821][ T9687] usb 2-1: new full-speed USB device number 116 using dummy_hcd
[ 2196.275904][T15318] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2196.483202][ T9687] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2196.557070][ T9687] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 2196.622141][ T9687] usb 2-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[ 2196.707980][ T9687] usb 2-1: New USB device found, idVendor=413c, idProduct=81d1, bcdDevice=fb.93
[ 2196.744443][ T9687] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2196.800976][ T9687] usb 2-1: Product: syz
[ 2196.830070][ T9687] usb 2-1: Manufacturer: syz
[ 2196.859380][ T9687] usb 2-1: SerialNumber: syz
[ 2196.934547][ T9687] usb 2-1: config 0 descriptor??
[ 2197.665115][T12465] usbhid 4-1:0.0: can't add hid device: -71
[ 2197.702956][T12465] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 2197.794630][T12465] usb 4-1: USB disconnect, device number 14
[ 2197.815734][T16471] syz.1.7099: attempt to access beyond end of device
[ 2197.815734][T16471] md102: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 2198.817389][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2198.881019][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2198.944026][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2199.019906][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2199.067004][T12465] usb 2-1: USB disconnect, device number 116
[ 2199.107454][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2199.157064][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2199.214086][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2199.273980][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2199.338674][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2199.372218][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2199.462654][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2199.591437][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2199.721277][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2199.764014][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2199.764271][T12465] usb 3-1: new high-speed USB device number 109 using dummy_hcd
[ 2199.815652][T16549] fuse: Bad value for 'fd'
[ 2199.837128][T15318] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2199.930796][T16548] team0: mtu less than device minimum
[ 2199.991662][T15318] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2200.062047][T15318] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2200.091691][T12465] usb 3-1: Using ep0 maxpacket: 32
[ 2200.122754][T15318] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2200.150524][T15318] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2200.178300][T12465] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 2200.259859][T16555] dvmrp0: entered allmulticast mode
[ 2200.351766][T12465] usb 3-1: New USB device found, idVendor=0c72, idProduct=0011, bcdDevice= 9.75
[ 2200.363698][T16554] dvmrp0: left allmulticast mode
[ 2200.427011][T12465] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2200.484398][T12465] usb 3-1: Product: syz
[ 2200.489414][T12465] usb 3-1: Manufacturer: syz
[ 2200.569660][T12465] usb 3-1: SerialNumber: syz
[ 2200.629591][T12465] usb 3-1: config 0 descriptor??
[ 2200.843335][T16566] FAULT_INJECTION: forcing a failure.
[ 2200.843335][T16566] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2200.860604][T16566] CPU: 0 UID: 0 PID: 16566 Comm: syz.1.7110 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 2200.871398][T16566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 2200.881471][T16566] Call Trace:
[ 2200.884764][T16566]  <TASK>
[ 2200.887710][T16566]  dump_stack_lvl+0x241/0x360
[ 2200.892415][T16566]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2200.897643][T16566]  ? __pfx__printk+0x10/0x10
[ 2200.902255][T16566]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 2200.908267][T16566]  ? shmem_get_folio_gfp+0x19c7/0x2370
[ 2200.913758][T16566]  should_fail_ex+0x3b0/0x4e0
[ 2200.918467][T16566]  copy_page_from_iter_atomic+0x54d/0x1aa0
[ 2200.924311][T16566]  ? __pfx_copy_page_from_iter_atomic+0x10/0x10
[ 2200.930576][T16566]  ? shmem_write_begin+0x23f/0x4d0
[ 2200.935709][T16566]  ? __pfx_shmem_write_begin+0x10/0x10
[ 2200.941199][T16566]  generic_perform_write+0x4a1/0x840
[ 2200.946598][T16566]  ? __pfx_generic_perform_write+0x10/0x10
[ 2200.952413][T16566]  ? mnt_put_write_access_file+0xc2/0x100
[ 2200.958141][T16566]  ? file_update_time+0x3b8/0x430
[ 2200.963178][T16566]  shmem_file_write_iter+0xfc/0x120
[ 2200.968386][T16566]  do_iter_readv_writev+0x60a/0x890
[ 2200.973610][T16566]  ? __pfx_do_iter_readv_writev+0x10/0x10
[ 2200.979343][T16566]  ? rcu_read_lock_any_held+0xb7/0x160
[ 2200.984823][T16566]  vfs_writev+0x37c/0xbb0
[ 2200.989169][T16566]  ? __pfx_lock_acquire+0x10/0x10
[ 2200.994196][T16566]  ? __pfx_vfs_writev+0x10/0x10
[ 2200.999061][T16566]  ? __fget_files+0x29/0x470
[ 2201.003671][T16566]  __se_sys_pwritev2+0x1ca/0x2d0
[ 2201.008616][T16566]  ? __pfx___se_sys_pwritev2+0x10/0x10
[ 2201.014081][T16566]  ? do_syscall_64+0x100/0x230
[ 2201.018884][T16566]  ? __x64_sys_pwritev2+0x21/0xf0
[ 2201.023925][T16566]  do_syscall_64+0xf3/0x230
[ 2201.028437][T16566]  ? clear_bhb_loop+0x35/0x90
[ 2201.033109][T16566]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2201.039008][T16566] RIP: 0033:0x7fccaed779f9
[ 2201.043424][T16566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2201.063042][T16566] RSP: 002b:00007fccafbb3048 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 2201.071458][T16566] RAX: ffffffffffffffda RBX: 00007fccaef05f80 RCX: 00007fccaed779f9
[ 2201.079438][T16566] RDX: 000000000000003a RSI: 0000000020000240 RDI: 0000000000000006
[ 2201.087408][T16566] RBP: 00007fccafbb30a0 R08: 0000000000000000 R09: 0000000000000003
[ 2201.095371][T16566] R10: 0000000000001400 R11: 0000000000000246 R12: 0000000000000002
[ 2201.103339][T16566] R13: 000000000000000b R14: 00007fccaef05f80 R15: 00007fccaf02fa38
[ 2201.111316][T16566]  </TASK>
[ 2201.332664][T16537] wg1: entered promiscuous mode
[ 2201.490657][T12465] peak_usb 3-1:0.0 can0: unable to request usb[type=0 value=1] err=-71
[ 2201.599008][T12465] peak_usb 3-1:0.0: unable to read PCAN-USB Pro FD firmware info (err -71)
[ 2202.006245][T12465] peak_usb 3-1:0.0: probe with driver peak_usb failed with error -71
[ 2202.106916][T12465] usb 3-1: USB disconnect, device number 109
[ 2202.217894][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2202.293956][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2202.499861][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2202.554864][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2203.213488][ T9687] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[ 2203.454139][T12465] usb 5-1: new high-speed USB device number 105 using dummy_hcd
[ 2203.487704][ T9687] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[ 2203.519413][ T9687] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2203.564695][ T9687] usb 4-1: config 0 has no interfaces?
[ 2203.592998][ T9687] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 2203.634095][ T9687] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 2203.727092][T12465] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 2203.738231][ T9687] usb 4-1: Manufacturer: syz
[ 2203.758280][   T29] audit: type=1326 audit(1722659438.967:2326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16641 comm="syz.2.7117" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x0
[ 2203.807327][T12465] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2203.831294][T16646] netlink: 152 bytes leftover after parsing attributes in process `syz.0.7118'.
[ 2203.861447][ T9687] usb 4-1: config 0 descriptor??
[ 2203.923447][T12465] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 2204.061711][T12465] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2204.120891][T12465] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 2204.133605][T12465] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 2204.444495][T12465] usb 5-1: Product: syz
[ 2204.467741][T12465] usb 5-1: Manufacturer: syz
[ 2204.577513][T12465] cdc_wdm 5-1:1.0: skipping garbage
[ 2204.583824][T12465] cdc_wdm 5-1:1.0: skipping garbage
[ 2205.109206][T12465] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[ 2205.207151][T12465] cdc_wdm 5-1:1.0: Unknown control protocol
[ 2205.484383][T16672] team0: mtu less than device minimum
[ 2205.698527][T16680] fuse: Bad value for 'fd'
[ 2205.978642][T29601] usb 4-1: USB disconnect, device number 15
[ 2206.159199][ T5279] usb 5-1: USB disconnect, device number 105
[ 2206.561735][T16704] sctp: [Deprecated]: syz.3.7124 (pid 16704) Use of int in max_burst socket option deprecated.
[ 2206.561735][T16704] Use struct sctp_assoc_value instead
[ 2207.505726][T12465] usb 5-1: new high-speed USB device number 106 using dummy_hcd
[ 2207.568755][T16725] syzkaller1: entered promiscuous mode
[ 2207.629377][T16725] syzkaller1: entered allmulticast mode
[ 2207.678238][   T29] audit: type=1326 audit(1722659442.867:2327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16730 comm="syz.2.7130" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x0
[ 2207.764008][T12465] usb 5-1: Using ep0 maxpacket: 8
[ 2207.794526][T12465] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[ 2207.842853][T12465] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 2207.910749][T12465] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 2207.978793][T12465] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2208.058236][T12465] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 2208.113190][T12465] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2208.127768][T16738] netlink: 152 bytes leftover after parsing attributes in process `syz.0.7131'.
[ 2208.527802][T12465] usb 5-1: GET_CAPABILITIES returned 0
[ 2208.576009][T12465] usbtmc 5-1:16.0: can't read capabilities
[ 2209.426723][T12465] usb 5-1: USB disconnect, device number 106
[ 2213.574137][ T4618] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[ 2213.585845][ T4618] Bluetooth: hci0: Injecting HCI hardware error event
[ 2213.598586][T28663] Bluetooth: hci0: hardware error 0x00
[ 2213.709802][T29601] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[ 2213.775153][T12465] usb 5-1: new high-speed USB device number 107 using dummy_hcd
[ 2213.934044][T29601] usb 1-1: Using ep0 maxpacket: 8
[ 2213.967991][T29601] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2213.997951][T29601] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2214.004178][T12465] usb 5-1: Using ep0 maxpacket: 8
[ 2214.043456][T12465] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2214.044212][   T29] audit: type=1326 audit(1722659449.227:2328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16816 comm="syz.3.7143" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb7e6f779f9 code=0x0
[ 2214.111804][T29601] usb 1-1: New USB device found, idVendor=056a, idProduct=00e5, bcdDevice= 0.00
[ 2214.132009][T12465] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2214.150782][T29601] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2214.192353][T29601] usb 1-1: config 0 descriptor??
[ 2214.194077][T12465] usb 5-1: New USB device found, idVendor=056a, idProduct=00e5, bcdDevice= 0.00
[ 2214.214212][ T5279] usb 2-1: new full-speed USB device number 117 using dummy_hcd
[ 2214.321787][T12465] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2214.409123][T12465] usb 5-1: config 0 descriptor??
[ 2214.451870][ T5279] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2214.519177][ T5279] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 2214.603250][   T29] audit: type=1326 audit(1722659449.777:2329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16821 comm="syz.2.7144" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x0
[ 2214.643233][ T5279] usb 2-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[ 2214.695206][ T5279] usb 2-1: New USB device found, idVendor=413c, idProduct=81d1, bcdDevice=fb.93
[ 2214.717295][ T5279] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2214.727795][ T5279] usb 2-1: Product: syz
[ 2214.732974][ T5279] usb 2-1: Manufacturer: syz
[ 2214.736270][T16829] netlink: 152 bytes leftover after parsing attributes in process `syz.3.7145'.
[ 2214.742494][ T5279] usb 2-1: SerialNumber: syz
[ 2214.790017][ T5279] usb 2-1: config 0 descriptor??
[ 2215.077254][T16828] fuse: Bad value for 'fd'
[ 2215.437708][T16811] syz.1.7142: attempt to access beyond end of device
[ 2215.437708][T16811] md102: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 2215.734709][T28663] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[ 2215.964505][T16798] fuse: Bad value for 'fd'
[ 2216.887630][T29601] usbhid 1-1:0.0: can't add hid device: -71
[ 2216.925787][T29601] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 2217.053642][T29601] usb 1-1: USB disconnect, device number 12
[ 2217.139564][ T5328] usb 2-1: USB disconnect, device number 117
[ 2217.584101][T12465] usbhid 5-1:0.0: can't add hid device: -71
[ 2217.597052][T12465] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 2217.633171][T12465] usb 5-1: USB disconnect, device number 107
[ 2217.704166][T29601] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[ 2217.947102][T29601] usb 1-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[ 2217.978997][T29601] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2218.019823][T29601] usb 1-1: config 0 descriptor??
[ 2218.041386][T29601] gspca_main: STV06xx-2.14.0 probing 046d:0870
[ 2218.064136][ T5279] usb 2-1: new high-speed USB device number 118 using dummy_hcd
[ 2218.167236][T16901] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2218.244316][T12465] usb 5-1: new high-speed USB device number 108 using dummy_hcd
[ 2218.261016][ T5279] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2218.362185][ T5279] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2218.416398][ T5279] usb 2-1: too many endpoints for config 1 interface 1 altsetting 255: 255, using maximum allowed: 30
[ 2218.464052][T12465] usb 5-1: Using ep0 maxpacket: 32
[ 2218.470652][ T5279] usb 2-1: config 1 interface 1 altsetting 255 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2218.491730][T12465] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 2218.511281][ T5279] usb 2-1: config 1 interface 1 altsetting 255 bulk endpoint 0x3 has invalid maxpacket 0
[ 2218.572641][ T5279] usb 2-1: config 1 interface 1 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 255
[ 2218.585468][T12465] usb 5-1: New USB device found, idVendor=0c72, idProduct=0011, bcdDevice= 9.75
[ 2218.614306][T12465] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2218.646473][T12465] usb 5-1: Product: syz
[ 2218.663852][ T5279] usb 2-1: config 1 interface 1 has no altsetting 1
[ 2218.665134][T12465] usb 5-1: Manufacturer: syz
[ 2218.695579][ T5279] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2218.721265][T12465] usb 5-1: SerialNumber: syz
[ 2218.739878][ T5279] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2218.764144][ T5279] usb 2-1: Product: syz
[ 2218.769333][ T5279] usb 2-1: Manufacturer: syz
[ 2218.778743][T12465] usb 5-1: config 0 descriptor??
[ 2218.821779][ T5279] usb 2-1: SerialNumber: syz
[ 2218.877895][ T5279] usb 2-1: selecting invalid altsetting 1
[ 2219.062211][T16891] wg1: entered promiscuous mode
[ 2219.091424][T16918] PKCS7: Unknown OID: [4] 2.19.0.2.86.14.43(bad)
[ 2219.142917][T16918] PKCS7: Only support pkcs7_signedData type
[ 2219.176335][T12465] peak_usb 5-1:0.0 can0: unable to request usb[type=0 value=1] err=-71
[ 2219.232850][T12465] peak_usb 5-1:0.0: unable to read PCAN-USB Pro FD firmware info (err -71)
[ 2219.263506][T29601] usb 1-1: USB disconnect, device number 13
[ 2219.302751][ T5279] cdc_ncm 2-1:1.0: failed GET_NTB_PARAMETERS
[ 2219.333578][ T5279] cdc_ncm 2-1:1.0: bind() failure
[ 2219.390256][ T5279] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[ 2219.416248][T12465] peak_usb 5-1:0.0: probe with driver peak_usb failed with error -71
[ 2219.424486][ T5279] cdc_ncm 2-1:1.1: bind() failure
[ 2219.496451][T12465] usb 5-1: USB disconnect, device number 108
[ 2220.834272][  T691] usb 5-1: new full-speed USB device number 109 using dummy_hcd
[ 2221.090132][T16960] syzkaller1: entered promiscuous mode
[ 2221.120326][  T691] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2221.215855][  T691] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 2221.269450][T16960] syzkaller1: entered allmulticast mode
[ 2221.288626][T12465] usb 2-1: USB disconnect, device number 118
[ 2221.296726][  T691] usb 5-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[ 2221.473404][  T691] usb 5-1: New USB device found, idVendor=413c, idProduct=81d1, bcdDevice=fb.93
[ 2221.564603][  T691] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2221.627986][  T691] usb 5-1: Product: syz
[ 2221.633022][  T691] usb 5-1: Manufacturer: syz
[ 2221.674114][  T691] usb 5-1: SerialNumber: syz
[ 2221.735256][  T691] usb 5-1: config 0 descriptor??
[ 2222.059133][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[ 2222.067085][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[ 2222.175588][T16950] syz.4.7160: attempt to access beyond end of device
[ 2222.175588][T16950] md102: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 2223.372297][ T5279] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[ 2223.704710][  T691] usb 5-1: USB disconnect, device number 109
[ 2223.710570][ T5279] usb 1-1: New USB device found, idVendor=a766, idProduct=7cb5, bcdDevice=55.3a
[ 2223.789099][ T5279] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2223.885235][ T5279] usb 1-1: config 0 descriptor??
[ 2223.938789][ T5279] usb-storage 1-1:0.0: USB Mass Storage device detected
[ 2224.355127][T17030] netlink: 152 bytes leftover after parsing attributes in process `syz.3.7173'.
[ 2224.501140][T17032] PKCS7: Unknown OID: [4] 2.19.0.2.86.14.43(bad)
[ 2224.543193][T17032] PKCS7: Only support pkcs7_signedData type
[ 2225.868351][  T691] usb 3-1: new high-speed USB device number 110 using dummy_hcd
[ 2226.140260][  T690] usb 1-1: USB disconnect, device number 14
[ 2226.157735][  T691] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 64, changing to 10
[ 2226.262583][  T691] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 2226.364246][  T691] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 2226.437917][  T691] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2226.504881][T17036] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 2226.689418][  T691] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[ 2228.220459][T17094] netlink: 152 bytes leftover after parsing attributes in process `syz.4.7187'.
[ 2228.514218][  T691] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[ 2228.798221][  T691] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 2228.843662][  T691] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[ 2228.955280][  T691] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 2229.075045][  T691] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[ 2229.154118][  T691] usb 4-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[ 2229.224036][  T691] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2229.252071][  T691] usb 4-1: config 0 descriptor??
[ 2229.274135][T29601] usb 2-1: new high-speed USB device number 119 using dummy_hcd
[ 2229.497668][ T5279] usb 3-1: USB disconnect, device number 110
[ 2229.505334][  T691] hdpvr 4-1:0.0: firmware version 0x5b dated �7vi0�
[ 2229.505334][  T691] �����pY3���LR������<�<��$�4���
[ 2229.505399][T29601] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 2229.583751][  T691] hdpvr 4-1:0.0: untested firmware, the driver might not work.
[ 2229.623038][T29601] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2229.669300][T29601] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 2229.685980][T29601] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2229.745420][T29601] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 2229.765804][T29601] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 2229.784662][T29601] usb 2-1: Product: syz
[ 2229.800115][T29601] usb 2-1: Manufacturer: syz
[ 2229.829749][T29601] cdc_wdm 2-1:1.0: skipping garbage
[ 2229.845614][T29601] cdc_wdm 2-1:1.0: skipping garbage
[ 2229.874953][T29601] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[ 2229.888545][T29601] cdc_wdm 2-1:1.0: Unknown control protocol
[ 2230.431931][T17110] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2230.454854][T17110] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2230.487749][T17155] tmpfs: Unknown parameter 'n�GK.e
[ 2230.487749][T17155] ���	٣7�]X����#�'
[ 2230.531387][T17163] netlink: 56 bytes leftover after parsing attributes in process `syz.0.7196'.
[ 2230.838263][T12465] usb 5-1: new high-speed USB device number 110 using dummy_hcd
[ 2230.944434][ T5328] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[ 2231.037606][  T691] hdpvr 4-1:0.0: device init failed
[ 2231.051118][  T691] hdpvr 4-1:0.0: probe with driver hdpvr failed with error -12
[ 2231.094748][T12465] usb 5-1: Using ep0 maxpacket: 8
[ 2231.111560][  T691] usb 4-1: USB disconnect, device number 16
[ 2231.152791][T12465] usb 5-1: config 0 has an invalid descriptor of length 129, skipping remainder of the config
[ 2231.165746][  T690] usb 3-1: new high-speed USB device number 111 using dummy_hcd
[ 2231.214199][ T5328] usb 1-1: Using ep0 maxpacket: 16
[ 2231.220817][T12465] usb 5-1: too many endpoints for config 0 interface 0 altsetting 1: 34, using maximum allowed: 30
[ 2231.255422][ T5328] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2231.274058][T12465] usb 5-1: config 0 interface 0 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 34
[ 2231.294673][ T5328] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2231.310102][ T5328] usb 1-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00
[ 2231.328765][T12465] usb 5-1: config 0 interface 0 has no altsetting 0
[ 2231.369280][T12465] usb 5-1: New USB device found, idVendor=093a, idProduct=8003, bcdDevice= 0.00
[ 2231.381062][ T5328] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2231.394049][T12465] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2231.410984][ T5328] usb 1-1: config 0 descriptor??
[ 2231.425752][  T690] usb 3-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=90.0a
[ 2231.476499][  T690] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2231.512819][T12465] usb 5-1: config 0 descriptor??
[ 2231.583072][  T690] usb 3-1: config 0 descriptor??
[ 2231.623666][  T690] gspca_main: sn9c2028-2.14.0 probing 0c45:8001
[ 2231.894916][ T5328] bigben 0003:146B:0902.008B: unexpected rdesc, please submit for review
[ 2231.925671][T17159] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2231.980364][ T5328] bigben 0003:146B:0902.008B: item fetching failed at offset 1/5
[ 2231.990137][  T690] gspca_sn9c2028: read1 error -32
[ 2232.003210][T17159] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2232.039908][  T690] gspca_sn9c2028: read1 error -71
[ 2232.124154][ T5328] bigben 0003:146B:0902.008B: parse failed
[ 2232.145114][ T5328] bigben 0003:146B:0902.008B: probe with driver bigben failed with error -22
[ 2232.171705][  T690] gspca_sn9c2028: read1 error -71
[ 2232.197185][  T690] sn9c2028 3-1:0.0: probe with driver sn9c2028 failed with error -71
[ 2232.227848][    C1] wdm_int_callback: 17 callbacks suppressed
[ 2232.227870][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 2232.240395][    C1] wdm_int_callback: 17 callbacks suppressed
[ 2232.240410][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 2232.250144][ T5328] usb 1-1: USB disconnect, device number 15
[ 2232.255969][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 2232.265283][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 2232.272030][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 2232.278657][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 2232.287552][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 2232.294176][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 2232.302887][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 2232.309513][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 2232.318381][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 2232.325012][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 2232.333736][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 2232.340358][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 2232.349072][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 2232.355702][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 2232.388587][  T690] usb 3-1: USB disconnect, device number 111
[ 2232.399385][T29601] usb 2-1: USB disconnect, device number 119
[ 2233.544084][T12465] usb 5-1: string descriptor 0 read error: -71
[ 2233.598952][T12465] usb 5-1: USB disconnect, device number 110
[ 2236.956148][T17236] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7202'.
[ 2237.146071][    C0] vxcan0: j1939_xtp_rx_dat: no tx connection found
[ 2237.153980][    C0] vxcan0: j1939_xtp_rx_dat: no rx connection found
[ 2237.162069][    C0] vxcan0: j1939_xtp_rx_dat: no tx connection found
[ 2237.169695][    C0] vxcan0: j1939_xtp_rx_dat: no rx connection found
[ 2237.177522][    C0] vxcan0: j1939_xtp_rx_dat: no tx connection found
[ 2237.185400][    C0] vxcan0: j1939_xtp_rx_dat: no rx connection found
[ 2237.937608][ T2939] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2238.408526][ T2939] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2238.455083][T29601] usb 2-1: new high-speed USB device number 120 using dummy_hcd
[ 2238.522247][T17279] netlink: 36 bytes leftover after parsing attributes in process `syz.2.7207'.
[ 2238.656135][ T2939] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2238.717221][T29601] usb 2-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=90.0a
[ 2238.737732][T29601] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2238.808845][T29601] usb 2-1: config 0 descriptor??
[ 2238.882105][T29601] gspca_main: sn9c2028-2.14.0 probing 0c45:8001
[ 2239.086182][T29601] gspca_sn9c2028: read1 error -32
[ 2239.129705][ T2939] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2239.144233][T29601] gspca_sn9c2028: read1 error -71
[ 2239.165397][T29601] gspca_sn9c2028: read1 error -71
[ 2239.171510][T29601] sn9c2028 2-1:0.0: probe with driver sn9c2028 failed with error -71
[ 2239.257750][ T4618] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 2239.261241][T29601] usb 2-1: USB disconnect, device number 120
[ 2239.276749][ T4618] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 2239.289670][ T4618] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 2239.307724][ T4618] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 2239.325312][ T4618] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 2239.333996][ T4618] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 2240.054403][ T2939] bridge_slave_1: left allmulticast mode
[ 2240.099321][ T2939] bridge_slave_1: left promiscuous mode
[ 2240.164817][ T2939] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2240.254638][ T2939] bridge_slave_0: left allmulticast mode
[ 2240.274627][ T2939] bridge_slave_0: left promiscuous mode
[ 2240.281702][ T2939] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2240.504197][T12465] usb 2-1: new high-speed USB device number 121 using dummy_hcd
[ 2240.804283][T12465] usb 2-1: Using ep0 maxpacket: 32
[ 2240.840925][T12465] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 2240.920576][T12465] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 2240.970404][T12465] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 2241.068434][T12465] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 2241.119679][T12465] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2241.186158][T12465] usb 2-1: config 0 descriptor??
[ 2241.222568][T17346] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 2241.288687][T12465] hub 2-1:0.0: USB hub found
[ 2241.414670][T28663] Bluetooth: hci1: command tx timeout
[ 2241.536478][T12465] hub 2-1:0.0: config failed, can't read hub descriptor (err -22)
[ 2241.799918][T12465] usbhid 2-1:0.0: can't add hid device: -32
[ 2241.828522][T12465] usbhid 2-1:0.0: probe with driver usbhid failed with error -32
[ 2242.124514][ T5328] usb 5-1: new high-speed USB device number 111 using dummy_hcd
[ 2242.377380][ T5328] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2242.405753][ T5328] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2242.436992][ T5328] usb 5-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[ 2242.471343][ T5328] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2242.501739][ T5328] usb 5-1: config 0 descriptor??
[ 2242.654607][ T2939] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2242.695730][ T2939] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2242.736970][ T2939] bond0 (unregistering): Released all slaves
[ 2242.820543][T17357] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7218'.
[ 2242.976392][ T5328] hid-thrustmaster 0003:044F:B65D.008C: unknown main item tag 0x0
[ 2243.028512][ T5328] hid-thrustmaster 0003:044F:B65D.008C: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.4-1/input0
[ 2243.066262][ T5328] hid-thrustmaster 0003:044F:B65D.008C: Wrong number of endpoints?
[ 2243.375002][    C0] hid-thrustmaster 0003:044F:B65D.008C: URB to get model id failed with error -71
[ 2243.394788][ T9687] usb 5-1: USB disconnect, device number 111
[ 2243.432597][T17389] FAULT_INJECTION: forcing a failure.
[ 2243.432597][T17389] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2243.469361][ T8422] usb 2-1: USB disconnect, device number 121
[ 2243.494319][ T4618] Bluetooth: hci1: command tx timeout
[ 2243.521601][T17394] netlink: 104 bytes leftover after parsing attributes in process `syz.3.7222'.
[ 2243.684837][T17389] CPU: 1 UID: 0 PID: 17389 Comm: syz.2.7221 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 2243.695655][T17389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 2243.705720][T17389] Call Trace:
[ 2243.709085][T17389]  <TASK>
[ 2243.712032][T17389]  dump_stack_lvl+0x241/0x360
[ 2243.716736][T17389]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2243.721956][T17389]  ? __pfx__printk+0x10/0x10
[ 2243.726566][T17389]  ? __pfx_lock_release+0x10/0x10
[ 2243.731604][T17389]  ? __lock_acquire+0x137a/0x2040
[ 2243.736653][T17389]  should_fail_ex+0x3b0/0x4e0
[ 2243.741356][T17389]  _copy_from_user+0x2f/0xe0
[ 2243.745964][T17389]  kstrtouint_from_user+0xc6/0x190
[ 2243.751101][T17389]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 2243.756841][T17389]  ? __pfx_lock_acquire+0x10/0x10
[ 2243.761895][T17389]  proc_fail_nth_write+0xaa/0x2d0
[ 2243.766935][T17389]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 2243.772845][T17389]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 2243.778503][T17389]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 2243.784151][T17389]  vfs_write+0x2a2/0xc90
[ 2243.788414][T17389]  ? __pfx_vfs_write+0x10/0x10
[ 2243.793193][T17389]  ? __fget_files+0x29/0x470
[ 2243.797801][T17389]  ? __fget_files+0x3f6/0x470
[ 2243.802512][T17389]  ksys_write+0x1a0/0x2c0
[ 2243.806869][T17389]  ? __pfx_ksys_write+0x10/0x10
[ 2243.811732][T17389]  ? do_syscall_64+0x100/0x230
[ 2243.816517][T17389]  ? do_syscall_64+0xb6/0x230
[ 2243.821214][T17389]  do_syscall_64+0xf3/0x230
[ 2243.825739][T17389]  ? clear_bhb_loop+0x35/0x90
[ 2243.830430][T17389]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2243.836341][T17389] RIP: 0033:0x7f4fea3764df
[ 2243.840769][T17389] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8d 02 00 48
[ 2243.860386][T17389] RSP: 002b:00007f4feb203040 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 2243.868814][T17389] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4fea3764df
[ 2243.876799][T17389] RDX: 0000000000000001 RSI: 00007f4feb2030b0 RDI: 0000000000000007
[ 2243.884781][T17389] RBP: 00007f4feb2030a0 R08: 0000000000000000 R09: 0000000000000000
[ 2243.892756][T17389] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 2243.900738][T17389] R13: 000000000000000b R14: 00007f4fea505f80 R15: 00007f4fea62fa38
[ 2243.908739][T17389]  </TASK>
[ 2244.221375][T17458] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 2244.507065][T17458] input: syz0 as /devices/virtual/input/input91
[ 2244.617119][ T4618] Bluetooth: hci5: command 0x0406 tx timeout
[ 2244.886023][T17508] Cannot find set identified by id 0 to match
[ 2244.942798][ T2939] hsr_slave_0: left promiscuous mode
[ 2245.065422][ T2939] hsr_slave_1: left promiscuous mode
[ 2245.174466][ T2939] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2245.183387][ T2939] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2245.259552][ T2939] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2245.307270][ T2939] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2245.584060][T28663] Bluetooth: hci1: command tx timeout
[ 2245.689936][ T2939] veth1_macvtap: left promiscuous mode
[ 2245.734141][ T2939] veth0_macvtap: left promiscuous mode
[ 2245.741043][ T2939] veth1_vlan: left promiscuous mode
[ 2245.798986][ T2939] veth0_vlan: left promiscuous mode
[ 2247.659095][T28663] Bluetooth: hci1: command tx timeout
[ 2249.004979][ T2939] team0 (unregistering): Port device team_slave_1 removed
[ 2249.237317][ T2939] team0 (unregistering): Port device team_slave_0 removed
[ 2249.272715][T17554] FAULT_INJECTION: forcing a failure.
[ 2249.272715][T17554] name failslab, interval 1, probability 0, space 0, times 0
[ 2249.288368][T17554] CPU: 1 UID: 0 PID: 17554 Comm: syz.1.7236 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 2249.299156][T17554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 2249.309226][T17554] Call Trace:
[ 2249.312514][T17554]  <TASK>
[ 2249.315457][T17554]  dump_stack_lvl+0x241/0x360
[ 2249.320196][T17554]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2249.325419][T17554]  ? __pfx__printk+0x10/0x10
[ 2249.330027][T17554]  ? fs_reclaim_acquire+0x93/0x140
[ 2249.335154][T17554]  ? __pfx___might_resched+0x10/0x10
[ 2249.340456][T17554]  should_fail_ex+0x3b0/0x4e0
[ 2249.345163][T17554]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[ 2249.350900][T17554]  should_failslab+0xac/0x100
[ 2249.355603][T17554]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[ 2249.361343][T17554]  __kmalloc_noprof+0xd8/0x400
[ 2249.366118][T17554]  ? kfree+0x4e/0x360
[ 2249.370111][T17554]  tomoyo_realpath_from_path+0xcf/0x5e0
[ 2249.375681][T17554]  tomoyo_path_number_perm+0x23a/0x880
[ 2249.381163][T17554]  ? tomoyo_path_number_perm+0x208/0x880
[ 2249.386807][T17554]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2249.392840][T17554]  ? __fget_files+0x29/0x470
[ 2249.397450][T17554]  ? __fget_files+0x3f6/0x470
[ 2249.402145][T17554]  ? __fget_files+0x29/0x470
[ 2249.406755][T17554]  security_file_ioctl+0x75/0xb0
[ 2249.411704][T17554]  __se_sys_ioctl+0x47/0x170
[ 2249.416314][T17554]  do_syscall_64+0xf3/0x230
[ 2249.420831][T17554]  ? clear_bhb_loop+0x35/0x90
[ 2249.425518][T17554]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2249.431427][T17554] RIP: 0033:0x7fccaed779f9
[ 2249.435852][T17554] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2249.455467][T17554] RSP: 002b:00007fccafbb3048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2249.463904][T17554] RAX: ffffffffffffffda RBX: 00007fccaef05f80 RCX: 00007fccaed779f9
[ 2249.471883][T17554] RDX: 0000000020000280 RSI: 0000000040605346 RDI: 0000000000000003
[ 2249.479861][T17554] RBP: 00007fccafbb30a0 R08: 0000000000000000 R09: 0000000000000000
[ 2249.487836][T17554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2249.495814][T17554] R13: 000000000000000b R14: 00007fccaef05f80 R15: 00007fccaf02fa38
[ 2249.503810][T17554]  </TASK>
[ 2249.552164][T17554] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2251.184063][ T5322] usb 2-1: new high-speed USB device number 122 using dummy_hcd
[ 2251.457267][ T5322] usb 2-1: Using ep0 maxpacket: 16
[ 2251.485831][ T5322] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2251.529752][ T5322] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2251.557724][ T5322] usb 2-1: New USB device found, idVendor=05ac, idProduct=027d, bcdDevice= 0.00
[ 2251.591425][ T5322] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2251.660717][ T5322] usb 2-1: config 0 descriptor??
[ 2251.680303][T17530] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7230'.
[ 2251.786481][T17298] chnl_net:caif_netlink_parms(): no params data found
[ 2251.899573][T17561] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2251.950465][T17561] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2251.975551][ T5322] apple 0003:05AC:027D.008D: hidraw0: USB HID v0.00 Device [HID 05ac:027d] on usb-dummy_hcd.1-1/input0
[ 2252.165125][ T9985] usb 2-1: USB disconnect, device number 122
[ 2252.206956][T17618] rdma_op ffff88802d60e1f0 conn xmit_rdma 0000000000000000
[ 2252.817717][T17298] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2252.902134][T17298] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2252.931297][T17298] bridge_slave_0: entered allmulticast mode
[ 2253.036283][T17298] bridge_slave_0: entered promiscuous mode
[ 2253.076991][ T8422] usb 3-1: new full-speed USB device number 112 using dummy_hcd
[ 2253.085486][T17298] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2253.085664][T17298] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2253.085941][T17298] bridge_slave_1: entered allmulticast mode
[ 2253.096096][T17298] bridge_slave_1: entered promiscuous mode
[ 2254.754335][ T5322] usb 5-1: new low-speed USB device number 112 using dummy_hcd
[ 2255.957222][T17298] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2256.391220][T17298] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2257.068086][ T8422] usb 3-1: device descriptor read/all, error -71
[ 2257.450341][T17298] team0: Port device team_slave_0 added
[ 2257.518013][T17298] team0: Port device team_slave_1 added
[ 2257.783072][T17298] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2257.830679][T17298] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2257.994783][T17298] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2258.059201][T17298] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2258.102717][T17298] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2258.174327][ T5279] usb 2-1: new low-speed USB device number 123 using dummy_hcd
[ 2258.288083][T17298] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2258.390995][T17774] netlink: 152 bytes leftover after parsing attributes in process `syz.4.7246'.
[ 2258.437125][ T5279] usb 2-1: unable to get BOS descriptor set
[ 2258.516686][ T5279] usb 2-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[ 2258.887989][T17298] hsr_slave_0: entered promiscuous mode
[ 2258.924925][T17298] hsr_slave_1: entered promiscuous mode
[ 2258.984287][T17298] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2259.003623][T17298] Cannot create hsr debugfs directory
[ 2259.514176][ T5322] usb 3-1: new high-speed USB device number 114 using dummy_hcd
[ 2259.794822][ T5322] usb 3-1: Using ep0 maxpacket: 16
[ 2259.852460][ T5322] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2259.888910][  T690] usb 5-1: new high-speed USB device number 113 using dummy_hcd
[ 2259.944284][ T5322] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2260.009088][ T5322] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 2260.099911][ T5322] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 2260.144439][  T690] usb 5-1: Using ep0 maxpacket: 16
[ 2260.161363][ T5322] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2260.195770][  T690] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2260.262273][ T5322] usb 3-1: config 0 descriptor??
[ 2260.281398][  T690] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2260.356532][  T690] usb 5-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00
[ 2260.434413][  T690] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2260.549832][  T690] usb 5-1: config 0 descriptor??
[ 2260.595295][ T5279] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2260.661238][ T5279] usb 2-1: New USB device strings: Mfr=1, Product=18, SerialNumber=3
[ 2260.764763][ T5279] usb 2-1: can't set config #1, error -71
[ 2260.826711][ T5279] usb 2-1: USB disconnect, device number 123
[ 2260.879194][ T5322] microsoft 0003:045E:07DA.008E: unknown main item tag 0x0
[ 2260.947831][ T5322] microsoft 0003:045E:07DA.008E: unknown main item tag 0x0
[ 2260.989733][ T5322] microsoft 0003:045E:07DA.008E: unknown main item tag 0x0
[ 2261.084659][ T5322] microsoft 0003:045E:07DA.008E: unknown main item tag 0x0
[ 2261.093519][ T5322] microsoft 0003:045E:07DA.008E: unknown main item tag 0x0
[ 2261.094932][T17842] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2261.194200][ T5322] microsoft 0003:045E:07DA.008E: unknown main item tag 0x0
[ 2261.238712][ T5322] microsoft 0003:045E:07DA.008E: unknown main item tag 0x0
[ 2261.260902][T17842] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2261.284685][ T5322] microsoft 0003:045E:07DA.008E: unknown main item tag 0x0
[ 2261.354464][ T5322] microsoft 0003:045E:07DA.008E: unknown main item tag 0x0
[ 2261.392482][ T5322] microsoft 0003:045E:07DA.008E: unknown main item tag 0x0
[ 2261.400408][T17842] mmap: syz.2.7247 (17842): VmData 37462016 exceed data ulimit 2. Update limits or use boot option ignore_rlimit_data.
[ 2261.504966][T28663] Bluetooth: hci5: unexpected event for opcode 0x0404
[ 2261.699059][T17944] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7250'.
[ 2261.857448][ T5322] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.008E/input/input92
[ 2261.900131][ T5322] microsoft 0003:045E:07DA.008E: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[ 2262.054936][ T5322] usb 3-1: USB disconnect, device number 114
[ 2262.364803][  T690] usbhid 5-1:0.0: can't add hid device: -71
[ 2262.371978][  T690] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 2262.468762][T17298] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 2262.542687][  T690] usb 5-1: USB disconnect, device number 113
[ 2262.769523][T17298] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 2262.895230][T17298] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 2263.006315][T17298] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 2263.179131][T17995] netlink: 152 bytes leftover after parsing attributes in process `syz.4.7253'.
[ 2263.826651][T17298] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2263.915688][ T4618] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 2263.935713][ T4618] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 2263.947104][ T4618] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 2263.982008][ T4618] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 2264.008692][ T4618] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[ 2264.024383][ T4618] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 2264.151669][T18008] FAULT_INJECTION: forcing a failure.
[ 2264.151669][T18008] name failslab, interval 1, probability 0, space 0, times 0
[ 2264.178338][T18008] CPU: 1 UID: 0 PID: 18008 Comm: syz.2.7255 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 2264.189152][T18008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 2264.199227][T18008] Call Trace:
[ 2264.202527][T18008]  <TASK>
[ 2264.205474][T18008]  dump_stack_lvl+0x241/0x360
[ 2264.210184][T18008]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2264.215416][T18008]  ? __pfx__printk+0x10/0x10
[ 2264.220034][T18008]  ? fs_reclaim_acquire+0x93/0x140
[ 2264.225177][T18008]  ? __pfx___might_resched+0x10/0x10
[ 2264.230491][T18008]  should_fail_ex+0x3b0/0x4e0
[ 2264.235202][T18008]  ? tomoyo_encode+0x26f/0x540
[ 2264.239989][T18008]  should_failslab+0xac/0x100
[ 2264.244699][T18008]  ? tomoyo_encode+0x26f/0x540
[ 2264.249488][T18008]  __kmalloc_noprof+0xd8/0x400
[ 2264.254278][T18008]  tomoyo_encode+0x26f/0x540
[ 2264.258903][T18008]  tomoyo_realpath_from_path+0x59e/0x5e0
[ 2264.264578][T18008]  tomoyo_path_number_perm+0x23a/0x880
[ 2264.270067][T18008]  ? tomoyo_path_number_perm+0x208/0x880
[ 2264.275728][T18008]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2264.281772][T18008]  ? __fget_files+0x29/0x470
[ 2264.286389][T18008]  ? __fget_files+0x3f6/0x470
[ 2264.291087][T18008]  ? __fget_files+0x29/0x470
[ 2264.295705][T18008]  security_file_ioctl+0x75/0xb0
[ 2264.300665][T18008]  __se_sys_ioctl+0x47/0x170
[ 2264.305280][T18008]  do_syscall_64+0xf3/0x230
[ 2264.309804][T18008]  ? clear_bhb_loop+0x35/0x90
[ 2264.314509][T18008]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2264.320429][T18008] RIP: 0033:0x7f4fea3779f9
[ 2264.324867][T18008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2264.344493][T18008] RSP: 002b:00007f4feb1e2048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2264.352935][T18008] RAX: ffffffffffffffda RBX: 00007f4fea506058 RCX: 00007f4fea3779f9
[ 2264.360924][T18008] RDX: 0000000000000000 RSI: 000000004008af24 RDI: 0000000000000007
[ 2264.368909][T18008] RBP: 00007f4feb1e20a0 R08: 0000000000000000 R09: 0000000000000000
[ 2264.376895][T18008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2264.384881][T18008] R13: 000000000000006e R14: 00007f4fea506058 R15: 00007f4fea62fa38
[ 2264.392883][T18008]  </TASK>
[ 2264.704532][T18008] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2264.956816][T17298] 8021q: adding VLAN 0 to HW filter on device team0
[ 2265.146461][ T5322] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2265.154921][ T5322] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2265.414807][T18040] sch_tbf: burst 1 is lower than device lo mtu (65550) !
[ 2265.576339][ T4618] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0
[ 2265.589403][ T4618] Bluetooth: hci5: Injecting HCI hardware error event
[ 2265.602950][T28663] Bluetooth: hci5: hardware error 0x00
[ 2265.840701][T12465] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2265.849202][T12465] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2266.145046][ T4618] Bluetooth: hci6: command tx timeout
[ 2267.113614][T17298] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2267.314098][T18017] chnl_net:caif_netlink_parms(): no params data found
[ 2267.477289][ T5279] usb 5-1: new high-speed USB device number 114 using dummy_hcd
[ 2267.714352][ T5279] usb 5-1: Using ep0 maxpacket: 16
[ 2267.734976][T28663] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[ 2267.763492][ T5279] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2267.788330][ T5279] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2267.825828][ T5279] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 2267.842973][ T5279] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 2267.854252][ T5279] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2267.891162][ T5279] usb 5-1: config 0 descriptor??
[ 2268.110515][T17298] veth0_vlan: entered promiscuous mode
[ 2268.214207][T28663] Bluetooth: hci6: command tx timeout
[ 2268.365841][ T5279] microsoft 0003:045E:07DA.008F: unknown main item tag 0x0
[ 2268.403587][ T5279] microsoft 0003:045E:07DA.008F: unknown main item tag 0x0
[ 2268.412685][ T5279] microsoft 0003:045E:07DA.008F: unknown main item tag 0x0
[ 2268.457640][ T5279] microsoft 0003:045E:07DA.008F: unknown main item tag 0x0
[ 2268.500102][ T5279] microsoft 0003:045E:07DA.008F: unknown main item tag 0x0
[ 2268.561406][T18147] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2268.577894][ T5279] microsoft 0003:045E:07DA.008F: unknown main item tag 0x0
[ 2268.634688][T18147] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2268.664554][ T5279] microsoft 0003:045E:07DA.008F: unknown main item tag 0x0
[ 2268.672941][ T5279] microsoft 0003:045E:07DA.008F: unknown main item tag 0x0
[ 2268.685848][T18017] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2268.734469][T18017] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2268.763507][ T5279] microsoft 0003:045E:07DA.008F: unknown main item tag 0x0
[ 2268.778782][T18017] bridge_slave_0: entered allmulticast mode
[ 2268.828133][ T5279] microsoft 0003:045E:07DA.008F: unknown main item tag 0x0
[ 2268.844367][T18017] bridge_slave_0: entered promiscuous mode
[ 2268.908272][T17298] veth1_vlan: entered promiscuous mode
[ 2268.964359][ T5279] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.008F/input/input93
[ 2268.998175][T18017] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2269.055545][ T5279] microsoft 0003:045E:07DA.008F: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[ 2269.074206][T18017] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2269.125334][T18017] bridge_slave_1: entered allmulticast mode
[ 2269.205036][T18017] bridge_slave_1: entered promiscuous mode
[ 2269.223744][ T5279] usb 5-1: USB disconnect, device number 114
[ 2269.883270][T18017] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2269.984121][T18017] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2270.282388][T18281] netlink: 36 bytes leftover after parsing attributes in process `syz.4.7261'.
[ 2270.305149][T28663] Bluetooth: hci6: command tx timeout
[ 2270.665835][T18017] team0: Port device team_slave_0 added
[ 2270.806813][T18017] team0: Port device team_slave_1 added
[ 2270.909369][  T690] IPVS: starting estimator thread 0...
[ 2271.065846][T18308] IPVS: using max 19 ests per chain, 45600 per kthread
[ 2271.148429][T18017] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2271.203939][T18017] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2271.363973][T18017] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2271.482260][T17298] veth0_macvtap: entered promiscuous mode
[ 2271.559056][T17298] veth1_macvtap: entered promiscuous mode
[ 2271.658200][T18339] netlink: 152 bytes leftover after parsing attributes in process `syz.4.7264'.
[ 2271.697826][T18017] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2271.737078][T18017] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2271.856644][T18017] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2271.904057][T18343] netlink: 'syz.2.7263': attribute type 21 has an invalid length.
[ 2271.992009][T18343] netlink: 132 bytes leftover after parsing attributes in process `syz.2.7263'.
[ 2272.283511][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2272.384464][T28663] Bluetooth: hci6: command tx timeout
[ 2272.386588][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2272.540346][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2272.619844][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2272.742382][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2272.824116][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2272.944690][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2272.998910][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2273.049896][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2273.109064][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2273.157694][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2273.234319][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2273.258107][ T9687] usb 5-1: new full-speed USB device number 115 using dummy_hcd
[ 2273.274092][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2273.364714][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2273.410528][T17298] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2273.639242][ T9687] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2273.683422][T18366] netlink: 104 bytes leftover after parsing attributes in process `syz.1.7269'.
[ 2273.734095][ T9687] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 2273.833974][ T9687] usb 5-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[ 2273.991455][ T9687] usb 5-1: New USB device found, idVendor=413c, idProduct=81d1, bcdDevice=fb.93
[ 2274.013540][T18017] hsr_slave_0: entered promiscuous mode
[ 2274.055280][ T9687] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2274.067345][T18017] hsr_slave_1: entered promiscuous mode
[ 2274.129193][ T9687] usb 5-1: Product: syz
[ 2274.144974][T18017] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2274.174613][ T9687] usb 5-1: Manufacturer: syz
[ 2274.180195][ T9687] usb 5-1: SerialNumber: syz
[ 2274.227365][T18017] Cannot create hsr debugfs directory
[ 2274.305811][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2274.340106][ T9687] usb 5-1: config 0 descriptor??
[ 2274.415359][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2274.487148][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2274.556340][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2274.634046][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2274.694594][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2274.745198][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2274.784097][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2274.839107][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2274.901800][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2274.941147][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2275.013381][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2275.077792][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2275.141156][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2275.208475][T17298] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2275.291787][T17298] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2275.314353][T18355] syz.4.7267: attempt to access beyond end of device
[ 2275.314353][T18355] md102: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 2275.373472][T17298] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2275.434105][T17298] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2275.501113][T17298] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2276.695133][T21044] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2276.760581][T29601] usb 5-1: USB disconnect, device number 115
[ 2276.764443][T21044] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2277.432828][T18017] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2277.592386][ T2462] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2277.634493][ T2462] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2278.006549][T18017] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2278.610642][T18017] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2279.008361][T18017] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2279.562942][T18526] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(13)
[ 2279.569609][T18526] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 2279.583702][T18526] vhci_hcd vhci_hcd.0: Device attached
[ 2279.724765][T18538] trusted_key: encrypted_key: insufficient parameters specified
[ 2279.872170][T18532] vhci_hcd: connection closed
[ 2279.876040][ T2462] vhci_hcd: stop threads
[ 2279.927399][ T2462] vhci_hcd: release socket
[ 2279.927558][ T2462] vhci_hcd: disconnect device
[ 2279.971728][T29601] usb 10-1: enqueue for inactive port 0
[ 2280.096118][T18017] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 2280.129724][T18017] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 2280.150613][T18017] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 2280.168603][T18017] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 2280.493977][T29601] usb usb10-port1: attempt power cycle
[ 2280.525201][  T690] usb 2-1: new high-speed USB device number 124 using dummy_hcd
[ 2280.737100][  T690] usb 2-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 1
[ 2280.791104][T18017] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2280.803690][  T690] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2280.874139][  T690] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[ 2280.918418][T18017] 8021q: adding VLAN 0 to HW filter on device team0
[ 2280.937499][T18557] FAULT_INJECTION: forcing a failure.
[ 2280.937499][T18557] name failslab, interval 1, probability 0, space 0, times 0
[ 2280.958121][  T690] usb 2-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[ 2280.971141][T18566] FAULT_INJECTION: forcing a failure.
[ 2280.971141][T18566] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2280.974959][  T690] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2280.995288][T18557] CPU: 1 UID: 0 PID: 18557 Comm: syz.2.7279 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 2280.995360][T18557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 2280.995374][T18557] Call Trace:
[ 2280.995383][T18557]  <TASK>
[ 2280.995393][T18557]  dump_stack_lvl+0x241/0x360
[ 2280.995427][T18557]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2280.995452][T18557]  ? __pfx__printk+0x10/0x10
[ 2280.995489][T18557]  should_fail_ex+0x3b0/0x4e0
[ 2280.995520][T18557]  ? __kvm_mmu_topup_memory_cache+0x1e3/0x6b0
[ 2280.995542][T18557]  should_failslab+0xac/0x100
[ 2280.995569][T18557]  ? __kvm_mmu_topup_memory_cache+0x1e3/0x6b0
[ 2280.995588][T18557]  kmem_cache_alloc_noprof+0x6c/0x2a0
[ 2280.995615][T18557]  __kvm_mmu_topup_memory_cache+0x1e3/0x6b0
[ 2280.995650][T18557]  kvm_mmu_load+0x115/0x26e0
[ 2280.995679][T18557]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 2280.995704][T18557]  ? __mutex_unlock_slowpath+0x21d/0x750
[ 2280.995736][T18557]  ? irqentry_exit+0x63/0x90
[ 2280.995758][T18557]  ? lockdep_hardirqs_on+0x99/0x150
[ 2280.995784][T18557]  ? __pfx_kvm_mmu_load+0x10/0x10
[ 2280.995821][T18557]  ? vmx_flush_tlb_all+0xba/0x3c0
[ 2280.995846][T18557]  ? vmx_flush_tlb_guest+0x1e5/0x310
[ 2280.995868][T18557]  ? __pfx_vmx_flush_tlb_guest+0x10/0x10
[ 2280.995893][T18557]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 2280.995921][T18557]  ? kvm_apic_has_interrupt+0x9d4/0xa70
[ 2280.995947][T18557]  ? vmx_get_nmi_mask+0xdf/0x1a0
[ 2280.995981][T18557]  vcpu_run+0x6c3d/0x88b0
[ 2280.996010][T18557]  ? __lock_acquire+0x137a/0x2040
[ 2280.996124][T18557]  ? __pfx_vcpu_run+0x10/0x10
[ 2280.996161][T18557]  ? __pfx_lock_acquire+0x10/0x10
[ 2280.996196][T18557]  ? trace_kvm_fpu+0x73/0x210
[ 2280.996220][T18557]  ? trace_kvm_fpu+0x4d/0x210
[ 2280.996247][T18557]  ? rcu_is_watching+0x15/0xb0
[ 2280.996277][T18557]  kvm_arch_vcpu_ioctl_run+0xa73/0x19d0
[ 2280.996303][T18557]  ? mark_lock+0x9a/0x350
[ 2280.996337][T18557]  ? kvm_arch_vcpu_ioctl_run+0x1c9/0x19d0
[ 2280.996362][T18557]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 2280.996410][T18557]  ? __pfx_lock_acquire+0x10/0x10
[ 2280.996435][T18557]  ? get_task_pid+0x23/0x310
[ 2280.996455][T18557]  ? __pfx_lock_release+0x10/0x10
[ 2280.996480][T18557]  ? kvm_vcpu_ioctl+0x1dd/0xea0
[ 2280.996515][T18557]  ? get_task_pid+0x23/0x310
[ 2280.996538][T18557]  kvm_vcpu_ioctl+0x91d/0xea0
[ 2280.996568][T18557]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 2280.996613][T18557]  ? __fget_files+0x29/0x470
[ 2280.996640][T18557]  ? __fget_files+0x3f6/0x470
[ 2280.996663][T18557]  ? __fget_files+0x29/0x470
[ 2280.996693][T18557]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2280.996718][T18557]  ? security_file_ioctl+0x87/0xb0
[ 2280.996736][T18557]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 2280.996761][T18557]  __se_sys_ioctl+0xfc/0x170
[ 2280.996787][T18557]  do_syscall_64+0xf3/0x230
[ 2280.996812][T18557]  ? clear_bhb_loop+0x35/0x90
[ 2280.996835][T18557]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2280.996863][T18557] RIP: 0033:0x7f4fea3779f9
[ 2280.996882][T18557] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2280.996900][T18557] RSP: 002b:00007f4feb1e2048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2280.996924][T18557] RAX: ffffffffffffffda RBX: 00007f4fea506058 RCX: 00007f4fea3779f9
[ 2280.996939][T18557] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 2280.996952][T18557] RBP: 00007f4feb1e20a0 R08: 0000000000000000 R09: 0000000000000000
[ 2280.996964][T18557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2280.996977][T18557] R13: 000000000000006e R14: 00007f4fea506058 R15: 00007f4fea62fa38
[ 2280.997012][T18557]  </TASK>
[ 2281.060039][ T9687] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2281.060210][ T9687] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2281.114531][ T9687] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2281.124670][T18566] CPU: 0 UID: 0 PID: 18566 Comm: syz.4.7281 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 2281.126193][ T9687] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2281.130269][T18566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 2281.130283][T18566] Call Trace:
[ 2281.130293][T18566]  <TASK>
[ 2281.130303][T18566]  dump_stack_lvl+0x241/0x360
[ 2281.130338][T18566]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2281.130364][T18566]  ? __pfx__printk+0x10/0x10
[ 2281.130391][T18566]  ? __pfx_lock_release+0x10/0x10
[ 2281.130424][T18566]  should_fail_ex+0x3b0/0x4e0
[ 2281.130457][T18566]  _copy_from_user+0x2f/0xe0
[ 2281.130482][T18566]  copy_msghdr_from_user+0xae/0x680
[ 2281.130514][T18566]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 2281.130555][T18566]  __sys_sendmsg+0x23d/0x3a0
[ 2281.130580][T18566]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2281.130628][T18566]  ? irqtime_account_irq+0x18e/0x1e0
[ 2281.130665][T18566]  ? __irq_exit_rcu+0xf4/0x1c0
[ 2281.130703][T18566]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 2281.130735][T18566]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 2281.130759][T18566]  ? __irq_exit_rcu+0x100/0x1c0
[ 2281.130785][T18566]  ? do_syscall_64+0xb6/0x230
[ 2281.130813][T18566]  do_syscall_64+0xf3/0x230
[ 2281.130838][T18566]  ? clear_bhb_loop+0x35/0x90
[ 2281.130862][T18566]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2281.130889][T18566] RIP: 0033:0x7fd3a7d779f9
[ 2281.130907][T18566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2281.130924][T18566] RSP: 002b:00007fd3a8abd048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2281.130947][T18566] RAX: ffffffffffffffda RBX: 00007fd3a7f05f80 RCX: 00007fd3a7d779f9
[ 2281.130963][T18566] RDX: 0000000000000000 RSI: 0000000020000680 RDI: 0000000000000004
[ 2281.130976][T18566] RBP: 00007fd3a8abd0a0 R08: 0000000000000000 R09: 0000000000000000
[ 2281.130989][T18566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2281.131002][T18566] R13: 000000000000000b R14: 00007fd3a7f05f80 R15: 00007fd3a802fa38
[ 2281.131032][T18566]  </TASK>
[ 2281.181014][  T690] usb 2-1: Product: syz
[ 2281.235839][T29601] usb usb10-port1: unable to enumerate USB device
[ 2281.245029][ T5322] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[ 2281.753847][T18017] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 2281.774151][  T690] usb 2-1: Manufacturer: syz
[ 2281.779731][  T690] usb 2-1: SerialNumber: syz
[ 2281.830355][T18017] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2281.876533][  T690] usb 2-1: config 0 descriptor??
[ 2281.955168][T18017] veth0_vlan: entered promiscuous mode
[ 2281.975463][T18017] veth1_vlan: entered promiscuous mode
[ 2282.046180][  T690] usb-storage 2-1:0.0: USB Mass Storage device detected
[ 2282.057617][T18017] veth0_macvtap: entered promiscuous mode
[ 2282.077557][T18017] veth1_macvtap: entered promiscuous mode
[ 2282.109617][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2282.136274][  T690] usb-storage 2-1:0.0: Quirks match for vid 1908 pid 1315: 20000
[ 2282.204430][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2282.226961][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2282.338145][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2282.338198][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2282.338217][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2282.338259][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2282.338274][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2282.338317][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2282.338332][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2282.338347][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2282.338388][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2282.338406][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2282.338446][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2282.338463][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2282.338477][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2282.393554][T18017] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2282.443608][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2282.443635][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2282.443673][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2282.443687][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2282.443699][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2282.443737][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2282.443749][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2282.443762][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2282.443801][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2282.443815][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2282.443827][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2282.448728][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2282.448747][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2282.448790][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2282.448804][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2282.448845][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2282.451864][T18017] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2282.532147][T18017] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2282.532216][T18017] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2282.532273][T18017] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2282.532301][T18017] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2283.169560][ T4651] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2283.664076][ T5322] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 2283.664154][ T5322] usb 1-1: New USB device found, idVendor=0458, idProduct=501a, bcdDevice= 0.00
[ 2283.664208][ T5322] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2283.668269][ T5322] usb 1-1: config 0 descriptor??
[ 2283.669210][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[ 2283.669334][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[ 2283.777728][ T4651] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2283.890846][T19256] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2283.890900][T19256] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2284.040748][ T5322] usb 1-1: USB disconnect, device number 16
[ 2284.860468][T29601] usb 2-1: USB disconnect, device number 124
[ 2285.745147][   T29] audit: type=1326 audit(1722659520.937:2330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18615 comm="syz.3.7287" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f371f1779f9 code=0x0
[ 2285.754382][T18619] netlink: 152 bytes leftover after parsing attributes in process `syz.1.7288'.
[ 2286.504197][  T691] usb 5-1: new high-speed USB device number 116 using dummy_hcd
[ 2286.667758][T18633] sch_tbf: burst 1 is lower than device lo mtu (65550) !
[ 2286.764024][  T691] usb 5-1: Using ep0 maxpacket: 16
[ 2286.793363][  T691] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2286.845522][  T691] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2286.896528][  T691] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 2286.936650][  T691] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 2286.957800][  T691] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2286.983995][ T5328] usb 2-1: new high-speed USB device number 125 using dummy_hcd
[ 2287.012882][  T691] usb 5-1: config 0 descriptor??
[ 2287.190180][ T5328] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 2287.228399][ T5328] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2287.315940][ T5328] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 2287.385334][ T5328] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2287.466574][ T5328] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 2287.494906][  T691] microsoft 0003:045E:07DA.0090: unknown main item tag 0x0
[ 2287.503683][ T5328] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 2287.504854][ T5328] usb 2-1: Product: syz
[ 2287.504873][ T5328] usb 2-1: Manufacturer: syz
[ 2287.564858][ T5328] cdc_wdm 2-1:1.0: skipping garbage
[ 2287.564912][ T5328] cdc_wdm 2-1:1.0: skipping garbage
[ 2287.570694][ T5328] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[ 2287.625331][  T691] microsoft 0003:045E:07DA.0090: unknown main item tag 0x0
[ 2287.659080][  T691] microsoft 0003:045E:07DA.0090: unknown main item tag 0x0
[ 2287.674531][  T691] microsoft 0003:045E:07DA.0090: unknown main item tag 0x0
[ 2287.685803][ T5328] cdc_wdm 2-1:1.0: Unknown control protocol
[ 2287.695122][T18623] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2287.713789][  T691] microsoft 0003:045E:07DA.0090: unknown main item tag 0x0
[ 2287.725254][T18623] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2287.798168][  T691] microsoft 0003:045E:07DA.0090: unknown main item tag 0x0
[ 2287.865800][  T691] microsoft 0003:045E:07DA.0090: unknown main item tag 0x0
[ 2287.885691][T18629] FAULT_INJECTION: forcing a failure.
[ 2287.885691][T18629] name failslab, interval 1, probability 0, space 0, times 0
[ 2287.912135][  T691] microsoft 0003:045E:07DA.0090: unknown main item tag 0x0
[ 2287.989124][  T691] microsoft 0003:045E:07DA.0090: unknown main item tag 0x0
[ 2287.994460][T18629] CPU: 1 UID: 0 PID: 18629 Comm: syz.1.7291 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 2288.007156][T18629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 2288.017224][T18629] Call Trace:
[ 2288.020511][T18629]  <TASK>
[ 2288.023447][T18629]  dump_stack_lvl+0x241/0x360
[ 2288.028143][T18629]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2288.033357][T18629]  ? __pfx__printk+0x10/0x10
[ 2288.037964][T18629]  ? fs_reclaim_acquire+0x93/0x140
[ 2288.043090][T18629]  ? __pfx___might_resched+0x10/0x10
[ 2288.048396][T18629]  ? dynamic_dname+0x141/0x1b0
[ 2288.053199][T18629]  should_fail_ex+0x3b0/0x4e0
[ 2288.057914][T18629]  ? tomoyo_encode+0x26f/0x540
[ 2288.062702][T18629]  should_failslab+0xac/0x100
[ 2288.067405][T18629]  ? tomoyo_encode+0x26f/0x540
[ 2288.072192][T18629]  __kmalloc_noprof+0xd8/0x400
[ 2288.076993][T18629]  tomoyo_encode+0x26f/0x540
[ 2288.081605][T18629]  ? __pfx_anon_inodefs_dname+0x10/0x10
[ 2288.087166][T18629]  tomoyo_realpath_from_path+0x59e/0x5e0
[ 2288.092824][T18629]  tomoyo_path_number_perm+0x23a/0x880
[ 2288.098314][T18629]  ? tomoyo_path_number_perm+0x208/0x880
[ 2288.103977][T18629]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2288.110040][T18629]  ? __fget_files+0x29/0x470
[ 2288.114649][T18629]  ? __fget_files+0x3f6/0x470
[ 2288.119339][T18629]  ? __fget_files+0x29/0x470
[ 2288.123947][T18629]  security_file_ioctl+0x75/0xb0
[ 2288.128902][T18629]  __se_sys_ioctl+0x47/0x170
[ 2288.133513][T18629]  do_syscall_64+0xf3/0x230
[ 2288.138038][T18629]  ? clear_bhb_loop+0x35/0x90
[ 2288.142727][T18629]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2288.148641][T18629] RIP: 0033:0x7fccaed779f9
[ 2288.153068][T18629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2288.172687][T18629] RSP: 002b:00007fccafbb3048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2288.181117][T18629] RAX: ffffffffffffffda RBX: 00007fccaef05f80 RCX: 00007fccaed779f9
[ 2288.189094][T18629] RDX: 0000000020000000 RSI: 00000000c008ae67 RDI: 0000000000000006
[ 2288.197075][T18629] RBP: 00007fccafbb30a0 R08: 0000000000000000 R09: 0000000000000000
[ 2288.205052][T18629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2288.213028][T18629] R13: 000000000000000b R14: 00007fccaef05f80 R15: 00007fccaf02fa38
[ 2288.221029][T18629]  </TASK>
[ 2288.278896][  T691] microsoft 0003:045E:07DA.0090: unknown main item tag 0x0
[ 2288.343974][T18629] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2288.428915][  T691] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0090/input/input95
[ 2288.585598][  T691] microsoft 0003:045E:07DA.0090: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[ 2288.733283][  T691] usb 5-1: USB disconnect, device number 116
[ 2288.953777][ T5322] usb 2-1: USB disconnect, device number 125
[ 2289.154036][T18685] netlink: 36 bytes leftover after parsing attributes in process `syz.3.7294'.
[ 2289.852002][T18697] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.7296'.
[ 2290.294181][ T8422] usb 3-1: new high-speed USB device number 115 using dummy_hcd
[ 2290.554043][ T8422] usb 3-1: Using ep0 maxpacket: 32
[ 2290.586982][ T8422] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2290.694791][ T8422] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2290.789358][ T8422] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 2290.851091][ T8422] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2290.906037][ T8422] usb 3-1: config 0 descriptor??
[ 2291.004526][ T8422] hub 3-1:0.0: USB hub found
[ 2291.348045][ T8422] hub 3-1:0.0: 1 port detected
[ 2291.584156][ T5322] usb 2-1: new high-speed USB device number 126 using dummy_hcd
[ 2291.794486][ T5322] usb 2-1: Using ep0 maxpacket: 16
[ 2291.824287][ T5322] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2291.866749][ T5322] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2291.895740][   T29] audit: type=1326 audit(1722659527.107:2331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18724 comm="syz.0.7302" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f33123779f9 code=0x0
[ 2291.934411][ T5322] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 2291.958432][ T5322] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 2291.969764][ T5322] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2291.986421][ T5322] usb 2-1: config 0 descriptor??
[ 2292.066388][T18722] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7301'.
[ 2292.091175][ T8422] hub 3-1:0.0: activate --> -90
[ 2292.439951][ T5322] microsoft 0003:045E:07DA.0091: unknown main item tag 0x0
[ 2292.479398][ T5322] microsoft 0003:045E:07DA.0091: unknown main item tag 0x0
[ 2292.504099][ T5322] microsoft 0003:045E:07DA.0091: unknown main item tag 0x0
[ 2292.534127][ T5322] microsoft 0003:045E:07DA.0091: unknown main item tag 0x0
[ 2292.551047][ T5322] microsoft 0003:045E:07DA.0091: unknown main item tag 0x0
[ 2292.580194][ T5322] microsoft 0003:045E:07DA.0091: unknown main item tag 0x0
[ 2292.610730][ T5322] microsoft 0003:045E:07DA.0091: unknown main item tag 0x0
[ 2292.633983][ T5322] microsoft 0003:045E:07DA.0091: unknown main item tag 0x0
[ 2292.645060][T18714] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2292.694483][T18714] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2292.703700][ T5322] microsoft 0003:045E:07DA.0091: unknown main item tag 0x0
[ 2292.724222][ T5322] microsoft 0003:045E:07DA.0091: unknown main item tag 0x0
[ 2292.828559][ T5322] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0091/input/input96
[ 2292.909570][ T5322] microsoft 0003:045E:07DA.0091: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[ 2292.997089][ T5322] usb 2-1: USB disconnect, device number 126
[ 2293.484147][ T5322] usb 3-1: USB disconnect, device number 115
[ 2294.617508][T18780] FAULT_INJECTION: forcing a failure.
[ 2294.617508][T18780] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2294.744028][T18780] CPU: 1 UID: 0 PID: 18780 Comm: syz.3.7307 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 2294.754929][T18780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 2294.765001][T18780] Call Trace:
[ 2294.768297][T18780]  <TASK>
[ 2294.771245][T18780]  dump_stack_lvl+0x241/0x360
[ 2294.775960][T18780]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2294.781182][T18780]  ? __pfx__printk+0x10/0x10
[ 2294.785793][T18780]  ? __pfx_lock_release+0x10/0x10
[ 2294.790844][T18780]  should_fail_ex+0x3b0/0x4e0
[ 2294.795550][T18780]  _copy_from_user+0x2f/0xe0
[ 2294.800164][T18780]  core_sys_select+0x639/0x910
[ 2294.804957][T18780]  ? __pfx_core_sys_select+0x10/0x10
[ 2294.810272][T18780]  ? lockdep_hardirqs_on+0x99/0x150
[ 2294.815518][T18780]  ? __pfx_set_user_sigmask+0x10/0x10
[ 2294.820916][T18780]  ? __fget_files+0x3f6/0x470
[ 2294.825622][T18780]  __se_sys_pselect6+0x319/0x3f0
[ 2294.830587][T18780]  ? __pfx___se_sys_pselect6+0x10/0x10
[ 2294.836063][T18780]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 2294.842410][T18780]  ? do_syscall_64+0x100/0x230
[ 2294.847198][T18780]  ? __x64_sys_pselect6+0x21/0xf0
[ 2294.852257][T18780]  do_syscall_64+0xf3/0x230
[ 2294.856770][T18780]  ? clear_bhb_loop+0x35/0x90
[ 2294.861443][T18780]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2294.867340][T18780] RIP: 0033:0x7f371f1779f9
[ 2294.871748][T18780] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2294.891350][T18780] RSP: 002b:00007f371ebff048 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 2294.899764][T18780] RAX: ffffffffffffffda RBX: 00007f371f305f80 RCX: 00007f371f1779f9
[ 2294.907729][T18780] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000040
[ 2294.915694][T18780] RBP: 00007f371ebff0a0 R08: 0000000020000300 R09: 0000000000000000
[ 2294.923669][T18780] R10: 00000000200002c0 R11: 0000000000000246 R12: 0000000000000001
[ 2294.931633][T18780] R13: 000000000000000b R14: 00007f371f305f80 R15: 00007f371f42fa38
[ 2294.939633][T18780]  </TASK>
[ 2295.581343][T18795] netlink: 36 bytes leftover after parsing attributes in process `syz.4.7311'.
[ 2295.758688][   T29] audit: type=1326 audit(1722659530.967:2332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000
[ 2295.894149][T28663] Bluetooth: hci3: command 0x0406 tx timeout
[ 2295.974632][T28663] Bluetooth: hci6: Controller not accepting commands anymore: ncmd = 0
[ 2295.985559][T28663] Bluetooth: hci6: Injecting HCI hardware error event
[ 2295.997580][T28663] Bluetooth: hci6: hardware error 0x00
[ 2296.405145][   T29] audit: type=1326 audit(1722659531.617:2333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000
[ 2296.513095][   T29] audit: type=1326 audit(1722659531.617:2334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000
[ 2296.612320][   T29] audit: type=1326 audit(1722659531.617:2335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000
[ 2386.723592][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[ 2386.731469][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[ 2386.766426][   T29] audit: type=1326 audit(1722659531.617:2336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000
[ 2386.844038][T28663] Bluetooth: hci6: Opcode 0x0c03 failed: -110
[ 2386.941331][   T29] audit: type=1326 audit(1722659531.617:2337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000
[ 2387.114041][   T29] audit: type=1326 audit(1722659531.617:2338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000
[ 2387.243966][   T29] audit: type=1326 audit(1722659531.617:2339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000
[ 2387.374000][   T29] audit: type=1326 audit(1722659531.617:2340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000
[ 2387.513978][   T29] audit: type=1326 audit(1722659531.617:2341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000
[ 2387.643956][   T29] audit: type=1326 audit(1722659531.617:2342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000
[ 2387.844330][   T29] audit: type=1326 audit(1722659531.617:2343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000
[ 2388.064010][   T29] audit: type=1326 audit(1722659531.617:2344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000
[ 2388.233984][   T29] audit: type=1326 audit(1722659531.617:2345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000
[ 2393.765125][ T4618] Bluetooth: hci1: command 0x0406 tx timeout
[ 2413.974945][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[ 2413.982654][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[ 2414.303996][  T690] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[ 2430.116070][   T19] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 1-...D } 3845 jiffies s: 296409 root: 0x2/.
[ 2430.153906][   T19] rcu: blocking rcu_node structures (internal RCU debug):
[ 2430.162482][   T19] Sending NMI from CPU 0 to CPUs 1:
[ 2430.168801][    C1] NMI backtrace for cpu 1
[ 2430.168817][    C1] CPU: 1 UID: 0 PID: 17593 Comm: syz.3.7239 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[ 2430.168839][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 2430.168850][    C1] RIP: 0010:lock_release+0xb8/0xa30
[ 2430.168877][    C1] Code: 08 0f 83 fe 05 00 00 89 c3 48 89 d8 48 c1 e8 06 48 8d 3c c5 a8 ac 17 90 be 08 00 00 00 e8 30 d0 8a 00 48 0f a3 1d 80 da a7 0e <73> 16 e8 a1 ce 09 00 84 c0 75 0d 80 3d 6a a9 91 0e 00 0f 84 fc 05
[ 2430.168892][    C1] RSP: 0018:ffffc90000a18a60 EFLAGS: 00000057
[ 2430.168908][    C1] RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff816fd220
[ 2430.168920][    C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff9017aca8
[ 2430.168931][    C1] RBP: ffffc90000a18b90 R08: ffffffff9017acaf R09: 1ffffffff202f595
[ 2430.168943][    C1] R10: dffffc0000000000 R11: fffffbfff202f596 R12: 1ffff92000143158
[ 2430.168956][    C1] R13: ffffffff84b7e8f5 R14: ffffc90000a18bc0 R15: dffffc0000000000
[ 2430.168969][    C1] FS:  00007fb7e7db16c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000
[ 2430.168985][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2430.168997][    C1] CR2: 000000110c28bf90 CR3: 000000006ee2e000 CR4: 00000000003506f0
[ 2430.169012][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2430.169022][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2430.169034][    C1] Call Trace:
[ 2430.169043][    C1]  <NMI>
[ 2430.169051][    C1]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[ 2430.169069][    C1]  ? __pfx_lock_acquire+0x10/0x10
[ 2430.169091][    C1]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 2430.169108][    C1]  ? nmi_handle+0x2a/0x5a0
[ 2430.169133][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[ 2430.169151][    C1]  ? nmi_handle+0x14f/0x5a0
[ 2430.169168][    C1]  ? nmi_handle+0x2a/0x5a0
[ 2430.169185][    C1]  ? lock_release+0xb8/0xa30
[ 2430.169204][    C1]  ? default_do_nmi+0x63/0x160
[ 2430.169221][    C1]  ? exc_nmi+0x123/0x1f0
[ 2430.169238][    C1]  ? end_repeat_nmi+0xf/0x53
[ 2430.169255][    C1]  ? debug_object_deactivate+0x2d5/0x390
[ 2430.169279][    C1]  ? lock_release+0xb0/0xa30
[ 2430.169301][    C1]  ? lock_release+0xb8/0xa30
[ 2430.169320][    C1]  ? lock_release+0xb8/0xa30
[ 2430.169341][    C1]  ? lock_release+0xb8/0xa30
[ 2430.169361][    C1]  </NMI>
[ 2430.169367][    C1]  <IRQ>
[ 2430.169377][    C1]  ? do_raw_spin_lock+0x14f/0x370
[ 2430.169395][    C1]  ? __pfx_lock_release+0x10/0x10
[ 2430.169416][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 2430.169437][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 2430.169459][    C1]  _raw_spin_unlock_irqrestore+0x79/0x140
[ 2430.169478][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 2430.169505][    C1]  debug_object_deactivate+0x2d5/0x390
[ 2430.169528][    C1]  ? __pfx_debug_object_deactivate+0x10/0x10
[ 2430.169553][    C1]  ? timerqueue_add+0x260/0x290
[ 2430.169580][    C1]  debug_deactivate+0x1b/0x220
[ 2430.169598][    C1]  __hrtimer_run_queues+0x305/0xd50
[ 2430.169622][    C1]  ? ktime_get_update_offsets_now+0x3c/0x250
[ 2430.169651][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 2430.169673][    C1]  hrtimer_interrupt+0x396/0x990
[ 2430.169704][    C1]  __sysvec_apic_timer_interrupt+0x110/0x3f0
[ 2430.169728][    C1]  sysvec_apic_timer_interrupt+0xa1/0xc0
[ 2430.169748][    C1]  </IRQ>
[ 2430.169754][    C1]  <TASK>
[ 2430.169761][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2430.169778][    C1] RIP: 0010:__mutex_unlock_slowpath+0xf6/0x750
[ 2430.169800][    C1] Code: 00 00 48 89 9c 24 88 00 00 00 49 8d 7e 68 4c 89 fe e8 ce 65 b1 f5 4c 89 f7 be 08 00 00 00 e8 a1 36 3c f6 4c 89 f0 48 c1 e8 03 <48> 89 44 24 28 42 80 3c 28 00 74 08 4c 89 f7 e8 16 34 3c f6 49 8b
[ 2430.169813][    C1] RSP: 0018:ffffc9000d47fb40 EFLAGS: 00000a02
[ 2430.169828][    C1] RAX: 1ffff1100d3f5408 RBX: ffffc9000d47fbc0 RCX: ffffffff8bbe6baf
[ 2430.169840][    C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888069faa040
[ 2430.169852][    C1] RBP: ffffc9000d47fc50 R08: ffff888069faa047 R09: 1ffff1100d3f5408
[ 2430.169864][    C1] R10: dffffc0000000000 R11: ffffed100d3f5409 R12: ffffc9000d47fbe0
[ 2430.169876][    C1] R13: dffffc0000000000 R14: ffff888069faa040 R15: ffffffff84a66eae
[ 2430.169890][    C1]  ? __se_sys_io_uring_enter+0x1c3e/0x2670
[ 2430.169912][    C1]  ? __mutex_unlock_slowpath+0xef/0x750
[ 2430.169936][    C1]  ? __io_cqring_overflow_flush+0x590/0x690
[ 2430.169956][    C1]  ? __se_sys_io_uring_enter+0x1c2a/0x2670
[ 2430.169975][    C1]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 2430.169997][    C1]  ? __pfx___io_cqring_overflow_flush+0x10/0x10
[ 2430.170019][    C1]  ? prepare_to_wait_exclusive+0x81/0x220
[ 2430.170043][    C1]  __se_sys_io_uring_enter+0x1c3e/0x2670
[ 2430.170074][    C1]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 2430.170093][    C1]  ? __pfx_io_wake_function+0x10/0x10
[ 2430.170119][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 2430.170140][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 2430.170162][    C1]  ? do_syscall_64+0x100/0x230
[ 2430.170183][    C1]  ? __x64_sys_io_uring_enter+0x21/0xf0
[ 2430.170202][    C1]  do_syscall_64+0xf3/0x230
[ 2430.170224][    C1]  ? clear_bhb_loop+0x35/0x90
[ 2430.170241][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2430.170263][    C1] RIP: 0033:0x7fb7e6f779f9
[ 2430.170278][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2430.170292][    C1] RSP: 002b:00007fb7e7db1048 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2430.170307][    C1] RAX: ffffffffffffffda RBX: 00007fb7e7105f80 RCX: 00007fb7e6f779f9
[ 2430.170319][    C1] RDX: 0000000000400000 RSI: 0000000000000000 RDI: 0000000000000008
[ 2430.170329][    C1] RBP: 00007fb7e6fe58ee R08: 0000000000000000 R09: 0000000000000000
[ 2430.170341][    C1] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 2430.170352][    C1] R13: 000000000000000b R14: 00007fb7e7105f80 R15: 00007fb7e722fa38
[ 2430.170371][    C1]  </TASK>
[ 2437.285463][  T690] usb 1-1: device descriptor read/64, error -110