last executing test programs:

26.216669104s ago: executing program 3 (id=881):
r0 = syz_usb_connect(0x6, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d010110000000090400"], 0x0)
ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, &(0x7f00000000c0)=ANY=[@ANYRES16, @ANYRES32, @ANYRES64=r0, @ANYRES32, @ANYBLOB="00000000080000000000000000000000000000f80000000000000000", @ANYRES32, @ANYBLOB="00000000010400"/28])
listen(0xffffffffffffffff, 0x200007)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000300)=[{&(0x7f0000020540)=""/102387, 0x18ff3}], 0x1, 0x0, 0x7)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x4, 0x103102)
ioctl$DRM_IOCTL_MODE_SETCRTC(r2, 0xc06864a2, &(0x7f0000000400)={0x0, 0xfffffffffffffe11, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, {0x0, 0xffff, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, "b4bc323ef77d1f000071849800000000dfff00"}})
syz_usb_connect$printer(0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x2401}}]})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
ioctl$I2C_RDWR(0xffffffffffffffff, 0x707, &(0x7f00000000c0)={&(0x7f0000000240)=[{0x801, 0x1, 0xb, &(0x7f0000000200)="f9f4a257f548a6db6a950f"}], 0x1})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000006c0)={0x114, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_SEQ_ADJ_ORIG={0x34, 0xf, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x5}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x10}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x6}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x4}, @CTA_SEQADJ_OFFSET_AFTER={0x8}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @rand_addr=0x64010101}}}]}, @CTA_TUPLE_ORIG={0x5c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}}}]}, @CTA_LABELS_MASK={0x8, 0x17, [0xf]}, @CTA_SYNPROXY={0x2c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x3}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x1b}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0xbb}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0xd79}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x8000}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x810}, 0x0)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x205, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x38, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_EXPRESSIONS={0x10, 0x4, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @dup_ipv6={{0x8}, @void}}]}, @NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xac}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0xdad)
preadv(r4, &(0x7f0000000180)=[{&(0x7f0000001a80)=""/102390, 0x18ff6}, {0x0}], 0x2, 0x2000, 0x0)
syz_io_uring_setup(0x0, 0x0, 0x0, 0x0)
getpid()

11.084679257s ago: executing program 0 (id=927):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r1, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000400)="316f825a3d29f96a2093a917017b4cd300000000bee70035ed313e19d6dd1fb41a20baf7f7343067fd40cdd4b16742e94b62f4eb1c5d9faab7f3028100ae8180db94b9de7456ae62b0e6fe7766a0842912179154a96fa88e161d4adf77a486e10d1d50e44155790748b7226fa4bb5d77e85729336ba6369a4c33ac53b45d46a92db9fda99af4429dc23db6a1706328df4e75eb173a81bd4af8b89d1870c9b2382a759d67b1cd03b076bf90286b63eb7aaea4cbb1280955e9a59cd8e5e8ac68c27da3d542aece1ba7920e8f39b270458224e74afa52db1ac07f7cce47d5e8ce5b2806ff7171c64a689a0ba35e934506a46a10b9a579dc43630831e2c5400853b58e020c9cb65e44d4957b00ed35a858d44b25d5b8dad1be42", 0x118}, {&(0x7f0000000f00)="f5e022a4d2ed0cf5f8b2e9857cb9af98da7aa60f7a1582aadeaef336f9139f6768452f868624c7e6ce0948f33f1a63e0fcf0f2df28a3f1f4de26a8b575ccb465985e48f65b9a7fcc93c0a5be8b16774f7c7ca9848a182d6ee7c0f2b9c0e7030ed93ee34214c25cb51279b18c8e5bfbc52152be37f5e2b783e2149be25180430ac63ee1bbe01fbb6125e65839ae5b02d542a97d1bfb1ca420b5405baaaf5ec6ad96af2814dbbea5", 0xa7}], 0x2}}, {{0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f0000001080)="63c3b174ab06077f6ee67ac1310d86586b13d2c9e203a9da866b81e20e9fe5c43219396d489c1459ce9cd14fa3b43a0b9b6004118a35444790d7", 0x3a}, {&(0x7f00000003c0)="03d54d843173f8be883a57d9e39cc6c79c415ac50f3e1e9c9373002a5b1918", 0x1f}], 0x2}}, {{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000040)="610cb4f6db2105b873df3f7652cc642b85afb69fc18178429903bb6e1ecd18186c48", 0x22}, {&(0x7f0000000180)="6fe279d51047ff146af40b78b8d7ae53db8648c2090d72bcfeaf6fabbbfbe8dbc8b8f4cb22ac43d5a0fa87533bb375454751b8dd8aae4808a37a7649", 0x3c}, {&(0x7f00000001c0)="6d5edb4b883e266ba8c38aa9d13a78431c9d2cb6d8f4e1e80bb8a936aa105f46c914c46487522bc58054c4b0a523eeda0c76b595b36a515b6d30e34705733bb34bda2f89e92b2a98d2edbcffad9c5ccde0d723423cf07e4ffdbd568d3e263fb3b4086af3f2db1933785e59538bfd61f138ffac9eef7c8b34e4ce506220f43af449d3a72f48d9febe830b04cb3c99425de34cac", 0x93}, {0x0}], 0x4}}, {{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000700)="acc841985992b79554acfc02163bb0fb2bb293e68702bb40b6b870bde5700d368744361ae9fce3a4ff6bb3bf10f3485e399c8b59df5b02c5f2702522", 0x3c}, {&(0x7f0000000740)="b1f56ee29c433328d3b2a83bd97e37007087acae7568edff43ed556d76770122635aea1dc487553859348d48e6fc49d81c71590cd542e796cc2669e2c691b3da35ad6a8d2ef9c2baa53a8dec36a2e434d46e643a1277b1dd932f3ef2cf46c257d6a19523b8b789ef34b46e461725b5e437323385b88c368f8bb5b95e269169f5f7b51dd5319b8016623d1863d7d77ceefde94faf2e36c3920581691a79a6678db1e5e7fa1ca703ee7aa87272e9c4a1bde5fbc390c7ccb9d3c1020e80bd0659e82d861dc6fe4c62639134c54e708601eae992", 0xd2}, {&(0x7f0000000940)="5be3b011e12323e4ab88c0472fd012198c3c61bb81e71ba62134303d2db9740143b0374a0d0be875789932cfd4855c4cc243dae723789d8a9a16be3135c5f82691837c90ab19645f7a1dcf1449fd34eecae5f52fba1e89d6d34b39297bbbc258c2ea547d47f2d89ad6e36e737691a1c6bdd164b2a85cbaaf648c910559f53581c60bd6c80f90c75f664e5b285c738881560f8ae89a4943141ac45fb6995cece6a2e0e62bd79213527a11c34a6e89ca41ead3e2589301279d9b0832d0b5a6ebe2cf0cbfa40ab948b0b9efe108aeded8d12388a459902261bb0d5ab83ed7ce81b8a59ef1aece", 0xe5}, {&(0x7f0000000840)="a1c3704ecc4399d294157fa2b9b8", 0xe}, {&(0x7f0000000880)="b45a498ea447ee604887121819ab170a8c4da8", 0x13}], 0x5}}], 0x4, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000000)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000440)={&(0x7f00000002c0)=[0x0, 0x0, <r5=>0x0], 0x0, 0x0, 0x0, 0x3})
ioctl$DRM_IOCTL_MODE_SETCRTC(r2, 0xc06864a2, &(0x7f0000000480)={0x0, 0x0, r3, r5, 0x0, 0x0, 0x0, 0x9, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "0d0fc9a7ff4bdd3d65a0ceb36a03b8fc10129f00"}})
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r1, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000003c0)=@mangle={'mangle\x00', 0x1f, 0x6, 0x568, 0x290, 0xc8, 0x3a8, 0x198, 0xc8, 0x4d0, 0x4d0, 0x4d0, 0x4d0, 0x4d0, 0x6, &(0x7f00000000c0), {[{{@uncond, 0x0, 0x98, 0xc8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x6a00, 0x4, @broadcast, 0x4e22}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x0, 0x2, 0x4, 0x2, 0x4, 0x1], 0x2, 0x1}, {0x3, [0x1, 0x6, 0x7, 0x4, 0x4, 0x1], 0x2, 0x1}}}}, {{@uncond, 0x0, 0x98, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x4}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x3, [0x1, 0x2, 0x2, 0x2, 0x2, 0x3], 0x2, 0x5}, {0x0, [0x0, 0x3, 0xa, 0x3], 0x6, 0x2}}}}, {{@ip={@multicast2, @multicast2, 0xff, 0xff, 'macvlan0\x00', 'dvmrp1\x00', {0xff}, {0xff}, 0x88, 0x2, 0x2}, 0x0, 0xe8, 0x118, 0x0, {}, [@common=@osf={{0x50}, {'syz0\x00', 0x0, 0x3, 0x1, 0x1}}, @inet=@rpfilter={{0x28}, {0xc}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x8, 0x3, @multicast1, 0x4e24}}}, {{@uncond, 0x0, 0x100, 0x128, 0x0, {}, [@common=@inet=@multiport={{0x50}, {0x0, 0x2, [0x4e23, 0x4e21, 0x4e23, 0x4e21, 0x4e20, 0x4e24, 0x4e24, 0x4e20, 0x4e21, 0x4e21, 0x4e20, 0x4e21, 0x4e20, 0x4e22, 0x4e21], [0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1], 0x1}}, @common=@set={{0x40}, {{0xffffffffffffffff, [0x1, 0x6, 0x4], 0x6, 0x1}}}]}, @inet=@DSCP={0x28, 'DSCP\x00', 0x0, {0x23}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x5c8)
r6 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
r7 = openat$cgroup_procs(r0, &(0x7f0000000200)='tasks\x00', 0x2, 0x0)
r8 = getpid()
fcntl$getownex(r0, 0x10, &(0x7f0000000080))
write$cgroup_pid(r7, &(0x7f0000000380)=r8, 0x12)
write$cgroup_pid(r6, &(0x7f0000000180), 0x4a)

10.802302659s ago: executing program 3 (id=882):
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
writev(r1, &(0x7f0000001bc0)=[{&(0x7f0000001980)="580000001400adfd8a987e40da2e6a260bbeb80a8a2d6454", 0x18}, {&(0x7f00000019c0)="bd6fb0b6ac21468e57a9b680835589e3a41868b7f74bb105ed4685ec2f838bdfdf1741c9a7c89f037e6d1ceefba623c17aa467592f86a4be16c623d344d8a506", 0x40}], 0x2)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000380)={0xaa, 0x181})
close(r2)
r3 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009e173610ef171e7206de01020301090212000100000000090400"], 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_connect$cdc_ncm(0x6, 0x98, &(0x7f0000000200)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x86, 0x2, 0x1, 0x0, 0x80, 0xc6, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x7, 0x24, 0x6, 0x0, 0x1, "61ed"}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0x9, 0x3, 0x5, 0x4}, {0x6, 0x24, 0x1a, 0x0, 0x28}, [@mbim={0xc, 0x24, 0x1b, 0x4, 0x6, 0x81, 0x0, 0x2}, @obex={0x5, 0x24, 0x15, 0x7}, @dmm={0x7, 0x24, 0x14, 0x6, 0x2}, @obex={0x5, 0x24, 0x15, 0x525}, @acm={0x4, 0x24, 0x2, 0x2}, @network_terminal={0x7, 0x24, 0xa, 0x5, 0x5, 0xd, 0x60}]}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0xfc, 0x59, 0x6}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400, 0x4, 0x8, 0x9}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x9, 0x4, 0xec}}}}}}}]}}, &(0x7f0000000100)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x250, 0x3, 0x5, 0x6, 0x10}, 0x5, &(0x7f0000000300)={0x5, 0xf, 0x5}, 0x1, [{0xdd, &(0x7f0000000580)=@string={0xdd, 0x3, "3d0fb4a2bc49e62e27042c713cdb9043581e292667dce054e38adc867c43eab314f7f9af1e2e4babbd4f3d1760d2bc544b604b0f74639a0feb4e5e833f913093b299ff5ca2f61ed8922bc371e1c10b04a92b63f94f048798604ff78244f1fa3979636e460e0e12c3c070701a7bbfa7992fed1e4f639f5896c0210618e8621725b78d3e1ce222cb737ccb2ca73087df2671f53fd6146da76566b7e1abfc05ec48ac4cfe14d158baa1cee6fc48e79753a47d1d205fe6af510d80379bd07f164e014bce91fb08fda48001920828d9c49358f04da8206fc3c683485086"}}]})
r5 = fcntl$dupfd(r4, 0x0, r4)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000002880)={0x0, 0x0, &(0x7f0000002840)={&(0x7f00000001c0)={0x24, 0x0, 0x0, 0x0, 0x0, {{0x2}, {@val={0x8}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}]]}, 0x24}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x30}}, 0x0)
add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff)
r7 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
r8 = add_key$user(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x0}, &(0x7f00000001c0)="a6", 0x1, r7)
r9 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f00000007c0)="c2", 0x1, r7)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r7, &(0x7f0000000340)='asymmetric\x00', &(0x7f0000000280)=@keyring={'key_or_keyring:', r9})
keyctl$KEYCTL_MOVE(0x1e, r8, 0xffffffffffffffff, r7, 0x0)
getsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f00000002c0)={0x0, @dev, @multicast1}, &(0x7f0000000440)=0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="e80000000008010100000000000000000200000a5400048008000140000000070800014000001000080001402041efcf0800014000000006080001408000005781000140000000060800014000000006080001400000000708000140000000090800014000000006540004800800064000000400080003400000000308000640000000810800014000000080080003407fffffff0800034000000854080002400000000708000740ffffff7a08000340000000000800064000000004060002408864000005000300110000000600024000f50000090001"], 0xe8}}, 0x0)
syz_open_dev$cec(&(0x7f00000003c0), 0x0, 0x10000)
syz_open_dev$cec(&(0x7f0000000400), 0x0, 0x3853ae2575842e8)
ioctl$CEC_DQEVENT(r0, 0xc0506107, &(0x7f0000000740)={0x0, 0x0, 0x0, @raw})
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000000680)={0x84, &(0x7f0000000000)=ANY=[@ANYBLOB="000004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
socket$netlink(0x10, 0x3, 0x4)
splice(r0, 0x0, r2, 0x0, 0x80000003, 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',=', @ANYBLOB=','])

10.372825691s ago: executing program 0 (id=931):
r0 = getpid()
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000001040)={'gre0\x00', &(0x7f0000000000)={'syztnl2\x00', 0x0, 0x2000, 0xab00, 0x0, 0xfff, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x20, 0x0, 0x2b, 0x2f, 0x0, @empty, @multicast1}}}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_opts(r2, 0x29, 0x40, &(0x7f0000010140)=ANY=[@ANYBLOB="000a0000000000002430000000000a0000000000000002000000000000000000001600000001100000000000000000000000000000000300200000000006000000000000000000000000001b90a860095ea22b3b9f"], 0x60)
r3 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r3, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x8c, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffedc}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff00)
syz_usb_connect(0x0, 0x3e, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
cachestat(r4, &(0x7f0000000100)={0x5, 0x9}, &(0x7f0000000040), 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
timer_create(0x0, 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r5 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$SCSI_IOCTL_SEND_COMMAND(r5, 0x1, &(0x7f00000001c0)=ANY=[@ANYBLOB="000013b05e73e25300000002000000000000000a66171163a0160088a3ef9355a1439dfdc0d33341bc8451a25cd762be6bb652e4971c130aad5d56bac7a9f4bbb4a2e02d3c4403acfe81"])

8.820952076s ago: executing program 4 (id=934):
r0 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @local}, 0xc)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa00"], 0x1c)
r1 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @random="0000e000", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x2}}}}}, 0x0)

8.640816164s ago: executing program 4 (id=935):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)=<r3=>0x0)
r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000003c0), 0x103002, 0x0)
syz_clone3(&(0x7f0000000440)={0x0, &(0x7f0000000040), &(0x7f0000000180), &(0x7f00000001c0), {0x12}, &(0x7f0000000200)=""/178, 0xb2, &(0x7f00000002c0)=""/118, &(0x7f0000000380)=[0xffffffffffffffff, 0xffffffffffffffff, r3], 0x3, {r4}}, 0x58)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="67f30fc77100440f20c03503000000440f22c0c4c1a5568108000000c4a2fd9bb2007000000f20e035000004000f22e0670fe1018f48d4a2a0008000000e66ba430066b8f90066ef66bad004ecc4e1f5edf8", 0x52}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000001900010000000000000000001c140006fe0004f4ffffffff070001"], 0x24}}, 0x0)

8.414000699s ago: executing program 4 (id=936):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async)
r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/time\x00') (async)
fchdir(r1) (async)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) (async)
readlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=""/211, 0xd3)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f00000003c0)=ANY=[@ANYBLOB="02000000000000000000004000000000af0100000000000001000040"]) (async)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) (async)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="120100000000001044104d7a00000000000109022400010000000009040000010300000009210000000122040009058103"], 0x0)
r5 = syz_usb_connect(0x0, 0x273, &(0x7f0000000bc0)={{0x12, 0x1, 0x200, 0xff, 0xd2, 0x6f, 0x10, 0x6cb, 0x6, 0x9aeb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x261, 0x4, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x4f, 0xa2, 0x66, 0x0, [], [{}]}}, {{0x9, 0x4, 0x0, 0x0, 0x1, 0xc1, 0x7, 0xdf, 0x0, [@generic={0xcc, 0x0, "9befd18246385d7e049ac0fe0e62b1255d4e78aceae82152a02902d1ae0fc306baed7548508c1eb2a0707497f597f2aaed1aeb707a86d36aeabf72b1aabdc4a971efc123a1df2585ee116d90e2a00db2cf7f583ef90f61b6b05e1554dce45092155f6f0342d399ef722dfd73e8b3952524e2676cf2b39cfdacfa2245520133b84481d6508ebd7da619f6899800c81ed7167c0b70372387a2030cdc4d1aaacd4ff12a95875a0f95db555a3c0279280e5f17fcf35211ee198a09f377bfe234fe33bbbd8922980cec4b0940"}], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@uac_iso={0x7}]}}]}}, {{0x9, 0x4, 0x0, 0x0, 0x4, 0x58, 0x54, 0xbd, 0x0, [@generic={0x82, 0x30, "56a38380f01bd56588c2718d33d76d479838ca9e13450832c602396914cb67c4eebfb894778daf0225979d533d660b9a63d10226ee71c0504aa6e2983dbd1d9f0e5674b7154e532346ea3f5577bbe921c8f79405b42d000f91ec3db573ebbaab83ba761e2030c28b4c30508050d67dcd67fa84552876d5d09b02374862c5ce34"}], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5a}}, {{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}}, {}, {}]}}, {{0x9, 0x4, 0xdf, 0x1, 0x3, 0xa, 0x16, 0xd1, 0x0, [@generic={0x2}, @generic={0x8c, 0x0, "701f7ef91a688acd6d26d6e83c7aeefca805c80bde732e5f210ed9bfad7a8dcac1337e17db703e284a649d762e8807bdb05e61d7d514a08ea368a91330f2ceee734683c97d660c7ddd9ef0dbafdd90fd940522a91087c55669e00e1b8cd2435f178b57243e9a912e58b9aa7600b2c474f611887282a886eb270201d2e3f2bfd8296f69eb058e8cbdc962"}], [{{0x9, 0x5, 0x7, 0x0, 0x40}}, {{0x9, 0x5, 0x9}}, {}]}}]}}]}}, 0x0) (async)
write(0xffffffffffffffff, 0x0, 0x0) (async)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) (async)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) (async)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) (async)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) (async)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0) (async)
syz_emit_ethernet(0x0, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) (async)
syz_usb_connect$uac1(0x0, 0x0, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) (async)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) (async)
syz_usb_control_io$printer(r5, 0x0, 0x0)

7.643970386s ago: executing program 3 (id=939):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004d"], 0x0) (async)
syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004d"], 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000080)=0x40000)
ppoll(&(0x7f0000000000)=[{r0}], 0x1, 0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f00000000c0)=0x2000)

7.018854424s ago: executing program 0 (id=942):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
openat(r0, &(0x7f0000000000)='./file0\x00', 0x90000, 0x11a)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
prlimit64(0x0, 0xe, 0x0, 0x0)
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000080), 0x0, 0x0, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="8500000008000000350000000000ba00850000007d00000095000000000000004cf12aa56cd90200f81f06a9cf64f5e0a141d524581835d8050864d20000000201000000fa22beb5cf918d4aec9a100d4bb065b956a1cd1101257520ea98165b61a3cf5fc6dd8442230e7953f91136aa1f7035175106000000000060777a5a000097cbe5158a10861aaa1c8fee9ebaf9dce435554bc34e6bdea4217ce4a98af8ad0887c697acd962000000ff00e34f0a9c13ecee6156c599c7b293de0019b27de967bfb3fe241454a04080bf668ce021879c820f9b80fe2338a894113532b18ac144000000000000000000"], &(0x7f0000000140)='GPL\x00', 0xffffffff, 0x89, &(0x7f00000004c0)=""/137, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="4de42785f833fa3f074b36c9d525c549522eb3da2453cf4c6e86f78376387e452f252b87f5f7177bbcb831124596514c7bfb9ffe1af337dc445674b490ad17a69ae5e9375c1a81925bc03de33aca64d524e761a60cc90c9ea4c107b7a6bbe2d70a7a6cf204e5fe842192983fa5561e65a874c4e068c63cfdb2007f612a59b5ecbc6444156d705b5fdbd78118a13aac1719e9d676b450ab0909884db8cc313e01ce381cb1d25a58513c6c42847d531ff2b821b4a12ade4ea0a6e182157c84f43a2a5cbf5d7b66f4ba051ba97bc7b3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, @void, @value}, 0x90)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r4, 0xc018620c, &(0x7f0000000180))
r5 = socket(0xa, 0x3, 0x3a)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r5, 0x80489439, &(0x7f0000000580))
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r3, 0x8010661b, 0x0)
write$binfmt_aout(r6, &(0x7f0000000080)=ANY=[], 0xff2e)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYRES8=r1], 0x58}}, 0x0)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "0040001e1d113c812e5d6000"})
r7 = syz_open_pts(r6, 0x0)
dup3(r7, r6, 0x0)
ppoll(&(0x7f0000000140)=[{r6}], 0x1, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0x3)
ioctl$TCSETA(r7, 0x402c542d, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x2, "dac7a15f30ff57a3"})
r8 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$MRT6_INIT(r8, 0x29, 0xc8, &(0x7f0000000000), 0x4)
syz_emit_ethernet(0x4e, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)

6.604918774s ago: executing program 3 (id=943):
socket$netlink(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x801, 0x84)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
epoll_create1(0x0)
r3 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
openat$cgroup_subtree(r4, &(0x7f0000000100), 0x2, 0x0)
r5 = syz_io_uring_setup(0x6820, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x1ba, 0x0, r4}, 0x0, 0x0)
syz_io_uring_setup(0x65e1, &(0x7f0000000640)={0x0, 0x80000, 0x0, 0x1, 0x4, 0x0, r5}, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58)
r9 = accept$alg(r8, 0x0, 0x0)
sendmmsg(r9, &(0x7f0000004b00)=[{{0x0, 0x0, &(0x7f00000007c0)}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="100000000000000017010000b67dffff8000000000000000110100000200000062d6a46c8d93d5a42efa3a354c8b687542c6e5053a7af3009e94da3df2829c6df03651a38a4f9c45d7f9e0bbfe6a7ddb89b32d8c399644beca6b681734c2af4b698fa81808d107e7fe1dd31f33b60026f2d1ddfdf3a33317b0e40adc126464728cb7e25a26e8b553dcfaff41000000004800000000000000020100000074de3f3a13d1602c6b0b4b3e7190b8d39d9e964f0d4e9d8b0d9c8759304ae3c65dc404d96cb95af33cad9561003c6394653fcb635cba00000000000709c04b94c8f956b004779f9bd30da25fa141b5e75abe2b08c4b92df6d2b897c8acb9d069d6f5cc9d76ca67bc2f1515494cda0cf9734c343abc16e49591daa8ecd28cb843eeb4003d749847ccec023e7b7dc96ab782367c12214b5a923a581fb67ca95488a71c62b8067cdbf67e5c45aa014c9d5d0439dc3745900ce127cb46ce9e86f43d23bfacbffd8419ac762dddb8bd1b315b8a714d28803d43e39252a5df2c52a25f375c44099fa7bc1f6521f59c0a6117bf7eecaca494786eae393d300cfa425d7748131d9586"], 0xd8}}], 0x2, 0x20000081)
syz_open_dev$sndpcmc(&(0x7f0000000a00), 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000002c0)={'syztnl0\x00', &(0x7f0000000180)={'ip6tnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, @mcast2, @empty}})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r11, &(0x7f0000000180)=ANY=[@ANYRES64=r10], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r11, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

6.421490867s ago: executing program 0 (id=945):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0)
set_mempolicy(0x4, 0x0, 0x0)
syz_clone3(&(0x7f00000004c0)={0x100001080, 0x0, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0, 0x49}, 0x58)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="023c0cfcb74d67afc31e8941ba00000080000000b85169bd4667c75a3e675c1a710d5e4665d7e48131793b75550da19e5e9d1a236d6b4794ae2ab52267ecf24a536b3f39b611cb23bb6c31ac1d3b9b9b08b50957f046eeb95d30f31d94b4660490c31c4f137adef4a39dfae378b59de168d9fc083f8e89933536658ffeac94dc07ca2cd43ada99c11a69198da01c2ad1", @ANYRES32, @ANYBLOB="0600"/20, @ANYRES32=0x0, @ANYRES32, @ANYRES8], 0x48)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000240)={r0, &(0x7f00000000c0)="fca38188e771748b32fa57b01ca92b4d0fa63127beeb0b58ad304a4c01de818c234170bbe8843b56bb74c0df4d36b1322bf83acb05af51595db96ecd157cba650b5a6ee72e2f196fe34b6eaee46f4aef6a9f39242e8dab7d62f09974b581b6494e4f66c26a45aac1d731c01ff476d702a29604a1b2f8f6a8c0bb0704f637058f623e87557d218c399e5c497ab3a08a252da66039284e3393cf4e04192f3e2aaa88f91e459534f9740ed5de62938f5609cfe178b38efc9d0564f8c1bdf732c1330d899bcaa2ca2379725a59eed7463af01d2a66d19b704afa05dccb9c61e9a75b80c8bd0d641f39cb501edefd2e99305a13a5959e", &(0x7f00000001c0)=""/70}, 0x20)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x9)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r2 = syz_io_uring_setup(0x110, &(0x7f0000000140), &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0x5, 0x0, 0x0})
io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
socket(0x1e, 0x1, 0x0)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r5, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92})
pwritev2(0xffffffffffffffff, &(0x7f00000012c0)=[{&(0x7f0000000100)="7270aa3f0c63ef31716980d71af481e691d156e5c690c37493c965008b713ed133a85027d43b49d05b8ec0e538f674752205f76fb42632a5233a7d64e1cea692029b6a", 0x43}], 0x1, 0x0, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000ac0))
ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f00000000c0)=0x1)
syz_emit_ethernet(0x8a, &(0x7f0000000680)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa88a800008100000086dd60008080004c2f00fc000000000000000000000000000000ff0200000000000000000000000000010000080067000000242081000000000000000800000086dd080088be00000000100000020100000000000000080022eb0000000020800000020000000000000000000000080065580000000082361c7901c1c119181c6a65b42c13ebbfd33d7e935632bb6b04f5e93645bfd070b594fe42b26cbba4038e4dbf0cbb11612eebb3d80f3c95452859094bbc9b43fdef133d053164a6e5a074b6a0122760860d22ef567acfe87eeaf72f6d3def6742726ecaa0279faacb8421e802db99f97947c77c3118b787c9d1d26d28e61c12b12f44c1f3ad57bab9dc92ae87dd85f259253e84498d6001c85d59db"], 0x0)
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=""/253, 0x0, &(0x7f0000000600)=""/91})
ioctl$VHOST_VSOCK_SET_GUEST_CID(r5, 0x4008af60, &(0x7f0000000040)={@my=0x1})
fanotify_init(0x0, 0x148801)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f00000001c0)={0x28, 0x0, 0x0, @my=0x1}, 0x10)

6.160547676s ago: executing program 3 (id=947):
r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000000), 0x121201, 0x0)
write$dsp(r0, &(0x7f00000001c0)="d2", 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_80211_inject_frame(&(0x7f0000000000), &(0x7f00000002c0)=ANY=[], 0x21)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000003d40)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000027c0)=ANY=[@ANYRES16=r0], 0x10}], 0x1}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, 0x0)
sendmsg$NL80211_CMD_NEW_INTERFACE(r4, 0x0, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$igmp6(0xa, 0x3, 0x2)
syz_80211_inject_frame(&(0x7f0000000100)=@device_b, &(0x7f0000000140)=ANY=[@ANYBLOB="8080000008021100000100021100000150505050505020000000000000000000000000006400000001"], 0x7b)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000280)={'wlan1\x00', <r11=>0x0})
sendmsg$NL80211_CMD_GET_STATION(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYBLOB="030300000000000000001100000008000300", @ANYRES32=r11, @ANYBLOB="4a52db8494efd2c0aa72f90900c2de7c9ac64281891cf13d4fa06d43ce83bbea97689f19c4f46842d27e30c7539ca553eae32ab061e450f5fe19bcd0f648425994b047086da5b95009d053454f9d00004f4b80c105f2f4abda392fadbcb066d5017d05dcaa6f627abacbfd3deea6452bc1ea2571d6e0f19c3eb533ad5c4ee78129a1dd5318473dc2"], 0x1c}}, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r10)
recvfrom$inet6(r7, 0x0, 0x31, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x66, &(0x7f00000002c0)=ANY=[@ANYRES8=r5], 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000003d80)=ANY=[@ANYBLOB='@\f\x00\x00', @ANYRES16=r8, @ANYBLOB="010027bd00", @ANYRESHEX=r10, @ANYBLOB="080022014f0100001c29b9801400bb00030004000700800e06000900000405000a00ba003800ffff020000001400bb0005002f000300180006000200ff00090060000e800400030057000200880e9f3471d91671b56ce70d63a250416957065f3f8f3001c91c029f22ba39a526e86dbd513dd433be48735f8f86cb0ff28bf0f38e6b34701e97398074a17a26d20b3ee92056c26c2d867623e6c356e44f698c0068049100ff4a84ba3d3ec3b41758fcb99f8336085b49d09d8d25f38ba31c75bf9bab52fbd3edbb74527d5851825eb39be94de42b81bfa528fd97cd15189ad706eaba7871e3f5aa7d973450a39e08e9734f356797569db109fcc3b59c00ff74a64b9f12650a95a7806200a82513486a32bf40323c9d442bf5641300a30e1bbed48581fc036b06d0ce975268556251e4a0e5564f77ebf39b5ebf484a55e46d2688ff3475023fbcdc5e52923a1d1feef2918a2021cea0153ef4b3b765eeb4288fc315d6dbe9d53f981fa959458bddd6f4693599063ed81f8d7d058c59c80934ec353d57d9bbf127ac592964ddc585c1e5600119fba7b1d48230e5ac07cfc4ae9072c56e226e80d55e2b10ee45b2994a4ac99100815da8a6970f1405669f76237afba21baa293e004d48d39c474d0dc5dcc57677a2ca6ca005554806f86c7b8f6b37c56c0ec81fafe37b955a3139a097cfc9e9b082913ae41f84454f8dbf55352d388e140974028f8ed9d056b6b3c6feff2e8f6184e0990f891e88f51d3c7aba84a0f99b4c908b3597a0af0c048e87e71795b0e87eb8462300e1bc6caa7ca1e843dfb12a3b7d12ab45b4c35e4f3911478fa9dae3af295876f17cbe13fe732cbfb66628c4c50ed00a5af6f06e0f26770500be7ea28a8bd5e2ba6ee0ef2a735c409294dc1f018627007a4bea4c5e98dfff94d98f0c488e785788c59f7a5c9c17beb2e62fcfbcaa22045c91cf191de1e63563fc59d3d2c5bfc23fb5316f2dd4e29b1367cc31223b974dcd7f7cd156a374aae1c26f01ab31f54df2d839c72ab2827de474fef6ec44449372119431274e2fe7bcf1ade852d21f03fe4d07b76c071a0976629ae95382dbbe9f5cc20803a51751eeccbbc41d64bed22c1bfec3e259cf3bbd9bd9e25c58ce5483dc9ce0469f9b2d566eeedec6cd4f305d94377c211d285fee024f295a62aef0a098160c1048858a5b921518c2911ac4b5417778fa503986edda48ec48babf00f6547c663912bb97f276a65b016252fcffbf09f1111d4236d985407ba6f691a6b151c048448dc541e077ea2b96ed79c35f3a9335a142060587940e040f874b54b6da57d9977c8b0a503c06519d5cbf61f810483407d20975f978d335bca70457e1e80f77fa0aabd7054901d26ffb5a24cad30cd69a5fd860df1f1a48bd9c58a1a71c3c178daf7368dee58dfa9e9e19c7c358bd9b00ecfcc05a8260d057d3a77d2f0e3b4c6a065165d307621c47fb2873ceb46228a879c8914d90e866ee5c640b1b00b84511ef1fac0034137cacc9f8d3aacce2944dc12e06641bdbfda6e57c33acf3ef69b5c2b5f829d7b2d2ba9446cd74e6e7a4cb657eb2c2eaa71e8dc420a99d85982e2cc04e38b47d3ccccde2c9481e7e4999a3b3cc4037ec11f3eb8c98ea9caecb0e7f990559cc896ebf34ec1a92886dbe6bc5e576082192a226a9a999be772298e26eb38a95af6177bd2e67fe3cd075ee564dc33c42707900cc5f6e671a58e97e575b7fd70a34781b5dc0928abec5c2d739ea574b3d6be168025897fcd570b41f6a6e795e6d3a6f2c62d635f4e166469699b4a46e254f0db549a4c1a27558937a039100b35632961795e633617e68214ca165cca0398557de48f6f34b85b9cc1c23aa54bc929397e3a957e455c8e2f8936d0320ff2a00c1f15c6ae43efd0ae37ca9ebf812042ecfc5e97b80b3aa5c71cfcc2b5ac4c105549553e62a36eeea49e3b76c7f7eafc5824c974dc59b487b87fbfc0cd38d5f98259b374d24ba5f8f393ee122ae26cad8c03abdf57fd42bed2ba8f8f35b1cb2c921e2dcba2a9e7aceb44a70d19b36ab64b7c46d4e00ef9b9232a8397770f74ec077ed67f5904ddc2768085a2fb817d4022fb26a67d962da90759db5b19074f3c25452383b10860a1cc7b0992cb4550dfef0d25a5b0f03e9c1ad757fe60149733bea218aabbbbe202e163fafbe62565e52a664229b86a1c879ad865c1bd990e812d99a6e77cf42d87973cc23a7aece72a881b10312c9ff211f18a47d03c96f045030f0855174216c55926bfc4be9aef9c99edab920c3a2dafef6df3c046e58e35c017742198abc001463c3349f33bde008007d09229a8c5f9664127504fd67e49e22e758b34e7de05a6aa6a8fc40e70a0b611d6fe119074eac516844463e8a2371bd3d6e6ae86e3de0afe0a022cb0dee6d5d68af51a11242453432fd32bc43543928d86d0bd4991dc75381e1eef4acc41ca341358673dae77fdb3548921bca0ac08ec79c0715a5705a297bf6813afe3427af6ee4c1a8cef2d0023db8bbbe577bb6a88991d27ea7e65874370a2e487906a1a2e85e5b20aa156df2528120386322bec10e7e7b8505f923f985909094f5eea9a56359343aa77cc3d1be0a8f8817d1cb3f7e8674c7e96990997712b772f5d1db8525d1ec970bbb20fa00914b599ef79e8a415011b3357d57e51940f9b8c48a7973975e767a082521610428013f6c4337e74874fc6d20452cb388bccac190fa7b81cb3f3c081660d8edd8aac8fc6be7cbfdbe88542017123129fb543c5842b8f336a7b9ee1d93cbafb07b0bfbe68d134302b14ed9878ffd8c29eb9f7cb16b09d785c02633a61c14a5c34f8db57c5445e9b8da8e5a40d36921bdbc57f7b8e6a2cbfa4cbc1bdb40929c02226e529dedc7550a8c290f5f229da61a720e54f169bb337a15d792c11a3a1901aeaf7b2597397e8f0addefa8fcd17e764c813a370c6551702b7558dd5f956ec0ae36200587b742fbdd9f69ba45c443736aebbfe49516c19e9ad99678b0aa1605195e1300e631bcfd10d08dabb83ad15faabff3a1b8f19e02adddd7b37baf2add42351989a0d76314e10f0000e1020f00ddf7cfb214c5e9eb5b3dfb8f405ed1308b8539c6e02b6c071cb45e746bf244ea249376f63485a6b6de4bf7fa16081166ffc2943c9eb96a79c043aa1ea72e72e51b3eb9c69613c10cd3e965e726619e9ff09ce495092bbfdd7374b087777f4b6b4ccd9c865fa60627bca8628f80bb8901029582db57600968b6a58a1921427da3443a608c5a25beb9ddca21a268d1d918a5cb9846a2e40be820ab2bdfe28e9ae29ca428e9b3dcc0c59051c9907bacb3bfdf9d0542ccf3180d328bfe4eb9bfe9b730711f39af67b0df9e4738ac15c6802c26a916604bbe4a2f6d583e5e091e4e1047a68c0f88d3a45c6bf137c0262c24e1caf756c476b2ac8028dddfa8af6ed3c90f774a7cc76d1549d534165357f81434eea07e54436f5f2227641fd9d6e3e8fe7b0ba266503ef3b4c0199466f3d6357d326e94bec6f6c891817451fb225160b7871fb51151c8ef3a4cd03f09339ae75babfcfd7d5c35084109ab13daea5a69b22cdf118bf7ff1a7c8a11606457f534483983525d658e7cdcbf74c1aab7de3e5bd83acf8e08c257d43855c8d2be899f2ac873cf5dd60d93655a1e2f92bd79945637a11e28a4311cc7c83f84a6dd279719f86dd36bb74e1fd12533b138690bb79784a70ec740d5280ecc90ebbce25809cd5ee78fbaf3d9effe6ad637e4750a22c12f7378770acdfd8b6d3ec68617deee093f9d79a61b0204bb15e7de22d806c1721a5f57e68fd951c6ba455a66d7d08abe42b7f9c904621cef1d06d7d3d17b24f234f6e9e4acc79f7620cb9e6dfaeb0214309e2e2699ebd37989b6a3dbe217de70c191fcef0368000000006bea585e82c9020a03d04909e50a76e0a378020c4e7b89aa3f6d08f81343da73010377f43903000224cd31ae1679ec40ccdd0518a6cc4f3fbed01129f5349f5714d99373f78160a5ef3b3a6ca10411d3685f26936a59b90d4d73d1a410a1d3a80108ec0e550612ec6aa1040da569b6f25c58432044d1af2ef4010757af12012e6a253e010304067408ff0001007107ff01000000020068048000020010018500000011012a0026d8f3000b5be727d19f24716e28f24d894502f80352d232e9b6d69f357355eedce3c571ebffa4605a6b289a604258fdccc3dd1f9430ddb0a416c545722eb7f2b57968104fb6f5214fa61a79c87973426b10da88ccb208f1c091f1fe515bdd2917e35a0636fe2fd06665a6dd3591ba7cde5bd1cbbc962c92fbe439848399212a5d5995fb40f84957a21ffd14f0c8c85399f0031d2079674036145c2155b696a2bb214414f719e5d1d4988739fbff9feedc97ce0c8be9bcaee6bdc6c0a7194977845fee47f6ff0b9e319fb5f1dcaeddb193b5dbef9bc71c420c3000181ce835b00ed93865552fdf03df9ddd66baa803225ca0ad6b2a0106750400000000bd0608021100000075040100000001000000000800ba0001004400c7008000266f7eff7db95742b964b9808e51ff837fb09d9713bc5621d28759e47377980bd6eb630d0e2fb823f13503f0cd8c7da19e3893dd8c9e4d64a5d16ac9e87ed048683ba8963bf08baf6fa3ef2ff2e92599ec8dfe1d77e25259b5558e8c8b9cf9993fc3c0d3286874ff0aecbe60cec25d9c692d1a0003090700000000000000010004000100000001000c00000041832540087f08021100000004000000ffffffffffff0500000001000000ffffffffffff00feffff2503019d8068047208800006020101000400ba0015002a007606062a33000000710700ff0000ff0c4800000026002a003c0401053cc56512a6f30ce18ea2ffffffffffff0802110000012503000e001001a50000df00800037950903eb815d84711a7309f7088c464ae9d1fe23fd334141250245a86e6ebb71c84084c09c9509200d8a4dda5298705c5e882aff67b8860f69774a3f88ad243ebfbe80a2cd37af6e63afac39bf0ad773a685f0041d6e09a92d926bb4c4f652770c6e559953f4d94b6fe560c506dae4b767350103139afe031d784433fb31006f6cae8441d0e6b74e3b68a3b408282384ba27dd73c4666512080211000001080211000001080211000001710700ff0101ff06088325400506080211000000fdffffff0802110000010100000002000000080211000001040000000019007f000503042d007508010009000600070068040e0b0900000000e300800008c9cb96a40e718f7cff79058ec7979122b4ebfccd74137ba23c8aa49895db0f82f51fb5a7e132e85b8a44e004e1389953345d4112d1d2e4c2cdc6995230e4e620844db9c4c1db13fe4cf08f2ef9d020064be26182d5a2f0975b3a6540a968badb819a009b1610f98fecda904021cd1c7b6101ede6de667c2d8067108413b89c368881e4997a99592f254d7447bd3340c145b1f3778d25351a934e69933774a52bdf3994379dda94ad9c9d29b784ccc8822c80ef3953d3b4940620b2fbc83e9deedd131f7bbe5907c74e02060202002a0102680401ff0400060200003e0100003b000f003c040002002a3e01012503001c7e2d1a0c00020d00000000000000050006001400000000040800000081250301684006020600060208000075110f0003010cbd06ffffffffffff1001572603660703e80f3241447e68aebcd0de4dd4d13ae179a7e0d8eda7701f5f63d99a7eb7cd104cb3d0c40bd53ed71789853b8bd3e2cbaeab0e04e423aee0c0840409a445d9661b19a64c65f7bb8ebeae14526a99aac0994b37672b66af69a4599afbfa480e1b113f5741627167b5aaaabe27ae2db3ea8f8f567d58a1845778823e5a989df8e21a2f6470a7551616d6799b065637d1da7e3b479ff37c867e8671168b1bb64172877905a9c92e252e3a95840b3af4ca5587aa4a69944405a849758941395e5652a5a5890ef21973d1ea0ac4e65bc9c3fbde55a1f006d9c9b62e234874c01be494cd00242efcb600e7c7d8d0afb8ecdfa84df2975e38ef4c4b2cfb7f1d36384362a4eb43c5ffbe07901b3d5af3852fa52b0cf89446fae0b4f030a16958e62d005f2fedee9e0b2e69b5d053da67c0b4d1605fb6470838b0011d10acc123161f817e68d86292d0ada5db60afbe58dd58d9df86cd156e8b02e598a2de2ad2ab7161f8c2ea4e71ab5a7aab9760f4eb6695655682fc3a8eec68cc3f2456d70d55311bf9676da5a372c54863b90dca376104335168224f1950b81eb1b223387d1cbb7225ba31db82140ada5d45f9762955ff0ffef6c11b297a82cdd23001e3ebefaacff4bce4b405fed70c0eadd2a27b62f3f5d61ba8440e92f8ea7674aafb83f1ecb85c3c4b74e5a10494a427abcd6f393329580ab033c2327605999e5eff49d7d2e9e55a21abcce0ec190c2d8c03f518fe9908e7d1a5c3e49c4bd04230c640f4b448617bcc1a87ee2cc01f74e386723e2e0a725564188497a613df03aa69d6af0dc65fb814857c790142fc0118d200d68ce9dc810c09041effc7f54f75ce71d088fdc1efb80f59edf3b0a268802cfea3e653daa0a3c23c181b79da0e71fb73a234a5b10953c045632a3fe4c8aa9263e137fdc9a5767189c721a608e8be176f7c3b6a4e6b0f6fb4100b47dd60c675a317c77b0b71f19906e9c3737fb6e0f47171631a213d4e037d9be237787def289218a2945e8312610da7822f8590eb2c3a185bd60f057f19eb64a80ec0f010b052bbc3c7379883eb686128821a163e36e9257ba6b1d10f5afdf057a4402e2369393ea127708fa48a3f10e6956382b6ce3c546f503ead70e098dd586e35db06162109b7b027b71dbc2161b7e2ee42bc58478e23c2d8737a92153b978edab7d45a22c38eb614515072bd6cc54d6ff7813609391aee8ec7c5d109c32590e233a96854a076b40ab983fe0939a2e4e043d2d8122ba44682c88f41ce6b82d1492de9d8bb2773940467505bf8f6644750918acda88263b665a1080842366cfc07b8a616f4c7551af01b807efbb7f6a3e9bc8a99211579bf3ef6bf634560636f0bdfabcb5b06d7ba9c1d78dcefe667215bcf55fc7ec4339cfccb28b6d3d2efe6e8935b238e3e4cac3f32549869a3825ac1e4288dcd0e2de98169730600723b85c8148d678ce8357a9c73ed39d57fbe2ad541110e59e30d96e45544aa88171df443352532303049456ce7f27e7291c8cfe3e0d78a080dc214ec732b025e25f55c0a9a0f2b917bb87bcd89a63cc48b40302c38b61e32f4ac731135fd1c53aa86d27afcfa774f07d322d55f6c88b6a60ef6d213f9ea5c09e9d830d6d40aed36fac158c4ca45174036179ce6e113d9757e61d4f497c087c9eed24d18edcdd5fa38614969638aa3346c3f3772ab0c2741fe624b7c8717e77dc5160aa92bd96bef67980c69e8893d07685360e1b9fc7b60d93d7d7cda1f6d8fac88c3f0ddbe4019264ce90561b8deb5c1fd41723db27df479f8cfa6aaca9fc9a99a184ea109a974eb5fba8859cca49489395a73027aefc3e6ba3ba909fed9f00356b7eb766ad4b7b637a7c46aa327fc786c19f6b651510b46a2842e62604b8c06594aec01dde21ba089bff3912946cbd5f9ac705f936386a8107248d1f9510d216a4ddce3a32d1c2f815e50a2f05cd31c1d03b5bf3d2d393fe95531ca37ccbe5812d0464005660e1444d1d92a1af313b9108f4d93f66ba418e903141c11d33a020f8a1679f64f70035819a84eb983167f02249d8bab399a47a858ca9f6dc4be23fa06fc43b4cf4cd2e195f5e4dcb85d31cfd08da835120dd348dcde42fab4e24eeb1cef238768fe32236a67549646e124b0f0144bd5b4a56077dd73d30a3b416c279f4a7b7fe9e9f080b175bd9e92f5e499b698cd9dc0a018d41b45217ae11d54c82f1ad647da5332f19ae7746405b0aaa07330c765513cd81206fcc1e8675b98753842ac8a2440f22e35df52f09f9739468b9f846a816576616de8805e3773b4576220765f069f0c712500b05de18687bedd3b15b822eb4605c2705ffbd46a690072475f48544b2d821e7a64fb671603c5f9c2c4b3962fddf724a8643228b627a683ba4ff21b610122831340ae8c8cb6cf9830523d8190a13091d0c680ae3089903822bade55bf6dc2a45341ef7497e0f95a7385f95bde43a4f48fdf41e5a13662a6a598956b0dcf2c0da724593aebf9ead1fd03fcfde66006170128dc5f35b472c9dee120d0ed06a9e041fe773fa780a3994a57a2c1e74b3cfd388da41b570bee43e171398c2838243e04ce5e814a71b5aae91652a8b490b06e7506e2f4b1396e9050ee087f7788c11868b49f9e2958dae776f52a7f9d39c1d5e0aaf1ba483251952da82edf6cc431e9c6b425f3c1ad0eca659a6623ec5a471a2eff894de4dc3fa953a5ea6fd922edc92d1486f74cd683f72998b1549aeeb2b181dbaf876e6f4eb1faa0a7cf36b89ceab5d2aafdfdb0d416e24eb379c472746a540d91bbaef604ac7bd37f5ab111008033c12354ca4e8d46f85fe81794a8c2f36f8b0dadcda9b13f9b78ec076f22147e1eaad3549fb2c5af3a9b043a83f6d24029b9f7933dfa83004bf3526d003f79af66bbabf2df38d80f548a1bbb18965f7480aec33562a287a0dcff27ef94c9e131e21446024d26dc7beb1684465f70150380fe8340d0358da4cd717e50dad7fb18c30b4cc318622a82dc26a3ade0ee6635eb72efe10a50f72463f5de13701eea37937e3ce69ee2e8e962ca69cef741e0760b4096424889dd28a0ad75b955def42e8e92043af784506f70b9f72647eb29e98a157ce190c20fc6a4b3bdf247c9249103727a47c1b4fbed3665210c459825846b14091eb25413f58d425453853597741ab2ee18436cd33fc233f66ba0b6d471df2e958ebecbc1d4a640b3334516c73d576bf223b192a373034e0f1ce56747bde251d2897c463680ff2cb6663ba67ae680d74684490d93b4538874e20e31d04a76e769dc7c6f70fbca32dfdb28da3bb3b66f235a165cfdfb26d65a053238bd701023fae838afcc8214818291158b7dbc27d9396f3aba078ba7c96e65b0e1effd409f6a82788b2b0964fcf690b48acfa83462b29762aee9427b05b7c65fac1c22c5379a93f28c25ca5b9b5691071c7fe4456ac2e0b4fd33c63ff3562a4a064c69347087b6746515a05e79396faf0903919e2ab4a5396aa985bbce325a2b089f043cf42cc27a1249289664448ed17682ec399007cbcbc01f7890f46541adcd4fc573a4ffd3f4821527e5aca3cf8e8e7f01856626e26442c2ea6d57954d21f7c8491807f26193ff439e14ab1d46d48152fd8f8d4ed039515c19cfb2a67bd8af11cef31293f47a4dba0e88d3e326f30fb2040b9a3c332a09b6685ab24a7484eacdaa3ec31cf104c79b987313ddca2847b7dc1ae378999bfe5f061d18bb0588e8cca7751f6c776abebb527ef9366fa52a9056b8eb9249ba519a7f937fb80e2713fe4f57f7971539e94fc542a2f54b8f41ddfe370c3ae7bacf0810e1dfe2b6021c20ffe3c9aa931541a10137bd433002461e10758134a0189fe8f1c70126195d153fef048d0bbef5318f0d7b99e2a2791540328278dbcaa463fcabf2ff333ccfb1ed8d2dcfd35055a8e9c02605aebb1fa2fcde5878dff75845f186e1dcd3eabab7770a160247b6a47408679d2a49dc174589cbbb924fb4158eed790336b762defa06bd1199ab01254c46ea5b24062bb070242b81e22ad6604e8d7c427e3e83dcc7809233a028fbffebde5da90de5908b4c28251531e7cd83a83b9fe6832fc3316f059a2ded6df4dfd17f5e33d47ef7ac03cf4d7fbca4b684fd720edbf3dc45a07574073d22c80eb92b4c64b2735be0e862c7b4bf7b52ad7136e4769b9ca827844db1ee2232f4729787511c916371f84280d947d91d38e54d1ccc49caa623f311f2435eafe004ac2b44a84cedbd92dba32dbe7351b7246d6dde740a123260424e963805691c0ccd57ca2d574749913a594f9632f7f0af874d896e28b37c30f9c16c0c304fdf2e545d6de54fff1a4b82f3be491534caa781214df9c336cf8575e5b64ac5c0e755c9c65eb683de48c488d960e73f4e196476c145c5d6dfc065b3f8003697d080b61f5876767229e54dcd115cc905f859828d3dc2d64bb53e5b07875395402c08927bcdc7464f4a03c90444836d95277cbea6463cea4e11d94f57a7bdd2c36012b01f033e0cfae2be19d054527a80a17a56f2187093a617fce8dfcbb60d0678dc6c57750dcf58897967d06f3c2accd19acb8f71f68e6f344d69fae00f274f674594a2a3086f4b420115c81ea248fc4a422abffdc5c43ccca6ccb9efa27d156be9cc5e57bca4b6ad077ef0832c947011a404c79d5fda0f3729ff9357794f7afba283c5c9ef8aa6e6f6ad323fe07c81b2848047f3455fad512634a99733ae4ea33f899db2b05a745d1871ff8b25e8cc3e9bb2fa2cc20aa9831184943ac6ee140e2169ba1eab05ecdc8d7c8556f4de8f10b0780f644afc584efcd008858966df073f10260145297376ff1a734d111f50d27bbca809ba4049850266a7ff4b417f2ed27de4f38c2746721705ffc7cbe953a58ae9116d91bb4e782141f697d4e4ad20ca7555def6cd3db4fc8c742bf3db223860aaf0ffb0acb5dbb93c984074d658b93e8fab61f054c143b34515fdaf5ca60b0bfb199f15174a3f1f46b53e92aa861e1350e4ea492a76b02787b51bb6573c90be973e953b324052552f033d341ab7a206169b4eee7b6c73a921421331c128973487d1e29638554c0aeabe24833f2c62b730ab8b9c924d6ae301d8d755a6ff06c8adf67b26bb6da7bd5ac095c42b52e94a6909c4591a51f2144cdde4d0f8e505bea8b6438dd3b8680c863ef162252d6f3e04d57d4a9afc739a7ec3c6cf9e9baaafc13174fa095f43fc74002997d6df3828448306c03d1f924a8a3f08e68a8f9893483f29b8630607d8cbfe00fe63b9d35caa4187e403e534c5ee535261dadc07a357b217b542837b100414c8c034082bcbdb77b74500f7b9a4be811cad09fdd478e5d5e84b3f669b930becd2cf72bcb9bc2aff58ac0ff90858ef9a08b8134c00750669547ef041739807526c28bdd018fc150c4b6494bcb9b9269e3f6801ec516e968891dc5db0badca302513b80286e2cd62ad951e17b5662d208616d808a6e8c762e714fd85ff3379cf07b546b12e9d32604b220dd687526aedeec2a353df6ed1106689f69517bf2a7a356334bf488888372a6cd33baaf153fc61e6ee4d8b2ef86f71bdcf7eb22a74416f6751e42db344c73e1cf6f6678b5fbff251164147beb2271461169c03016dec505f6fb99b1024e66ea2ea43f94835e21f2de8d736a4b6b0f8c843c52e104ce73dcb941e21c17ca58f84128b98296835125e7110784e873e531f88f85f91f4cbdcc5d2c38d0525cd8621091b17da093d2b8bc221847a2cd989014fa881a4a4f876fec66331675cae55f22bba582720780190180000008021100000009000000c7e600003c0000000805ffffffffffffc7000000050802110000000600000001ffffffffffffffffffff000802110000010000000001ffffffffffff0100000001080211000001ffffffff00ffffffffffff02000000000802110000012c0000000602010007e4ace9fcc64a2fc86b7aa56f1721d0845f54a457edc5cc18928591c516988a489e93d11b75f674f2e3557d94f92f4e099da2e849c96dd76d28e29aa2a537b54214d4f37a5077c00c39a45abdf0d31434776f141c14953310b60242b74c39346fecc570256a9a485f699e2250eba379893820caae58f414a328c4df68dd39218ecd59e164a2a9f8e68d5d20d4a219e9e542695414f33246d9951b3d5395c6b99e9f86f65540ca0eff3a33b6ea5979e297a336d1cae808d305110b616c0d1c9a6c14fb6fd7b05ef7318ddde87705b23cd2b162bbf98e5a3b71eb5d8634b1de4f7c204bf6e1f3000000520691007997228ce1dfbe69f1beeb38653dc45213a3573076bf0a60bd3020dd512a0fc2681a20b1f6bcbe4d114235513ab28b0f304738ae49654b9ff09ec71a7f7db43605aa1ce96a91715e8fe042e00270d9b9e6da331c7c7a5c292be685a2c52023c25b27cd39943abc0581d45f34f16b9cea43eaf360f244cc4154e4e790e91912d469cad9c742a481933db23c15f7fab21dd805eec910a70d30e26e6ade8987e79a0d1b392ec113a12c59d36ce5fb4a553a4418103c4c558014cf1e1460d10e02dbf5f9c6ab3f5134d7e1753454757a25510bf316faa83f42c46986c7436689a727f594968724bbcd00d281df08edcec348a7c45766bec4699cd1d267c5d2e1429211ac7c8437f56352c31c75e33fd43d81a73d32f7f02b3d58b080a1864af9ecedb5e2c7d74be25d7f85c8b94ba5ecc74cd88ced9642ba0d229b712629380512ef6c05c42c71e06328a047f880ab733c9c4352c6dd39efaa7e5a414e64c85c975a69d33afbb1bff6b115bcc4cee11822c52e101e64e57e36834fb19dcbae97dab30c136e52b5969bba0721fd7a157bde296df413785b13bff789b2a5206b748eab4c270e8b6bf8f0d69ebadb92c123298dd2c35e4e02b48ef1a31adfa6895608450e584c87ab617294a9032fcb6313c64f142968b271af779e722ad49ef298cb10f5847d4e1a72ee9ab97e2aef0845f28461162263e0052070a9cb686c660ea2656291a99ad012d95ccf17abfde00f34d758ca4a1b0a2d4ba31dd21baf17f5be97fa8ad4d62dc1f626618386b291ab66f909504edbd3bbb90ddd7cf947288e64cdff155e9ff8fdb49b7dd7e21287be39c4cebb81e47868c1578d2a22c4df0a9ab53466dea7bdf7589b3d467ab4a18cafabfec104b1bbbb20b4e1359a15f9f1da8adf4fc11520a4cb48c58402d77d3aa60afb44c2b8b701358b58ce3c7df7cab1e3d489dd7e09cd714fd7cb92a791452e758580438b06c7211cbd245ca1b3e4e684b4a0fcf389beba10c5034ed01125404b2f01b93ecb78a2c779919318e476e82f19eef1aa56f242b551af40cb98a4b5a315e34d8df527a3d108235cb377efe000a09b44e37781327a4316b063b7bb49e77d72cef5f05027a97be3787d0be2ea29d01f76896d3e052c185126912a3c47ca8a10847c156f8660ac29c7ec3c39d35b8da0d77297a0bb8c8fbc85e615ecd60c91577b1d64619a856de59cb5f4c9504a704a40b9dadbba8573020e61991d8b42f2665dced3fb50091bdeccc4ad8d7a658dc5995093183aa57c9b804002c13eb316cde503cf2ec767b9ecae3bdc9029120fbf7134981b29d6d3514ee7f03366f5369a67166db34bcc91252f5b04299f9848c07bf54bfc7836d981f23eb9d5aa1495d304e271bf4209c162cffd67ecd94c5f9e536fd56732a9e8760ba993c2a056242d674cbe16eacc67f6d0ab40274f02cb246fb985e6fe418be4b61ed6a17cb3c3ffea47980573d59422bc3ababf015740cafa795662e4d0acaaaedb90d132ff5339d1e739e4dd7856ecef1929f54c3d4e075e9fef040a3fded619cf322ebe3572b004b878b7116558f729ebf5b851399e3af14c303dbd699c19e27dc429a0a915bb654ae7257fd8578eb2265758b486ccc73c8b8fca21b18da2915e70148783b5dba06c0b4d25182275e2a9ce668e3dc9756cde0184ca443e9cfe35f91654f7ce91a4e99c5a72b700f5152ef28be89a5c1442250ec64e89130bd9d1e7b4d49d594d7236b06bb15a6c7397ec2f9460896457e825873d07078ec3394d370ef6d59121570b700af38b7824f3037345a674e001ab70192f66c197fa9e61f06e9dd5820eb07680a702bc65e8856903bc263153c0f27306521538d9e3f3cd60fa0b3158fa09c6f2f9295d623fc3925279014bee45e428da7c992f2897b888bedf9962209c9554c792d513633b8990be132f5fd0b6947b3aaa31547b085be1a73e9fceab6c30e19c57e6384d1496ee60af5271c88b44d389ec5298297e1fdc629f223f96514352fb162acedb548fce98446f15248c4e380dc6dab4d4a85cf795a5731f944493d03f9b093829db51f2ff4a61c4410e4a7fc557dfe5b90f57ae4b7ecedb01b9e216205ecf6a67e0cf875f61196163f29d064eeb112df5edb49aad6e4876564a5bb8544ea4c1f33cff16dd602006940355f0269ae1c7ddc70ce336da3adc0f4718182465fcf7e7c755a28b9006e696fe03fb73f9dedb3d58263f3fadd1bb0457a26433485cd69ba8e05ab939476bd0ac69de2d25a311d46de95755f2000087019100c5480125f842f8b00ee1648790561a3bc6d360f7195960313bc6f25ebafe2c80ad80c677374315a1a995e099a5e68743802793e3fcf027c092aea6ab9a737eb76765a985199849d2afdc7047f5f13356055608a5f423c2fc5679e1c62845c7ef1e2c33acfe9451b0e7de115a8691c30efd05a6520c59151ba0f3767fa75931a4442f37746c35af0600049ba23e4572e042105c0df93f409be7e5ce3d035ea853740333a3d89782003cab11ecc3285c3c1e92e35df272f82c3158ef9739ecf24a9951e2bcf2f5fe6f1f7496f0516c26de72ee1002c1993d575f2e60330834b46624534b4fd54556d39f373613ec7d2aa13a4fea9ad5f61868b00ed88c27b8d9e921b11c36c7715c9cfb67af2723c5abd2a586e0fcc45a32674de364733806d6c23d8239487d835c1d586c19b3512e047f96e659aa6a05a310acdaeedaa26cd8816cde89d3a68f42a1c2de9ceb8fc24efb51968d403da156296c12fd0ddc4ab8c52b18b9442f84e2d52bb64a985aa37f712173a73c07df3c904fb68a7e8b672d1af53653000c00ba000900dafc0600fffe1600ba0002000e0081000900000005000600060000000000", @ANYRES64=r4], 0x2940}}, 0x800)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x47, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd50200000600000000000000300000000008000240000000032c000000030a01030000e6ff0000000030b145ea979e16acb8fefb020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)

6.15546889s ago: executing program 1 (id=948):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x8, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x58}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x7, 0x3}) (async, rerun: 32)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) (rerun: 32)
syz_open_procfs(0x0, &(0x7f00000001c0)='fdinfo\x00') (async, rerun: 64)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (rerun: 64)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x8, 0x17, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {}, [@printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

5.968906723s ago: executing program 1 (id=949):
openat(0xffffffffffffff9c, 0x0, 0x281c2, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
truncate(&(0x7f0000000280)='./file2\x00', 0x343)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x201, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0xde02})
close(r1)
socket$netlink(0x10, 0x3, 0x0)
preadv(r2, &(0x7f00000002c0)=[{&(0x7f0000000300)=""/133, 0x85}], 0x1, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'veth0_to_batadv\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x5, 0x0)
syz_open_procfs(0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$SEG6(0x0, 0xffffffffffffffff)

5.427033704s ago: executing program 2 (id=951):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000880)=@setlink={0x30, 0x13, 0xbaa23f3d13f2d1f5, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_TXQLEN={0x8}, @IFLA_GSO_MAX_SIZE={0x8, 0x29, 0x10000}]}, 0x30}, 0x1, 0x0, 0x0, 0x40010}, 0x0) (async)
bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1b, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000740), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) (async)
r4 = openat$random(0xffffffffffffff9c, &(0x7f00000007c0), 0x202, 0x0)
write$binfmt_script(r4, &(0x7f0000000040), 0x10010) (async)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x101041, 0x0)
mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000640)={{{@in=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee01}}, {{@in=@remote}, 0x0, @in=@private}}, 0xe8)
munlock(&(0x7f0000ffb000/0x4000)=nil, 0x4000) (async)
mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffb000/0x2000)=nil) (async)
r5 = dup(r3)
ioctl$sock_inet_SIOCDELRT(r5, 0x890c, &(0x7f00000001c0)={0x0, {0x2, 0x4e24, @multicast1}, {0x2, 0x4e22, @remote}, {0x2, 0x4e22, @empty}, 0x4, 0x0, 0x0, 0x0, 0x1, &(0x7f00000000c0)='macsec0\x00', 0xfffffffffffffffb, 0xcf89, 0x1}) (async)
r6 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r6, 0x0, 0x0) (async)
syz_usb_control_io(r6, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ecm(r6, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000500)=ANY=[], 0x0, 0x0}) (async)
syz_usb_control_io$cdc_ecm(r6, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ncm(r6, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io(r6, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r6, 0x0, 0x0)
syz_usb_control_io(r6, 0x0, 0x0) (async)
syz_usb_control_io$uac1(r6, 0x0, 0x0) (async)
syz_usb_control_io$uac1(r6, 0x0, 0x0)
syz_usb_control_io$printer(r6, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ncm(r6, 0x0, 0x0)
syz_usb_control_io$hid(r6, 0x0, 0x0)

5.272703885s ago: executing program 4 (id=952):
r0 = socket(0x1d, 0x2, 0x6)
ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, &(0x7f00000000c0)=ANY=[@ANYRES16=r0, @ANYRES32, @ANYRES64, @ANYRES32, @ANYBLOB="00000000080000000000000000000000000000f80000000000000000", @ANYRES32=r0, @ANYBLOB="00000000010400"/28])
listen(0xffffffffffffffff, 0x200007)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000300)=[{&(0x7f0000020540)=""/102387, 0x18ff3}], 0x1, 0x0, 0x7)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x4, 0x103102)
ioctl$DRM_IOCTL_MODE_SETCRTC(r2, 0xc06864a2, &(0x7f0000000400)={0x0, 0xfffffffffffffe11, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, {0x0, 0xffff, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, "b4bc323ef77d1f000071849800000000dfff00"}})
syz_usb_connect$printer(0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x2401}}]})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
ioctl$I2C_RDWR(0xffffffffffffffff, 0x707, &(0x7f00000000c0)={&(0x7f0000000240)=[{0x801, 0x1, 0xb, &(0x7f0000000200)="f9f4a257f548a6db6a950f"}], 0x1})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000006c0)={0x114, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_SEQ_ADJ_ORIG={0x34, 0xf, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x5}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x10}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x6}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x4}, @CTA_SEQADJ_OFFSET_AFTER={0x8}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @rand_addr=0x64010101}}}]}, @CTA_TUPLE_ORIG={0x5c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}}}]}, @CTA_LABELS_MASK={0x8, 0x17, [0xf]}, @CTA_SYNPROXY={0x2c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x3}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x1b}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0xbb}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0xd79}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x8000}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x810}, 0x0)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x205, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x38, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_EXPRESSIONS={0x10, 0x4, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @dup_ipv6={{0x8}, @void}}]}, @NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xac}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0xdad)
preadv(r4, &(0x7f0000000180)=[{&(0x7f0000001a80)=""/102390, 0x18ff6}, {0x0}], 0x2, 0x2000, 0x0)
syz_io_uring_setup(0x0, 0x0, 0x0, 0x0)
getpid()

5.238708507s ago: executing program 2 (id=953):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0)
writev(r0, &(0x7f0000001780)=[{0x0}, {&(0x7f0000001740)="e5", 0x1}], 0x2)

4.95392444s ago: executing program 1 (id=954):
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYBLOB="1b00000000000000000000000020000000000000", @ANYRES32, @ANYBLOB="000000000000000000000f000000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000240)=[<r3=>0x0], &(0x7f0000000340)=[<r4=>0x0], 0x0, 0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000002c0)=[r4, r3], 0x2})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r4, r3], 0x2})
r5 = syz_open_dev$vim2m(&(0x7f00000003c0), 0x4, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000000)={0x15, 0x1, 0x0, "6106007722366ccef4ba566c4acd3d00e7bfeb8cace586d84a500000000800"})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a00000000000000000000000000000900010073797a30000000002c000000030a000000000000000000000000000009000117460e18d40f6d3417b9d3422c1dc20073797a30000000000900030073797a30000000006c000000060a000000000700000000000000000008000b4000000000440004802c0001800a00a9d1313b01006c696d69740000001c0002800c00014000000000000000000c0002400000000000000000140001800b0001006c6f6f6b75700000040002800900010073797a300000000014000000140001000000000000000000000000887f0acd5d9bcb0a"], 0xe0}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000d40000000000000000000000000a20000000000a03000000000000000000010000000900010073797a3000000000bc000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000009000038008000240000000007c00038014000100626f6e64300000000000000000000000140001006970766c616e31000000000000000000140001006970766c616e300000000000000000001400010073697430000000000000fbffffffffffffff0100776c616e300000000000000000000000140001006772653000000000000000000000040008000140000000005c000000180a01010000000000000000010000000900020073797a30000000000900010073797a3000"], 0x4b0}, 0x1, 0x0, 0x0, 0x4010}, 0x4040010)
syz_open_dev$cec(&(0x7f0000000580), 0x0, 0x321001)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0xfffffffffffffe68)
r7 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000e80)={'vcan0\x00', <r8=>0x0})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r9 = socket$packet(0x11, 0x3, 0x300)
close_range(r9, 0xffffffffffffffff, 0x6)
bind$can_raw(r7, &(0x7f0000000ec0)={0x1d, r8}, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_MAC_ACL(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)=ANY=[@ANYBLOB="85ee0000", @ANYRES16=r10, @ANYBLOB="00022cbd7000fcdbdf255d0000002800a6800a00060008021100000000000a"], 0x44}, 0x1, 0x0, 0x0, 0x20000811}, 0x24040804)
socket$nl_route(0x10, 0x3, 0x0)
io_uring_setup(0x177f, &(0x7f0000000140)={0x0, 0x0, 0x200, 0xfffffffc})

4.236221157s ago: executing program 2 (id=955):
socket$nl_netfilter(0x10, 0x3, 0xc)
pipe(&(0x7f0000000080))
r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc10c5541, &(0x7f0000000080))

4.087813249s ago: executing program 2 (id=956):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r3 = open(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000431d1c40c9309300c6180102030309021200010000000009040000000e0101805e32dbdd09401b64858540117b665ebaf36deb94b3748232708b2ce37318972731e97b3f59910963b9a9ab470b82d5fa47feda842ad958744abb0d7738f56928c586c02cf5cb721e704f867babc46236dff2a7aad5eec3445e77de81a602520baba926b6e7580cb448fe263705a01b1ef2"], &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$inet6(0xa, 0x2, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$inet6_mreq(r3, 0x29, 0x14, &(0x7f0000000280)={@mcast2, <r5=>0x0}, &(0x7f00000002c0)=0x14)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000340)={'tunl0\x00', &(0x7f0000000300)={'ip_vti0\x00', <r6=>0x0, 0x7, 0x1, 0x80, 0xb9a, {{0x6, 0x4, 0x2, 0x1, 0x18, 0x67, 0x0, 0x9, 0x29, 0x0, @multicast1, @private=0xa010100, {[@ra={0x94, 0x4}]}}}}})
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=@bridge_delneigh={0x74, 0x1d, 0x1, 0x70bd28, 0x25dfdbff, {0x2, 0x0, 0x0, r5, 0x4, 0x20, 0x1}, [@NDA_IFINDEX={0x8, 0x8, r6}, @NDA_DST_MAC={0xa, 0x1, @broadcast}, @NDA_NH_ID={0xfffffffffffffee2, 0xd, 0x8}, @NDA_DST_IPV4={0x8, 0x1, @empty}, @NDA_NH_ID={0x8, 0xd, 0x2a63}, @NDA_LLADDR={0xa, 0x2, @random="87d1d13e6d3b"}, @NDA_DST_IPV6={0x14, 0x1, @rand_addr=' \x01\x00'}, @NDA_LLADDR={0xa, 0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}]}, 0x74}}, 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x4c}, 0x1, 0x7000000}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)

4.041564444s ago: executing program 3 (id=957):
syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120100003d37d840890457e0000000000001090224"], 0x0)
syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
io_submit(0x0, 0x11, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0})
r1 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f00000002c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x40b80, 0x0)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000001300)=ANY=[], 0x630}, 0x1, 0x0, 0x0, 0x4042020}, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
open(0x0, 0x20403, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r2)
r3 = socket$netlink(0x10, 0x3, 0x0)
getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r4}]}}}, @IFLA_MTU={0x8, 0x4, 0xacd1}]}, 0x44}}, 0x0)
r5 = syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000180)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x4400}})
io_uring_enter(r5, 0x2def, 0x0, 0x0, 0x0, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000440)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x10000}])

3.876940461s ago: executing program 1 (id=958):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async)
r1 = syz_open_dev$radio(&(0x7f00000003c0), 0x2, 0x2)
ioctl$VIDIOC_LOG_STATUS(r1, 0x5646, 0x0)
read(r1, &(0x7f0000001e80)=""/96, 0x60) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00', <r2=>0x0}) (async)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000003c0)=@newlink={0x4c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x208}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ES={0x5}]}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x4c}}, 0x0)

3.650662771s ago: executing program 1 (id=959):
userfaultfd(0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = inotify_init1(0x0)
inotify_add_watch(r1, 0x0, 0xa2000c06)
r2 = inotify_init1(0x0)
inotify_add_watch(r2, &(0x7f00000004c0)='./file0\x00', 0x80000000)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002080), r0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000002140)={&(0x7f0000002040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000002100)={&(0x7f00000020c0)={0x1c, r4, 0x400, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x1368}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000090}, 0xd5)
accept4(r3, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
getpid()
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001a80), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_WIPHY(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, r6, 0x211b9d7b959febf3, 0x0, 0x0, {{}, {@val={0x8}, @val={0x8}, @val={0xc}}}}, 0x30}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$fuse(0x0, 0x0, 0x12a2840, 0x0, 0x0, 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r7, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)

3.594648238s ago: executing program 4 (id=960):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(0xffffffffffffffff, 0xc0f85403, &(0x7f00000001c0))
r1 = syz_io_uring_setup(0xd3, &(0x7f0000000480), &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0)

3.38262811s ago: executing program 4 (id=961):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="0000008000"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r1 = socket$inet6(0xa, 0x800000000000002, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000003a40)={@map=r0}, 0x20)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r3, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500))
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000080000000000000000000000000010000000000000"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171, 0x0, 0x0, 0x20000000}, 0xa}], 0x400000000000172, 0x4000300)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff)
r8 = add_key$user(&(0x7f0000000380), &(0x7f0000000580)={'syz', 0x0}, &(0x7f00000005c0)="7ed15d12800e89734cc0783aec97064c0ec0500b5718dcf3c8dbe0d097a00b3024b4ec05acd59d0b7f31cfa2699fed6af02f41bee3856c9c91052617fd0f172a03234b210d8eff937daa97ab9041426c52f33452b20a5c85ed87c82f55e6b7fe37f754670f102c9fc04e45f9d0a5ce33e3a7ce98d629e8b7fcfaa15047c8075f630d5db5c52b1f8892c881e8b2c5a941c58d8cc14017b7ab5b210d53ce4aac1910", 0xa1, 0xfffffffffffffffd)
keyctl$read(0xb, r8, &(0x7f0000000d40)=""/4096, 0x1000)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000680)={'tunl0\x00', &(0x7f00000002c0)={'ip_vti0\x00', <r9=>0x0, 0x20, 0x7, 0x8, 0x5, {{0x21, 0x4, 0x0, 0x13, 0x84, 0x68, 0x0, 0xf8, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @private=0xa010100, {[@ssrr={0x89, 0x2b, 0xc7, [@loopback, @private=0xa010102, @broadcast, @private=0xa010100, @multicast2, @dev={0xac, 0x14, 0x14, 0x12}, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, @loopback, @loopback]}, @end, @noop, @generic={0x88, 0x8, "e0ba46317197"}, @timestamp={0x44, 0x18, 0xdd, 0x0, 0xa, [0x7fff, 0x9, 0x0, 0x8000, 0x3]}, @generic={0x83, 0x4, "24e0"}, @end, @timestamp_prespec={0x44, 0x1c, 0x60, 0x3, 0x7, [{@multicast1, 0x6}, {@loopback, 0x7}, {@empty, 0x1}]}]}}}}})
ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, &(0x7f0000000780)={0x9, 0x8, 0x4, 0xb, 0x6, [{0x4, 0x4, 0x8}, {0x6, 0x2, 0x0, '\x00', 0x2}, {0x9, 0x5, 0x1, '\x00', 0x2}, {0x8000, 0x800, 0x9, '\x00', 0x4}, {0x5, 0x6, 0x6, '\x00', 0x200f}, {0x2, 0x10001, 0x2e, '\x00', 0x801}]})
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2008}, 0xc, &(0x7f0000000140)={&(0x7f00000006c0)=ANY=[@ANYBLOB, @ANYRES16=r7, @ANYBLOB="010029bd7000fbdbdf2506000000080003000000000008000400000000000c00018008000700", @ANYRES32=r9, @ANYBLOB="08000400020000002000068014000400fe880000000000000000000000000001060005004e2200000c00018006000100020000000800030007000000"], 0x6c}, 0x1, 0x0, 0x0, 0x4880}, 0x20020000)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)

3.123231026s ago: executing program 0 (id=962):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000002200)='./file0\x00', 0x0, &(0x7f0000002280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
read$FUSE(r0, &(0x7f00000027c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_LSEEK(r0, &(0x7f00000021c0)={0x18, 0x0, r2, {0x7}}, 0x18)
read$FUSE(r0, &(0x7f0000000100)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_IOCTL(r0, &(0x7f0000002140)={0x20, 0x0, r3, {0x0, 0x0, 0x80003ff}}, 0x20)
lstat(&(0x7f0000008800)='./file0\x00', 0x0)
getdents(r1, 0x0, 0x0)
fsetxattr(r1, &(0x7f0000002780)=@known='security.selinux\x00', 0x0, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000008d00)={0x2020}, 0x2020)
read$FUSE(r0, &(0x7f000001aa80)={0x2020, 0x0, <r4=>0x0}, 0x2020)
fchmodat(r1, 0x0, 0x0)
write$FUSE_INTERRUPT(r0, &(0x7f0000000080)={0x10, 0x0, r4}, 0x10)

2.686801268s ago: executing program 1 (id=963):
r0 = socket(0x10, 0x3, 0x0)
socket$alg(0x26, 0x5, 0x0)
fsopen(0x0, 0x0)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000400)=0x1000000000010001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x32, &(0x7f00000003c0)={@random="6d2ffac2df3e", @dev={'\xaa\xaa\xaa\xaa\xaa', 0x8}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0xa010102, @remote}, {0x4e21, 0x4e20, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x20)
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = dup(r3)
socket$inet(0x2, 0x800, 0x2)
write$UHID_INPUT(r4, &(0x7f0000002080)={0x3, {"a2e3ad21ed0d52f91b5d390887f70e06d038e7ff7fc6e5539b3272298b089b07081b4d090890e0878f0e1ac6e7049b3366959bfc9a240d2567f3988f7ef319520100ffe8d178708c523c921b1b9b39070d075d0936cd3b78130d9b61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c9000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c198045651cf4778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdc80c47ee4f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78ff95b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af0000807e0000000002d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b4051db55e0510a6e4114a53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a6d8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000000000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
r5 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f0000000000)={'gretap0\x00', &(0x7f0000000100)={'erspan0\x00', <r6=>0x0, 0x80, 0x7, 0xe4, 0x0, {{0x24, 0x4, 0x1, 0x2e, 0x90, 0x68, 0x0, 0x6, 0x29, 0x0, @empty, @rand_addr=0x64010100, {[@ra={0x94, 0x4, 0x1}, @timestamp_prespec={0x44, 0xc, 0x8d, 0x3, 0x8, [{@broadcast, 0x4}]}, @timestamp_addr={0x44, 0x24, 0xfd, 0x1, 0x5, [{@multicast1, 0x9}, {@broadcast, 0x8}, {@dev={0xac, 0x14, 0x14, 0x38}, 0xaf}, {@multicast1, 0x2}]}, @timestamp_addr={0x44, 0x44, 0xd1, 0x1, 0xb, [{@rand_addr=0x64010102, 0x1}, {@multicast2}, {@empty, 0x6}, {@local, 0x7ff}, {@private=0xa010102, 0x8}, {@local, 0xa}, {@private=0xa010102, 0x2}, {@rand_addr=0x64010101, 0x4}]}, @end]}}}}})
setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, r6}, {0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe8)
sendmmsg(r5, &(0x7f0000000480), 0x2e9, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000064000000001400028008000880000000000800070001000000"], 0x44}}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff000800034000000008680000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000003c0003803800008008000340000000022c00028028000280080001"], 0xfc}}, 0x0)

2.040827133s ago: executing program 0 (id=964):
r0 = epoll_create1(0x0)
r1 = epoll_create1(0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_TIMESTAMP(r4, 0x1, 0x3f, 0x0, 0x0)
bind$inet(r4, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4002, 0x0, 0x83, 0x0)
sendto$inet(r4, 0x0, 0x0, 0x200007e9, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x15, 0x0, 0x0)
sendmsg$inet(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)='/', 0x1}], 0x1}, 0x111)
recvmmsg(r4, &(0x7f00000005c0), 0x40000000000026c, 0x0, 0x0)
sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r2, 0x0, 0x0)
close(r0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000c85000))
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000140)={0x77540947ad9a168d})

901.346103ms ago: executing program 2 (id=965):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0)
writev(r0, &(0x7f0000001780)=[{0x0}, {&(0x7f0000001740)="e5", 0x1}], 0x2)

0s ago: executing program 2 (id=966):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000001180)=@raw={'raw\x00', 0x4001, 0x3, 0xa68, 0x0, 0x0, 0x148, 0x8f0, 0x148, 0x9d0, 0x240, 0x240, 0x9d0, 0x240, 0x7fffffe, 0x0, {[{{@ip={@loopback, @local, 0x0, 0x0, 'ip6gretap0\x00', 'netdevsim0\x00'}, 0x0, 0x8a8, 0x8f0, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'lo\x00', {0x0, 0x0, 0x1ff, 0x0, 0x0, 0xed, 0x7}}}, @common=@unspec=@u32={{0x7e0, 'u32\x00', 0x2}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast1, 'veth0_to_bond\x00'}}}, {{@ip={@local, @loopback, 0x0, 0x0, 'veth0_vlan\x00', 'macvtap0\x00'}, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28, 'rpfilter\x00', 0x2}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0xac8)
setsockopt$IP_VS_SO_SET_DELDEST(0xffffffffffffffff, 0x0, 0x488, 0x0, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x101000, 0x41)
execveat(r1, 0x0, 0x0, 0x0, 0x1000)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, 0x0, 0x0)
setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x110)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
unshare(0x22020600)
r2 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_FORWARD(r2, 0x80184132, 0x0)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x1})

kernel console output (not intermixed with test programs):

 > 3
[  243.139234][ T5243] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  243.168473][   T58] usb 5-1: config 1 has an invalid descriptor of length 205, skipping remainder of the config
[  243.202491][ T1169] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  243.276021][   T58] usb 5-1: config 1 interface 0 altsetting 127 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  243.289636][   T58] usb 5-1: config 1 interface 0 has no altsetting 0
[  243.299159][   T58] usb 5-1: New USB device found, idVendor=0525, idProduct=fb40, bcdDevice= 0.40
[  243.312035][   T63] bridge_slave_1: left allmulticast mode
[  243.323843][   T58] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  243.332961][ T5234] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  243.343638][   T63] bridge_slave_1: left promiscuous mode
[  243.368761][   T63] bridge0: port 2(bridge_slave_1) entered disabled state
[  243.376550][   T58] usb 5-1: Product: syz
[  243.388978][   T58] usb 5-1: Manufacturer: syz
[  243.406023][   T58] usb 5-1: SerialNumber: syz
[  243.417276][ T1169] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  243.418753][   T63] bridge_slave_0: left allmulticast mode
[  243.444749][   T63] bridge_slave_0: left promiscuous mode
[  243.457633][   T63] bridge0: port 1(bridge_slave_0) entered disabled state
[  243.485543][ T1169] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  243.541085][ T1169] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  243.542414][ T5234] usb 4-1: Using ep0 maxpacket: 16
[  243.579797][ T5234] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  243.596051][ T1169] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  243.614314][ T5234] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  243.658292][ T5234] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  243.664968][ T1169] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  243.716747][   T58] cdc_ether 5-1:1.0: skipping garbage
[  243.726904][   T58] usb 5-1: bad CDC descriptors
[  243.733832][ T5234] usb 4-1: config 0 descriptor??
[  243.739307][ T1169] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  243.780430][   T58] usb 5-1: USB disconnect, device number 35
[  243.799940][ T1169] usb 2-1: config 0 descriptor??
[  244.727255][ T5234] usbhid 4-1:0.0: can't add hid device: -71
[  244.740651][ T5234] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  244.791514][ T5234] usb 4-1: USB disconnect, device number 25
[  245.192719][ T4627] Bluetooth: hci5: command tx timeout
[  245.324734][   T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  245.349903][   T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  245.352864][ T5234] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  245.386403][   T63] bond0 (unregistering): Released all slaves
[  245.443026][ T8402] netlink: 4 bytes leftover after parsing attributes in process `syz.4.602'.
[  245.465813][ T8402] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  245.477036][ T8402] batman_adv: batadv0: Removing interface: batadv_slave_0
[  245.493296][ T8402] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  245.545636][ T8402] batman_adv: batadv0: Removing interface: batadv_slave_1
[  245.554018][ T5234] usb 4-1: Using ep0 maxpacket: 8
[  245.571347][ T5234] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0
[  245.601584][ T5234] usb 4-1: New USB device found, idVendor=0582, idProduct=28e8, bcdDevice=f5.06
[  245.621117][ T5234] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  245.647943][ T5234] usb 4-1: Product: syz
[  245.658074][ T5234] usb 4-1: Manufacturer: syz
[  245.665269][ T5234] usb 4-1: SerialNumber: syz
[  245.682002][ T5234] usb 4-1: config 0 descriptor??
[  246.019718][ T1169] usbhid 2-1:0.0: can't add hid device: -71
[  246.047023][ T1169] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  246.097456][ T1169] usb 2-1: USB disconnect, device number 28
[  246.512461][    T8] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  246.517714][ T5234] usb 4-1: USB disconnect, device number 26
[  246.531428][   T63] hsr_slave_0: left promiscuous mode
[  246.565000][ T5655] udevd[5655]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  246.581128][   T63] hsr_slave_1: left promiscuous mode
[  246.605009][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  246.626830][   T63] batman_adv: batadv0: Removing interface: batadv_slave_0
[  246.651235][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  246.658867][   T63] batman_adv: batadv0: Removing interface: batadv_slave_1
[  246.692670][ T1169] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  246.709350][   T63] veth0_macvtap: left promiscuous mode
[  246.718443][   T63] veth1_vlan: left promiscuous mode
[  246.724360][   T63] veth0_vlan: left promiscuous mode
[  246.730834][    T8] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  246.741981][    T8] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  246.752619][    T8] usb 5-1: config 1 interface 0 altsetting 161 has 0 endpoint descriptors, different from the interface descriptor's value: 8
[  246.789955][    T8] usb 5-1: config 1 interface 0 has no altsetting 0
[  246.811414][    T8] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  246.822249][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  246.839556][    T8] usb 5-1: SerialNumber: syz
[  246.902364][ T1169] usb 2-1: Using ep0 maxpacket: 8
[  246.909791][ T1169] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  246.920766][ T1169] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.943421][ T1169] usb 2-1: config 0 descriptor??
[  247.172751][ T1169] asix 2-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  247.272401][ T4627] Bluetooth: hci5: command tx timeout
[  247.788793][   T63] team0 (unregistering): Port device team_slave_1 removed
[  247.875073][   T63] team0 (unregistering): Port device team_slave_0 removed
[  248.144900][ T8437] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  248.165850][    C0] hrtimer: interrupt took 54971 ns
[  248.184139][ T8437] kvm: pic: non byte read
[  248.189080][ T8437] kvm: pic: level sensitive irq not supported
[  248.189195][ T8437] kvm: pic: non byte read
[  248.212848][ T8437] kvm: pic: level sensitive irq not supported
[  248.212948][ T8437] kvm: pic: non byte read
[  248.866024][ T8428] netlink: 'syz.4.610': attribute type 4 has an invalid length.
[  248.972904][    T8] usb 5-1: USB disconnect, device number 36
[  249.120321][ T8465] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  249.229556][ T8465] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  249.351239][ T8396] chnl_net:caif_netlink_parms(): no params data found
[  249.352450][ T4627] Bluetooth: hci5: command tx timeout
[  250.086456][ T8396] bridge0: port 1(bridge_slave_0) entered blocking state
[  250.151305][ T8396] bridge0: port 1(bridge_slave_0) entered disabled state
[  250.193738][ T8396] bridge_slave_0: entered allmulticast mode
[  250.241281][ T8396] bridge_slave_0: entered promiscuous mode
[  250.288954][ T8396] bridge0: port 2(bridge_slave_1) entered blocking state
[  250.335564][ T8396] bridge0: port 2(bridge_slave_1) entered disabled state
[  250.368284][ T8396] bridge_slave_1: entered allmulticast mode
[  250.406510][ T8396] bridge_slave_1: entered promiscuous mode
[  250.752690][ T1169] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  250.753679][ T8396] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  250.795550][ T8396] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  250.804747][ T1169] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  250.804927][ T1169] asix 2-1:0.0: probe with driver asix failed with error -71
[  250.876519][ T1169] usb 2-1: USB disconnect, device number 29
[  250.943534][ T8506] netlink: 32 bytes leftover after parsing attributes in process `syz.1.620'.
[  251.002746][ T5245] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  251.066551][ T8396] team0: Port device team_slave_0 added
[  251.081592][ T8396] team0: Port device team_slave_1 added
[  251.158777][ T8396] batman_adv: batadv0: Adding interface: batadv_slave_0
[  251.202928][ T8396] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  251.244459][ T5245] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  251.281424][ T5245] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  251.320290][ T8396] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  251.322395][ T5245] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  251.352226][ T5245] usb 5-1: New USB device found, idVendor=0b05, idProduct=1a30, bcdDevice= 0.00
[  251.387159][ T5245] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  251.426866][ T8396] batman_adv: batadv0: Adding interface: batadv_slave_1
[  251.434176][ T4627] Bluetooth: hci5: command tx timeout
[  251.439627][ T5245] usb 5-1: config 0 descriptor??
[  251.449291][ T8396] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  251.479345][ T8396] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  251.630416][ T8396] hsr_slave_0: entered promiscuous mode
[  251.642791][ T8396] hsr_slave_1: entered promiscuous mode
[  251.883520][ T5245] hid (null): report_id 59012 is invalid
[  251.928054][ T5245] asus 0003:0B05:1A30.000A: report_id 59012 is invalid
[  251.954843][ T5245] asus 0003:0B05:1A30.000A: item 0 2 1 8 parsing failed
[  251.968765][ T5245] asus 0003:0B05:1A30.000A: Asus hid parse failed: -22
[  251.986062][ T5245] asus 0003:0B05:1A30.000A: probe with driver asus failed with error -22
[  252.103401][ T8523] kvm: kvm [8522]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe702111
[  252.177109][ T8531] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.626'.
[  252.211953][ T8531] openvswitch: netlink: Tunnel attr 2 has unexpected len 13 expected 4
[  252.530567][ T8543] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  253.236538][ T8396] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  253.274336][ T8396] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  253.300119][ T8396] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  253.336769][ T8396] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  253.659387][ T8396] 8021q: adding VLAN 0 to HW filter on device bond0
[  253.739173][ T8396] 8021q: adding VLAN 0 to HW filter on device team0
[  253.756005][    T9] usb 5-1: USB disconnect, device number 37
[  253.821472][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[  253.828621][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[  253.897649][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[  253.904864][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[  253.910099][ T8567] usb usb7: usbfs: process 8567 (syz.4.630) did not claim interface 0 before use
[  253.940319][ T8567] FAULT_INJECTION: forcing a failure.
[  253.940319][ T8567] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  253.960371][ T8567] CPU: 0 UID: 0 PID: 8567 Comm: syz.4.630 Not tainted 6.11.0-rc7-syzkaller-00017-gbc83b4d1f086 #0
[  253.970995][ T8567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  253.981080][ T8567] Call Trace:
[  253.984375][ T8567]  <TASK>
[  253.987316][ T8567]  dump_stack_lvl+0x241/0x360
[  253.992008][ T8567]  ? __pfx_dump_stack_lvl+0x10/0x10
[  253.997225][ T8567]  ? __pfx__printk+0x10/0x10
[  254.001841][ T8567]  ? snprintf+0xda/0x120
[  254.006115][ T8567]  should_fail_ex+0x3b0/0x4e0
[  254.010815][ T8567]  _copy_to_user+0x2f/0xb0
[  254.015257][ T8567]  simple_read_from_buffer+0xca/0x150
[  254.020654][ T8567]  proc_fail_nth_read+0x1ec/0x260
[  254.025702][ T8567]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  254.031270][ T8567]  ? rw_verify_area+0x520/0x6b0
[  254.036138][ T8567]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  254.037951][ T8396] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  254.041684][ T8567]  vfs_read+0x204/0xbc0
[  254.056155][ T8567]  ? __pfx_lock_release+0x10/0x10
[  254.061197][ T8567]  ? __pfx_vfs_read+0x10/0x10
[  254.065861][ T8567]  ? __fget_files+0x29/0x470
[  254.070443][ T8567]  ? __fget_files+0x3f6/0x470
[  254.075118][ T8567]  ksys_read+0x1a0/0x2c0
[  254.079350][ T8567]  ? __pfx_ksys_read+0x10/0x10
[  254.084100][ T8567]  ? do_syscall_64+0x100/0x230
[  254.088852][ T8567]  ? do_syscall_64+0xb6/0x230
[  254.093515][ T8567]  do_syscall_64+0xf3/0x230
[  254.098001][ T8567]  ? clear_bhb_loop+0x35/0x90
[  254.102664][ T8567]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  254.108551][ T8567] RIP: 0033:0x7f62f057c93c
[  254.112952][ T8567] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  254.132543][ T8567] RSP: 002b:00007f62f13c8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  254.140942][ T8567] RAX: ffffffffffffffda RBX: 00007f62f0735f80 RCX: 00007f62f057c93c
[  254.148897][ T8567] RDX: 000000000000000f RSI: 00007f62f13c80a0 RDI: 0000000000000004
[  254.156854][ T8567] RBP: 00007f62f13c8090 R08: 0000000000000000 R09: 0000000000000000
[  254.164834][ T8567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  254.172790][ T8567] R13: 0000000000000000 R14: 00007f62f0735f80 R15: 00007f62f085fa28
[  254.180756][ T8567]  </TASK>
[  254.332191][ T8396] 8021q: adding VLAN 0 to HW filter on device batadv0
[  254.472906][ T8572] vhci_hcd: invalid port number 0
[  254.548468][ T8396] veth0_vlan: entered promiscuous mode
[  254.689286][ T8572] netlink: 'syz.4.631': attribute type 29 has an invalid length.
[  254.713831][ T8396] veth1_vlan: entered promiscuous mode
[  254.738542][ T8578] netlink: 'syz.4.631': attribute type 29 has an invalid length.
[  254.784272][ T8572] netlink: 'syz.4.631': attribute type 29 has an invalid length.
[  254.979544][   T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  255.064598][ T8572] netlink: 'syz.4.631': attribute type 29 has an invalid length.
[  255.098309][ T8578] netlink: 'syz.4.631': attribute type 29 has an invalid length.
[  255.147886][ T8586] netlink: 'syz.4.631': attribute type 29 has an invalid length.
[  255.269749][   T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  255.543084][ T8600] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.637'.
[  255.569423][   T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  255.589745][ T8600] openvswitch: netlink: Tunnel attr 2 has unexpected len 13 expected 4
[  255.674972][ T8396] veth0_macvtap: entered promiscuous mode
[  255.794859][ T5245] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  255.830957][   T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  255.917250][ T1269] ieee802154 phy0 wpan0: encryption failed: -22
[  255.923691][ T1269] ieee802154 phy1 wpan1: encryption failed: -22
[  255.943224][ T8396] veth1_macvtap: entered promiscuous mode
[  256.012474][ T5245] usb 5-1: Using ep0 maxpacket: 8
[  256.020527][ T5245] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  256.042127][ T8396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  256.059288][ T5245] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  256.076325][ T8396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  256.086734][ T5245] usb 5-1: New USB device found, idVendor=886d, idProduct=db3f, bcdDevice= 0.69
[  256.096278][ T8396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  256.107241][ T5245] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  256.128675][ T8396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  256.139240][ T5245] usb 5-1: config 0 descriptor??
[  256.162557][ T8396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  256.182485][ T8396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  256.197647][ T8396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  256.238732][ T8396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  256.275264][ T5243] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  256.275628][ T8396] batman_adv: batadv0: Interface activated: batadv_slave_0
[  256.291810][ T5243] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  256.300278][ T5243] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  256.311106][ T5243] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  256.326916][ T5243] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  256.336392][ T5243] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  256.349697][ T8396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  256.402720][ T8396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  256.413293][ T8396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  256.424506][ T8396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  256.434825][ T8396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  256.445752][ T8396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  256.457045][ T8396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  256.482314][ T8396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  256.504279][ T8396] batman_adv: batadv0: Interface activated: batadv_slave_1
[  256.543218][ T8396] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  256.580877][ T8396] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  256.600897][ T5245] hid-generic 0003:886D:DB3F.000B: unbalanced delimiter at end of report description
[  256.620670][ T8396] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  256.634886][ T5245] hid-generic 0003:886D:DB3F.000B: probe with driver hid-generic failed with error -22
[  256.652512][ T8396] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  256.824073][ T8602] netlink: 'syz.4.638': attribute type 11 has an invalid length.
[  256.831842][ T8602] netlink: 'syz.4.638': attribute type 11 has an invalid length.
[  256.848336][ T8602] netlink: 209800 bytes leftover after parsing attributes in process `syz.4.638'.
[  257.020801][   T11] bridge_slave_1: left allmulticast mode
[  257.043272][   T11] bridge_slave_1: left promiscuous mode
[  257.049017][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  257.109740][   T11] bridge_slave_0: left allmulticast mode
[  257.143197][   T11] bridge_slave_0: left promiscuous mode
[  257.148960][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  257.193638][ T5234] usb 5-1: USB disconnect, device number 38
[  257.831745][ T8635] syz.3.644 (8635): drop_caches: 2
[  258.392685][ T5243] Bluetooth: hci0: command tx timeout
[  258.585352][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  258.609953][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  258.630816][   T11] bond0 (unregistering): Released all slaves
[  259.220908][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  259.259038][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  259.533126][ T5285] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  259.589843][ T2562] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  259.620372][ T2562] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  259.722454][ T5285] usb 4-1: device descriptor read/64, error -71
[  259.741964][   T11] hsr_slave_0: left promiscuous mode
[  259.751028][   T11] hsr_slave_1: left promiscuous mode
[  259.762105][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  259.773917][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  259.783520][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  259.790921][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  259.830518][   T11] veth1_vlan: left promiscuous mode
[  259.852735][   T11] veth0_vlan: left promiscuous mode
[  260.023143][ T5285] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  260.152769][ T5234] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  260.174163][ T5285] usb 4-1: device descriptor read/64, error -71
[  260.207794][ T8716] netlink: 28 bytes leftover after parsing attributes in process `syz.2.655'.
[  260.312801][ T5285] usb usb4-port1: attempt power cycle
[  260.370936][ T5234] usb 1-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=a1.c9
[  260.387390][ T5234] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  260.396544][ T5234] usb 1-1: Product: syz
[  260.407901][ T5234] usb 1-1: Manufacturer: syz
[  260.412736][ T5234] usb 1-1: SerialNumber: syz
[  260.433346][ T5234] usb 1-1: config 0 descriptor??
[  260.449890][ T5234] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  260.472527][ T5243] Bluetooth: hci0: command tx timeout
[  260.578282][   T11] team0 (unregistering): Port device team_slave_1 removed
[  260.618383][   T11] team0 (unregistering): Port device team_slave_0 removed
[  260.738695][   T29] kauditd_printk_skb: 65 callbacks suppressed
[  260.738707][ T5285] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  260.738713][   T29] audit: type=1326 audit(1725946016.059:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8718 comm="syz.0.601" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f760a17def9 code=0x0
[  260.814233][ T8719] netlink: 44 bytes leftover after parsing attributes in process `syz.0.601'.
[  260.832037][ T8719] netlink: 12 bytes leftover after parsing attributes in process `syz.0.601'.
[  260.833775][ T5285] usb 4-1: device descriptor read/8, error -71
[  260.843415][ T8719] netlink: 20 bytes leftover after parsing attributes in process `syz.0.601'.
[  260.976421][ T5234] gspca_vc032x: reg_r err -110
[  260.982242][ T5234] gspca_vc032x: I2c Bus Busy Wait 00
[  260.988221][ T5234] gspca_vc032x: I2c Bus Busy Wait 00
[  261.001420][ T5234] gspca_vc032x: I2c Bus Busy Wait 00
[  261.008055][ T5234] gspca_vc032x: I2c Bus Busy Wait 00
[  261.013673][ T5234] gspca_vc032x: I2c Bus Busy Wait 00
[  261.018979][ T5234] gspca_vc032x: I2c Bus Busy Wait 00
[  261.024571][ T5234] gspca_vc032x: I2c Bus Busy Wait 00
[  261.029884][ T5234] gspca_vc032x: I2c Bus Busy Wait 00
[  261.038391][ T5234] gspca_vc032x: I2c Bus Busy Wait 00
[  261.044210][ T5234] gspca_vc032x: I2c Bus Busy Wait 00
[  261.063008][ T5234] gspca_vc032x: I2c Bus Busy Wait 00
[  261.068390][ T5234] gspca_vc032x: I2c Bus Busy Wait 00
[  261.074713][ T5234] gspca_vc032x: I2c Bus Busy Wait 00
[  261.080020][ T5234] gspca_vc032x: I2c Bus Busy Wait 00
[  261.085772][ T5234] gspca_vc032x: I2c Bus Busy Wait 00
[  261.091082][ T5234] gspca_vc032x: I2c Bus Busy Wait 00
[  261.096863][ T5234] gspca_vc032x: I2c Bus Busy Wait 00
[  261.102174][ T5234] gspca_vc032x: I2c Bus Busy Wait 00
[  261.107570][ T5234] gspca_vc032x: Unknown sensor...
[  261.114599][ T5234] vc032x 1-1:0.0: probe with driver vc032x failed with error -22
[  261.133062][ T5285] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  261.182217][ T5285] usb 4-1: device descriptor read/8, error -71
[  261.261178][ T8622] chnl_net:caif_netlink_parms(): no params data found
[  261.287060][ T8725] netlink: 36 bytes leftover after parsing attributes in process `syz.2.655'.
[  261.308928][ T5285] usb usb4-port1: unable to enumerate USB device
[  261.423774][ T1169] usb 1-1: USB disconnect, device number 23
[  261.728919][ T8622] bridge0: port 1(bridge_slave_0) entered blocking state
[  261.749115][ T8622] bridge0: port 1(bridge_slave_0) entered disabled state
[  261.757377][ T8622] bridge_slave_0: entered allmulticast mode
[  261.765121][ T8622] bridge_slave_0: entered promiscuous mode
[  261.791166][ T8744] dccp_v4_rcv: dropped packet with invalid checksum
[  261.837071][ T8622] bridge0: port 2(bridge_slave_1) entered blocking state
[  261.871351][ T8622] bridge0: port 2(bridge_slave_1) entered disabled state
[  261.880213][ T8622] bridge_slave_1: entered allmulticast mode
[  261.901620][ T8622] bridge_slave_1: entered promiscuous mode
[  261.912529][ T5243] Bluetooth: hci5: command tx timeout
[  262.063486][ T8622] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  262.114513][ T8622] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  262.262932][ T8622] team0: Port device team_slave_0 added
[  262.292637][ T8622] team0: Port device team_slave_1 added
[  262.382729][ T5288] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  262.509457][ T8622] batman_adv: batadv0: Adding interface: batadv_slave_0
[  262.531994][ T8622] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  262.558753][ T5243] Bluetooth: hci0: command tx timeout
[  262.579180][ T8622] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  262.583025][ T5288] usb 3-1: Using ep0 maxpacket: 8
[  262.612032][ T8622] batman_adv: batadv0: Adding interface: batadv_slave_1
[  262.620077][ T8622] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  262.653908][ T8622] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  262.692762][ T5288] usb 3-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice=a0.b4
[  262.703626][ T5288] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  262.711641][ T5288] usb 3-1: Product: syz
[  262.716557][ T5288] usb 3-1: Manufacturer: syz
[  262.721294][ T5288] usb 3-1: SerialNumber: syz
[  262.734716][ T5288] usb 3-1: config 0 descriptor??
[  262.754608][ T5288] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  263.020773][ T8622] hsr_slave_0: entered promiscuous mode
[  263.051435][ T8622] hsr_slave_1: entered promiscuous mode
[  263.096381][ T8622] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  263.118023][ T8622] Cannot create hsr debugfs directory
[  263.121494][    T8] usb 3-1: USB disconnect, device number 24
[  263.555094][ T8783] netlink: 'syz.4.667': attribute type 9 has an invalid length.
[  263.562946][ T8783] netlink: 8 bytes leftover after parsing attributes in process `syz.4.667'.
[  264.225169][ T8622] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  264.311850][ T8622] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  264.418375][ T8622] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  264.454934][ T8622] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  264.642621][ T5243] Bluetooth: hci0: command tx timeout
[  264.941129][ T8622] 8021q: adding VLAN 0 to HW filter on device bond0
[  265.019938][ T8622] 8021q: adding VLAN 0 to HW filter on device team0
[  265.052528][    T8] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  265.078427][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  265.085561][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  265.110205][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  265.117332][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  265.207354][ T8622] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  265.285547][    T8] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  265.306733][ T8838] kvm: vcpu 0: requested 32 ns lapic timer period limited to 200000 ns
[  265.327770][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  265.356991][ T8622] 8021q: adding VLAN 0 to HW filter on device batadv0
[  265.359115][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  265.377035][    T8] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  265.405366][ T8846] netlink: 'syz.3.679': attribute type 20 has an invalid length.
[  265.413346][    T8] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  265.422466][ T5288] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  265.441172][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  265.463294][    T8] usb 5-1: config 0 descriptor??
[  265.468950][ T8830] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  265.559952][ T8622] veth0_vlan: entered promiscuous mode
[  265.594105][ T8622] veth1_vlan: entered promiscuous mode
[  265.602449][ T5245] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  265.610046][ T5288] usb 1-1: Using ep0 maxpacket: 32
[  265.622946][ T5288] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  265.660021][ T5288] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  265.685618][ T5288] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  265.700915][ T5288] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  265.731055][ T5288] usb 1-1: config 0 descriptor??
[  265.744472][ T8622] veth0_macvtap: entered promiscuous mode
[  265.753193][ T5288] hub 1-1:0.0: USB hub found
[  265.792364][ T5245] usb 3-1: Using ep0 maxpacket: 32
[  265.801118][ T8622] veth1_macvtap: entered promiscuous mode
[  265.815701][ T5245] usb 3-1: New USB device found, idVendor=06cd, idProduct=0110, bcdDevice=71.71
[  265.840728][ T5245] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.865188][ T8622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  265.880909][ T5245] usb 3-1: Product: syz
[  265.889185][ T5245] usb 3-1: Manufacturer: syz
[  265.898564][ T5245] usb 3-1: SerialNumber: syz
[  265.905696][ T8622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  265.908471][    T8] plantronics 0003:047F:FFFF.000C: unknown main item tag 0xd
[  265.934072][ T5245] usb 3-1: config 0 descriptor??
[  265.964711][ T5245] keyspan 3-1:0.0: Keyspan 2 port adapter converter detected
[  265.972365][ T8622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  265.973041][    T8] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving
[  265.996434][ T5288] hub 1-1:0.0: config failed, hub has too many ports! (err -19)
[  266.006195][ T5245] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 87
[  266.023002][ T8622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  266.024632][    T8] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  266.036925][ T5245] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 7
[  266.062401][ T8622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  266.086736][ T8622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  266.116448][ T5245] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 81
[  266.124290][ T8622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  266.135801][ T5245] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 1
[  266.143893][ T5245] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 2
[  266.162345][ T8622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  266.173086][ T5245] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 85
[  266.189812][ T8622] batman_adv: batadv0: Interface activated: batadv_slave_0
[  266.199676][ T8830] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  266.208660][ T5245] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 5
[  266.226371][ T8830] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  266.256580][    C1] vkms_vblank_simulate: vblank timer overrun
[  266.257065][    T8] usb 5-1: USB disconnect, device number 39
[  266.270043][ T5245] usb 3-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[  266.280620][ T5245] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 83
[  266.288766][ T5245] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 3
[  266.299682][ T5245] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 4
[  266.304300][ T8622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  266.317792][ T5245] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 86
[  266.317888][ T5245] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 6
[  266.330692][ T8833] kvm: pic: non byte write
[  266.343913][ T5245] usb 3-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[  266.428249][ T8622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  266.461400][ T8622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  266.509360][ T8622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  266.548777][ T8622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  266.591932][ T8622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  266.616040][ T8622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  266.635874][ T8833] netlink: 4 bytes leftover after parsing attributes in process `syz.2.677'.
[  266.664690][ T8622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  266.671178][ T5245] usb 3-1: USB disconnect, device number 25
[  266.697219][ T5245] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[  266.706551][ T8622] batman_adv: batadv0: Interface activated: batadv_slave_1
[  266.803803][ T5245] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[  266.831131][ T8622] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  266.847144][ T5245] keyspan 3-1:0.0: device disconnected
[  266.872113][ T8622] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  266.898972][ T8622] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  266.918295][ T8622] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  267.218089][ T5288] usbhid 1-1:0.0: can't add hid device: -71
[  267.238383][ T5288] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  267.295673][ T5288] usb 1-1: USB disconnect, device number 24
[  267.475879][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  267.510489][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  267.590280][   T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  267.636514][   T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  267.688362][ T8894] FAULT_INJECTION: forcing a failure.
[  267.688362][ T8894] name failslab, interval 1, probability 0, space 0, times 0
[  267.717367][ T8894] CPU: 0 UID: 0 PID: 8894 Comm: syz.4.686 Not tainted 6.11.0-rc7-syzkaller-00017-gbc83b4d1f086 #0
[  267.727991][ T8894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  267.738059][ T8894] Call Trace:
[  267.741348][ T8894]  <TASK>
[  267.744292][ T8894]  dump_stack_lvl+0x241/0x360
[  267.748993][ T8894]  ? __pfx_dump_stack_lvl+0x10/0x10
[  267.754210][ T8894]  ? __pfx__printk+0x10/0x10
[  267.758822][ T8894]  ? kmem_cache_alloc_noprof+0x44/0x2a0
[  267.764387][ T8894]  ? __pfx___might_resched+0x10/0x10
[  267.769694][ T8894]  should_fail_ex+0x3b0/0x4e0
[  267.774388][ T8894]  ? vm_area_dup+0x27/0x290
[  267.778905][ T8894]  should_failslab+0xac/0x100
[  267.783598][ T8894]  ? vm_area_dup+0x27/0x290
[  267.788114][ T8894]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  267.793503][ T8894]  vm_area_dup+0x27/0x290
[  267.797853][ T8894]  __split_vma+0x1a9/0xc30
[  267.802299][ T8894]  ? __pfx___split_vma+0x10/0x10
[  267.807271][ T8894]  vma_modify+0x268/0x350
[  267.811627][ T8894]  mprotect_fixup+0x3ea/0xa90
[  267.816334][ T8894]  ? __pfx_mprotect_fixup+0x10/0x10
[  267.821560][ T8894]  do_mprotect_pkey+0x908/0xe00
[  267.826441][ T8894]  ? __pfx_do_mprotect_pkey+0x10/0x10
[  267.831837][ T8894]  ? __fget_files+0x3f6/0x470
[  267.836556][ T8894]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  267.842908][ T8894]  ? do_syscall_64+0x100/0x230
[  267.847689][ T8894]  __x64_sys_mprotect+0x80/0x90
[  267.852554][ T8894]  do_syscall_64+0xf3/0x230
[  267.857072][ T8894]  ? clear_bhb_loop+0x35/0x90
[  267.861766][ T8894]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.867678][ T8894] RIP: 0033:0x7f62f057def9
[  267.872104][ T8894] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  267.891723][ T8894] RSP: 002b:00007f62f13a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000000a
[  267.900164][ T8894] RAX: ffffffffffffffda RBX: 00007f62f0736058 RCX: 00007f62f057def9
[  267.908151][ T8894] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020174000
[  267.916134][ T8894] RBP: 00007f62f13a7090 R08: 0000000000000000 R09: 0000000000000000
[  267.924205][ T8894] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  267.932189][ T8894] R13: 0000000000000000 R14: 00007f62f0736058 R15: 00007f62f085fa28
[  267.940186][ T8894]  </TASK>
[  268.163100][ T5288] usb 3-1: new full-speed USB device number 26 using dummy_hcd
[  268.384563][ T5288] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xDF, changing to 0x8F
[  268.384600][ T5288] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  268.384626][ T5288] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  268.387477][ T5288] usb 3-1: New USB device found, idVendor=077d, idProduct=0410, bcdDevice=ec.c1
[  268.387509][ T5288] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  268.387530][ T5288] usb 3-1: Product: syz
[  268.387545][ T5288] usb 3-1: Manufacturer: syz
[  268.387561][ T5288] usb 3-1: SerialNumber: syz
[  268.399307][ T5288] usb 3-1: config 0 descriptor??
[  268.498526][ T8918] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  268.498670][ T8918] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  268.607295][ T5288] powermate: Expected payload of 3--6 bytes, found 0 bytes!
[  268.607412][ T5288] powermate 3-1:0.0: probe with driver powermate failed with error -5
[  268.610767][ T5288] usb 3-1: USB disconnect, device number 26
[  268.691062][ T8925] kvm: user requested TSC rate below hardware speed
[  268.735043][ T8918] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  268.762964][ T8918] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  268.852149][ T8930] netlink: 4 bytes leftover after parsing attributes in process `syz.4.697'.
[  268.853236][ T8930] netlink: 'syz.4.697': attribute type 3 has an invalid length.
[  268.853257][ T8930] netlink: 20 bytes leftover after parsing attributes in process `syz.4.697'.
[  268.946724][ T8918] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  268.948226][ T8918] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  269.079192][ T8918] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  269.107622][ T8918] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  269.138128][ T8918] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  269.145277][ T8918] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  269.244671][ T8918] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  269.277448][ T8918] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  269.703038][ T5234] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  269.732834][ T8954] netlink: 48 bytes leftover after parsing attributes in process `syz.2.705'.
[  269.932560][ T5234] usb 5-1: Using ep0 maxpacket: 16
[  269.946616][ T5234] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  269.966999][ T5234] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  269.978468][ T5234] usb 5-1: New USB device found, idVendor=04b4, idProduct=de61, bcdDevice= 0.00
[  270.025658][ T5234] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  270.048896][ T5234] usb 5-1: config 0 descriptor??
[  270.054121][ T5285] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  270.282495][ T5285] usb 3-1: Using ep0 maxpacket: 32
[  270.335751][ T5285] usb 3-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config
[  270.362003][ T5285] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  270.381387][ T5285] usb 3-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice= 0.00
[  270.397142][ T5285] usb 3-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  270.421547][ T5285] usb 3-1: Product: syz
[  270.426338][ T5285] usb 3-1: SerialNumber: syz
[  270.435956][ T5285] usb 3-1: config 0 descriptor??
[  270.491465][ T5234] cypress 0003:04B4:DE61.000D: unknown main item tag 0x0
[  270.529912][ T5234] cypress 0003:04B4:DE61.000D: hidraw0: USB HID v0.00 Device [HID 04b4:de61] on usb-dummy_hcd.4-1/input0
[  270.677395][ T5284] usb 3-1: USB disconnect, device number 27
[  270.707500][ T5234] usb 5-1: USB disconnect, device number 40
[  270.828351][ T2562] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  270.963199][ T2562] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  271.095643][ T2562] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  271.244360][ T2562] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  271.421231][ T4627] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  271.442507][ T4627] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  271.450491][ T4627] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  271.462093][ T4627] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  271.470745][ T4627] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  271.480887][ T4627] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  271.494600][ T5243] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  271.502148][ T5243] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  271.509712][ T5243] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  271.519082][ T5243] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  271.530619][ T5243] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  271.538428][ T5243] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  271.734494][ T8979] IPVS: Error connecting to the multicast addr
[  271.791599][ T8989] FAULT_INJECTION: forcing a failure.
[  271.791599][ T8989] name failslab, interval 1, probability 0, space 0, times 0
[  271.822533][ T8989] CPU: 0 UID: 0 PID: 8989 Comm: syz.0.717 Not tainted 6.11.0-rc7-syzkaller-00017-gbc83b4d1f086 #0
[  271.833150][ T8989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  271.843195][ T8989] Call Trace:
[  271.846462][ T8989]  <TASK>
[  271.849380][ T8989]  dump_stack_lvl+0x241/0x360
[  271.854047][ T8989]  ? __pfx_dump_stack_lvl+0x10/0x10
[  271.859228][ T8989]  ? __pfx__printk+0x10/0x10
[  271.863815][ T8989]  ? __kmalloc_noprof+0xb0/0x400
[  271.868769][ T8989]  ? __pfx___might_resched+0x10/0x10
[  271.874075][ T8989]  should_fail_ex+0x3b0/0x4e0
[  271.878778][ T8989]  ? mpi_powm+0x119d/0x2420
[  271.883297][ T8989]  should_failslab+0xac/0x100
[  271.887996][ T8989]  ? mpi_powm+0x119d/0x2420
[  271.892515][ T8989]  __kmalloc_noprof+0xd8/0x400
[  271.897289][ T8989]  ? mpi_resize+0x143/0x1d0
[  271.901806][ T8989]  mpi_powm+0x119d/0x2420
[  271.906165][ T8989]  ? __pfx_mpi_powm+0x10/0x10
[  271.910858][ T8989]  ? __kasan_kmalloc+0x98/0xb0
[  271.915638][ T8989]  ? mpi_alloc+0x52/0x140
[  271.919978][ T8989]  ? __kmalloc_cache_noprof+0x19c/0x2c0
[  271.925535][ T8989]  ? __asan_memset+0x23/0x50
[  271.930143][ T8989]  dh_compute_value+0x1f2/0x3e0
[  271.935021][ T8989]  ? __pfx_dh_compute_value+0x10/0x10
[  271.940402][ T8989]  ? __keyctl_dh_compute+0x7f5/0xf50
[  271.945698][ T8989]  ? __keyctl_dh_compute+0x7f5/0xf50
[  271.951010][ T8989]  ? __keyctl_dh_compute+0x7f5/0xf50
[  271.956316][ T8989]  ? __kmalloc_noprof+0x21a/0x400
[  271.961356][ T8989]  __keyctl_dh_compute+0x955/0xf50
[  271.966498][ T8989]  ? __pfx___keyctl_dh_compute+0x10/0x10
[  271.972153][ T8989]  ? __pfx___might_resched+0x10/0x10
[  271.977472][ T8989]  ? __might_fault+0xc6/0x120
[  271.982166][ T8989]  keyctl_dh_compute+0x107/0x160
[  271.987128][ T8989]  ? __pfx_keyctl_dh_compute+0x10/0x10
[  271.992616][ T8989]  ? vfs_write+0x7c4/0xc90
[  271.997048][ T8989]  __se_sys_keyctl+0x3f3/0xa50
[  272.001825][ T8989]  ? __pfx___se_sys_keyctl+0x10/0x10
[  272.007119][ T8989]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  272.013114][ T8989]  ? __fget_files+0x3f6/0x470
[  272.017819][ T8989]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  272.023816][ T8989]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  272.030154][ T8989]  ? do_syscall_64+0x100/0x230
[  272.034927][ T8989]  ? __x64_sys_keyctl+0x20/0xc0
[  272.039788][ T8989]  do_syscall_64+0xf3/0x230
[  272.044300][ T8989]  ? clear_bhb_loop+0x35/0x90
[  272.048988][ T8989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  272.054892][ T8989] RIP: 0033:0x7f760a17def9
[  272.059313][ T8989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  272.078929][ T8989] RSP: 002b:00007f760b00a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  272.087356][ T8989] RAX: ffffffffffffffda RBX: 00007f760a335f80 RCX: 00007f760a17def9
[  272.095337][ T8989] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000017
[  272.103316][ T8989] RBP: 00007f760b00a090 R08: 0000000020000000 R09: 0000000000000000
[  272.111296][ T8989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  272.119268][ T8989] R13: 0000000000000000 R14: 00007f760a335f80 R15: 00007f760a45fa28
[  272.127264][ T8989]  </TASK>
[  272.202529][ T5285] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  272.277536][ T2562] bridge_slave_1: left allmulticast mode
[  272.333548][ T2562] bridge_slave_1: left promiscuous mode
[  272.354524][ T2562] bridge0: port 2(bridge_slave_1) entered disabled state
[  272.400763][ T2562] bridge_slave_0: left allmulticast mode
[  272.406803][ T2562] bridge_slave_0: left promiscuous mode
[  272.418913][ T5285] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 64
[  272.428963][ T5285] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64
[  272.452552][ T2562] bridge0: port 1(bridge_slave_0) entered disabled state
[  272.461995][ T5285] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  272.492536][ T5285] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  272.512842][ T1169] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  272.518420][ T5285] usb 2-1: Product: syz
[  272.545552][ T5285] usb 2-1: Manufacturer: syz
[  272.561074][   T29] audit: type=1326 audit(1725946027.879:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.4.719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62f057def9 code=0x7ffc0000
[  272.562392][ T5285] usb 2-1: SerialNumber: syz
[  272.583232][    C1] vkms_vblank_simulate: vblank timer overrun
[  272.642396][   T29] audit: type=1326 audit(1725946027.919:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.4.719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=450 compat=0 ip=0x7f62f057def9 code=0x7ffc0000
[  272.664580][    C1] vkms_vblank_simulate: vblank timer overrun
[  272.711538][   T29] audit: type=1326 audit(1725946027.919:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.4.719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62f057def9 code=0x7ffc0000
[  272.733770][    C1] vkms_vblank_simulate: vblank timer overrun
[  272.786108][   T29] audit: type=1326 audit(1725946027.949:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.4.719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62f057def9 code=0x7ffc0000
[  272.786227][ T1169] usb 3-1: string descriptor 0 read error: -22
[  272.862527][   T29] audit: type=1326 audit(1725946028.029:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.4.719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f62f057def9 code=0x7ffc0000
[  272.879926][ T1169] usb 3-1: New USB device found, idVendor=30c9, idProduct=0093, bcdDevice=18.c6
[  272.884937][    C1] vkms_vblank_simulate: vblank timer overrun
[  272.926539][   T29] audit: type=1326 audit(1725946028.029:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.4.719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62f057def9 code=0x7ffc0000
[  272.944271][ T1169] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  272.948859][    C1] vkms_vblank_simulate: vblank timer overrun
[  272.959517][ T1169] usb 3-1: config 0 descriptor??
[  273.006244][ T1169] usb 3-1: Found UVC 0.00 device <unnamed> (30c9:0093)
[  273.020574][   T29] audit: type=1326 audit(1725946028.029:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.4.719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62f057def9 code=0x7ffc0000
[  273.076968][ T1169] usb 3-1: No valid video chain found.
[  273.120825][   T29] audit: type=1326 audit(1725946028.029:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.4.719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f62f057def9 code=0x7ffc0000
[  273.158538][   T29] audit: type=1326 audit(1725946028.029:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.4.719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62f057def9 code=0x7ffc0000
[  273.260944][   T29] audit: type=1326 audit(1725946028.029:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.4.719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f62f057def9 code=0x7ffc0000
[  273.592798][ T5243] Bluetooth: hci2: command tx timeout
[  273.824201][ T2562] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  273.858240][ T2562] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  273.879116][ T2562] bond0 (unregistering): Released all slaves
[  273.939325][ T9001] netlink: 7 bytes leftover after parsing attributes in process `syz.4.721'.
[  273.974984][ T5285] cdc_ncm 2-1:1.0: bind() failure
[  273.998169][ T5285] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  274.016754][ T5285] cdc_ncm 2-1:1.1: bind() failure
[  274.062941][ T5285] usb 2-1: USB disconnect, device number 30
[  274.495389][    T8] usb 3-1: USB disconnect, device number 28
[  274.602123][ T2562] hsr_slave_0: left promiscuous mode
[  274.657048][ T2562] hsr_slave_1: left promiscuous mode
[  274.696154][ T2562] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  274.728026][ T2562] batman_adv: batadv0: Removing interface: batadv_slave_0
[  274.769763][ T2562] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  274.787450][ T2562] batman_adv: batadv0: Removing interface: batadv_slave_1
[  274.853645][ T2562] veth1_macvtap: left promiscuous mode
[  274.884850][ T2562] veth0_macvtap: left promiscuous mode
[  274.890507][ T2562] veth1_vlan: left promiscuous mode
[  274.910180][ T2562] veth0_vlan: left promiscuous mode
[  275.569355][ T9049] netlink: 4 bytes leftover after parsing attributes in process `syz.4.726'.
[  275.673278][ T5243] Bluetooth: hci2: command tx timeout
[  276.117005][ T2562] team0 (unregistering): Port device team_slave_1 removed
[  276.214662][ T2562] team0 (unregistering): Port device team_slave_0 removed
[  276.385312][ T9066] netlink: 'syz.0.733': attribute type 9 has an invalid length.
[  276.767636][ T8985] chnl_net:caif_netlink_parms(): no params data found
[  276.986677][ T9080] netlink: 20 bytes leftover after parsing attributes in process `syz.2.735'.
[  277.163983][ T5234] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  277.200385][ T8985] bridge0: port 1(bridge_slave_0) entered blocking state
[  277.221904][ T8985] bridge0: port 1(bridge_slave_0) entered disabled state
[  277.256976][ T8985] bridge_slave_0: entered allmulticast mode
[  277.274865][ T8985] bridge_slave_0: entered promiscuous mode
[  277.286488][ T9087] tipc: Started in network mode
[  277.291699][ T9087] tipc: Node identity 86a9998286d2, cluster identity 4711
[  277.314620][ T9087] tipc: Enabled bearer <eth:xfrm0>, priority 10
[  277.322679][ T9091] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.739'.
[  277.333052][ T8985] bridge0: port 2(bridge_slave_1) entered blocking state
[  277.363677][ T8985] bridge0: port 2(bridge_slave_1) entered disabled state
[  277.380961][ T8985] bridge_slave_1: entered allmulticast mode
[  277.390180][ T8985] bridge_slave_1: entered promiscuous mode
[  277.396332][ T5234] usb 5-1: Using ep0 maxpacket: 8
[  277.411562][ T5234] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  277.439213][ T5234] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  277.479593][ T5234] usb 5-1: Product: syz
[  277.486807][ T5234] usb 5-1: Manufacturer: syz
[  277.492749][ T5234] usb 5-1: SerialNumber: syz
[  277.513680][ T5234] usb 5-1: config 0 descriptor??
[  277.579824][ T8985] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  277.618126][ T8985] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  277.733010][ T5234] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  277.752233][ T8985] team0: Port device team_slave_0 added
[  277.753010][ T5243] Bluetooth: hci2: command tx timeout
[  277.759700][ T5285] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  277.857490][ T8985] team0: Port device team_slave_1 added
[  277.968413][ T8985] batman_adv: batadv0: Adding interface: batadv_slave_0
[  277.985012][ T8985] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  278.038466][ T5234] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  278.055129][ T5245] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  278.078294][ T5234] usb 5-1: USB disconnect, device number 41
[  278.087728][ T8985] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  278.098486][ T5285] usb 1-1: Using ep0 maxpacket: 8
[  278.115881][ T5285] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  278.138889][ T5285] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  278.158734][ T8985] batman_adv: batadv0: Adding interface: batadv_slave_1
[  278.179091][ T8985] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  278.206731][ T5285] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  278.221698][ T5285] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  278.232672][ T5285] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  278.246965][ T8985] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  278.261420][ T5285] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  278.275846][ T5245] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  278.291737][ T5245] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  278.304241][ T5285] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  278.314843][ T5284] tipc: Node number set to 8100226
[  278.320883][ T5245] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  278.334836][ T5245] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  278.350039][ T5245] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  278.359566][ T5245] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  278.398412][ T5245] usb 2-1: config 0 descriptor??
[  278.685034][ T8985] hsr_slave_0: entered promiscuous mode
[  278.697562][ T5285] usb 1-1: usb_control_msg returned -32
[  278.705702][ T8985] hsr_slave_1: entered promiscuous mode
[  278.712564][ T5285] usbtmc 1-1:16.0: can't read capabilities
[  278.724256][ T8985] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  278.773727][ T8985] Cannot create hsr debugfs directory
[  279.492411][ T5284] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  279.500319][ T9143] dccp_invalid_packet: P.Data Offset(159) too large
[  279.657719][ T9143] usbtmc 1-1:16.0: usb_control_msg returned -32
[  279.715836][ T5284] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  279.744905][    T8] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  279.765167][ T5284] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  279.785260][ T5284] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  279.796868][ T5284] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  279.832136][ T5284] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  279.841850][ T5243] Bluetooth: hci2: command tx timeout
[  279.894288][ T5284] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  279.919029][ T5284] usb 5-1: Manufacturer: syz
[  279.942511][    T8] usb 3-1: device descriptor read/64, error -71
[  279.958405][ T5284] usb 5-1: config 0 descriptor??
[  280.243051][    T8] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  280.452479][    T8] usb 3-1: device descriptor read/64, error -71
[  280.505588][ T8985] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  280.526704][ T8985] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  280.550767][ T8985] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  280.593062][    T8] usb usb3-port1: attempt power cycle
[  280.613500][ T8985] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  280.718615][ T5245] usbhid 2-1:0.0: can't add hid device: -71
[  280.746648][ T5245] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  280.777553][ T5245] usb 2-1: USB disconnect, device number 31
[  280.899731][    T9] usb 1-1: USB disconnect, device number 25
[  281.044498][    T8] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  281.057609][ T8985] 8021q: adding VLAN 0 to HW filter on device bond0
[  281.114041][    T8] usb 3-1: device descriptor read/8, error -71
[  281.160618][ T8985] 8021q: adding VLAN 0 to HW filter on device team0
[  281.217684][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  281.224910][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  281.301603][ T2505] bridge0: port 2(bridge_slave_1) entered blocking state
[  281.308785][ T2505] bridge0: port 2(bridge_slave_1) entered forwarding state
[  281.413123][    T8] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  281.483593][    T8] usb 3-1: device descriptor read/8, error -71
[  281.602760][    T9] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  281.621265][ T5284] usbhid 5-1:0.0: can't add hid device: -71
[  281.621330][ T8985] 8021q: adding VLAN 0 to HW filter on device batadv0
[  281.632410][    T8] usb usb3-port1: unable to enumerate USB device
[  281.680764][ T5284] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  281.735071][ T5284] usb 5-1: USB disconnect, device number 42
[  281.875294][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  281.879546][ T8985] veth0_vlan: entered promiscuous mode
[  281.902141][    T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  281.947487][    T9] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  281.961610][ T8985] veth1_vlan: entered promiscuous mode
[  281.967813][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  282.013767][    T9] usb 1-1: config 0 descriptor??
[  282.029870][ T8985] veth0_macvtap: entered promiscuous mode
[  282.051802][ T8985] veth1_macvtap: entered promiscuous mode
[  282.097648][ T9176] netlink: 48 bytes leftover after parsing attributes in process `syz.4.749'.
[  282.121730][ T8985] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  282.155256][ T8985] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  282.194438][ T8985] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  282.216941][ T8985] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  282.238893][ T8985] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  282.260091][ T8985] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  282.280278][ T8985] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  282.292737][ T8985] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  282.326198][ T8985] batman_adv: batadv0: Interface activated: batadv_slave_0
[  282.351389][ T8985] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  282.362831][ T8985] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  282.374651][ T8985] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  282.385715][ T8985] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  282.396831][ T8985] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  282.407978][ T8985] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  282.420585][ T8985] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  282.439722][ T8985] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  282.466313][ T8985] batman_adv: batadv0: Interface activated: batadv_slave_1
[  282.476030][    T9] usbhid 1-1:0.0: can't add hid device: -71
[  282.482052][    T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  282.500292][ T8985] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  282.514558][    T9] usb 1-1: USB disconnect, device number 26
[  282.520808][ T8985] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  282.535691][ T8985] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  282.556960][ T8985] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  282.750572][ T9199] netlink: 'syz.2.753': attribute type 8 has an invalid length.
[  282.811825][ T2505] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  282.831362][ T2505] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  282.914196][ T2562] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  282.933401][ T2562] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  283.026521][ T9202] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1214070758 (155401057024 ns) > initial count (94003445248 ns). Using initial count to start timer.
[  283.242483][ T5234] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  283.271836][ T9218] vivid-000: disconnect
[  283.280418][ T9218] vivid-000: reconnect
[  283.476274][ T5234] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  283.506853][ T5234] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  283.609722][ T5234] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  283.659486][ T5234] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  283.736708][ T5234] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  283.772843][ T5234] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  283.802378][    T8] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  283.811338][ T5234] usb 5-1: config 0 descriptor??
[  283.994916][    T8] usb 4-1: Using ep0 maxpacket: 16
[  284.031202][    T8] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  284.068458][    T8] usb 4-1: config 0 interface 0 has no altsetting 0
[  284.116641][    T8] usb 4-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00
[  284.138426][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  284.168981][    T8] usb 4-1: config 0 descriptor??
[  286.197308][ T5234] usbhid 5-1:0.0: can't add hid device: -71
[  286.267709][ T5234] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  286.351613][ T5234] usb 5-1: USB disconnect, device number 43
[  286.422605][ T9229] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  286.457463][ T9229] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  286.506013][ T9229] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  286.682433][    T8] usbhid 4-1:0.0: can't add hid device: -71
[  286.692631][    T8] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  286.714353][ T5243] Bluetooth: hci2: command 0x0c1a tx timeout
[  286.728809][    T8] usb 4-1: USB disconnect, device number 31
[  287.069479][ T9313] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.772'.
[  287.105172][ T9313] openvswitch: netlink: Tunnel attr 2 has unexpected len 13 expected 4
[  287.195076][ T9317] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.773'.
[  287.263514][ T9317] openvswitch: netlink: Tunnel attr 2 has unexpected len 13 expected 4
[  287.792387][    T8] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  288.014106][    T8] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  288.042295][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  288.072539][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  288.102290][    T8] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  288.135200][ T5287] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  288.142998][    T8] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  288.162414][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  288.205889][    T8] usb 2-1: config 0 descriptor??
[  288.376978][ T5287] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  288.451131][ T5287] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  288.495920][ T5287] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  288.536651][ T5287] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  288.616803][ T5287] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  288.665126][ T5287] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  288.705013][ T5287] usb 1-1: config 0 descriptor??
[  288.802547][ T5243] Bluetooth: hci2: command 0x0c1a tx timeout
[  290.677729][    T8] usbhid 2-1:0.0: can't add hid device: -71
[  290.687641][ T9362] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.784'.
[  290.728960][    T8] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  290.734660][ T9362] openvswitch: netlink: Tunnel attr 2 has unexpected len 13 expected 4
[  290.779696][    T8] usb 2-1: USB disconnect, device number 32
[  290.872691][ T5243] Bluetooth: hci2: command 0x0c1a tx timeout
[  290.914259][ T9366] input: syz0 as /devices/virtual/input/input21
[  290.975512][ T5287] usbhid 1-1:0.0: can't add hid device: -71
[  291.005332][ T5287] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  291.053980][ T5287] usb 1-1: USB disconnect, device number 27
[  291.174374][ T9378] capability: warning: `syz.3.789' uses 32-bit capabilities (legacy support in use)
[  291.662379][ T5287] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  291.761179][   T58] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  291.919373][ T5287] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  291.959554][ T5287] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  291.962477][   T58] usb 4-1: Using ep0 maxpacket: 16
[  292.019075][   T58] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  292.040514][ T5287] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  292.047527][   T58] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  292.067539][   T58] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  292.098842][   T58] usb 4-1: config 0 descriptor??
[  292.121093][ T5287] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  292.202479][ T5287] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  292.211560][ T5287] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  292.255199][ T5287] usb 5-1: config 0 descriptor??
[  292.554571][    T8] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  292.652383][ T5234] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  292.774162][    T8] usb 2-1: Using ep0 maxpacket: 16
[  292.793878][    T8] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  292.833563][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  292.852596][    T8] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  292.861804][ T5234] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  292.897152][    T8] usb 2-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=b4.5b
[  292.909760][ T5234] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  292.941810][    T8] usb 2-1: New USB device strings: Mfr=1, Product=130, SerialNumber=3
[  292.952002][ T5234] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  292.981273][    T8] usb 2-1: Product: syz
[  292.981492][ T5234] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  293.009112][   T58] usbhid 4-1:0.0: can't add hid device: -71
[  293.018532][    T8] usb 2-1: Manufacturer: syz
[  293.022422][   T58] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  293.062399][    T8] usb 2-1: SerialNumber: syz
[  293.065459][   T58] usb 4-1: USB disconnect, device number 32
[  293.073856][ T5234] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  293.077308][    T8] usb 2-1: config 0 descriptor??
[  293.100870][ T5234] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  293.148132][    T8] usb 2-1: NFC: intf ffff888025263000 id ffffffff8f2d20c0
[  293.161214][ T9413] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.798'.
[  293.165309][ T5234] usb 1-1: config 0 descriptor??
[  293.210822][ T9413] openvswitch: netlink: Tunnel attr 2 has unexpected len 13 expected 4
[  293.580825][ T9425] netlink: 'syz.1.796': attribute type 3 has an invalid length.
[  294.472756][    T8] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  294.497129][ T5287] usbhid 5-1:0.0: can't add hid device: -71
[  294.537084][ T5287] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  294.592851][ T5287] usb 5-1: USB disconnect, device number 44
[  294.702371][    T8] usb 4-1: Using ep0 maxpacket: 8
[  294.725304][    T8] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  294.751485][    T8] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  294.796457][    T8] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  294.828380][    T8] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  294.870384][    T8] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  294.886471][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  295.128783][    T8] usb 4-1: GET_CAPABILITIES returned 0
[  295.152379][    T8] usbtmc 4-1:16.0: can't read capabilities
[  295.431990][ T5234] usbhid 1-1:0.0: can't add hid device: -71
[  295.449334][ T5234] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  295.488923][ T5234] usb 1-1: USB disconnect, device number 28
[  295.619805][ T1169] usb 2-1: USB disconnect, device number 33
[  295.643602][    T8] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  295.785067][ T9462] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.811'.
[  295.841375][ T9462] openvswitch: netlink: Tunnel attr 2 has unexpected len 13 expected 4
[  295.862541][    T8] usb 3-1: Using ep0 maxpacket: 16
[  295.881890][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  295.919181][    T8] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  295.944054][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  295.990508][    T8] usb 3-1: config 0 descriptor??
[  296.554731][ T9481] netlink: 72 bytes leftover after parsing attributes in process `syz.1.817'.
[  296.596207][ T9479] dlm: non-version read from control device 2147479552
[  296.842850][ T9483] FAULT_INJECTION: forcing a failure.
[  296.842850][ T9483] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  296.859524][ T5234] usb 2-1: new full-speed USB device number 34 using dummy_hcd
[  296.864701][    T8] usbhid 3-1:0.0: can't add hid device: -71
[  296.889039][ T9483] CPU: 1 UID: 0 PID: 9483 Comm: syz.4.818 Not tainted 6.11.0-rc7-syzkaller-00017-gbc83b4d1f086 #0
[  296.899661][ T9483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  296.909706][ T9483] Call Trace:
[  296.912975][ T9483]  <TASK>
[  296.915890][ T9483]  dump_stack_lvl+0x241/0x360
[  296.920559][ T9483]  ? __pfx_dump_stack_lvl+0x10/0x10
[  296.925741][ T9483]  ? __pfx__printk+0x10/0x10
[  296.930319][ T9483]  ? __pfx_lock_release+0x10/0x10
[  296.935334][ T9483]  should_fail_ex+0x3b0/0x4e0
[  296.940000][ T9483]  _copy_from_user+0x2f/0xe0
[  296.944585][ T9483]  lowpan_control_write+0x141/0x850
[  296.949789][ T9483]  ? __pfx_lowpan_control_write+0x10/0x10
[  296.955508][ T9483]  ? debugfs_file_get+0x4cc/0x630
[  296.960525][ T9483]  ? rcu_read_lock_any_held+0xb7/0x160
[  296.965989][ T9483]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  296.971884][ T9483]  full_proxy_write+0x119/0x1d0
[  296.976731][ T9483]  ? __pfx_full_proxy_write+0x10/0x10
[  296.982097][ T9483]  vfs_write+0x2a2/0xc90
[  296.986333][ T9483]  ? __pfx_vfs_write+0x10/0x10
[  296.991085][ T9483]  ? __fget_files+0x29/0x470
[  296.995666][ T9483]  ? __fget_files+0x3f6/0x470
[  297.000337][ T9483]  ksys_write+0x1a0/0x2c0
[  297.004657][ T9483]  ? __pfx_ksys_write+0x10/0x10
[  297.009491][ T9483]  ? do_syscall_64+0x100/0x230
[  297.014260][ T9483]  ? do_syscall_64+0xb6/0x230
[  297.018922][ T9483]  do_syscall_64+0xf3/0x230
[  297.023410][ T9483]  ? clear_bhb_loop+0x35/0x90
[  297.028080][ T9483]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.033957][ T9483] RIP: 0033:0x7f62f057def9
[  297.038358][ T9483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  297.057949][ T9483] RSP: 002b:00007f62f13c8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  297.066347][ T9483] RAX: ffffffffffffffda RBX: 00007f62f0735f80 RCX: 00007f62f057def9
[  297.074300][ T9483] RDX: 000000000000001e RSI: 0000000020000080 RDI: 0000000000000003
[  297.082266][ T9483] RBP: 00007f62f13c8090 R08: 0000000000000000 R09: 0000000000000000
[  297.090232][ T9483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  297.098184][ T9483] R13: 0000000000000000 R14: 00007f62f0735f80 R15: 00007f62f085fa28
[  297.106149][ T9483]  </TASK>
[  297.109259][    C1] vkms_vblank_simulate: vblank timer overrun
[  297.131090][    T8] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  297.192671][ T5234] usb 2-1: device descriptor read/64, error -71
[  297.193092][    T8] usb 3-1: USB disconnect, device number 33
[  297.264031][    T9] usb 4-1: USB disconnect, device number 33
[  297.393191][ T9494] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app
[  297.464212][ T5234] usb 2-1: new full-speed USB device number 35 using dummy_hcd
[  297.612052][ T9501] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.824'.
[  297.635233][ T5234] usb 2-1: device descriptor read/64, error -71
[  297.642387][ T9501] openvswitch: netlink: Tunnel attr 2 has unexpected len 13 expected 4
[  297.753247][ T5234] usb usb2-port1: attempt power cycle
[  298.113544][ T5288] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  298.155851][    T8] af_packet: tpacket_rcv: packet too big, clamped from 94 to 4294967286. macoff=82
[  298.172408][ T5234] usb 2-1: new full-speed USB device number 36 using dummy_hcd
[  298.204897][ T5234] usb 2-1: device descriptor read/8, error -71
[  298.313253][ T5288] usb 1-1: Using ep0 maxpacket: 16
[  298.330595][ T5288] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  298.368334][ T5288] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  298.389533][ T5288] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  298.429464][ T5288] usb 1-1: config 0 descriptor??
[  298.502586][ T5234] usb 2-1: new full-speed USB device number 37 using dummy_hcd
[  298.563587][ T5234] usb 2-1: device descriptor read/8, error -71
[  298.712876][ T5234] usb usb2-port1: unable to enumerate USB device
[  299.281700][ T5288] usbhid 1-1:0.0: can't add hid device: -71
[  299.330016][ T5288] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  299.361234][ T5288] usb 1-1: USB disconnect, device number 29
[  300.022606][    T8] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  300.201890][   T63] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.213515][    T8] usb 2-1: Using ep0 maxpacket: 32
[  300.230350][    T8] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  300.248330][    T8] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  300.264136][    T8] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  300.284377][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024
[  300.296365][    T8] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  300.309551][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  300.328635][    T8] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  300.344426][   T63] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.359329][    T8] usb 2-1: New USB device found, idVendor=072f, idProduct=2200, bcdDevice=3f.bf
[  300.369670][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.381479][    T8] usb 2-1: Product: syz
[  300.386069][    T8] usb 2-1: Manufacturer: syz
[  300.390811][    T8] usb 2-1: SerialNumber: syz
[  300.403304][    T8] usb 2-1: config 0 descriptor??
[  300.429480][ T9566] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  300.458955][    T8] usb 2-1: NFC: Reader power on cmd error -90
[  300.489448][    T8] pn533_usb 2-1:0.0: NFC: Couldn't poweron the reader (error -90)
[  300.517155][    T8] pn533_usb 2-1:0.0: probe with driver pn533_usb failed with error -90
[  300.540520][   T63] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.680958][   T63] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.997796][ T4627] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  301.010021][ T4627] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  301.020819][ T4627] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  301.033539][ T4627] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  301.041089][   T63] bridge_slave_1: left allmulticast mode
[  301.048290][ T4627] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  301.049621][   T63] bridge_slave_1: left promiscuous mode
[  301.071962][ T4627] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  301.079650][   T63] bridge0: port 2(bridge_slave_1) entered disabled state
[  301.149513][   T63] bridge_slave_0: left allmulticast mode
[  301.158756][   T63] bridge_slave_0: left promiscuous mode
[  301.180175][   T63] bridge0: port 1(bridge_slave_0) entered disabled state
[  301.642671][ T5288] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  301.765526][   T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  301.779114][   T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  301.802203][   T63] bond0 (unregistering): Released all slaves
[  301.843052][ T5288] usb 3-1: Using ep0 maxpacket: 16
[  301.852479][ T5288] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  301.882350][ T5288] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  301.906636][ T5288] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  301.929783][ T5288] usb 3-1: config 0 descriptor??
[  302.667310][    T8] usb 2-1: USB disconnect, device number 38
[  302.693182][ T5288] usbhid 3-1:0.0: can't add hid device: -71
[  302.704406][ T5288] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  302.727167][ T5288] usb 3-1: USB disconnect, device number 34
[  302.789762][   T63] hsr_slave_0: left promiscuous mode
[  302.830087][   T63] hsr_slave_1: left promiscuous mode
[  302.884613][   T63] veth1_macvtap: left promiscuous mode
[  302.900902][   T63] veth0_macvtap: left promiscuous mode
[  302.925574][   T63] veth1_vlan: left promiscuous mode
[  302.941633][   T63] veth0_vlan: left promiscuous mode
[  303.203272][ T5243] Bluetooth: hci3: command tx timeout
[  303.333072][ T5288] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  303.483710][   T58] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  303.528750][ T5288] usb 3-1: config 1 interface 0 altsetting 7 bulk endpoint 0x1 has invalid maxpacket 16
[  303.538986][ T5288] usb 3-1: config 1 interface 0 has no altsetting 0
[  303.550739][ T5288] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  303.560357][ T5288] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  303.568691][ T5288] usb 3-1: Product: syz
[  303.574084][ T5288] usb 3-1: Manufacturer: syz
[  303.578709][ T5288] usb 3-1: SerialNumber: syz
[  303.591409][ T9621] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  303.675396][   T58] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  303.687247][   T58] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  303.698474][   T58] usb 1-1: New USB device found, idVendor=09da, idProduct=022b, bcdDevice= 0.00
[  303.708196][   T58] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  303.734585][   T58] usb 1-1: config 0 descriptor??
[  303.786685][   T63] team0 (unregistering): Port device team_slave_1 removed
[  303.866108][   T63] team0 (unregistering): Port device team_slave_0 removed
[  304.175623][   T58] a4tech 0003:09DA:022B.000E: item fetching failed at offset 3/5
[  304.186518][   T58] a4tech 0003:09DA:022B.000E: parse failed
[  304.194736][   T58] a4tech 0003:09DA:022B.000E: probe with driver a4tech failed with error -22
[  304.378555][    T8] usb 1-1: USB disconnect, device number 30
[  304.646559][ T5288] usb 3-1: USB disconnect, device number 35
[  304.677834][ T9588] chnl_net:caif_netlink_parms(): no params data found
[  304.703805][ T9630] netlink: 'syz.3.856': attribute type 29 has an invalid length.
[  305.049538][ T9588] bridge0: port 1(bridge_slave_0) entered blocking state
[  305.058438][ T9588] bridge0: port 1(bridge_slave_0) entered disabled state
[  305.069132][ T9588] bridge_slave_0: entered allmulticast mode
[  305.084354][ T9588] bridge_slave_0: entered promiscuous mode
[  305.103281][ T9588] bridge0: port 2(bridge_slave_1) entered blocking state
[  305.110445][ T9588] bridge0: port 2(bridge_slave_1) entered disabled state
[  305.122802][    T9] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  305.132530][ T9588] bridge_slave_1: entered allmulticast mode
[  305.149700][ T9588] bridge_slave_1: entered promiscuous mode
[  305.272842][ T5243] Bluetooth: hci3: command tx timeout
[  305.288659][ T9588] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  305.337574][ T9588] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  305.346872][    T9] usb 2-1: Using ep0 maxpacket: 16
[  305.379615][    T9] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  305.436369][    T9] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55
[  305.453637][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  305.484026][    T9] usb 2-1: Product: syz
[  305.503123][    T9] usb 2-1: Manufacturer: syz
[  305.507773][    T9] usb 2-1: SerialNumber: syz
[  305.543610][    T9] usb 2-1: config 0 descriptor??
[  305.604188][ T9588] team0: Port device team_slave_0 added
[  305.627245][ T9588] team0: Port device team_slave_1 added
[  305.662579][    T9] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  305.868949][ T9588] batman_adv: batadv0: Adding interface: batadv_slave_0
[  305.903070][ T9588] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  305.974178][   T58] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  305.982313][ T9588] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  306.060171][ T9588] batman_adv: batadv0: Adding interface: batadv_slave_1
[  306.075934][ T9588] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  306.105233][ T9588] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  306.202361][   T58] usb 3-1: Using ep0 maxpacket: 16
[  306.213926][   T58] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  306.233033][ T5245] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  306.240658][   T58] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  306.260789][   T58] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  306.281433][ T9588] hsr_slave_0: entered promiscuous mode
[  306.305684][   T58] usb 3-1: config 0 descriptor??
[  306.322345][ T9588] hsr_slave_1: entered promiscuous mode
[  306.334389][ T9588] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  306.355261][ T9588] Cannot create hsr debugfs directory
[  306.413428][ T5245] usb 4-1: device descriptor read/64, error -71
[  306.682434][ T5245] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  306.724361][   T63] usb 2-1: Failed to submit usb control message: -110
[  306.784355][   T63] usb 2-1: unable to send the bmi data to the device: -110
[  306.840938][   T63] usb 2-1: unable to get target info from device
[  306.857926][   T63] usb 2-1: could not get target info (-110)
[  306.874348][   T63] usb 2-1: could not probe fw (-110)
[  306.893221][ T5245] usb 4-1: device descriptor read/64, error -71
[  307.024891][ T5245] usb usb4-port1: attempt power cycle
[  307.352661][ T5243] Bluetooth: hci3: command tx timeout
[  307.381920][   T58] usbhid 3-1:0.0: can't add hid device: -71
[  307.399598][   T58] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  307.425755][   T58] usb 3-1: USB disconnect, device number 36
[  307.462439][ T5245] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  307.554262][ T5245] usb 4-1: device descriptor read/8, error -71
[  307.866109][ T5245] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  307.933207][ T5245] usb 4-1: device descriptor read/8, error -71
[  307.980812][ T5285] usb 2-1: USB disconnect, device number 39
[  308.031889][ T9701] netlink: 24 bytes leftover after parsing attributes in process `syz.2.866'.
[  308.034800][ T9588] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  308.078764][ T5245] usb usb4-port1: unable to enumerate USB device
[  308.116603][ T9588] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  308.138541][ T9588] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  308.176565][ T9588] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  308.420256][ T9708] veth1_macvtap: left promiscuous mode
[  308.483804][ T9710] veth1_macvtap: entered promiscuous mode
[  308.491920][ T9710] macsec0: entered allmulticast mode
[  308.498923][ T9710] veth1_macvtap: entered allmulticast mode
[  308.655900][ T9588] 8021q: adding VLAN 0 to HW filter on device bond0
[  308.735587][ T9588] 8021q: adding VLAN 0 to HW filter on device team0
[  308.780947][ T2505] bridge0: port 1(bridge_slave_0) entered blocking state
[  308.788103][ T2505] bridge0: port 1(bridge_slave_0) entered forwarding state
[  308.848349][ T2505] bridge0: port 2(bridge_slave_1) entered blocking state
[  308.855491][ T2505] bridge0: port 2(bridge_slave_1) entered forwarding state
[  309.229680][ T9588] 8021q: adding VLAN 0 to HW filter on device batadv0
[  309.389778][ T9588] veth0_vlan: entered promiscuous mode
[  309.432760][ T5243] Bluetooth: hci3: command tx timeout
[  309.443656][ T9588] veth1_vlan: entered promiscuous mode
[  309.591104][ T9737] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.873'.
[  309.617857][ T9588] veth0_macvtap: entered promiscuous mode
[  309.637152][ T9588] veth1_macvtap: entered promiscuous mode
[  309.641881][ T9737] openvswitch: netlink: Tunnel attr 2 has unexpected len 13 expected 4
[  309.713953][ T9588] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  309.739952][ T9588] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  309.758164][ T9588] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  309.827784][ T9588] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  309.885426][ T9588] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  309.940909][ T9588] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  309.989293][ T9588] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  310.012474][ T9588] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  310.047300][ T9588] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  310.061889][ T9588] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  310.090163][ T9588] batman_adv: batadv0: Interface activated: batadv_slave_0
[  310.127644][ T9742] FAULT_INJECTION: forcing a failure.
[  310.127644][ T9742] name failslab, interval 1, probability 0, space 0, times 0
[  310.148290][ T9742] CPU: 0 UID: 0 PID: 9742 Comm: syz.1.874 Not tainted 6.11.0-rc7-syzkaller-00017-gbc83b4d1f086 #0
[  310.158998][ T9742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  310.169041][ T9742] Call Trace:
[  310.172311][ T9742]  <TASK>
[  310.175227][ T9742]  dump_stack_lvl+0x241/0x360
[  310.179891][ T9742]  ? __pfx_dump_stack_lvl+0x10/0x10
[  310.185075][ T9742]  ? __pfx__printk+0x10/0x10
[  310.189653][ T9742]  ? ref_tracker_alloc+0x332/0x490
[  310.194753][ T9742]  should_fail_ex+0x3b0/0x4e0
[  310.199412][ T9742]  ? skb_clone+0x20c/0x390
[  310.203813][ T9742]  should_failslab+0xac/0x100
[  310.208478][ T9742]  ? skb_clone+0x20c/0x390
[  310.212882][ T9742]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  310.218242][ T9742]  skb_clone+0x20c/0x390
[  310.222471][ T9742]  __netlink_deliver_tap+0x3cc/0x7c0
[  310.227744][ T9742]  ? netlink_deliver_tap+0x2e/0x1b0
[  310.232927][ T9742]  netlink_deliver_tap+0x19d/0x1b0
[  310.238017][ T9742]  netlink_sendskb+0x68/0x140
[  310.242680][ T9742]  netlink_unicast+0x39d/0x990
[  310.247427][ T9742]  ? __asan_memcpy+0x40/0x70
[  310.252002][ T9742]  ? __pfx_netlink_unicast+0x10/0x10
[  310.257279][ T9742]  netlink_rcv_skb+0x262/0x430
[  310.262024][ T9742]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  310.267468][ T9742]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  310.272746][ T9742]  ? netlink_deliver_tap+0x2e/0x1b0
[  310.277949][ T9742]  netlink_unicast+0x7f6/0x990
[  310.282703][ T9742]  ? __pfx_netlink_unicast+0x10/0x10
[  310.287973][ T9742]  ? __virt_addr_valid+0x183/0x530
[  310.293070][ T9742]  ? __check_object_size+0x49c/0x900
[  310.298338][ T9742]  ? bpf_lsm_netlink_send+0x9/0x10
[  310.303437][ T9742]  netlink_sendmsg+0x8e4/0xcb0
[  310.308191][ T9742]  ? __pfx_netlink_sendmsg+0x10/0x10
[  310.313464][ T9742]  ? __import_iovec+0x536/0x820
[  310.318300][ T9742]  ? aa_sock_msg_perm+0x91/0x160
[  310.323224][ T9742]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  310.328491][ T9742]  ? security_socket_sendmsg+0x87/0xb0
[  310.333937][ T9742]  ? __pfx_netlink_sendmsg+0x10/0x10
[  310.339226][ T9742]  __sock_sendmsg+0x221/0x270
[  310.343895][ T9742]  ____sys_sendmsg+0x525/0x7d0
[  310.348649][ T9742]  ? __pfx_____sys_sendmsg+0x10/0x10
[  310.353930][ T9742]  __sys_sendmsg+0x2b0/0x3a0
[  310.358508][ T9742]  ? __pfx___sys_sendmsg+0x10/0x10
[  310.363601][ T9742]  ? vfs_write+0x7c4/0xc90
[  310.368021][ T9742]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  310.374334][ T9742]  ? do_syscall_64+0x100/0x230
[  310.379081][ T9742]  ? do_syscall_64+0xb6/0x230
[  310.383740][ T9742]  do_syscall_64+0xf3/0x230
[  310.388236][ T9742]  ? clear_bhb_loop+0x35/0x90
[  310.392922][ T9742]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.398799][ T9742] RIP: 0033:0x7f3901f7def9
[  310.403198][ T9742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  310.422787][ T9742] RSP: 002b:00007f3902cf7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  310.431186][ T9742] RAX: ffffffffffffffda RBX: 00007f3902135f80 RCX: 00007f3901f7def9
[  310.439139][ T9742] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[  310.447110][ T9742] RBP: 00007f3902cf7090 R08: 0000000000000000 R09: 0000000000000000
[  310.455062][ T9742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  310.463019][ T9742] R13: 0000000000000000 R14: 00007f3902135f80 R15: 00007f390225fa28
[  310.470979][ T9742]  </TASK>
[  310.653967][ T9588] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  310.699872][ T9588] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  310.719443][ T9588] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  310.733368][ T9588] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  310.743725][ T9588] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  310.762618][ T9588] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  310.782324][ T9588] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  310.792983][ T1169] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  310.809285][ T9588] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  310.819855][ T9588] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  310.830811][ T9588] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  310.845796][ T9588] batman_adv: batadv0: Interface activated: batadv_slave_1
[  311.000815][ T1169] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  311.011668][ T1169] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  311.025540][ T1169] usb 3-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=e5.38
[  311.034864][ T1169] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  311.043877][ T1169] usb 3-1: Product: syz
[  311.050119][ T1169] usb 3-1: Manufacturer: syz
[  311.068405][ T1169] usb 3-1: SerialNumber: syz
[  311.092361][ T1169] usb 3-1: config 0 descriptor??
[  311.143429][ T9588] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  311.187985][ T9588] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  311.219045][ T9588] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  311.239530][ T9588] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  311.310606][ T1169] usb 3-1: USB disconnect, device number 37
[  311.342340][   T58] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  311.572404][   T58] usb 1-1: Using ep0 maxpacket: 16
[  311.587127][   T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  311.622431][   T58] usb 1-1: config 1 interface 0 altsetting 2 bulk endpoint 0x1 has invalid maxpacket 32
[  311.677535][   T58] usb 1-1: config 1 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 16
[  311.768914][   T58] usb 1-1: config 1 interface 0 has no altsetting 0
[  311.838642][   T58] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  311.859481][   T58] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  311.893641][   T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  311.941522][   T58] usb 1-1: Product: Ђ
[  311.952898][   T58] usb 1-1: Manufacturer: щ
[  311.961913][   T58] usb 1-1: SerialNumber: à š
[  311.988928][ T9784] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.883'.
[  311.990246][ T4627] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  312.009806][ T4627] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  312.051066][ T9765] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  312.073693][ T4627] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  312.084494][ T9765] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  312.100901][ T4627] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  312.102492][ T9784] openvswitch: netlink: Tunnel attr 2 has unexpected len 13 expected 4
[  312.121329][ T4627] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  312.130600][ T4627] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  312.367177][   T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  312.405401][   T58] usblp 1-1:1.0: usblp0: USB Bidirectional printer dev 31 if 0 alt 2 proto 3 vid 0x0525 pid 0xA4A8
[  312.469103][   T58] usb 1-1: USB disconnect, device number 31
[  312.513822][   T58] usblp0: removed
[  312.521437][   T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  312.591633][   T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  312.620665][   T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  312.754131][   T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  312.771193][   T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  312.907018][   T11] bridge_slave_1: left allmulticast mode
[  312.965418][   T11] bridge_slave_1: left promiscuous mode
[  312.986449][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  313.017593][   T11] bridge_slave_0: left allmulticast mode
[  313.036775][   T11] bridge_slave_0: left promiscuous mode
[  313.058992][ T9807] x_tables: duplicate entry at hook 2
[  313.067306][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  313.327939][ T5284] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  313.542673][ T5284] usb 3-1: Using ep0 maxpacket: 32
[  313.570025][ T5284] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  313.586866][ T5284] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  313.633028][ T5284] usb 3-1: Product: syz
[  313.651008][ T5284] usb 3-1: Manufacturer: syz
[  313.670415][ T5284] usb 3-1: SerialNumber: syz
[  313.711723][ T5284] usb 3-1: config 0 descriptor??
[  313.746033][ T5284] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  314.054417][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  314.078497][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  314.092045][   T11] bond0 (unregistering): Released all slaves
[  314.153439][ T4627] Bluetooth: hci2: command tx timeout
[  314.232415][ T5245] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  314.442336][ T5245] usb 2-1: Using ep0 maxpacket: 32
[  314.453793][ T5245] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  314.473282][ T5245] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  314.509073][ T5245] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  314.532359][ T5245] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  314.562103][ T5245] usb 2-1: config 0 descriptor??
[  314.606571][ T5245] hub 2-1:0.0: USB hub found
[  314.805907][ T9840] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.892'.
[  314.816069][ T5245] hub 2-1:0.0: 1 port detected
[  314.852392][ T9840] openvswitch: netlink: Tunnel attr 2 has unexpected len 13 expected 4
[  314.881661][ T9789] chnl_net:caif_netlink_parms(): no params data found
[  315.008493][   T11] hsr_slave_0: left promiscuous mode
[  315.038691][   T11] hsr_slave_1: left promiscuous mode
[  315.060416][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  315.085213][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  315.132777][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  315.152069][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  315.172454][   T58] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  315.269456][   T11] veth1_macvtap: left promiscuous mode
[  315.290541][   T11] veth0_macvtap: left promiscuous mode
[  315.315489][   T11] veth1_vlan: left promiscuous mode
[  315.333562][   T11] veth0_vlan: left promiscuous mode
[  315.400036][   T58] usb 5-1: string descriptor 0 read error: -22
[  315.444832][   T58] usb 5-1: New USB device found, idVendor=30c9, idProduct=0093, bcdDevice=18.c6
[  315.480515][   T58] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  315.521535][   T58] usb 5-1: config 0 descriptor??
[  315.536166][   T58] usb 5-1: Found UVC 0.00 device <unnamed> (30c9:0093)
[  315.555529][   T58] usb 5-1: No valid video chain found.
[  316.132943][ T5284] gspca_stk1135: reg_w 0x2ff err -71
[  316.139642][ T5284] gspca_stk1135: serial bus timeout: status=0x00
[  316.149183][ T5284] gspca_stk1135: Sensor write failed
[  316.175925][ T5284] gspca_stk1135: serial bus timeout: status=0x00
[  316.185499][ T5284] gspca_stk1135: Sensor write failed
[  316.202885][ T5284] gspca_stk1135: serial bus timeout: status=0x00
[  316.209312][ T5284] gspca_stk1135: Sensor read failed
[  316.229896][ T5284] gspca_stk1135: serial bus timeout: status=0x00
[  316.237581][ T4627] Bluetooth: hci2: command tx timeout
[  316.245022][ T5284] gspca_stk1135: Sensor read failed
[  316.250932][ T5284] gspca_stk1135: Detected sensor type unknown (0x0)
[  316.281706][ T5284] gspca_stk1135: serial bus timeout: status=0x00
[  316.292053][ T5284] gspca_stk1135: Sensor read failed
[  316.320057][ T5284] gspca_stk1135: serial bus timeout: status=0x00
[  316.332519][ T5284] gspca_stk1135: Sensor read failed
[  316.338497][ T5284] gspca_stk1135: serial bus timeout: status=0x00
[  316.347310][ T5284] gspca_stk1135: Sensor write failed
[  316.353071][ T5284] gspca_stk1135: serial bus timeout: status=0x00
[  316.359794][ T5284] gspca_stk1135: Sensor write failed
[  316.367268][ T5284] stk1135 3-1:0.0: probe with driver stk1135 failed with error -71
[  316.402755][ T5288] hub 2-1:0.0: hub_ext_port_status failed (err = -32)
[  316.405736][ T5284] usb 3-1: USB disconnect, device number 38
[  316.827975][   T11] team0 (unregistering): Port device team_slave_1 removed
[  317.074948][   T11] team0 (unregistering): Port device team_slave_0 removed
[  317.084986][   T58] usb 2-1: USB disconnect, device number 40
[  317.362937][ T1269] ieee802154 phy0 wpan0: encryption failed: -22
[  317.369279][ T1269] ieee802154 phy1 wpan1: encryption failed: -22
[  318.283484][ T9871] FAULT_INJECTION: forcing a failure.
[  318.283484][ T9871] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  318.312443][ T4627] Bluetooth: hci2: command tx timeout
[  318.323904][ T9871] CPU: 0 UID: 0 PID: 9871 Comm: syz.2.900 Not tainted 6.11.0-rc7-syzkaller-00017-gbc83b4d1f086 #0
[  318.334613][ T9871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  318.344672][ T9871] Call Trace:
[  318.347973][ T9871]  <TASK>
[  318.350901][ T9871]  dump_stack_lvl+0x241/0x360
[  318.355589][ T9871]  ? __pfx_dump_stack_lvl+0x10/0x10
[  318.360782][ T9871]  ? __pfx__printk+0x10/0x10
[  318.365396][ T9871]  ? __pfx_lock_release+0x10/0x10
[  318.370446][ T9871]  should_fail_ex+0x3b0/0x4e0
[  318.375136][ T9871]  _copy_from_user+0x2f/0xe0
[  318.379738][ T9871]  copy_msghdr_from_user+0xae/0x680
[  318.384947][ T9871]  ? _parse_integer_limit+0x1b5/0x200
[  318.390364][ T9871]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  318.396194][ T9871]  __sys_sendmmsg+0x374/0x740
[  318.400962][ T9871]  ? __pfx___sys_sendmmsg+0x10/0x10
[  318.406214][ T9871]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  318.412110][ T9871]  ? ksys_write+0x23e/0x2c0
[  318.416612][ T9871]  ? __pfx_lock_release+0x10/0x10
[  318.421653][ T9871]  ? vfs_write+0x7c4/0xc90
[  318.426155][ T9871]  ? __mutex_unlock_slowpath+0x21d/0x750
[  318.431787][ T9871]  ? __pfx_vfs_write+0x10/0x10
[  318.436564][ T9871]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  318.442546][ T9871]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  318.448887][ T9871]  ? do_syscall_64+0x100/0x230
[  318.453651][ T9871]  __x64_sys_sendmmsg+0xa0/0xb0
[  318.458502][ T9871]  do_syscall_64+0xf3/0x230
[  318.463004][ T9871]  ? clear_bhb_loop+0x35/0x90
[  318.467683][ T9871]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.473577][ T9871] RIP: 0033:0x7efe4537def9
[  318.477993][ T9871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  318.497603][ T9871] RSP: 002b:00007efe461a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  318.506024][ T9871] RAX: ffffffffffffffda RBX: 00007efe45535f80 RCX: 00007efe4537def9
[  318.513994][ T9871] RDX: 0000000000000001 RSI: 0000000020001d40 RDI: 0000000000000003
[  318.521958][ T9871] RBP: 00007efe461a5090 R08: 0000000000000000 R09: 0000000000000000
[  318.529921][ T9871] R10: 00000000000080c0 R11: 0000000000000246 R12: 0000000000000001
[  318.537891][ T9871] R13: 0000000000000000 R14: 00007efe45535f80 R15: 00007efe4565fa28
[  318.545868][ T9871]  </TASK>
[  319.067891][ T9854] netlink: 'syz.0.895': attribute type 10 has an invalid length.
[  319.077414][ T9854] bond0: (slave bond_slave_0): Releasing backup interface
[  319.158724][ T5288] usb 5-1: USB disconnect, device number 45
[  319.467539][ T9789] bridge0: port 1(bridge_slave_0) entered blocking state
[  319.494934][ T9789] bridge0: port 1(bridge_slave_0) entered disabled state
[  319.521434][ T9789] bridge_slave_0: entered allmulticast mode
[  319.539054][ T9789] bridge_slave_0: entered promiscuous mode
[  319.550444][ T9789] bridge0: port 2(bridge_slave_1) entered blocking state
[  319.558452][ T9789] bridge0: port 2(bridge_slave_1) entered disabled state
[  319.566414][ T9789] bridge_slave_1: entered allmulticast mode
[  319.594612][ T9879] netlink: 'syz.2.903': attribute type 16 has an invalid length.
[  319.611530][ T9789] bridge_slave_1: entered promiscuous mode
[  319.631602][ T9879] netlink: 'syz.2.903': attribute type 3 has an invalid length.
[  319.662128][ T9879] netlink: 64066 bytes leftover after parsing attributes in process `syz.2.903'.
[  319.768860][ T9789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  319.822587][ T9789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  319.987439][ T9903] fuse: Unknown parameter 'êýêÃ'
[  319.997244][ T9789] team0: Port device team_slave_0 added
[  320.057907][ T9789] team0: Port device team_slave_1 added
[  320.392563][ T4627] Bluetooth: hci2: command tx timeout
[  320.435894][ T9918] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.908'.
[  320.488752][ T9789] batman_adv: batadv0: Adding interface: batadv_slave_0
[  320.496919][ T9918] openvswitch: netlink: Tunnel attr 2 has unexpected len 13 expected 4
[  320.503623][ T9789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  320.738811][ T9789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  320.823608][ T9789] batman_adv: batadv0: Adding interface: batadv_slave_1
[  320.869165][ T9789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  320.960168][ T9789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  321.222211][ T9789] hsr_slave_0: entered promiscuous mode
[  321.279106][ T9789] hsr_slave_1: entered promiscuous mode
[  321.309194][ T9789] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  321.338843][ T9789] Cannot create hsr debugfs directory
[  321.712383][ T5288] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  321.974506][ T5288] usb 1-1: string descriptor 0 read error: -22
[  322.017804][ T5288] usb 1-1: New USB device found, idVendor=30c9, idProduct=0093, bcdDevice=18.c6
[  322.057409][ T5288] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  322.095982][ T5288] usb 1-1: config 0 descriptor??
[  322.129916][ T5288] usb 1-1: Found UVC 0.00 device <unnamed> (30c9:0093)
[  322.160680][ T5288] usb 1-1: No valid video chain found.
[  323.249568][ T9789] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  323.320904][ T9789] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  323.371181][ T9789] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  323.423513][ T9789] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  323.768061][ T9789] 8021q: adding VLAN 0 to HW filter on device bond0
[  323.907659][ T9789] 8021q: adding VLAN 0 to HW filter on device team0
[  323.970232][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  323.977513][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  324.027061][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  324.034426][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  324.377197][ T9789] 8021q: adding VLAN 0 to HW filter on device batadv0
[  324.441828][   T58] usb 1-1: USB disconnect, device number 32
[  324.715809][ T9789] veth0_vlan: entered promiscuous mode
[  324.822071][ T9789] veth1_vlan: entered promiscuous mode
[  324.926221][ T9789] veth0_macvtap: entered promiscuous mode
[  324.943873][ T9789] veth1_macvtap: entered promiscuous mode
[  325.004471][ T9789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  325.032144][ T9789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  325.045112][ T9789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  325.062924][ T9789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  325.092317][ T9789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  325.122294][ T9789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  325.147571][ T9789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  325.190248][ T9789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  325.215135][ T9789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  325.242370][ T9789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  325.277019][ T9789] batman_adv: batadv0: Interface activated: batadv_slave_0
[  325.361912][ T9789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  325.418929][ T9789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  325.450659][ T9789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  325.486067][ T9789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  325.516892][ T9789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  325.545678][ T9789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  325.573429][ T9789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  325.608302][ T9789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  325.639418][ T9789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  325.670495][ T9789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  325.685830][ T9789] batman_adv: batadv0: Interface activated: batadv_slave_1
[  325.701016][T10019] warning: `syz.1.922' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  325.772590][ T9789] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  325.807999][ T9789] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  325.839769][T10031] netlink: 24 bytes leftover after parsing attributes in process `syz.2.924'.
[  325.852322][ T9789] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  325.861432][ T9789] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  326.128147][T10039] fuse: Bad value for 'fd'
[  326.187327][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  326.203518][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  326.246077][ T2584] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  326.278637][ T2584] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  326.482095][T10049] x_tables: duplicate underflow at hook 1
[  326.774081][ T5245] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  327.016092][ T5245] usb 4-1: Using ep0 maxpacket: 16
[  327.041095][ T5245] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  327.059849][ T5245] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  327.070009][ T5245] usb 4-1: Product: syz
[  327.091712][ T5245] usb 4-1: Manufacturer: syz
[  327.109643][ T5245] usb 4-1: SerialNumber: syz
[  327.141921][ T5245] r8152-cfgselector 4-1: Unknown version 0x0000
[  327.166140][ T5245] r8152-cfgselector 4-1: config 0 descriptor??
[  327.272456][ T5234] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  327.429909][T10051] netlink: 8 bytes leftover after parsing attributes in process `syz.3.882'.
[  327.497217][ T5234] usb 2-1: string descriptor 0 read error: -22
[  327.513209][ T5234] usb 2-1: New USB device found, idVendor=30c9, idProduct=0093, bcdDevice=18.c6
[  327.532545][ T5234] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  327.558700][ T5234] usb 2-1: config 0 descriptor??
[  327.579004][ T5234] usb 2-1: Found UVC 0.00 device <unnamed> (30c9:0093)
[  327.595035][ T5245] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  327.610331][ T5234] usb 2-1: No valid video chain found.
[  327.807865][ T5245] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e
[  327.867882][ T5245] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  327.921325][ T5245] usb 3-1: config 0 descriptor??
[  328.152119][T10094] fuse: Unknown parameter ''
[  328.486057][ T5245] ath6kl: Failed to read usb control message: -71
[  328.501734][ T5245] ath6kl: Unable to read the bmi data from the device: -71
[  328.510350][ T5245] ath6kl: Unable to recv target info: -71
[  328.526349][ T5245] ath6kl: Failed to init ath6kl core: -71
[  328.542003][ T5245] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -71
[  328.588621][ T5245] usb 3-1: USB disconnect, device number 39
[  328.685428][T10102] netlink: 'syz.4.935': attribute type 1 has an invalid length.
[  329.082452][ T5283] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  329.262388][ T5283] usb 5-1: device descriptor read/64, error -71
[  329.491613][ T5288] r8152-cfgselector 4-1: USB disconnect, device number 38
[  329.552488][ T5283] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  329.722407][ T5283] usb 5-1: device descriptor read/64, error -71
[  329.842724][ T5283] usb usb5-port1: attempt power cycle
[  329.882626][T10116] netlink: 'syz.2.940': attribute type 1 has an invalid length.
[  329.912557][T10116] netlink: 193500 bytes leftover after parsing attributes in process `syz.2.940'.
[  329.964553][ T5284] usb 2-1: USB disconnect, device number 41
[  330.283061][ T5283] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  330.307041][T10123] binder: 10122:10123 ioctl c018620c 20000180 returned -1
[  330.343026][ T5283] usb 5-1: device descriptor read/8, error -71
[  330.642576][ T5283] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  330.727190][ T5283] usb 5-1: device descriptor read/8, error -71
[  330.881785][ T5283] usb usb5-port1: unable to enumerate USB device
[  331.218869][T10143] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  331.222442][ T5288] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  331.272123][T10143] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  331.367424][T10148] netlink: 20 bytes leftover after parsing attributes in process `syz.3.947'.
[  331.376742][T10148] netlink: 24 bytes leftover after parsing attributes in process `syz.3.947'.
[  331.437363][ T5288] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  331.457626][ T5288] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  331.519675][ T5288] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  331.549729][ T5288] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  331.569931][ T5288] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  331.580931][ T5288] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  331.598124][ T5288] usb 1-1: config 0 descriptor??
[  332.446121][T10179] netlink: 48 bytes leftover after parsing attributes in process `syz.1.954'.
[  333.360247][T10188] vivid-003: =================  START STATUS  =================
[  333.368698][T10188] vivid-003: Radio HW Seek Mode: Bounded
[  333.376525][T10188] vivid-003: Radio Programmable HW Seek: false
[  333.384848][T10188] vivid-003: RDS Rx I/O Mode: Block I/O
[  333.391221][T10188] vivid-003: Generate RBDS Instead of RDS: false
[  333.397814][T10188] vivid-003: RDS Reception: true
[  333.406218][T10188] vivid-003: RDS Program Type: 0 inactive
[  333.421738][T10188] vivid-003: RDS PS Name:  inactive
[  333.434834][T10188] vivid-003: RDS Radio Text:  inactive
[  333.449537][T10188] vivid-003: RDS Traffic Announcement: false inactive
[  333.460215][T10188] vivid-003: RDS Traffic Program: false inactive
[  333.471907][T10188] vivid-003: RDS Music: false inactive
[  333.478828][T10188] vivid-003: ==================  END STATUS  ==================
[  333.532483][ T5245] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  333.585419][ T5283] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  333.737540][ T5245] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  333.806247][ T5245] usb 4-1: config 0 has no interfaces?
[  333.824299][ T5245] usb 4-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[  333.860139][ T5245] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  333.899548][ T5245] usb 4-1: config 0 descriptor??
[  333.899748][ T5283] usb 3-1: string descriptor 0 read error: -22
[  333.977999][ T5283] usb 3-1: New USB device found, idVendor=30c9, idProduct=0093, bcdDevice=18.c6
[  334.026588][ T5283] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  334.026962][ T5288] usbhid 1-1:0.0: can't add hid device: -71
[  334.063901][ T5288] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  334.091873][ T5283] usb 3-1: config 0 descriptor??
[  334.117370][ T5288] usb 1-1: USB disconnect, device number 33
[  334.178137][ T5283] usb 3-1: Found UVC 0.00 device <unnamed> (30c9:0093)
[  334.209704][ T5283] usb 3-1: No valid video chain found.
[  334.376299][T10208] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  334.384409][T10199] syzkaller0: entered promiscuous mode
[  334.397164][T10208] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  334.397279][T10199] syzkaller0: entered allmulticast mode
[  335.024826][T10219] netlink: 28 bytes leftover after parsing attributes in process `syz.1.963'.
[  336.253756][ T5283] usb 3-1: USB disconnect, device number 40
[  337.193508][   T30] INFO: task syz.0.350:7255 blocked for more than 143 seconds.
[  337.201194][   T30]       Not tainted 6.11.0-rc7-syzkaller-00017-gbc83b4d1f086 #0
[  337.225507][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  337.242196][   T30] task:syz.0.350       state:D stack:26584 pid:7255  tgid:7255  ppid:6980   flags:0x00000004
[  337.272726][   T30] Call Trace:
[  337.276232][   T30]  <TASK>
[  337.279182][   T30]  __schedule+0x1800/0x4a60
[  337.306627][   T30]  ? __pfx___schedule+0x10/0x10
[  337.311562][   T30]  ? __pfx_lock_release+0x10/0x10
[  337.330034][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  337.337238][   T30]  ? schedule+0x90/0x320
[  337.341527][   T30]  schedule+0x14b/0x320
[  337.352545][   T30]  schedule_preempt_disabled+0x13/0x30
[  337.358180][   T30]  __mutex_lock+0x6a4/0xd70
[  337.392350][   T30]  ? __mutex_lock+0x527/0xd70
[  337.397090][   T30]  ? hugetlb_fault+0x56f/0x3770
[  337.401961][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  337.424507][   T30]  ? __lock_acquire+0x137a/0x2040
[  337.429599][   T30]  hugetlb_fault+0x56f/0x3770
[  337.443243][   T30]  ? __pfx_hugetlb_fault+0x10/0x10
[  337.448414][   T30]  ? reacquire_held_locks+0x3eb/0x690
[  337.462605][   T30]  ? lock_vma_under_rcu+0x2f9/0x6e0
[  337.467867][   T30]  ? __pfx_reacquire_held_locks+0x10/0x10
[  337.474352][   T30]  handle_mm_fault+0x1901/0x1bc0
[  337.479330][   T30]  ? mtree_range_walk+0x6fd/0x8e0
[  337.484908][   T30]  ? __pfx_lock_release+0x10/0x10
[  337.489960][   T30]  ? lock_vma_under_rcu+0x2f9/0x6e0
[  337.497754][   T30]  ? __pfx_handle_mm_fault+0x10/0x10
[  337.503409][   T30]  ? lock_vma_under_rcu+0x592/0x6e0
[  337.508637][   T30]  ? lock_vma_under_rcu+0x18a/0x6e0
[  337.514710][   T30]  ? __pfx_lock_vma_under_rcu+0x10/0x10
[  337.520306][   T30]  ? exc_page_fault+0x113/0x8c0
[  337.529079][   T30]  exc_page_fault+0x459/0x8c0
[  337.534674][   T30]  asm_exc_page_fault+0x26/0x30
[  337.539561][   T30] RIP: 0033:0x7f328d54597c
[  337.544467][   T30] RSP: 002b:00007f328d85fb88 EFLAGS: 00010246
[  337.550561][   T30] RAX: 0000000020000d00 RBX: 0000000000000004 RCX: 8000000000000010
[  337.559973][   T30] RDX: 0000000000000010 RSI: 00007f328d0005d9 RDI: 0000000020000d00
[  337.572560][   T30] RBP: 00007f328d737a80 R08: 00007f328d400000 R09: 0000000000000001
[  337.580569][   T30] R10: 0000000000000001 R11: 0000000000000009 R12: 000000000002b3e8
[  337.597532][   T30] R13: 00007f328d85fc90 R14: 0000000000000032 R15: fffffffffffffffe
[  337.605647][   T30]  </TASK>
[  337.608680][   T30] INFO: task syz.0.350:7257 blocked for more than 143 seconds.
[  337.616730][   T30]       Not tainted 6.11.0-rc7-syzkaller-00017-gbc83b4d1f086 #0
[  337.624496][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  337.635084][   T30] task:syz.0.350       state:D stack:26288 pid:7257  tgid:7255  ppid:6980   flags:0x00004006
[  337.645757][   T30] Call Trace:
[  337.649065][   T30]  <TASK>
[  337.652007][   T30]  __schedule+0x1800/0x4a60
[  337.656951][   T30]  ? __pfx___schedule+0x10/0x10
[  337.661834][   T30]  ? __pfx_lock_release+0x10/0x10
[  337.666956][   T30]  ? irqentry_exit+0x63/0x90
[  337.671584][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  337.676941][   T30]  ? schedule+0x90/0x320
[  337.681201][   T30]  schedule+0x14b/0x320
[  337.685806][   T30]  io_schedule+0x8d/0x110
[  337.690184][   T30]  folio_wait_bit_common+0x882/0x12b0
[  337.695668][   T30]  ? __pfx_folio_wait_bit_common+0x10/0x10
[  337.701514][   T30]  ? __pfx_wake_page_function+0x10/0x10
[  337.707420][   T30]  ? _raw_spin_unlock+0x28/0x50
[  337.712673][   T30]  ? __vma_reservation_common+0x498/0x7d0
[  337.718441][   T30]  __filemap_get_folio+0xb7/0xc10
[  337.723628][   T30]  hugetlb_fault+0x1b72/0x3770
[  337.730342][   T30]  ? __pfx_hugetlb_fault+0x10/0x10
[  337.735553][   T30]  ? mt_find+0x226/0x850
[  337.739832][   T30]  ? __pfx_lock_release+0x10/0x10
[  337.744988][   T30]  handle_mm_fault+0x1901/0x1bc0
[  337.749953][   T30]  ? mt_find+0x62d/0x850
[  337.755202][   T30]  ? mt_find+0x226/0x850
[  337.759459][   T30]  ? __pfx_mt_find+0x10/0x10
[  337.764136][   T30]  ? __pfx_handle_mm_fault+0x10/0x10
[  337.769441][   T30]  ? find_vma+0xf9/0x170
[  337.773871][   T30]  ? __pfx_find_vma+0x10/0x10
[  337.778583][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  337.785036][   T30]  ? lock_mm_and_find_vma+0x9c/0x2f0
[  337.790356][   T30]  exc_page_fault+0x2b9/0x8c0
[  337.795139][   T30]  asm_exc_page_fault+0x26/0x30
[  337.800019][   T30] RIP: 0010:rep_movs_alternative+0x4a/0x70
[  337.805945][   T30] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 <f3> a4 c3 cc cc cc cc 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1
[  337.826376][   T30] RSP: 0018:ffffc90002ec7ad0 EFLAGS: 00050246
[  337.841470][   T30] RAX: ffffffff84b29701 RBX: 00000000200221d7 RCX: 0000000000000040
[  337.849612][   T30] RDX: 0000000000000000 RSI: ffffc90002ec7b60 RDI: 0000000020022197
[  337.857698][   T30] RBP: ffffc90002ec7c10 R08: ffffc90002ec7b9f R09: 1ffff920005d8f73
[  337.866310][   T30] R10: dffffc0000000000 R11: fffff520005d8f74 R12: 0000000000000040
[  337.874369][   T30] R13: 0000000000021b57 R14: 0000000020022197 R15: ffffc90002ec7b60
[  337.882545][   T30]  ? _copy_to_user+0x11/0xb0
[  337.887153][   T30]  _copy_to_user+0x86/0xb0
[  337.891578][   T30]  rng_dev_read+0x3be/0x6d0
[  337.896165][   T30]  ? __pfx_rng_dev_read+0x10/0x10
[  337.901212][   T30]  ? security_file_permission+0x7f/0xa0
[  337.906866][   T30]  ? rw_verify_area+0x52a/0x6b0
[  337.911730][   T30]  vfs_readv+0x6c2/0xa90
[  337.916159][   T30]  ? __pfx_rng_dev_read+0x10/0x10
[  337.921224][   T30]  ? __pfx_vfs_readv+0x10/0x10
[  337.926135][   T30]  ? __fget_files+0x29/0x470
[  337.930760][   T30]  __x64_sys_preadv+0x1c7/0x2d0
[  337.938336][   T30]  ? __pfx___x64_sys_preadv+0x10/0x10
[  337.943849][   T30]  ? do_syscall_64+0x100/0x230
[  337.948629][   T30]  ? do_syscall_64+0xb6/0x230
[  337.953372][   T30]  do_syscall_64+0xf3/0x230
[  337.957908][   T30]  ? clear_bhb_loop+0x35/0x90
[  337.962664][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  337.968571][   T30] RIP: 0033:0x7f328d57def9
[  337.974017][   T30] RSP: 002b:00007f328e451038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  337.982562][   T30] RAX: ffffffffffffffda RBX: 00007f328d735f80 RCX: 00007f328d57def9
[  337.990566][   T30] RDX: 0000000000000002 RSI: 0000000020000580 RDI: 0000000000000004
[  337.998922][   T30] RBP: 00007f328d5f09f6 R08: 0000000000000000 R09: 0000000000000000
[  338.007049][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  338.015156][   T30] R13: 0000000000000000 R14: 00007f328d735f80 R15: 00007f328d85fa28
[  338.023253][   T30]  </TASK>
[  338.026294][   T30] INFO: task syz.0.350:7260 blocked for more than 144 seconds.
[  338.046857][   T30]       Not tainted 6.11.0-rc7-syzkaller-00017-gbc83b4d1f086 #0
[  338.054700][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  338.063575][   T30] task:syz.0.350       state:D stack:22192 pid:7260  tgid:7255  ppid:6980   flags:0x00004006
[  338.083293][   T30] Call Trace:
[  338.086624][   T30]  <TASK>
[  338.089616][   T30]  __schedule+0x1800/0x4a60
[  338.094298][   T30]  ? __pfx___schedule+0x10/0x10
[  338.099202][   T30]  ? __pfx_lock_release+0x10/0x10
[  338.104383][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  338.109878][   T30]  ? schedule+0x90/0x320
[  338.114280][   T30]  schedule+0x14b/0x320
[  338.118548][   T30]  schedule_preempt_disabled+0x13/0x30
[  338.124149][   T30]  __mutex_lock+0x6a4/0xd70
[  338.128686][   T30]  ? __mutex_lock+0x527/0xd70
[  338.133891][   T30]  ? hugetlb_wp+0x104d/0x3a90
[  338.140898][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  338.152552][   T30]  ? __pfx_up_write+0x10/0x10
[  338.157280][   T30]  ? do_raw_spin_unlock+0x13c/0x8b0
[  338.163167][   T30]  ? vma_interval_tree_iter_next+0x193/0x340
[  338.169181][   T30]  hugetlb_wp+0x104d/0x3a90
[  338.174130][   T30]  ? mark_lock+0x9a/0x350
[  338.178534][   T30]  ? __pfx_hugetlb_wp+0x10/0x10
[  338.184072][   T30]  ? __pfx___might_resched+0x10/0x10
[  338.189394][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  338.195881][   T30]  ? do_raw_spin_lock+0x14f/0x370
[  338.200936][   T30]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  338.207858][   T30]  ? __filemap_get_folio+0x769/0xc10
[  338.214420][   T30]  hugetlb_fault+0x27b2/0x3770
[  338.219261][   T30]  ? __pfx_hugetlb_fault+0x10/0x10
[  338.224892][   T30]  ? mt_find+0x226/0x850
[  338.229156][   T30]  ? __pfx_lock_release+0x10/0x10
[  338.235096][   T30]  handle_mm_fault+0x1901/0x1bc0
[  338.240078][   T30]  ? mt_find+0x62d/0x850
[  338.262318][   T30]  ? mt_find+0x226/0x850
[  338.266626][   T30]  ? __pfx_mt_find+0x10/0x10
[  338.271245][   T30]  ? __pfx_handle_mm_fault+0x10/0x10
[  338.284993][   T30]  ? find_vma+0xf9/0x170
[  338.289282][   T30]  ? __pfx_find_vma+0x10/0x10
[  338.295820][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  338.302204][   T30]  ? lock_mm_and_find_vma+0x9c/0x2f0
[  338.308968][   T30]  exc_page_fault+0x2b9/0x8c0
[  338.315091][   T30]  asm_exc_page_fault+0x26/0x30
[  338.319989][   T30] RIP: 0010:__put_user_8+0x11/0x20
[  338.325508][   T30] Code: 84 00 00 00 00 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <48> 89 01 31 c9 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90
[  338.347439][   T30] RSP: 0018:ffffc9000372f778 EFLAGS: 00050202
[  338.353648][   T30] RAX: 0000000000800000 RBX: 0000000000000000 RCX: 0000000020000020
[  338.361632][   T30] RDX: 0000000000000000 RSI: ffffffff8c0ae6e0 RDI: ffffffff8c608f40
[  338.369721][   T30] RBP: ffffc9000372fec8 R08: ffffffff901875ef R09: 1ffffffff2030ebd
[  338.377798][   T30] R10: dffffc0000000000 R11: fffffbfff2030ebe R12: 1ffff920006e5f7d
[  338.386112][   T30] R13: 1ffff920006e5f08 R14: 0000000020800000 R15: 0000000000800000
[  338.400453][   T30]  userfaultfd_ioctl+0x28e7/0x70a0
[  338.405795][   T30]  ? stack_trace_save+0x118/0x1d0
[  338.410838][   T30]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  338.416675][   T30]  ? stack_depot_save_flags+0x29/0x830
[  338.422196][   T30]  ? kasan_save_track+0x51/0x80
[  338.427536][   T30]  ? kasan_save_track+0x3f/0x80
[  338.432967][   T30]  ? kasan_save_free_info+0x40/0x50
[  338.438181][   T30]  ? poison_slab_object+0xe0/0x150
[  338.443448][   T30]  ? __kasan_slab_free+0x37/0x60
[  338.449910][   T30]  ? kfree+0x149/0x360
[  338.454083][   T30]  ? tomoyo_path_number_perm+0x68d/0x880
[  338.459864][   T30]  ? security_file_ioctl+0x75/0xb0
[  338.465149][   T30]  ? __se_sys_ioctl+0x47/0x170
[  338.469921][   T30]  ? do_syscall_64+0xf3/0x230
[  338.476399][   T30]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  338.490817][   T30]  ? do_vfs_ioctl+0xf0e/0x2e50
[  338.495971][   T30]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  338.501031][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  338.507630][   T30]  ? tomoyo_path_number_perm+0x208/0x880
[  338.513463][   T30]  ? __pfx_lock_release+0x10/0x10
[  338.518570][   T30]  ? kfree+0x149/0x360
[  338.522819][   T30]  ? tomoyo_path_number_perm+0x208/0x880
[  338.528467][   T30]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  338.536504][   T30]  ? __fget_files+0x29/0x470
[  338.541130][   T30]  ? __fget_files+0x3f6/0x470
[  338.546838][   T30]  ? __fget_files+0x29/0x470
[  338.552883][   T30]  ? bpf_lsm_file_ioctl+0x9/0x10
[  338.557999][   T30]  ? security_file_ioctl+0x87/0xb0
[  338.563382][   T30]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  338.568882][   T30]  __se_sys_ioctl+0xfc/0x170
[  338.573557][   T30]  do_syscall_64+0xf3/0x230
[  338.578071][   T30]  ? clear_bhb_loop+0x35/0x90
[  338.582801][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  338.588699][   T30] RIP: 0033:0x7f328d57def9
[  338.593182][   T30] RSP: 002b:00007f328e430038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  338.601605][   T30] RAX: ffffffffffffffda RBX: 00007f328d736058 RCX: 00007f328d57def9
[  338.609637][   T30] RDX: 0000000020000000 RSI: 00000000c028aa03 RDI: 0000000000000008
[  338.617649][   T30] RBP: 00007f328d5f09f6 R08: 0000000000000000 R09: 0000000000000000
[  338.625768][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  338.634147][   T30] R13: 0000000000000000 R14: 00007f328d736058 R15: 00007f328d85fa28
[  338.642144][   T30]  </TASK>
[  338.645901][   T30] 
[  338.645901][   T30] Showing all locks held in the system:
[  338.661667][   T30] 3 locks held by kworker/u8:0/11:
[  338.666880][   T30]  #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  338.691174][   T30]  #1: ffffc90000107d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  338.702259][   T30]  #2: ffffffff8fc8c308 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[  338.711299][   T30] 1 lock held by khungtaskd/30:
[  338.716320][   T30]  #0: ffffffff8e938320 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[  338.726273][   T30] 2 locks held by kworker/u8:10/2562:
[  338.731655][   T30]  #0: ffff8880b883e9d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb0/0x140
[  338.741739][   T30]  #1: ffff8880b8928948 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x3a7/0x770
[  338.754228][   T30] 2 locks held by getty/4989:
[  338.758957][   T30]  #0: ffff88803090e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  338.769763][   T30]  #1: ffffc9000312b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6ac/0x1e00
[  338.780045][   T30] 2 locks held by syz.0.350/7255:
[  338.785372][   T30]  #0: ffff8880325ad730 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x2f9/0x6e0
[  338.795930][   T30]  #1: ffff8880212a88d8 (&hugetlb_fault_mutex_table[i]){+.+.}-{3:3}, at: hugetlb_fault+0x56f/0x3770
[  338.807363][   T30] 3 locks held by syz.0.350/7257:
[  338.812651][   T30]  #0: ffff8880258d4418 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock_killable+0x1d/0x70
[  338.822858][   T30]  #1: ffff8880212a88d8 (&hugetlb_fault_mutex_table[i]){+.+.}-{3:3}, at: hugetlb_fault+0x56f/0x3770
[  338.833743][   T30]  #2: ffff888032c138e8 (&resv_map->rw_sema){++++}-{3:3}, at: hugetlb_fault+0x675/0x3770
[  338.843648][   T30] 2 locks held by syz.0.350/7260:
[  338.848668][   T30]  #0: ffff8880258d4418 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock_killable+0x1d/0x70
[  338.860277][   T30]  #1: ffff8880212a88d8 (&hugetlb_fault_mutex_table[i]){+.+.}-{3:3}, at: hugetlb_wp+0x104d/0x3a90
[  338.871118][   T30] 1 lock held by syz-executor/7440:
[  338.876476][   T30]  #0: ffffffff8fc8c308 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0
[  338.885647][   T30] 1 lock held by syz-executor/8396:
[  338.890848][   T30]  #0: ffffffff8fc8c308 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0
[  338.899861][   T30] 1 lock held by syz.3.957/10204:
[  338.905037][   T30]  #0: ffffffff8fc8c308 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  338.914586][   T30] 1 lock held by syz.3.957/10208:
[  338.919608][   T30]  #0: ffffffff8fc8c308 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  338.929226][   T30] 2 locks held by syz.4.961/10198:
[  338.935522][   T30]  #0: ffffffff8fc8c308 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0
[  338.944689][   T30]  #1: ffffffff8e93d6f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830
[  338.955665][   T30] 1 lock held by syz.1.963/10213:
[  338.962071][   T30]  #0: ffffffff8fc8c308 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  338.972128][   T30] 
[  338.982696][   T30] =============================================
[  338.982696][   T30] 
[  338.991160][   T30] NMI backtrace for cpu 1
[  338.995497][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-rc7-syzkaller-00017-gbc83b4d1f086 #0
[  339.005989][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  339.016032][   T30] Call Trace:
[  339.019300][   T30]  <TASK>
[  339.022212][   T30]  dump_stack_lvl+0x241/0x360
[  339.026891][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  339.032071][   T30]  ? __pfx__printk+0x10/0x10
[  339.036731][   T30]  ? vprintk_emit+0x667/0x7c0
[  339.041406][   T30]  ? __pfx_vprintk_emit+0x10/0x10
[  339.046606][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[  339.051546][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  339.056992][   T30]  ? _printk+0xd5/0x120
[  339.061137][   T30]  ? __pfx__printk+0x10/0x10
[  339.065722][   T30]  ? __wake_up_klogd+0xcc/0x110
[  339.070565][   T30]  ? __pfx__printk+0x10/0x10
[  339.075142][   T30]  ? __rcu_read_unlock+0xa1/0x110
[  339.080157][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  339.086223][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[  339.092197][   T30]  watchdog+0xff4/0x1040
[  339.096447][   T30]  ? watchdog+0x1ea/0x1040
[  339.100862][   T30]  ? __pfx_watchdog+0x10/0x10
[  339.105530][   T30]  kthread+0x2f0/0x390
[  339.109584][   T30]  ? __pfx_watchdog+0x10/0x10
[  339.114252][   T30]  ? __pfx_kthread+0x10/0x10
[  339.118829][   T30]  ret_from_fork+0x4b/0x80
[  339.123239][   T30]  ? __pfx_kthread+0x10/0x10
[  339.127814][   T30]  ret_from_fork_asm+0x1a/0x30
[  339.132584][   T30]  </TASK>
[  339.138680][   T30] Sending NMI from CPU 1 to CPUs 0:
[  339.145214][    C0] NMI backtrace for cpu 0
[  339.145227][    C0] CPU: 0 UID: 0 PID: 35 Comm: kworker/u8:2 Not tainted 6.11.0-rc7-syzkaller-00017-gbc83b4d1f086 #0
[  339.145247][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  339.145257][    C0] Workqueue: events_unbound cfg80211_wiphy_work
[  339.145282][    C0] RIP: 0010:__sanitizer_cov_trace_switch+0x9d/0x120
[  339.145305][    C0] Code: 00 00 4d 85 d2 0f 84 8b 00 00 00 4c 8b 4c 24 20 65 4c 8b 1c 25 00 d7 03 00 31 d2 eb 08 48 ff c2 49 39 d2 74 71 4c 8b 74 d6 10 <65> 8b 05 34 44 70 7e 25 00 01 ff 00 74 11 3d 00 01 00 00 75 de 41
[  339.145318][    C0] RSP: 0018:ffffc90000ab7158 EFLAGS: 00000202
[  339.145331][    C0] RAX: 0000000000000000 RBX: 0000000000000016 RCX: ffff88801e2e3c00
[  339.145343][    C0] RDX: 0000000000000021 RSI: ffffffff8ff0e250 RDI: 0000000000000003
[  339.145353][    C0] RBP: ffffc90000ab7590 R08: 0000000000000001 R09: ffffffff8b37aa93
[  339.145364][    C0] R10: 0000000000000028 R11: ffff88801e2e3c00 R12: ffff888011f06d86
[  339.145376][    C0] R13: ffff888011f06d86 R14: 00000000000000c2 R15: dffffc0000000000
[  339.145387][    C0] FS:  0000000000000000(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000
[  339.145401][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  339.145413][    C0] CR2: 00007ffd1d50aff8 CR3: 000000000e734000 CR4: 00000000003506f0
[  339.145427][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  339.145436][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  339.145446][    C0] Call Trace:
[  339.145452][    C0]  <NMI>
[  339.145459][    C0]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[  339.145478][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  339.145500][    C0]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  339.145517][    C0]  ? nmi_handle+0x2a/0x5a0
[  339.145541][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  339.145559][    C0]  ? nmi_handle+0x14f/0x5a0
[  339.145574][    C0]  ? nmi_handle+0x2a/0x5a0
[  339.145590][    C0]  ? __sanitizer_cov_trace_switch+0x9d/0x120
[  339.145609][    C0]  ? default_do_nmi+0x63/0x160
[  339.145627][    C0]  ? exc_nmi+0x123/0x1f0
[  339.145645][    C0]  ? end_repeat_nmi+0xf/0x53
[  339.145665][    C0]  ? _ieee802_11_parse_elems_full+0x6e3/0x4a40
[  339.145695][    C0]  ? __sanitizer_cov_trace_switch+0x9d/0x120
[  339.145714][    C0]  ? __sanitizer_cov_trace_switch+0x9d/0x120
[  339.145735][    C0]  ? __sanitizer_cov_trace_switch+0x9d/0x120
[  339.145755][    C0]  </NMI>
[  339.145760][    C0]  <TASK>
[  339.145767][    C0]  _ieee802_11_parse_elems_full+0x6e3/0x4a40
[  339.145829][    C0]  ? __pfx__ieee802_11_parse_elems_full+0x10/0x10
[  339.145854][    C0]  ? ieee802_11_parse_elems_full+0xdb/0x2880
[  339.145874][    C0]  ? ieee802_11_parse_elems_full+0xdb/0x2880
[  339.145894][    C0]  ? ieee802_11_parse_elems_full+0xdb/0x2880
[  339.145914][    C0]  ? cfg80211_find_elem_match+0x174/0x1b0
[  339.145931][    C0]  ? __asan_memset+0x23/0x50
[  339.145950][    C0]  ieee802_11_parse_elems_full+0xdff/0x2880
[  339.145974][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  339.145995][    C0]  ? __pfx_validate_chain+0x10/0x10
[  339.146015][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  339.146035][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  339.146057][    C0]  ? __pfx_ieee802_11_parse_elems_full+0x10/0x10
[  339.146079][    C0]  ? __lock_acquire+0x137a/0x2040
[  339.146101][    C0]  ? mark_lock+0x9a/0x350
[  339.146128][    C0]  ieee80211_ibss_rx_queued_mgmt+0x4c8/0x2d70
[  339.146158][    C0]  ? __pfx_ieee80211_ibss_rx_queued_mgmt+0x10/0x10
[  339.146184][    C0]  ? mark_lock+0x9a/0x350
[  339.146204][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  339.146225][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  339.146244][    C0]  ? do_raw_spin_unlock+0x13c/0x8b0
[  339.146270][    C0]  ieee80211_iface_work+0x8a5/0xf20
[  339.146295][    C0]  cfg80211_wiphy_work+0x2db/0x490
[  339.146316][    C0]  ? process_scheduled_works+0x945/0x1830
[  339.146334][    C0]  process_scheduled_works+0xa2c/0x1830
[  339.146367][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  339.146390][    C0]  ? assign_work+0x364/0x3d0
[  339.146410][    C0]  worker_thread+0x86d/0xd10
[  339.146436][    C0]  ? __kthread_parkme+0x169/0x1d0
[  339.146457][    C0]  ? __pfx_worker_thread+0x10/0x10
[  339.146475][    C0]  kthread+0x2f0/0x390
[  339.146488][    C0]  ? __pfx_worker_thread+0x10/0x10
[  339.146506][    C0]  ? __pfx_kthread+0x10/0x10
[  339.146520][    C0]  ret_from_fork+0x4b/0x80
[  339.146539][    C0]  ? __pfx_kthread+0x10/0x10
[  339.146553][    C0]  ret_from_fork_asm+0x1a/0x30
[  339.146580][    C0]  </TASK>
[  339.149497][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  339.584975][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-rc7-syzkaller-00017-gbc83b4d1f086 #0
[  339.595451][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  339.605497][   T30] Call Trace:
[  339.608776][   T30]  <TASK>
[  339.611699][   T30]  dump_stack_lvl+0x241/0x360
[  339.616364][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  339.621542][   T30]  ? __pfx__printk+0x10/0x10
[  339.626107][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  339.632088][   T30]  ? vscnprintf+0x5d/0x90
[  339.636403][   T30]  panic+0x349/0x860
[  339.640275][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  339.646412][   T30]  ? __pfx_panic+0x10/0x10
[  339.650821][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[  339.656187][   T30]  ? __irq_work_queue_local+0x137/0x410
[  339.661739][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  339.667091][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  339.673245][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[  339.679393][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[  339.685536][   T30]  watchdog+0x1033/0x1040
[  339.689867][   T30]  ? watchdog+0x1ea/0x1040
[  339.694271][   T30]  ? __pfx_watchdog+0x10/0x10
[  339.698927][   T30]  kthread+0x2f0/0x390
[  339.703005][   T30]  ? __pfx_watchdog+0x10/0x10
[  339.707783][   T30]  ? __pfx_kthread+0x10/0x10
[  339.712415][   T30]  ret_from_fork+0x4b/0x80
[  339.716818][   T30]  ? __pfx_kthread+0x10/0x10
[  339.721389][   T30]  ret_from_fork_asm+0x1a/0x30
[  339.726144][   T30]  </TASK>
[  339.729263][   T30] Kernel Offset: disabled
[  339.733577][   T30] Rebooting in 86400 seconds..