last executing test programs:

8.967315685s ago: executing program 0 (id=1741):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8080}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo\x00')
getdents64(r3, &(0x7f0000002f40)=""/4098, 0x1002)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x101ff, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000004c0), 0xc, 0x0}, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
fsopen(&(0x7f00000000c0)='hugetlbfs\x00', 0x1)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000180)={'ip6gre0\x00', <r5=>0x0, 0x4, 0x98, 0xa, 0x2, 0x20, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7, 0x7849, 0x6, 0x5}})
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={&(0x7f0000000080), 0xc, &(0x7f0000000240)={&(0x7f0000000640)=@delqdisc={0x278, 0x25, 0x8, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xfff2, 0x3}, {0x0, 0xffe0}, {0x3, 0xb}}, [@TCA_RATE={0x6, 0x5, {0x8, 0x37}}, @TCA_STAB={0x1c8, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xd5, 0x94, 0xe2, 0xaf9, 0x0, 0x8, 0x2, 0x7}}, {0x12, 0x2, [0x1, 0x3, 0xd7, 0xf, 0x2, 0x81, 0xcb]}}, {{0x1c, 0x1, {0x2, 0x9, 0x2, 0x400, 0x0, 0x7, 0x7, 0x6}}, {0x10, 0x2, [0xd8, 0xff4c, 0x4, 0xfffd, 0x2, 0x9]}}, {{0x1c, 0x1, {0x7, 0x6, 0x1, 0x6, 0x0, 0x1, 0xd99, 0x1}}, {0x6, 0x2, [0x8]}}, {{0x1c, 0x1, {0xf, 0x6, 0x5, 0x2, 0x1, 0x9, 0x2c, 0x9}}, {0x16, 0x2, [0x9, 0x119e, 0x9c, 0x1, 0x7, 0x5, 0x2, 0x1, 0x94fa]}}, {{0x1c, 0x1, {0x1, 0x9, 0x7f, 0x9, 0x2, 0x42f, 0x5, 0xa}}, {0x18, 0x2, [0x2, 0x7f, 0x9, 0x4, 0x40, 0xfffe, 0x0, 0x1, 0x3, 0x1]}}, {{0x1c, 0x1, {0x5, 0xff, 0x7, 0x400, 0x1, 0xfff, 0x7, 0x6}}, {0x10, 0x2, [0xf8a3, 0x8001, 0x9, 0xfbd3, 0x8, 0x3ff]}}, {{0x1c, 0x1, {0x5, 0xff, 0x4, 0xfffffff9, 0x1, 0x4, 0x3ff, 0x6}}, {0x10, 0x2, [0x7, 0x2, 0xfc63, 0x8, 0x9, 0x0]}}, {{0x1c, 0x1, {0x5, 0xf4, 0x2, 0xfffffffd, 0x2, 0x4, 0x6, 0x3}}, {0xa, 0x2, [0x5a6f, 0x3, 0x30]}}, {{0x1c, 0x1, {0x1, 0x81, 0x1a5, 0x2, 0x0, 0x3, 0xa, 0x9}}, {0x16, 0x2, [0x1, 0xe7, 0x80, 0x0, 0x1, 0x63d, 0x6, 0x4, 0x0]}}, {{0x1c, 0x1, {0x80, 0x10, 0x6, 0xb, 0x0, 0x1, 0x0, 0x4}}, {0xc, 0x2, [0x1, 0x100, 0x8, 0x0]}}]}, @qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x0, 0xdb}}}, @TCA_EGRESS_BLOCK={0x8}, @qdisc_kind_options=@q_cake={{0x9}, {0x3c, 0x2, [@TCA_CAKE_ATM={0x8, 0x4, 0x1}, @TCA_CAKE_MEMORY={0x8, 0xa, 0x56}, @TCA_CAKE_INGRESS={0x8, 0xf, 0x1}, @TCA_CAKE_FWMARK={0x8, 0x12, 0x3}, @TCA_CAKE_SPLIT_GSO={0x8, 0x11, 0x1}, @TCA_CAKE_RAW={0x8, 0xc, 0x1}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x4}]}}, @qdisc_kind_options=@q_pfifo={{0xa}, {0x8}}, @TCA_EGRESS_BLOCK={0x8}]}, 0x278}, 0x1, 0x0, 0x0, 0x40080c6}, 0x8)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r6 = socket(0x840000000002, 0x3, 0x104)
connect$inet(r6, &(0x7f0000000900)={0x2, 0x0, @empty}, 0x10)
sendmmsg$inet(r6, &(0x7f0000005240), 0x264e33, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaa97aaaaffffffff29ff86dd600a843500140600fe0000000000000000bbfe8000000000000000000000000000aa00"/58, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0)
syz_emit_ethernet(0xae, &(0x7f0000000000)=ANY=[@ANYRES64=r6], 0x0)

8.597092183s ago: executing program 0 (id=1744):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x350, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x334, 0x33, @beacon={{{}, {}, @device_b, @device_b}, 0x0, @random, 0x0, @void, @val, @val={0x3, 0x1}, @void, @void, @val={0x5, 0x8c, {0x0, 0x0, 0x0, "9af6da3eccb31dfdb01e6e7177c98c64430a038b1a5dfa035ea7a9381b60d5573f7a471f2255656c6fda4f9fe2a1cefb7e307f95a05deb88da8d6767435855a59a04759977ef1cf00cf302f452d67e80c72e836d0cfcfd95ca366d0e284f1c03058e40a2283bb06b723df5c6eef98646cae544fd4eebdf5effc6f1ba5debee4b327b12000000000000"}}, @void, @void, @val={0x3c, 0x4}, @void, @void, @void, @val={0x76, 0x6}, [{0xdd, 0xb7, "31851c27f0515dccb7554d54162c7b9db37edff2415d5589b53027d4db2f9527a9858f2910b19c7737136d933c4cb8b186a2cb77d33dc186120309d0107aae1822ca939dc88880a147e71f89f5936e8d68041d7e8bcc0f1b2831ed25db982a9cd8fcd5160c5cdc0cbe25dce28dc9925779fc4799284de17406d9ac3b5e35515e37ca5568297e0d3e19d80a5d5addb3184fec9543e41f70eb1bcd9a87da2f4b39e15dca2e549f43749edc5d2150d9349f08894e39ac26f6"}, {0xdd, 0xba, "1cb11f4c9767b25df19d1cb86cc9f4059996ff0021375555251d74cf6f777d24ac2b13bbd9b9d6f27b608e3a58d27ba7b7e16a8e13f0d8f288fa3e9a5e6c9ba0bd7028c0866f7cec56d3e0ae5cb3c8963c4d6e991fbd1547b046152bed86b40dc529d6663ed96a2f54759ca9fd4841407c6fb63f588fed1344890b04c3914826eaa5b022f53aa9fb6bffaa0370be496fc201cd5b33db589eb87730dee906175a89a626342c521f0b18b5cb5ed9de356bf155e503ca39d841b335"}, {0xdd, 0x25, "523a4aa23e4123ca5c555c2b2bf412911511b4b39a758f6e3a496d64414c19f01ba62cf366"}, {0xdd, 0x12, "0941a0e096d40b7d3b60bec79aa8aaa3f566"}, {0xdd, 0x3f, "7b1f666daa2c5732ac642cd918aea5ee68d9287e589b7d5326dd3b2bfb9e3d1679ee7c57f9ddfe7cc6179e25076e5fbf36bd5882a567a92f5c2ba4e5d1fe2e"}, {0xdd, 0xb, "0da71e815422994325dfec"}, {0xdd, 0x63, "30d8ac98fdedffdf2ad390d8c532101bdebf905f4f96a12b5400578c02f802cac6cedd077c38a52b4fb790de3ab2c28eed8f45baef37217a654a07159fd6efe9fc5a4effdb0327c0802a3a873e92979e62ab34d31a748ae171a86d656075c5a8c88eab"}, {0xdd, 0x6, "4f3fef835ea8"}]}}]}, 0x350}}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd, 0x0, 0x20000000, 0x8020, 0x0, 0x0, {0x2}})
r4 = memfd_secret(0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r6 = fcntl$dupfd(r5, 0x0, r4)
ioctl$SCSI_IOCTL_GET_PCI(r6, 0x5393, &(0x7f0000000000))
socket$caif_stream(0x25, 0x1, 0x1000004)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r7, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
socket$inet6(0xa, 0x800, 0xfffffffb)
socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r9, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$kcm(r7, &(0x7f0000000480)={&(0x7f00000002c0)=@pppoe={0x18, 0x0, {0x0, @random="22b7a92a69ce", 'wg0\x00'}}, 0x80, &(0x7f00000003c0), 0x0, &(0x7f0000001a40)=ANY=[@ANYBLOB="d0000000000000002001000007000000da6549b5de4971c1f4fcd2eb9cfa3ab52ed1fe6329fae4aee911455e449dfe20283d77238a75bd5f5fa840a61faf9f587c8bf90909ba75f22fa94c41ee0937f04429acb0271f97dbc683bf53728efd13778054968914b2a91435c00968d0709c41837fda9051f9b722896149001f2e9319a66e02c2ffc085feab48c680fc6a474512921290f0b1380d05a8e4db4403a58ee96e48299753393cb275934d125e7ec01f48193c9f81f436175393032e948e8f47689588a3e0ad57d1c00000000000c80000000000000013010000550000000852263366650c27d7398280597612a9757c20543f7671e0d77a5f462bf9bfbafdd5ffb1beccf5484a9faf66897e69a711ab7ffcc43ec6372a0887ad07291b5b28c83dade4f8761f7bdd264d34a25008b4cec43276b0f67dc917f01ca578064d3587e4b11253c546a0e05b4635a36ad5d0266f588c29080c9dec8ccdb7c03f91837433fcee2458e3496b701f82a15674ab801397bafff2ee80fca2390089421e11323f4da1aba46b85f0efff4ecf2819f9af1fec00000000101000000000000011010000010400001f1da4def05bbd84c17294e9efb4c86533a7c8c46bad0b5621596d2c1bb6badb05294ee938f6e451df0837a61d8c19c62e5edfc65f91e7d6cdfa39f7c7315bb1c18154b954c81735ef30a5b8ef9148f750655045725807e399f52d8924d98334611ea68a234a65b8e673bf5165cc8e0e406695cb069ce6c6e0439b7e87d2e7278707b4b9022dc0098e7a7aab2ad2b3a2dcca3a11d558f23adb4cb3597f06ea063b99775d2dac52793ad2ba095bb7bc48fe4d371541f3abc8b062c627664efce675a64050a901538567b28b00426699f678a08d4052b1df334892204f68f3634b717d6bb092f4b420c07e5fcc33e5372c2f569083eaa0cbcca8fc147a750b2f88c239553f9c2aeb033702ce04790648bdc66c5e93e8284c01ae6d23bc09878f8ee9f3fb3a5368c182d676f0f641ce60cf10c533b6b9a99325d55ee2c7f717433b508fa7dfe58d25017d3bfdfbf687b65a5c0947d4b5bf0f5c48814236a8a1ca56fdf94a2c8a76fe95cc073d56207712c0e6d6b1f49d81c826d82e8dfcf0e6c0c42593fa98fa9a2a760d48d824214abdccd2403f9668803ff848d1ed0574eced50a725fde50887bbf502fea076e27fca745ecd0cd091b060835ceeb6d49f8c29f49918e6031b72b91efefef6e1363cf66760c950a5cff50d92f4a2048e70387d8eef60932a5ec1c1bfb64e7138c8d05b106fe055f1b9fb171a35b0e26088727d37b19b054439326db41407a3d6b0e66cad04434a1ddfe0ffae3192e269a43688f0c4cf85c5b897cc32fa694cb7410b956c1f8ca55d60fc3b0ffc8ab5394557417f79aff18084ec71024f12d4625e141816c45e319720303cea707c32726b3a2ec578fa8e5285a4d67701e838307343d0cfdc6b32eb7106fefec5beb5d996cd20ef3934590ddb5317e934c0eaea82d2a82e0fd5ab880aadef230559592ae270f871463f9f557c1a41c04d0225b61caadb1df55f148e2e00d821464871f97ec518c0a1e8f1e553c6117e2ae611003958739db3eb7eb2912ab220b3c90593c8fc1c3903de51228df77d1547ada4324f79c6f8099a8a65dd009d8cf9c724c92b02aca8c3c85f5cdbc036b19193de8fb302ac4ff2bbf6bc018231bbec294996827996ce742ca9981ac656a5ef813be4bc299e3b7bc512eb5eae106cc03abbfe977454288d6ef598c1ab6db87aad1daaee6618bfde45e3d6b8b01bc893d3fd742d2bbd142a3fd33cc6a8f27540af185c5d6f7130937d73949b426b43d694d1617d75f23ef29874b97a00f0f1f900121e9b18a496e03075276dab63dd1deb7a937ea8a70710d7ccc2cb46fe7fcae43ee74fe3ee346e4236270cd7764a0822b7e4c579f35d602c08b65985fdd16b72d3e7f7139120fef80869f714ace8301e8492c95f30a12bb0dc6473564f451a4bc4a0be3e0a641227ffb9a2ccf0c5e635b2191e3cc96e1d068093ed99f6a08b9a3e0649f6760b75d098f10c3c43929f47687d1cdcf64668d8be122ebaa02fb9e20b7fd279e1f698c4d1798d28584a48f410ab1c3ab78d9b0eef70ad206ec6bb327383cff285c409e35faf94d9c6a3695d0da61c6c9dc95ae48a1d09256430d036aaae5a9ad8c157745cb31dc55724072318bd93e65f360018432c2c677565ad224c126d13e211ca98f6d4b6b50fec7caf3a5776dd971d46d1b0f913dfaeb3eff14dd8a896be6c65416eecf308316efcfc57aa217da9662efd94bbcce34e783340532b289649cfc8921779bd5783c390214c69b41703cb555706e4bc0ffee1a81b090665718d4076d638e6126279559e7476a611b6af51a4b17d7cd3e48d3dc70cebcfc4f95abfce3294af93c5ba3ce8fc94bccb62b618f367b5ecb71dba6d79b147a1d58f7aaa31e68b503ce0db54f9be75d37ceeb2e4d4e9e65f700a3ea0f8ed265f24e332c0282674cd714aad678ddffc9f867b9a488d693f3b70cb8a573647ecc1a8c9bc908551a08b9f3ae0505919cc2c27f1684ced010c7779736b47a64207d5e63122dbfc1304a2db3cd435a06921e386c13b7080c031b880236e8a99995928bd8e9c766329a768aa2fa74186ed667b0365aae9ab397e3495e67d711d1559b51993ae3ce3a2912ffe3727250d04a2d0a11ad43c683d4c927aad487cc4a240e78259aee3fbca7e739020ec1bcd22ae87ae0c789e174399042c10e2443add5bc589ffea1e94dbd98a534a2f95607ff0b149b757baebd6e8ee34919726afbbe38bcf5d83b511fcd1ac016405eb8cfd4410010530a55b0e4bffa78c26f5a0bd5f34128752c40cd4a3892c60d024d5ab06449cee5250c6a8ba626667ea3802cbe54595fd871019265a4c77b35d2a9f9ec4089d9f0f24694364cf46406a9a3365989fa608e70111bf7a9a9fd2beb33bb6ee240f9ebfbeeaec83b1c249038f6713ecf0d50b864554e070c59146c6d7e7a73f76955b57f75aed46b18e0f5f7777309bc115dc27025d08ec9cfaec0a859536d2ec9b79c9af5527cebe97749dd44759170fe4832c9fd45e1203478a9ac42cfefab6c41977f4b4abc491533ed3dc0d1bfa571d6c79dddf86308c0d5d7ede4191887c433265181c2896a56ea2c362d6b4ab184792861e4d0350a645b7552747fb2598a3d228d80c17e18ebbff45ae069603a9818f46a77b94f45e6221e2c56a166370eac2d8f7768a51776eb99e9831c17bcb3ef6ad20835b574e2721a4d3349687b1a84b157a77ce1312693221d7dbe6409a97174a410bf494a1b021946359a939158d58edbcebf71feba4dd72b6a061161307425ee7e55eb9f5fc6fb1906e63b2736b705413ae941be0901b9efd1fd469e83f51ecdd49fb79e6eb6f60b891445dc3b27e2915036a7f650f6533b0c89c0bb81dbe54c5c25ac9a9fb6ba93d3e683d9dd01ff4ac6005169226b614345e8527b8446190da1e5c146ec0fb7f59c97396fdbdc85625175ebac6728bcf9cf39a46a20ff26f49bbad5895dc96c7d06778844c331cceef5d9a95cb538d3419ca87e3a7f251b623a28b8b71aea81a12d0b51db1b6fa2d5deb1498216e44661ca2c5dced6fd5e16dd25015a4c19d4eff182172c48295b199f76c498bdfbf47548f1822570e2b002776487b14766f1eaed41ff7419fc8bda54f56f43b2ed7163521b8dd4b9ce01df9918f814b4b75024861a7a6b3015993258f9fc1205de7a8b35c54a94770f2806d3909e09394ee453d9ce4dc06874f765520aecbbf265609931e29e303cb9a803ad47d041f38ce186f67b6c01b56dc7c3eb1460b8bf3fefa11502b5813a95765488cd0cba8d9ed8efcdc9efcbc149c59ebc8650da27d2073f78a6535acdae4cab42d03fab5b27d1065d2c586e21bd9a1c570896cef0a796a0f2a7e8768d05fbca34e6f9ddd55ed526017c43da8c169466bcf671cdeaf8284272ecb0c3b1e30d80de31ca1a57fed22a7ad2b42201fd4eefd9569f5834684ff24b3c33aba5709b5ff9c48128f4235e78e4fb4b1c52a37030d3e57d63613bc1d2444d8c979d1e570383944b4565d109c814b8428c80e75d79484e206ef04ea0d3309dc72e5a9af7a1681e6ede94102badd4ae3065293866df73c4c1c4ac6b6c62124dc7e731ed190814ab54f7ce0bbb9623d573f715cb8576b31f368a9fdab84b9d17ecac85eb5c3629d6b3b07fba48e6975039ec483fe6a14dda8b15cc377eaadd045873b0d0079a3e6424bf911ded9043ce728e82b03face1ead690a1ae62ed901de7ea4a0709f641f3933675bb3b7a877671c5888c40c1ca86501c4936922b1e63e7d820a514465c7e3d6ddda2fdc4e9bc5c9ca047455ef6b9ee214304e891641f3ce51128f1ea9abeeffd2190e55679c38106ed625f8129a3213651d764eb116335ba317e05aa698c9c985df2dcfeeda628a7f73ff435b4dd265239ac32c3f462872979df0e2aae49987c78c53e926557ca1f47b5b487182cb72cda8885649f56c3b157d94ade440b76193b9e4649a411b1e1e3cdb77e0d83ef17e53f7f0da1b1aa3dc517ab2e9fbb33fb41e00f3e6607731cb22f1db53015e8c98eea458eabe1f4b0fb7036ca41dbd3c454b09b58692ad4c0e8b84559951b20172501a71f72e20ebf483ac3dce4c23cda1d833569590c2fad5811daf51aa2bc5276555c507d3d07ac6afee0d98ed740ddbb12266fe50e2fb911e633d0ccad58554fe4d2666b3d071a3afcf2883f36653959141b35cdbc8d5ea2bb4548f3318de094c841d7fe524a0e0cd93c84682380f685370d7667654db1c0c5e4b290db5a878076355fdbae79ea8af4b0d2778ef77e410bd6ada6a8848916c8bed7813d91dce4c8c789cea9036f8fd315be5b9945ab4029017a5fea732654c80a2ec3c17ee744fd709a8730a95f004ac14b0248d944e8eef783c5f43e3b151290e36cb01a3449e2c34fdc2d25ddb7a9c085d39ef48cd9ba981a3cec471df9625fba8f1390702fb112bd96310216ae01c059f4fa12ee22e097dae4e6d9147acdb176fc2b5cdcb4c5cec27145a8a588a447f4cbce633c1cbf4bf3b0b7295fec41a02ea419ed1d1529ccf3743d71e09929707244e15cf9632d752634edbb89da6a99d47305c706e7cbf1ab53b596c765aca1874c8677f39bd032d95e7027c29a5dab071ab83fca3d27521bda4f4d6e56e51c3130ce39382a8e4b1f0c283b1a21d053b79c55a03a8339ad3accd38da5b218b35996612ac37dca1f315d4fafe0d1ef644f517ccfa772b50422dd8594a4a46a6273ab5059dcda21fc6e40bfd8a09ef470862828ab12f11bb2ebf65d1db81a234d3f3cf53c830988752897a63c6d937c30e8a28acbcf056f1f3761009d9ef7343093c5f52cdc1e75fac6cf5812e5d4658fcdede401f82d91ee498c9f24ae3c15fc412220269ebcb40424d9f4526ad4a669780ab497e216524df7d5b56814d0231be1fa77de41cda072262e48fe6a98de73159d650881fb1a3ce818339d03c49e377e96afefe48a2d255aa77352fed93091bc39f8e8ee58f820b016661c82c18b3739de6b85eaec5387372a0a085f449ab5d8de9923791d0cf4a65c13426607146882edf19ef95eae7f7af74a3220510761a68b1451bf8bcfa21d93975dbcba0e73cc62d27354de702b7b982b47657a892d034f05d7ea431f81c80cba9a63a55fc6e8052fa6fc1ec7c959948ad63480c8face6cded2115bd10233d19b05cc40a92a8c81f8260bf816d96f11d426f256f162f45534dc71c98f1081f778a72330a5b08216c728eae71525b43dcaca49b0cd0969014c6460818ff3e051ffc21a14a52c3d170f31619cbe6c7ad42cc351772fddab059af80e02d06e0867205fac7c5938780fa0532b6292f521dee15817c1761523a9e38c94ba48ff96905028db9321256d8a9d24f5ad94ebe1674fb608d461a9db43cb78ab14a956fb749bea9188c50cfaca3b9296968223298417ad2cd090f8db98b4f886b55049d3209e11a7dd029eae2d0317ed9fbe98f08dbb69f81a65059e8492aca07c309c05bad5899e5a86ca5dd1883e02689e3e8df037c4bc33f907534db55a3a35cc02963d1220984d3422913f97924feb7b025f83717be7abb4e87c0951afa8c10c39b6f4b688db5cc9750e54bf01b693b5fd5131c0293617a12be8bac1da1a069a011c015b82d46cfdfc465e3ddf7de8f6b89b969e6d5586458ddeb7d2de46d0bbe5dd7b71bbba95b7c39390226706840da72d608a163411fc27265c01a870cd50ec81c0f38f843dcdb74753c0823948ce7dc98af2bafd820ca93012128f4b47eb9cc196df64962be053a453221d464b96cf75446306836ffbda9a6fd2cd9db0d37a3c800000000000000180100000800000089972a3daaaf146738cfad86ebec8a715e160d5c06ebf56aa3e3b73419ee3fa1a8d88f40367b60fc334de39106fa8f6f4f15b0f5d348aa142addbd09c8be544dcaea8d8a536f9e07f4281afaedaada581571e0f8d88a5f6d13e35e61f814b5e7ca68e28fc77c1e24c1c036479ccb4143c9954c6258dfa1bdc23ce85de99310861bdf8e1dfe395a6e78003ad67cc6915305f2b4eeb3a8a369c5abe0ea0d20fd6edeec65dba2af7b1a26412bbf8bc18d87ca43095a48f9ea0060000000000000000701000001000000c8f95e3151a4c8b4d40413726c883b83103c94cbecfc95d1ccf92ae39c03f53842c09a46660ee6a30dbb5f98b694f5b301026b9af36a5941f72eca873ea4ab2fe2020a5f5492cb538ece7d02bc973000d80000000000000006000000df400000965cc0b8ef5c1a1d60f1ca312ad1d1ce2af72b5a2225b0eec51fa54bd93360b39d4898b97ed3286c8a24e6f7e7cc978149a4d5363f922885797f2171f843e4d07a0bd7ee6dca87e065160c948aafbae05edfb1d12beb50232976bea769a2ed79e4c523f01e2f4b38e31e09867c79d31d6e662abe3b4f46620b7d78fdd37cff90bf0a7703a96514ace0bb283f662e72cdb517696bfc287711fae3a8db0ec210710d7ea2347f68305c16ecf4db4f805cb490fb7af0329970f2675df6faa4e4d7d850653261000000002411c7c4fc81ff6ada345b218e82fdf17c9977cd732c77fdd216e26fc75d2bcb5945a02644fbc21d4c5c8e6f3eb31c42e4bbb91c8deb02dd027bf157a9f80b9ebe3461bad7ba6ed1bb5ca448486a7be9300cb005632f3630"], 0x13a8}, 0xf376f9a8029ab7b6)
sendmsg$NL80211_CMD_START_AP(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x8c, r9, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x3c}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x2}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x10}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xd}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x3}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x6}], @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x8c}}, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
socket$packet(0x11, 0x2, 0x300)
socket$nl_generic(0x10, 0x3, 0x10)

7.413188487s ago: executing program 0 (id=1753):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000200)={'wlan0\x00'})
socket$can_raw(0x1d, 0x3, 0x1)
socket$unix(0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x2, 0x0, 0x2, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r1, &(0x7f0000000180)=[{&(0x7f0000001a80)=""/102400, 0x19000}, {0x0}], 0x2, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000020303000000000000000000000000000800050f86d87fd9b66a010001000080"], 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_VERDICT(r3, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f00000014c0)={0x20, 0x1, 0x3, 0x101, 0x0, 0x0, {}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc}}]}, 0x20}}, 0x0)
r4 = socket(0x11, 0x80a, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000300)={'bond0\x00', <r5=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000700)=@newlink={0x44, 0x10, 0x401, 0x4, 0x0, {0x0, 0x0, 0x0, r5}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_ALL_SLAVES_ACTIVE={0x5}, @IFLA_BOND_ARP_INTERVAL={0x8, 0x7, 0x3}]}}}]}, 0x44}}, 0x0)
bind$can_raw(0xffffffffffffffff, 0x0, 0x0)
r6 = syz_open_dev$video(&(0x7f0000000000), 0x100000001, 0x0)
ioctl$VIDIOC_SUBDEV_G_FMT(r6, 0xc0585604, &(0x7f0000000040)={0x0, 0x0, {0x7f, 0x3, 0x1012, 0x9, 0x6, 0x2, 0x1, 0x4}})
ioctl$VIDIOC_G_SLICED_VBI_CAP(r6, 0xc0745645, &(0x7f00000000c0)={0x1, [0xffff, 0x5, 0x0, 0x7, 0x7fff, 0x400, 0x2, 0x0, 0x8, 0x1000, 0x1, 0x32b, 0x4, 0x3, 0x8, 0x44a, 0x8, 0xf9e, 0x77c5, 0x1, 0x9, 0x86, 0x3, 0x9, 0xffff, 0x9, 0x2, 0x1, 0x1, 0x55c, 0x200, 0x8, 0x4, 0x7, 0x8, 0x5, 0x0, 0x9, 0xfff9, 0x4, 0x1, 0x9, 0x7, 0x9, 0x5, 0x1, 0x76d, 0x4], 0x8})
ioctl$VIDIOC_ENUM_FMT(r6, 0xc0405602, &(0x7f0000000140)={0x8000, 0x1, 0x0, "1774d2a45f2b661f8efe34fff774d44b0ba98c7b153a056b0501278b440b3567", 0x34324d59})
ioctl$VIDIOC_QUERYBUF_DMABUF(r6, 0xc0585609, &(0x7f00000001c0)={0x831, 0xb, 0x4, 0x2, 0x9, {0x0, 0xea60}, {0x5, 0x1, 0x8, 0x81, 0x7f, 0x0, 'z.`z'}, 0x9, 0x4, {<r7=>0xffffffffffffffff}, 0x675c})
ioctl$VIDIOC_S_CROP(r6, 0x4014563c, &(0x7f0000000240)={0x8, {0x4, 0x2, 0x1, 0x6}})
r8 = memfd_secret(0x80000)
epoll_ctl$EPOLL_CTL_MOD(r8, 0x3, r7, &(0x7f0000000280))
ioctl$VIDIOC_SUBDEV_G_SELECTION(r8, 0xc040563d, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x6, {0x159, 0xfffffffa}})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={<r9=>0xffffffffffffffff})
io_uring_register$IORING_REGISTER_FILES_UPDATE(r8, 0x6, &(0x7f0000000380)={0x8, 0x0, &(0x7f0000000340)=[r9, r7]}, 0x2)

7.255206118s ago: executing program 4 (id=1754):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8080}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo\x00')
getdents64(r3, &(0x7f0000002f40)=""/4098, 0x1002)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x101ff, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000004c0), 0xc, 0x0}, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
fsopen(&(0x7f00000000c0)='hugetlbfs\x00', 0x1)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000180)={'ip6gre0\x00', <r5=>0x0, 0x4, 0x98, 0xa, 0x2, 0x20, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7, 0x7849, 0x6, 0x5}})
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={&(0x7f0000000080), 0xc, &(0x7f0000000240)={&(0x7f0000000640)=@delqdisc={0x230, 0x25, 0x8, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xfff2, 0x3}, {0x0, 0xffe0}, {0x3, 0xb}}, [@TCA_RATE={0x6, 0x5, {0x8, 0x37}}, @TCA_STAB={0x1c8, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xd5, 0x94, 0xe2, 0xaf9, 0x0, 0x8, 0x2, 0x7}}, {0x12, 0x2, [0x1, 0x3, 0xd7, 0xf, 0x2, 0x81, 0xcb]}}, {{0x1c, 0x1, {0x2, 0x9, 0x2, 0x400, 0x0, 0x7, 0x7, 0x6}}, {0x10, 0x2, [0xd8, 0xff4c, 0x4, 0xfffd, 0x2, 0x9]}}, {{0x1c, 0x1, {0x7, 0x6, 0x1, 0x6, 0x0, 0x1, 0xd99, 0x1}}, {0x6, 0x2, [0x8]}}, {{0x1c, 0x1, {0xf, 0x6, 0x5, 0x2, 0x1, 0x9, 0x2c, 0x9}}, {0x16, 0x2, [0x9, 0x119e, 0x9c, 0x1, 0x7, 0x5, 0x2, 0x1, 0x94fa]}}, {{0x1c, 0x1, {0x1, 0x9, 0x7f, 0x9, 0x2, 0x42f, 0x5, 0xa}}, {0x18, 0x2, [0x2, 0x7f, 0x9, 0x4, 0x40, 0xfffe, 0x0, 0x1, 0x3, 0x1]}}, {{0x1c, 0x1, {0x5, 0xff, 0x7, 0x400, 0x1, 0xfff, 0x7, 0x6}}, {0x10, 0x2, [0xf8a3, 0x8001, 0x9, 0xfbd3, 0x8, 0x3ff]}}, {{0x1c, 0x1, {0x5, 0xff, 0x4, 0xfffffff9, 0x1, 0x4, 0x3ff, 0x6}}, {0x10, 0x2, [0x7, 0x2, 0xfc63, 0x8, 0x9, 0x0]}}, {{0x1c, 0x1, {0x5, 0xf4, 0x2, 0xfffffffd, 0x2, 0x4, 0x6, 0x3}}, {0xa, 0x2, [0x5a6f, 0x3, 0x30]}}, {{0x1c, 0x1, {0x1, 0x81, 0x1a5, 0x2, 0x0, 0x3, 0xa, 0x9}}, {0x16, 0x2, [0x1, 0xe7, 0x80, 0x0, 0x1, 0x63d, 0x6, 0x4, 0x0]}}, {{0x1c, 0x1, {0x80, 0x10, 0x6, 0xb, 0x0, 0x1, 0x0, 0x4}}, {0xc, 0x2, [0x1, 0x100, 0x8, 0x0]}}]}, @qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x0, 0xdb}}}, @TCA_EGRESS_BLOCK={0x8}, @qdisc_kind_options=@q_pfifo={{0xa}, {0x8, 0x2, 0x2}}, @TCA_EGRESS_BLOCK={0x8}]}, 0x230}, 0x1, 0x0, 0x0, 0x40080c6}, 0x8)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r6 = socket(0x840000000002, 0x3, 0x104)
connect$inet(r6, &(0x7f0000000900)={0x2, 0x0, @empty}, 0x10)
sendmmsg$inet(r6, &(0x7f0000005240), 0x264e33, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaa97aaaaffffffff29ff86dd600a843500140600fe0000000000000000bbfe8000000000000000000000000000aa00"/58, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0)
syz_emit_ethernet(0xae, &(0x7f0000000000)=ANY=[@ANYRES64=r6], 0x0)

6.937162655s ago: executing program 0 (id=1756):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r3, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000040)="0f017715b9800000c00f3235000100000f300f01cb0f01c9b8010000000f01c10f090fc7ab008000000f20e035400000000f22e00f01cf0f01c3", 0x3a}], 0x1, 0x0, 0x0, 0x0)
preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000001280)=""/127, 0x7f}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5)
ioctl$sock_inet_SIOCGARP(0xffffffffffffffff, 0x8954, &(0x7f00000001c0)={{0x2, 0x0, @broadcast}, {0x0, @local}, 0x0, {0x2, 0xfffc, @broadcast}, 'ip6gretap0\x00'})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000080)=0x677c, 0x4)
bind$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r5, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r5, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$sock_int(r5, 0x1, 0x1d, &(0x7f0000000000)=0x7c, 0x4)
recvmmsg(r5, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000100)={{0x0, 0x6, 0x0, 0x40}, 'syz0\x00', 0x26})
ioctl$UI_DEV_CREATE(r0, 0x5501)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/devices\x00', 0x0, 0x0)
preadv(r6, &(0x7f0000002480)=[{&(0x7f0000000280)=""/4096, 0x1000}], 0x1, 0x0, 0x0)
landlock_create_ruleset(&(0x7f00000002c0)={0x0, 0x1}, 0x10, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901)
move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

6.903726717s ago: executing program 4 (id=1757):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1d, 0x4, 0x8, 0x8}, 0x48)
rseq(&(0x7f0000000200), 0x20, 0x0, 0x0)
r1 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
mkdir(&(0x7f0000000280)='./control\x00', 0x0)
wait4(0xffffffffffffffff, 0x0, 0x1000000, &(0x7f0000000300))
close(r1)
r2 = inotify_init1(0x0)
fcntl$setstatus(r2, 0x4, 0x2c00)
r3 = gettid()
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x541a, 0x0)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000100), 0x10, &(0x7f0000000240)={&(0x7f00000001c0)={0x1, 0x0, 0x0, {0x0, 0xea60}, {0x0, 0x2710}, {}, 0x2}, 0x48}}, 0x0)
rt_sigprocmask(0x0, 0x0, 0x0, 0x0)
r4 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0x8604}, 0x10)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@mpls_getroute={0x1c, 0x1a, 0x0, 0x0, 0x0, {0x1c, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}}, 0x1c}}, 0x0)
inotify_add_watch(r2, &(0x7f0000000040)='./control\x00', 0xa0000000)
rmdir(&(0x7f0000000080)='./control\x00')
socketpair(0x1e, 0x801, 0x0, &(0x7f0000000280)={<r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f0000000840)=[{{&(0x7f0000000000)=@file={0xe8e6005ca50009c5, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x1}}, {{&(0x7f00000006c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x2a}}], 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x10)
r6 = syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x0, 0x11100}, &(0x7f0000000000), &(0x7f0000000040))
io_uring_enter(r6, 0x2def, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYRES8=r0, @ANYBLOB="9f3078c68158a7e7f4a5127edd2999c400af7bb537c2775d2a4d34195a41f3ed87a0debf3c3348526e2e01958a198db10aa0d758744dc24c711ad701353514ad15fe08a44f2ea4d25765990a8051f89ec7a1f206875824ee97a4b63e", @ANYRES8, @ANYRES32=r6, @ANYRES16=r3, @ANYRES32, @ANYRES16=r0], 0x0}, 0x90)
syz_usb_connect(0x0, 0x36, &(0x7f0000000440)=ANY=[@ANYBLOB="130100009b23fd406d04c1088dee000000410902240001fa0000000904000000ff01000007240100002e000b24"], 0x0)

6.362477668s ago: executing program 0 (id=1762):
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r2 = dup(r0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@multicast, @random="cabf9c84344f", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0x8000000, @local}, {0x0, 0x17c1, 0x8}}}}}, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000100)={0x84, @broadcast, 0x0, 0x0, 'rr\x00', 0x1, 0x0, 0x4}, 0x2c)
r7 = socket$inet_sctp(0x2, 0x5, 0x84)
r8 = socket(0x10, 0x3, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000540))
ioctl$FIONCLEX(0xffffffffffffffff, 0x5450)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001540)=ANY=[@ANYBLOB="150000001a0001100000000000000000000000000084e8cff8380010"], 0x1c}}, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000009200)=[@in={0x2, 0x12c, @remote}], 0x10)
ioctl$KVM_SET_LAPIC(r5, 0x4400ae8f, &(0x7f0000000700)={"ce85bf2fb3cd8f0e18f44494adfd754252f57b44e3463dfcb57b5aa2b43cd438723b695eec6b4426ea40a206b9cdbc407406838fcc7114ee6e137328f81af34923eb4829d751fe67819c96419effe8f53ecc9abb1c638d0daf743cf4f42698c10d497e714371c2c78b293c2e33df72ca75c4f998b90a473868c98f53ed8f448286b859d15f97b4b6802e87f2170db785ac72fbc40e3ca4684e282864a612c553ebd1ca1948bfea0769e283fa6ed8e2216714062bcf9059e36c3697dd9aee5af04c32980b53ea45e5cf150d3442ba0e58aacdfdeb14d6a20bed8351e1f2b17abdb988f50fbf4074f815d68745a04f2e7ac4212ab17a2872ad028e133aa42778e459ab306a7b6b1cef1f7facf93ddfc3f93908f1b21a13217f02d020f45649159822d69c818682368f0e59316563717a71fcf3c65c496d766a7d7fa6840377e9e93d46f322c1d36fd5275d97da2d9f5eeaee4cdd98e9d0c911ba7b21e47766397360658f815eff477dd353f82cb463aa5e1b9fc305d21e07e657de987152fd9372f4225a5b1231c4b680c9b8918bc5b10786c1660eb829c5f1096f7c4270dcef52c9ad70a3dd9b80e32d0a2c45a6a469e28fa75a064cdaae3e59099df9c3e384e6927ebf0f84df459d179410ce200dc8d9452923b32c67a5165c78a0b382aa9c2755e83834be0b88fbdeffb4841192d5c9480dfd52aaad7c928f601ebf48523775c20399fbaa5b6d83e5add38fea61e11491496e164b09fbffeab88f9329bc4526a076377a4d0a47ea223e1660e9dcbf562e505914b6ca6d978d84162fa5895299eb8fb8eaec40808fe6eb449333f62ac02b8bece9c708971d1d1cb6dffe416c2c6fae7c906678dfe105ff10cfe1eda88c69dcaa73c89cfcfdf92ef6ad69889b1d9984feb0711745f126fae4523f0e3d087978b127cc272033c9f3f1b0ac7e0ed4f3cfeb3e60b691478d9fb01b4158d22d1f64698d076aa830586aff206b3e65772b0d189e770ea239689638d0d935aef9ab8c167819cb17ad67a7e8fd5d658f4f929efa834be01e2644e36ab7c13930499a50ad46716274d62407635b97d6e6c19b1226451294b5e575135a8c972a739e89c92f698b043ed9b97d8b6d7e44522d462a54c10190eecb15f7edd14e3815eff39d614b50f015356e731f0812649979de235f19552bc2826e15c9b67ed40416ba164033135fee831df925e9baabdb846b5bf66855e3f8b79dca16f3bec23aa634606196a388f8e1b126f36618f685cb62065d30f6fe2b0a562a94591ee3fa981160e1481ee781c371cc7ee8c928f77b4e6d9b73fa3bfc479060ce1f4f0b68fd21d068d50e29c84bc2af8328817bcc3293afe6c78d4ee87c835097b383169d8017ef12eabd7ff4f91701088ace6da8a31c05e729aade819777203973c20f6c1611f8adb2ac10d22795c125db94b18cf9"})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000001c0)="0f2145b8000001000f23c00f21f83501000c000f23f80f005f8e660feeb700000080b93c080000b837b40000ba00000000c134b9c20b0000b812000000ba000000000f30c4e3f148cf00f30fc7b304000000660f2c6d4cb805000000b95b2900000f01c1", 0x64}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, r2, 0x40000000)
r9 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x3}, 0x10)
setsockopt$packet_tx_ring(r9, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0xfffffffa}, 0x10)

6.069268094s ago: executing program 0 (id=1764):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
write$binfmt_script(r2, 0x0, 0xfffffe5d)
getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="3c00000010008506000000ff0100000000000000", @ANYRES32=r3, @ANYBLOB="01ff00e1c2ed00001c0012000c000100626f6e64"], 0x3c}}, 0x0)
getsockname$packet(r2, &(0x7f0000000440)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000004c0)=0x14)
r5 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001400128009000100626f6e64000000000400028008000a00", @ANYRES32=r4], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x8847, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x24, 0x11, 0x1, 0x0, 0x0, {0x10, 0x0, 0x4c, r3}}, 0x24}}, 0x0)

5.113181003s ago: executing program 4 (id=1770):
socket$caif_stream(0x25, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$tipc(0x1e, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00')
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000200)=""/4095, 0xfff}], 0x1, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000a40)=ANY=[], 0x70}}, 0x0)
r3 = memfd_secret(0x0)
ftruncate(r3, 0x4)
sendmsg$nl_route(r2, &(0x7f0000001280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f0000001200)=@ipv6_newrule={0x58, 0x20, 0x1, 0x70bd2d, 0x25dfdbfd, {0xa, 0x14, 0x0, 0xd3, 0x5, 0x0, 0x0, 0x1, 0x10004}, [@FIB_RULE_POLICY=@FRA_IIFNAME={0x14, 0x3, 'ip6tnl0\x00'}, @FRA_SRC={0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, @FRA_SRC={0x14, 0x2, @mcast1}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000014}, 0x20040080)
r4 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x7, 0x1, 0x1}}]}}]}}, 0x0)
syz_usb_control_io$printer(r4, 0x0, &(0x7f00000006c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)={0x20, 0x0, 0x1}})
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$SNDCTL_DSP_SYNC(r5, 0x5002, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x9, 0x13, r3, 0x0)
set_mempolicy(0x3, &(0x7f0000000040)=0xfffffffffffffffb, 0x5)
mbind(&(0x7f0000ffa000/0x6000)=nil, 0x6000, 0x0, 0x0, 0x0, 0x3)
socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_INTERFACE(r6, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f0000000080)=""/77, 0x4d}], 0x1, 0xa3, 0x0)

4.984570331s ago: executing program 1 (id=1771):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x74, &(0x7f0000000000)={&(0x7f0000001640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01000000000000000000010000000900010073797a300000000040000000160a01000000000000000000010000000900010073797a30000000000900020073797a300000000014000380080002400000000046e00140000000002c000000180a0108000b000000000000010000000900020073797a30000000000900010073797a30"], 0xb4}}, 0x0)

4.892954797s ago: executing program 3 (id=1772):
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
socket$inet_smc(0x2b, 0x1, 0x0)
close_range(0xffffffffffffffff, r1, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
socket$qrtr(0x2a, 0x2, 0x0)
keyctl$restrict_keyring(0x3, 0xfffffffffffffffb, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
writev(r0, &(0x7f0000000340)=[{0x0}, {&(0x7f0000000380)="1135dde43c3ec81910cf79c4244c8befffc15a1308ecd54b9936", 0x1a}, {&(0x7f0000000280)="9c216fd803fd819e6fe2680af2d734780800000000000000b6dddf3419006d054d91e0687f5200"/49, 0x31}], 0x3)
ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, &(0x7f0000000940))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x1)
ioctl$TCSETSW2(r2, 0x5435, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102384, 0x18ff0}], 0x1, 0x0, 0xffffffff)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/stat\x00')
write$USERIO_CMD_SEND_INTERRUPT(r4, 0x0, 0x0)
syz_emit_vhci(0x0, 0x7)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005b40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000400)="be86bee2eb7cd52386acbb852ef2ebfda2d635ec067e1fc8400449f82e43b51d0168731ec0992b0ffbf3cbee93516f17fa696e61098f947b0b994137c75b1f893b3e28a654dd286f7ff4b835d8fb5e878ea5e35e54a67ae574ffbdfe1a57dc5015027d1855bb0306fd73c454fef0cb925471981085874a5348a65d2afa17dadd73b7e43492722b8d2d5377b66f274f4b08c2a4ad6346ba38ec0744aa7e0528e560a728dae79bfaef2d164b941b7d663d1bee93", 0xb3}], 0xbe7d6019aadec558}}, {{0x0, 0x0, &(0x7f0000004240)=[{&(0x7f0000003140)}], 0x1}}], 0x2, 0xc080)
r5 = socket$inet6(0xa, 0x800000000000002, 0x0)
connect$inet6(r5, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c)
sendmmsg$inet6(r5, &(0x7f0000000f40)=[{{0x0, 0xcb000000, 0x0}}], 0x28000, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
add_key$user(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000180)="41121b64addba10ef57db4c9f4214f66a38a63820b3fd514364dbe8adef4378f95e194aa2477062513c748933231cd95ad5ca3fae18301519dd998ae292e45b8f1c14fdd9f6cecb085fabaa2f2d8b35ea4df8660e53067fff839", 0x5a, 0xfffffffffffffffc)
add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)

4.819806359s ago: executing program 2 (id=1773):
r0 = syz_open_dev$usbfs(&(0x7f00000002c0), 0x3, 0x1ef142)
ioctl$USBDEVFS_FREE_STREAMS(r0, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303a37a07006000000002000020d3"])
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x711201)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0, <r2=>0x0}, &(0x7f0000000380)=0x6)
socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[@ANYRESHEX=r2], 0xfe33)
socket(0x2, 0x80805, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000000)={0x118}, 0x10, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
landlock_create_ruleset(&(0x7f0000000280)={0x31b9, 0x3}, 0x10, 0x0)
r4 = landlock_create_ruleset(&(0x7f0000000180), 0x10, 0x0)
landlock_restrict_self(r4, 0x0)
landlock_restrict_self(r4, 0x0)
r5 = landlock_create_ruleset(0x0, 0x0, 0x0)
landlock_restrict_self(r5, 0x0)
landlock_restrict_self(r5, 0x0)
landlock_restrict_self(r5, 0x0)
landlock_restrict_self(r5, 0x0)
landlock_create_ruleset(&(0x7f0000000100)={0x40, 0x1}, 0x10, 0x0)
pivot_root(&(0x7f00000003c0)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000000c0)='./file0\x00')

4.641370892s ago: executing program 1 (id=1774):
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r2 = dup(r0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@multicast, @random="cabf9c84344f", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0x8000000, @local}, {0x0, 0x17c1, 0x8}}}}}, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000100)={0x84, @broadcast, 0x0, 0x0, 'rr\x00', 0x1, 0x0, 0x4}, 0x2c)
r7 = socket$inet_sctp(0x2, 0x5, 0x84)
r8 = socket(0x10, 0x3, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000540))
ioctl$FIONCLEX(0xffffffffffffffff, 0x5450)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001540)=ANY=[@ANYBLOB="150000001a0001100000000000000000000000000084e8cff8380010"], 0x1c}}, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000009200)=[@in={0x2, 0x12c, @remote}], 0x10)
ioctl$KVM_SET_LAPIC(r5, 0x4400ae8f, &(0x7f0000000700)={"ce85bf2fb3cd8f0e18f44494adfd754252f57b44e3463dfcb57b5aa2b43cd438723b695eec6b4426ea40a206b9cdbc407406838fcc7114ee6e137328f81af34923eb4829d751fe67819c96419effe8f53ecc9abb1c638d0daf743cf4f42698c10d497e714371c2c78b293c2e33df72ca75c4f998b90a473868c98f53ed8f448286b859d15f97b4b6802e87f2170db785ac72fbc40e3ca4684e282864a612c553ebd1ca1948bfea0769e283fa6ed8e2216714062bcf9059e36c3697dd9aee5af04c32980b53ea45e5cf150d3442ba0e58aacdfdeb14d6a20bed8351e1f2b17abdb988f50fbf4074f815d68745a04f2e7ac4212ab17a2872ad028e133aa42778e459ab306a7b6b1cef1f7facf93ddfc3f93908f1b21a13217f02d020f45649159822d69c818682368f0e59316563717a71fcf3c65c496d766a7d7fa6840377e9e93d46f322c1d36fd5275d97da2d9f5eeaee4cdd98e9d0c911ba7b21e47766397360658f815eff477dd353f82cb463aa5e1b9fc305d21e07e657de987152fd9372f4225a5b1231c4b680c9b8918bc5b10786c1660eb829c5f1096f7c4270dcef52c9ad70a3dd9b80e32d0a2c45a6a469e28fa75a064cdaae3e59099df9c3e384e6927ebf0f84df459d179410ce200dc8d9452923b32c67a5165c78a0b382aa9c2755e83834be0b88fbdeffb4841192d5c9480dfd52aaad7c928f601ebf48523775c20399fbaa5b6d83e5add38fea61e11491496e164b09fbffeab88f9329bc4526a076377a4d0a47ea223e1660e9dcbf562e505914b6ca6d978d84162fa5895299eb8fb8eaec40808fe6eb449333f62ac02b8bece9c708971d1d1cb6dffe416c2c6fae7c906678dfe105ff10cfe1eda88c69dcaa73c89cfcfdf92ef6ad69889b1d9984feb0711745f126fae4523f0e3d087978b127cc272033c9f3f1b0ac7e0ed4f3cfeb3e60b691478d9fb01b4158d22d1f64698d076aa830586aff206b3e65772b0d189e770ea239689638d0d935aef9ab8c167819cb17ad67a7e8fd5d658f4f929efa834be01e2644e36ab7c13930499a50ad46716274d62407635b97d6e6c19b1226451294b5e575135a8c972a739e89c92f698b043ed9b97d8b6d7e44522d462a54c10190eecb15f7edd14e3815eff39d614b50f015356e731f0812649979de235f19552bc2826e15c9b67ed40416ba164033135fee831df925e9baabdb846b5bf66855e3f8b79dca16f3bec23aa634606196a388f8e1b126f36618f685cb62065d30f6fe2b0a562a94591ee3fa981160e1481ee781c371cc7ee8c928f77b4e6d9b73fa3bfc479060ce1f4f0b68fd21d068d50e29c84bc2af8328817bcc3293afe6c78d4ee87c835097b383169d8017ef12eabd7ff4f91701088ace6da8a31c05e729aade819777203973c20f6c1611f8adb2ac10d22795c125db94b18cf9"})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000001c0)="0f2145b8000001000f23c00f21f83501000c000f23f80f005f8e660feeb700000080b93c080000b837b40000ba00000000c134b9c20b0000b812000000ba000000000f30c4e3f148cf00f30fc7b304000000660f2c6d4cb805000000b95b2900000f01c1", 0x64}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, r2, 0x40000000)
r9 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x3}, 0x10)
setsockopt$packet_tx_ring(r9, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0xfffffffa}, 0x10)

4.571531096s ago: executing program 2 (id=1775):
socket$alg(0x26, 0x5, 0x0)
r0 = fsopen(&(0x7f0000000040)='efs\x00', 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x8}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r1}, 0x0, &(0x7f00000003c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='c:::/', 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x1e, 0x4, &(0x7f0000000680)=ANY=[], &(0x7f0000000640)='syzkaller\x00', 0x4, 0x98, &(0x7f0000000180)=""/152, 0x0, 0x0, '\x00', 0x0, 0x33}, 0x90)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0xa, 0x0, 0x8, 0x1}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x4, 0xd, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002a000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r3}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r2}, &(0x7f0000000380), &(0x7f00000003c0)}, 0x20)
unshare(0x22040400)
r4 = syz_open_dev$evdev(&(0x7f0000000340), 0x48, 0x1)
syz_usb_disconnect(r4)
syz_usb_connect(0x4, 0x24, &(0x7f0000000100)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r4, 0x40085507, &(0x7f00000003c0))
syz_usb_connect(0x5, 0x0, 0x0, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x4, [{0x0, 0x0}, {0x4, &(0x7f0000000540)=@lang_id={0x4, 0x3, 0x41a}}, {0xf7, &(0x7f0000000a40)=ANY=[@ANYRESHEX=r3]}, {0x0, 0x0}]})
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_emit_ethernet(0x6e, &(0x7f0000000780)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180c200000086dd6002adf700383a00fe880000000000000000000000000001ff020000000000000000000000000001040090780000000060fd906300403a0000000000000000000000ffffac1414aa00000000000000000000ffffac1414aa1e520b4c951ee12e498924c7dc65397852a8bd76be1a00df5f4540f561c798c7f0f4f28b75c39889911933100fb81f82f2e91a7a837723a5046243b5dcfc97e4a53d55ac2cba9275598ff6a4c75332b80ea65dab548259352a0acbc97136c35f9e38ea80523c70452aaef90f6c245a4b5b85b18bbc5669df3961514bb36ffd7564f3208484de4ab809c678fb16b1e2"], 0x0)

4.260540319s ago: executing program 3 (id=1776):
open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="d8000000180081054e81f782db44b904021d005c06007c09e8fe55a10a0015400100142603600e120800060000000401a80016000500014003001100036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e97", 0xd7}], 0x1}, 0x0)

4.14898296s ago: executing program 1 (id=1777):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8080}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo\x00')
getdents64(r3, &(0x7f0000002f40)=""/4098, 0x1002)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x101ff, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000004c0), 0xc, 0x0}, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
fsopen(&(0x7f00000000c0)='hugetlbfs\x00', 0x1)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000180)={'ip6gre0\x00', <r5=>0x0, 0x4, 0x98, 0xa, 0x2, 0x20, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7, 0x7849, 0x6, 0x5}})
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={&(0x7f0000000080), 0xc, &(0x7f0000000240)={&(0x7f0000000640)=@delqdisc={0x230, 0x25, 0x8, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xfff2, 0x3}, {0x0, 0xffe0}, {0x3, 0xb}}, [@TCA_RATE={0x6, 0x5, {0x8, 0x37}}, @TCA_STAB={0x1c8, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xd5, 0x94, 0xe2, 0xaf9, 0x0, 0x8, 0x2, 0x7}}, {0x12, 0x2, [0x1, 0x3, 0xd7, 0xf, 0x2, 0x81, 0xcb]}}, {{0x1c, 0x1, {0x2, 0x9, 0x2, 0x400, 0x0, 0x7, 0x7, 0x6}}, {0x10, 0x2, [0xd8, 0xff4c, 0x4, 0xfffd, 0x2, 0x9]}}, {{0x1c, 0x1, {0x7, 0x6, 0x1, 0x6, 0x0, 0x1, 0xd99, 0x1}}, {0x6, 0x2, [0x8]}}, {{0x1c, 0x1, {0xf, 0x6, 0x5, 0x2, 0x1, 0x9, 0x2c, 0x9}}, {0x16, 0x2, [0x9, 0x119e, 0x9c, 0x1, 0x7, 0x5, 0x2, 0x1, 0x94fa]}}, {{0x1c, 0x1, {0x1, 0x9, 0x7f, 0x9, 0x2, 0x42f, 0x5, 0xa}}, {0x18, 0x2, [0x2, 0x7f, 0x9, 0x4, 0x40, 0xfffe, 0x0, 0x1, 0x3, 0x1]}}, {{0x1c, 0x1, {0x5, 0xff, 0x7, 0x400, 0x1, 0xfff, 0x7, 0x6}}, {0x10, 0x2, [0xf8a3, 0x8001, 0x9, 0xfbd3, 0x8, 0x3ff]}}, {{0x1c, 0x1, {0x5, 0xff, 0x4, 0xfffffff9, 0x1, 0x4, 0x3ff, 0x6}}, {0x10, 0x2, [0x7, 0x2, 0xfc63, 0x8, 0x9, 0x0]}}, {{0x1c, 0x1, {0x5, 0xf4, 0x2, 0xfffffffd, 0x2, 0x4, 0x6, 0x3}}, {0xa, 0x2, [0x5a6f, 0x3, 0x30]}}, {{0x1c, 0x1, {0x1, 0x81, 0x1a5, 0x2, 0x0, 0x3, 0xa, 0x9}}, {0x16, 0x2, [0x1, 0xe7, 0x80, 0x0, 0x1, 0x63d, 0x6, 0x4, 0x0]}}, {{0x1c, 0x1, {0x80, 0x10, 0x6, 0xb, 0x0, 0x1, 0x0, 0x4}}, {0xc, 0x2, [0x1, 0x100, 0x8, 0x0]}}]}, @qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x0, 0xdb}}}, @TCA_EGRESS_BLOCK={0x8}, @qdisc_kind_options=@q_pfifo={{0xa}, {0x8, 0x2, 0x2}}, @TCA_EGRESS_BLOCK={0x8}]}, 0x230}, 0x1, 0x0, 0x0, 0x40080c6}, 0x8)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r6 = socket(0x840000000002, 0x3, 0x104)
connect$inet(r6, &(0x7f0000000900)={0x2, 0x0, @empty}, 0x10)
sendmmsg$inet(r6, &(0x7f0000005240), 0x264e33, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaa97aaaaffffffff29ff86dd600a843500140600fe0000000000000000bbfe8000000000000000000000000000aa00"/58, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0)
syz_emit_ethernet(0xae, &(0x7f0000000000)=ANY=[@ANYRES64=r6], 0x0)

3.885128081s ago: executing program 1 (id=1778):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x354, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x335, 0x33, @beacon={{{}, {}, @device_b, @device_b}, 0x0, @random, 0x0, @void, @val, @val={0x3, 0x1}, @void, @void, @val={0x5, 0x8c, {0x0, 0x0, 0x0, "9af6da3eccb31dfdb01e6e7177c98c64430a038b1a5dfa035ea7a9381b60d5573f7a471f2255656c6fda4f9fe2a1cefb7e307f95a05deb88da8d6767435855a59a04759977ef1cf00cf302f452d67e80c72e836d0cfcfd95ca366d0e284f1c03058e40a2283bb06b723df5c6eef98646cae544fd4eebdf5effc6f1ba5debee4b327b12000000000000"}}, @void, @void, @val={0x3c, 0x4}, @void, @void, @void, @val={0x76, 0x6}, [{0xdd, 0xb7, "31851c27f0515dccb7554d54162c7b9db37edff2415d5589b53027d4db2f9527a9858f2910b19c7737136d933c4cb8b186a2cb77d33dc186120309d0107aae1822ca939dc88880a147e71f89f5936e8d68041d7e8bcc0f1b2831ed25db982a9cd8fcd5160c5cdc0cbe25dce28dc9925779fc4799284de17406d9ac3b5e35515e37ca5568297e0d3e19d80a5d5addb3184fec9543e41f70eb1bcd9a87da2f4b39e15dca2e549f43749edc5d2150d9349f08894e39ac26f6"}, {0xdd, 0xba, "1cb11f4c9767b25df19d1cb86cc9f4059996ff0021375555251d74cf6f777d24ac2b13bbd9b9d6f27b608e3a58d27ba7b7e16a8e13f0d8f288fa3e9a5e6c9ba0bd7028c0866f7cec56d3e0ae5cb3c8963c4d6e991fbd1547b046152bed86b40dc529d6663ed96a2f54759ca9fd4841407c6fb63f588fed1344890b04c3914826eaa5b022f53aa9fb6bffaa0370be496fc201cd5b33db589eb87730dee906175a89a626342c521f0b18b5cb5ed9de356bf155e503ca39d841b335"}, {0xdd, 0x25, "523a4aa23e4123ca5c555c2b2bf412911511b4b39a758f6e3a496d64414c19f01ba62cf366"}, {0xdd, 0x12, "0941a0e096d40b7d3b60bec79aa8aaa3f566"}, {0xdd, 0x3f, "7b1f666daa2c5732ac642cd918aea5ee68d9287e589b7d5326dd3b2bfb9e3d1679ee7c57f9ddfe7cc6179e25076e5fbf36bd5882a567a92f5c2ba4e5d1fe2e"}, {0xdd, 0xb, "0da71e815422994325dfec"}, {0xdd, 0x64, "30d8ac98fdedffdf2ad390d8c532101bdebf905f4f96a12b5400578c02f802cac6cedd077c38a52b4fb790de3ab2c28eed8f45baef37217a654a07159fd6efe9fc5a4effdb0327c0802a3a873e92979e62ab34d31a748ae171a86d656075c5a8c88eaba1"}, {0xdd, 0x6, "4f3fef835ea8"}]}}]}, 0x354}}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd, 0x0, 0x20000000, 0x8020, 0x0, 0x0, {0x2}})
r4 = memfd_secret(0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r6 = fcntl$dupfd(r5, 0x0, r4)
ioctl$SCSI_IOCTL_GET_PCI(r6, 0x5393, &(0x7f0000000000))
socket$caif_stream(0x25, 0x1, 0x1000004)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r7, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
socket$inet6(0xa, 0x800, 0xfffffffb)
socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r9, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$kcm(r7, &(0x7f0000000480)={&(0x7f00000002c0)=@pppoe={0x18, 0x0, {0x0, @random="22b7a92a69ce", 'wg0\x00'}}, 0x80, &(0x7f00000003c0), 0x0, &(0x7f0000001a40)=ANY=[@ANYBLOB="d0000000000000002001000007000000da6549b5de4971c1f4fcd2eb9cfa3ab52ed1fe6329fae4aee911455e449dfe20283d77238a75bd5f5fa840a61faf9f587c8bf90909ba75f22fa94c41ee0937f04429acb0271f97dbc683bf53728efd13778054968914b2a91435c00968d0709c41837fda9051f9b722896149001f2e9319a66e02c2ffc085feab48c680fc6a474512921290f0b1380d05a8e4db4403a58ee96e48299753393cb275934d125e7ec01f48193c9f81f436175393032e948e8f47689588a3e0ad57d1c00000000000c80000000000000013010000550000000852263366650c27d7398280597612a9757c20543f7671e0d77a5f462bf9bfbafdd5ffb1beccf5484a9faf66897e69a711ab7ffcc43ec6372a0887ad07291b5b28c83dade4f8761f7bdd264d34a25008b4cec43276b0f67dc917f01ca578064d3587e4b11253c546a0e05b4635a36ad5d0266f588c29080c9dec8ccdb7c03f91837433fcee2458e3496b701f82a15674ab801397bafff2ee80fca2390089421e11323f4da1aba46b85f0efff4ecf2819f9af1fec00000000101000000000000011010000010400001f1da4def05bbd84c17294e9efb4c86533a7c8c46bad0b5621596d2c1bb6badb05294ee938f6e451df0837a61d8c19c62e5edfc65f91e7d6cdfa39f7c7315bb1c18154b954c81735ef30a5b8ef9148f750655045725807e399f52d8924d98334611ea68a234a65b8e673bf5165cc8e0e406695cb069ce6c6e0439b7e87d2e7278707b4b9022dc0098e7a7aab2ad2b3a2dcca3a11d558f23adb4cb3597f06ea063b99775d2dac52793ad2ba095bb7bc48fe4d371541f3abc8b062c627664efce675a64050a901538567b28b00426699f678a08d4052b1df334892204f68f3634b717d6bb092f4b420c07e5fcc33e5372c2f569083eaa0cbcca8fc147a750b2f88c239553f9c2aeb033702ce04790648bdc66c5e93e8284c01ae6d23bc09878f8ee9f3fb3a5368c182d676f0f641ce60cf10c533b6b9a99325d55ee2c7f717433b508fa7dfe58d25017d3bfdfbf687b65a5c0947d4b5bf0f5c48814236a8a1ca56fdf94a2c8a76fe95cc073d56207712c0e6d6b1f49d81c826d82e8dfcf0e6c0c42593fa98fa9a2a760d48d824214abdccd2403f9668803ff848d1ed0574eced50a725fde50887bbf502fea076e27fca745ecd0cd091b060835ceeb6d49f8c29f49918e6031b72b91efefef6e1363cf66760c950a5cff50d92f4a2048e70387d8eef60932a5ec1c1bfb64e7138c8d05b106fe055f1b9fb171a35b0e26088727d37b19b054439326db41407a3d6b0e66cad04434a1ddfe0ffae3192e269a43688f0c4cf85c5b897cc32fa694cb7410b956c1f8ca55d60fc3b0ffc8ab5394557417f79aff18084ec71024f12d4625e141816c45e319720303cea707c32726b3a2ec578fa8e5285a4d67701e838307343d0cfdc6b32eb7106fefec5beb5d996cd20ef3934590ddb5317e934c0eaea82d2a82e0fd5ab880aadef230559592ae270f871463f9f557c1a41c04d0225b61caadb1df55f148e2e00d821464871f97ec518c0a1e8f1e553c6117e2ae611003958739db3eb7eb2912ab220b3c90593c8fc1c3903de51228df77d1547ada4324f79c6f8099a8a65dd009d8cf9c724c92b02aca8c3c85f5cdbc036b19193de8fb302ac4ff2bbf6bc018231bbec294996827996ce742ca9981ac656a5ef813be4bc299e3b7bc512eb5eae106cc03abbfe977454288d6ef598c1ab6db87aad1daaee6618bfde45e3d6b8b01bc893d3fd742d2bbd142a3fd33cc6a8f27540af185c5d6f7130937d73949b426b43d694d1617d75f23ef29874b97a00f0f1f900121e9b18a496e03075276dab63dd1deb7a937ea8a70710d7ccc2cb46fe7fcae43ee74fe3ee346e4236270cd7764a0822b7e4c579f35d602c08b65985fdd16b72d3e7f7139120fef80869f714ace8301e8492c95f30a12bb0dc6473564f451a4bc4a0be3e0a641227ffb9a2ccf0c5e635b2191e3cc96e1d068093ed99f6a08b9a3e0649f6760b75d098f10c3c43929f47687d1cdcf64668d8be122ebaa02fb9e20b7fd279e1f698c4d1798d28584a48f410ab1c3ab78d9b0eef70ad206ec6bb327383cff285c409e35faf94d9c6a3695d0da61c6c9dc95ae48a1d09256430d036aaae5a9ad8c157745cb31dc55724072318bd93e65f360018432c2c677565ad224c126d13e211ca98f6d4b6b50fec7caf3a5776dd971d46d1b0f913dfaeb3eff14dd8a896be6c65416eecf308316efcfc57aa217da9662efd94bbcce34e783340532b289649cfc8921779bd5783c390214c69b41703cb555706e4bc0ffee1a81b090665718d4076d638e6126279559e7476a611b6af51a4b17d7cd3e48d3dc70cebcfc4f95abfce3294af93c5ba3ce8fc94bccb62b618f367b5ecb71dba6d79b147a1d58f7aaa31e68b503ce0db54f9be75d37ceeb2e4d4e9e65f700a3ea0f8ed265f24e332c0282674cd714aad678ddffc9f867b9a488d693f3b70cb8a573647ecc1a8c9bc908551a08b9f3ae0505919cc2c27f1684ced010c7779736b47a64207d5e63122dbfc1304a2db3cd435a06921e386c13b7080c031b880236e8a99995928bd8e9c766329a768aa2fa74186ed667b0365aae9ab397e3495e67d711d1559b51993ae3ce3a2912ffe3727250d04a2d0a11ad43c683d4c927aad487cc4a240e78259aee3fbca7e739020ec1bcd22ae87ae0c789e174399042c10e2443add5bc589ffea1e94dbd98a534a2f95607ff0b149b757baebd6e8ee34919726afbbe38bcf5d83b511fcd1ac016405eb8cfd4410010530a55b0e4bffa78c26f5a0bd5f34128752c40cd4a3892c60d024d5ab06449cee5250c6a8ba626667ea3802cbe54595fd871019265a4c77b35d2a9f9ec4089d9f0f24694364cf46406a9a3365989fa608e70111bf7a9a9fd2beb33bb6ee240f9ebfbeeaec83b1c249038f6713ecf0d50b864554e070c59146c6d7e7a73f76955b57f75aed46b18e0f5f7777309bc115dc27025d08ec9cfaec0a859536d2ec9b79c9af5527cebe97749dd44759170fe4832c9fd45e1203478a9ac42cfefab6c41977f4b4abc491533ed3dc0d1bfa571d6c79dddf86308c0d5d7ede4191887c433265181c2896a56ea2c362d6b4ab184792861e4d0350a645b7552747fb2598a3d228d80c17e18ebbff45ae069603a9818f46a77b94f45e6221e2c56a166370eac2d8f7768a51776eb99e9831c17bcb3ef6ad20835b574e2721a4d3349687b1a84b157a77ce1312693221d7dbe6409a97174a410bf494a1b021946359a939158d58edbcebf71feba4dd72b6a061161307425ee7e55eb9f5fc6fb1906e63b2736b705413ae941be0901b9efd1fd469e83f51ecdd49fb79e6eb6f60b891445dc3b27e2915036a7f650f6533b0c89c0bb81dbe54c5c25ac9a9fb6ba93d3e683d9dd01ff4ac6005169226b614345e8527b8446190da1e5c146ec0fb7f59c97396fdbdc85625175ebac6728bcf9cf39a46a20ff26f49bbad5895dc96c7d06778844c331cceef5d9a95cb538d3419ca87e3a7f251b623a28b8b71aea81a12d0b51db1b6fa2d5deb1498216e44661ca2c5dced6fd5e16dd25015a4c19d4eff182172c48295b199f76c498bdfbf47548f1822570e2b002776487b14766f1eaed41ff7419fc8bda54f56f43b2ed7163521b8dd4b9ce01df9918f814b4b75024861a7a6b3015993258f9fc1205de7a8b35c54a94770f2806d3909e09394ee453d9ce4dc06874f765520aecbbf265609931e29e303cb9a803ad47d041f38ce186f67b6c01b56dc7c3eb1460b8bf3fefa11502b5813a95765488cd0cba8d9ed8efcdc9efcbc149c59ebc8650da27d2073f78a6535acdae4cab42d03fab5b27d1065d2c586e21bd9a1c570896cef0a796a0f2a7e8768d05fbca34e6f9ddd55ed526017c43da8c169466bcf671cdeaf8284272ecb0c3b1e30d80de31ca1a57fed22a7ad2b42201fd4eefd9569f5834684ff24b3c33aba5709b5ff9c48128f4235e78e4fb4b1c52a37030d3e57d63613bc1d2444d8c979d1e570383944b4565d109c814b8428c80e75d79484e206ef04ea0d3309dc72e5a9af7a1681e6ede94102badd4ae3065293866df73c4c1c4ac6b6c62124dc7e731ed190814ab54f7ce0bbb9623d573f715cb8576b31f368a9fdab84b9d17ecac85eb5c3629d6b3b07fba48e6975039ec483fe6a14dda8b15cc377eaadd045873b0d0079a3e6424bf911ded9043ce728e82b03face1ead690a1ae62ed901de7ea4a0709f641f3933675bb3b7a877671c5888c40c1ca86501c4936922b1e63e7d820a514465c7e3d6ddda2fdc4e9bc5c9ca047455ef6b9ee214304e891641f3ce51128f1ea9abeeffd2190e55679c38106ed625f8129a3213651d764eb116335ba317e05aa698c9c985df2dcfeeda628a7f73ff435b4dd265239ac32c3f462872979df0e2aae49987c78c53e926557ca1f47b5b487182cb72cda8885649f56c3b157d94ade440b76193b9e4649a411b1e1e3cdb77e0d83ef17e53f7f0da1b1aa3dc517ab2e9fbb33fb41e00f3e6607731cb22f1db53015e8c98eea458eabe1f4b0fb7036ca41dbd3c454b09b58692ad4c0e8b84559951b20172501a71f72e20ebf483ac3dce4c23cda1d833569590c2fad5811daf51aa2bc5276555c507d3d07ac6afee0d98ed740ddbb12266fe50e2fb911e633d0ccad58554fe4d2666b3d071a3afcf2883f36653959141b35cdbc8d5ea2bb4548f3318de094c841d7fe524a0e0cd93c84682380f685370d7667654db1c0c5e4b290db5a878076355fdbae79ea8af4b0d2778ef77e410bd6ada6a8848916c8bed7813d91dce4c8c789cea9036f8fd315be5b9945ab4029017a5fea732654c80a2ec3c17ee744fd709a8730a95f004ac14b0248d944e8eef783c5f43e3b151290e36cb01a3449e2c34fdc2d25ddb7a9c085d39ef48cd9ba981a3cec471df9625fba8f1390702fb112bd96310216ae01c059f4fa12ee22e097dae4e6d9147acdb176fc2b5cdcb4c5cec27145a8a588a447f4cbce633c1cbf4bf3b0b7295fec41a02ea419ed1d1529ccf3743d71e09929707244e15cf9632d752634edbb89da6a99d47305c706e7cbf1ab53b596c765aca1874c8677f39bd032d95e7027c29a5dab071ab83fca3d27521bda4f4d6e56e51c3130ce39382a8e4b1f0c283b1a21d053b79c55a03a8339ad3accd38da5b218b35996612ac37dca1f315d4fafe0d1ef644f517ccfa772b50422dd8594a4a46a6273ab5059dcda21fc6e40bfd8a09ef470862828ab12f11bb2ebf65d1db81a234d3f3cf53c830988752897a63c6d937c30e8a28acbcf056f1f3761009d9ef7343093c5f52cdc1e75fac6cf5812e5d4658fcdede401f82d91ee498c9f24ae3c15fc412220269ebcb40424d9f4526ad4a669780ab497e216524df7d5b56814d0231be1fa77de41cda072262e48fe6a98de73159d650881fb1a3ce818339d03c49e377e96afefe48a2d255aa77352fed93091bc39f8e8ee58f820b016661c82c18b3739de6b85eaec5387372a0a085f449ab5d8de9923791d0cf4a65c13426607146882edf19ef95eae7f7af74a3220510761a68b1451bf8bcfa21d93975dbcba0e73cc62d27354de702b7b982b47657a892d034f05d7ea431f81c80cba9a63a55fc6e8052fa6fc1ec7c959948ad63480c8face6cded2115bd10233d19b05cc40a92a8c81f8260bf816d96f11d426f256f162f45534dc71c98f1081f778a72330a5b08216c728eae71525b43dcaca49b0cd0969014c6460818ff3e051ffc21a14a52c3d170f31619cbe6c7ad42cc351772fddab059af80e02d06e0867205fac7c5938780fa0532b6292f521dee15817c1761523a9e38c94ba48ff96905028db9321256d8a9d24f5ad94ebe1674fb608d461a9db43cb78ab14a956fb749bea9188c50cfaca3b9296968223298417ad2cd090f8db98b4f886b55049d3209e11a7dd029eae2d0317ed9fbe98f08dbb69f81a65059e8492aca07c309c05bad5899e5a86ca5dd1883e02689e3e8df037c4bc33f907534db55a3a35cc02963d1220984d3422913f97924feb7b025f83717be7abb4e87c0951afa8c10c39b6f4b688db5cc9750e54bf01b693b5fd5131c0293617a12be8bac1da1a069a011c015b82d46cfdfc465e3ddf7de8f6b89b969e6d5586458ddeb7d2de46d0bbe5dd7b71bbba95b7c39390226706840da72d608a163411fc27265c01a870cd50ec81c0f38f843dcdb74753c0823948ce7dc98af2bafd820ca93012128f4b47eb9cc196df64962be053a453221d464b96cf75446306836ffbda9a6fd2cd9db0d37a3c800000000000000180100000800000089972a3daaaf146738cfad86ebec8a715e160d5c06ebf56aa3e3b73419ee3fa1a8d88f40367b60fc334de39106fa8f6f4f15b0f5d348aa142addbd09c8be544dcaea8d8a536f9e07f4281afaedaada581571e0f8d88a5f6d13e35e61f814b5e7ca68e28fc77c1e24c1c036479ccb4143c9954c6258dfa1bdc23ce85de99310861bdf8e1dfe395a6e78003ad67cc6915305f2b4eeb3a8a369c5abe0ea0d20fd6edeec65dba2af7b1a26412bbf8bc18d87ca43095a48f9ea0060000000000000000701000001000000c8f95e3151a4c8b4d40413726c883b83103c94cbecfc95d1ccf92ae39c03f53842c09a46660ee6a30dbb5f98b694f5b301026b9af36a5941f72eca873ea4ab2fe2020a5f5492cb538ece7d02bc973000d80000000000000006000000df400000965cc0b8ef5c1a1d60f1ca312ad1d1ce2af72b5a2225b0eec51fa54bd93360b39d4898b97ed3286c8a24e6f7e7cc978149a4d5363f922885797f2171f843e4d07a0bd7ee6dca87e065160c948aafbae05edfb1d12beb50232976bea769a2ed79e4c523f01e2f4b38e31e09867c79d31d6e662abe3b4f46620b7d78fdd37cff90bf0a7703a96514ace0bb283f662e72cdb517696bfc287711fae3a8db0ec210710d7ea2347f68305c16ecf4db4f805cb490fb7af0329970f2675df6faa4e4d7d850653261000000002411c7c4fc81ff6ada345b218e82fdf17c9977cd732c77fdd216e26fc75d2bcb5945a02644fbc21d4c5c8e6f3eb31c42e4bbb91c8deb02dd027bf157a9f80b9ebe3461bad7ba6ed1bb5ca448486a7be9300cb005632f3630"], 0x13a8}, 0xf376f9a8029ab7b6)
sendmsg$NL80211_CMD_START_AP(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x8c, r9, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x3c}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x2}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x10}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xd}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x3}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x6}], @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x8c}}, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
socket$packet(0x11, 0x2, 0x300)
socket$nl_generic(0x10, 0x3, 0x10)

3.71056957s ago: executing program 2 (id=1779):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1d, 0x4, 0x8, 0x8}, 0x48)
rseq(&(0x7f0000000200), 0x20, 0x0, 0x0)
r1 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
mkdir(&(0x7f0000000280)='./control\x00', 0x0)
wait4(0xffffffffffffffff, 0x0, 0x1000000, &(0x7f0000000300))
close(r1)
r2 = inotify_init1(0x0)
fcntl$setstatus(r2, 0x4, 0x2c00)
r3 = gettid()
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x541a, 0x0)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000100), 0x10, &(0x7f0000000240)={&(0x7f00000001c0)={0x1, 0x0, 0x0, {0x0, 0xea60}, {0x0, 0x2710}, {}, 0x2}, 0x48}}, 0x0)
rt_sigprocmask(0x0, 0x0, 0x0, 0x0)
r4 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0x8604}, 0x10)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@mpls_getroute={0x1c, 0x1a, 0x0, 0x0, 0x0, {0x1c, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}}, 0x1c}}, 0x0)
inotify_add_watch(r2, &(0x7f0000000040)='./control\x00', 0xa0000000)
rmdir(&(0x7f0000000080)='./control\x00')
socketpair(0x1e, 0x801, 0x0, &(0x7f0000000280)={<r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f0000000840)=[{{&(0x7f0000000000)=@file={0xe8e6005ca50009c5, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x1}}, {{&(0x7f00000006c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x2a}}], 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x10)
r6 = syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x0, 0x11100}, &(0x7f0000000000), &(0x7f0000000040))
io_uring_enter(r6, 0x2def, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYRES8=r0, @ANYBLOB="9f3078c68158a7e7f4a5127edd2999c400af7bb537c2775d2a4d34195a41f3ed87a0debf3c3348526e2e01958a198db10aa0d758744dc24c711ad701353514ad15fe08a44f2ea4d25765990a8051f89ec7a1f206875824ee97a4b63e", @ANYRES8, @ANYRES32=r6, @ANYRES16=r3, @ANYRES32, @ANYRES16=r0], 0x0}, 0x90)
syz_usb_connect(0x0, 0x36, &(0x7f0000000440)=ANY=[@ANYBLOB="130100009b23fd406d04c1088dee000000410902240001fa0000000904000000ff01000007240100002e000b24"], 0x0)

3.252326123s ago: executing program 3 (id=1780):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10)
bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}}}, 0x10)
bind$tipc(r1, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10)
bind$tipc(r0, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x3}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x1}, 0x10)
bind$tipc(r0, 0x0, 0x0)

2.913260759s ago: executing program 3 (id=1781):
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$qrtr(0x2a, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x4048aec9, &(0x7f0000000080)={[{}, {}, {0x0, 0x2}]})
r1 = socket$key(0xf, 0x3, 0x2)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f00000000c0)='nsdelegate', &(0x7f0000000140)='&)\x00', 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x94, 0x0, 0x400000000000000, 0x7}, 0x0, &(0x7f0000000080)={0x3ff, 0x3, 0xfffffffffffffffe}, &(0x7f0000000280), 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="020a040007000000b6f1ffff0000854105001a"], 0x38}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e000000030000000000000405000600000000000a0000000000000400000000000000000000002100000000000100000000000002000100010000000000010200fd000005000500000000000a"], 0x70}}, 0x0)
sendmmsg(r1, &(0x7f0000000180), 0x3ef, 0x0)
shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x38, 0x3, 0x8, 0x3, 0x0, 0x0, {}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @fccp=[@CTA_TIMEOUT_DCCP_REQUEST={0x8}, @CTA_TIMEOUT_DCCP_CLOSING={0x9}]}, @CTA_TIMEOUT_L3PROTO={0x6}]}, 0x38}}, 0x0)
setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000000), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xe30209c9b53cb2d2, 0x10, 0xffffffffffffffff, 0x0)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
close(0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180))

2.415588393s ago: executing program 1 (id=1782):
socket$alg(0x26, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f0000000400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000280)={&(0x7f0000000900)=ANY=[@ANYBLOB="20000000a234dece55b8f05e66db7c145183f0507fe985244380a2d0331567e39ab5af4be3246be00dbec30c08000000f67fa4e7edcfe046133d64d9c4f2a11d5c904954103fa6f58180b0d94b7005ee681d7dff234b0a6a03c4ce21dda745f5c2cb12813fa73ada4391ac5b11287d48b38972f4f3b1ea646f4c793fa6ae1af2fb6a527410adb3455175c8d452fcb59609dc2ad5c94bd3ebba73ebaeee4b9bf4dc8c76caacc6396ac00f04", @ANYRES16=r1, @ANYRES32, @ANYBLOB="da2112f059fc6884d6378069910918b568f35973c5e9b8dca5253bb108c18742b708437e3fa30b88e6cecec055c19da9342f69ad185ed8aa060ef69d655d45a27631092b27572573b97f993beec492da6dc501ad8dc8bbac185ee0ee476859af1141532a44a041bd6ac8c84dffbfe401a4211261757870636a054551a14c46569232c2b1c365cf9bc2fe807033b8f1db1ac977e2898ccc28a2cd5cd4610f8c664d461dd496f35f2c03b180a7d33ceb9f8fd98981"], 0x20}}, 0x20040000)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
r2 = io_uring_setup(0x666, &(0x7f00000002c0)={0x0, 0x4cf, 0x40, 0x0, 0x2})
r3 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_procs(r4, &(0x7f0000000200)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r5, &(0x7f0000000600), 0x12)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
read$FUSE(r6, &(0x7f0000002a40)={0x2020}, 0x2020)
setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(r3, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000003c0)="fe", 0x1}, {&(0x7f0000001240)="1eac4d20f8509e2139d2842c8faedef008bcac1025cbc63d2bfe0c7bbe51c5bf73985d5106bf5b5e7e5761716e35b468ea79633c916c4a8026f9408d056b8977df67c0e6fd0b1b3da5de5d003382ac95eade5dadad870ce3749452d2c1c3651ffff244be3078fdbfeb97d093bba60131e733d91c4ad38e7b52aa7afa9cb8e2351bd3f8a7a2a0425b071f6790992b8c2a51d944b0161c5c97fcdc19c2ef7c66ccc23c77a28a34b216c429444343ea056f171399dc03d56a1131ba74d31fc1012d3deff0e43309fc9e3b88bec90a7680aa74ccd581e02eb436a0009fa62097513d0c9533256d81978fae39288edcb833739d2988ccf5a564bc00edd1ab0853b873cbab3ef227f11325d72dbe2f435351610d01d0f74e180df6eaa94651336e7713414e499586edd5693e587a186fcb68a973e823e61a072aaa4fb9e3a03ff4c17c9e343684255efba0d1b149b22c2d81f1ac5eaccaab01ab108178e97eb8a45d5d6cdeca0d6b9af9f88cfee58935be6902ac7c6915d60548367d164990b142d472b9b5700191b1f978fb36bcde646385dcf5cb7adf1ec70baef4061d2da93d2f5eefae1081374d58ab54532755c1b8bf303584296145e9aad2e3ccef93f30da9c102db5cfe346baba2fd3f157cb6e825e607365ff8c6187e216dc4072e582874ce63166405e21644015f99d5713165a377bfdc3143928e8469b4e312ce1f9dff83fe7c8d9fca791af2b46f1650e3937c9ab589d5f93fb578503aa64042c66571649844d93257489c1b658140e4c194c329a1a2c0117d123a45b213a118dd608bd6bdb2e0a6782f785321ff48eac4158ad9efb3737a6cfbb21d0dba732558493aa09dfa7fa41b4922e4e205a4792c9694661a18eff0d932d824f6987aa3dafa7ddc9b0acd70d43263c78dde88b7c665abbeec1cf1016ddc321f713cc3c149eeda6443b5b278eb3a05b08d510650b055d3193c4d5bbe084431cc40a626e81827d8bf2379435ada42a99569b35faa3af53f90f4dcf7a7d1c2e6fe4d7739b135981d40ba00de019909748640d554a159e552c6a7a7c77b213fad40dd785cc4ee983266b3377fbc7845a44992f82656b8240c169697599074348a4bac29423612e4c0ba89a66d08033b54b4d8f8704ab9470fe6316dc6ba610b7f3c1b0428607b13d2cfbed5c82d9214a1e97edaa27ed011d42800467fd54cddec7841f2aa513e7c8956842ea69b6b80208a4acbe9b678a9ab48a26df1cebd283f0d8e2956d8e8a4aad5b563ae75ddaf9b167d70b0e96f42a4f1c5bef1e777fedcb380707fc7ac87e249f322a01660687c04d1bbeeefeecadf86c3ef805d79964a862877cfbff40eb340f7065bc759013cbdcb25305ba6812a853b8d8e1960227826acb24311ed0e67f84565dd8858ca3be23409569e15ba75120c35dffdc8a4b7688d5d02fedf88434274b828fec979ea029405cd1e7cadc867ebdc98c4a523178715828c1a6361e60ff1f2968efc20d6888ac2a6f81e37cbc7f1e89f3421825cc278df26c8722e1672fc9672a8d0a60dded6f0765ac61f8a91acf0195abc177e56cc91a9c11ccf95d2a58de5494e66cfa1e758438ee4bb163ee05927e551e4d05b308a0eb01cea0e43", 0x480}], 0x2}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f00000001c0)={0x0, 0x3d, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x0)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000040)={0x0, {0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x2, 0x4e21, @private=0xa010102}, {0x2, 0x4e23, @private=0xa010100}, 0x81, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000000)='macvtap0\x00', 0x2, 0x4, 0x7})
setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x41, 0x3, 0x248, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b0, 0x1f0, 0x1f0, 0x1b0, 0x1f0, 0x3, 0x0, {[{{@ip={@dev, @broadcast, 0x0, 0x0, 'wlan1\x00', 'wg1\x00', {}, {}, 0x6}, 0x0, 0xb8, 0xe0, 0x0, {0x0, 0xffffffffa0028000}, [@common=@ttl={{0x28}}, @common=@socket0={{0x20}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ip={@dev, @multicast2, 0x0, 0x0, 'xfrm0\x00'}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x2a8)
close_range(r2, 0xffffffffffffffff, 0x0)

1.991939069s ago: executing program 1 (id=1783):
accept(0xffffffffffffffff, &(0x7f00000000c0)=@pppol2tpin6={0x18, 0x1, {0x0, <r0=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, &(0x7f0000000140)=0x80)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000180)="cba835929bf0023624ea69be5b2154ab", 0x10)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f00000000c0)={{0x1}})
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x5422)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f00000000c0)={{0x1}})
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, 0x0)
unshare(0x6a040000)
r3 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x11501}, &(0x7f0000000100), &(0x7f0000000280))
io_uring_enter(r3, 0x0, 0x0, 0xf, 0x0, 0x18)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xfffffffffffffed2, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b03d25a806c8c6f94f90624fc601000127a0a000600093582c137153e37080c188001ac0f000300", 0x33fe0}], 0x1}, 0x0)

1.920741025s ago: executing program 2 (id=1784):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
socket(0x1f, 0x1, 0x4000)
timer_create(0x3, 0x0, &(0x7f0000001400))
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000001300)={{0x0, 0x989680}}, 0x0)
r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000080)={0x2, 0x2, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r1, 0xc058560f, &(0x7f0000000140)=@multiplanar_mmap={0x0, 0x2, 0x4, 0xe7ffffff, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "68b9c381"}, 0x0, 0x1, {0x0}})
socket(0x10, 0x3, 0x0)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, 0x0, 0x0)
r3 = dup(0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000500)=0x20000000005)
preadv(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
syz_io_uring_setup(0x331, &(0x7f0000000540)={0x0, 0x0, 0x2, 0x2, 0x0, 0x0, r3}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000280))
syz_emit_ethernet(0xa2, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r5 = socket$packet(0x11, 0x3, 0x300)
getpeername$packet(r5, 0x0, 0x0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xffffffffffffffff)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0x1}, 0x0, 0x0}, 0x20)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue1\x00'})
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r7, &(0x7f000000c3c0)={0x2020, 0x0, <r8=>0x0}, 0x2020)
write$FUSE_INIT(r7, &(0x7f00000000c0)={0x50, 0xfffffffffffffffe, r8, {0x7, 0x1f, 0x0, 0x1}}, 0x50)

1.830611216s ago: executing program 3 (id=1785):
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IMADDTIMER(0xffffffffffffffff, 0x80044940, 0x0)
creat(0x0, 0x14c)
ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc028aa05, 0x0)
fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0xf}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x3, 0x2, 0x4adeedf5, 0x3, 0x4, 0x3, 0x1ff, 0x9}}}}]}, 0x58}}, 0x8000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001840)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {}, {0xc}}, [@filter_kind_options=@f_matchall={{0xd}, {0x8, 0x2, [@TCA_MATCHALL_ACT={0x4}]}}]}, 0x3c}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1.68837396s ago: executing program 4 (id=1786):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000003c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x51, 0x4, 0x0, 0x0, 0x144, 0x64, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x0, 0x5, 0x4]}, @timestamp_prespec={0x44, 0x44, 0xc0, 0x3, 0x1, [{@private=0xa010100}, {@multicast1}, {@remote}, {@broadcast, 0x659}, {@broadcast, 0x7}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x8, [{@dev}, {@multicast1}, {@multicast2, 0x7f}, {@private=0xa010101}, {@multicast1}, {@multicast2}]}, @noop, @noop, @timestamp_addr={0x44, 0x3c, 0x3c, 0x1, 0x8, [{@loopback}, {@broadcast, 0xfffff7a9}, {@dev={0xac, 0x14, 0x14, 0xd}, 0x6}, {@multicast1, 0x200}, {@loopback, 0x5}, {@local, 0x10}, {@local, 0x8001}]}, @lsrr={0x83, 0x13, 0xd9, [@private=0xa010102, @rand_addr=0x64010102, @multicast1, @dev={0xac, 0x14, 0x14, 0x38}]}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}, @noop, @cipso={0x86, 0x25, 0x1, [{0x5, 0x12, "4661a6d74ccdf8d07983f1f84c4423eb"}, {0x0, 0x8, "f61fa5dd1b18"}, {0x0, 0x5, "937130"}]}, @timestamp_addr={0x44, 0xc, 0x3a, 0x1, 0x4, [{@private=0xa010101, 0x4}]}, @generic={0x7, 0x3, "d3"}]}}}}})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, 0xffffffffffffffff, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
r5 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f00000005c0)={0x40, 0x0, 0x3}, 0x10)
r6 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000080)={0x40}, 0x10)
socket$tipc(0x1e, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r7 = timerfd_create(0x7, 0x0)
timerfd_settime(r7, 0x0, &(0x7f00000002c0)={{}, {0x0, 0x989680}}, 0x0)
timerfd_gettime(r7, 0x0)
pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x2)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
userfaultfd(0x801)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)

1.038831283s ago: executing program 2 (id=1787):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8080}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo\x00')
getdents64(r3, &(0x7f0000002f40)=""/4098, 0x1002)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x101ff, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000004c0), 0xc, 0x0}, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
fsopen(&(0x7f00000000c0)='hugetlbfs\x00', 0x1)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000180)={'ip6gre0\x00', <r5=>0x0, 0x4, 0x98, 0xa, 0x2, 0x20, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7, 0x7849, 0x6, 0x5}})
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={&(0x7f0000000080), 0xc, &(0x7f0000000240)={&(0x7f0000000640)=@delqdisc={0x270, 0x25, 0x8, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xfff2, 0x3}, {0x0, 0xffe0}, {0x3, 0xb}}, [@TCA_RATE={0x6, 0x5, {0x8, 0x37}}, @TCA_STAB={0x1c8, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xd5, 0x94, 0xe2, 0xaf9, 0x0, 0x8, 0x2, 0x7}}, {0x12, 0x2, [0x1, 0x3, 0xd7, 0xf, 0x2, 0x81, 0xcb]}}, {{0x1c, 0x1, {0x2, 0x9, 0x2, 0x400, 0x0, 0x7, 0x7, 0x6}}, {0x10, 0x2, [0xd8, 0xff4c, 0x4, 0xfffd, 0x2, 0x9]}}, {{0x1c, 0x1, {0x7, 0x6, 0x1, 0x6, 0x0, 0x1, 0xd99, 0x1}}, {0x6, 0x2, [0x8]}}, {{0x1c, 0x1, {0xf, 0x6, 0x5, 0x2, 0x1, 0x9, 0x2c, 0x9}}, {0x16, 0x2, [0x9, 0x119e, 0x9c, 0x1, 0x7, 0x5, 0x2, 0x1, 0x94fa]}}, {{0x1c, 0x1, {0x1, 0x9, 0x7f, 0x9, 0x2, 0x42f, 0x5, 0xa}}, {0x18, 0x2, [0x2, 0x7f, 0x9, 0x4, 0x40, 0xfffe, 0x0, 0x1, 0x3, 0x1]}}, {{0x1c, 0x1, {0x5, 0xff, 0x7, 0x400, 0x1, 0xfff, 0x7, 0x6}}, {0x10, 0x2, [0xf8a3, 0x8001, 0x9, 0xfbd3, 0x8, 0x3ff]}}, {{0x1c, 0x1, {0x5, 0xff, 0x4, 0xfffffff9, 0x1, 0x4, 0x3ff, 0x6}}, {0x10, 0x2, [0x7, 0x2, 0xfc63, 0x8, 0x9, 0x0]}}, {{0x1c, 0x1, {0x5, 0xf4, 0x2, 0xfffffffd, 0x2, 0x4, 0x6, 0x3}}, {0xa, 0x2, [0x5a6f, 0x3, 0x30]}}, {{0x1c, 0x1, {0x1, 0x81, 0x1a5, 0x2, 0x0, 0x3, 0xa, 0x9}}, {0x16, 0x2, [0x1, 0xe7, 0x80, 0x0, 0x1, 0x63d, 0x6, 0x4, 0x0]}}, {{0x1c, 0x1, {0x80, 0x10, 0x6, 0xb, 0x0, 0x1, 0x0, 0x4}}, {0xc, 0x2, [0x1, 0x100, 0x8, 0x0]}}]}, @qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x0, 0xdb}}}, @TCA_EGRESS_BLOCK={0x8}, @qdisc_kind_options=@q_cake={{0x9}, {0x34, 0x2, [@TCA_CAKE_ATM={0x8, 0x4, 0x1}, @TCA_CAKE_MEMORY={0x8, 0xa, 0x56}, @TCA_CAKE_INGRESS={0x8, 0xf, 0x1}, @TCA_CAKE_FWMARK={0x8, 0x12, 0x3}, @TCA_CAKE_SPLIT_GSO={0x8, 0x11, 0x1}, @TCA_CAKE_RAW={0x8, 0xc, 0x1}]}}, @qdisc_kind_options=@q_pfifo={{0xa}, {0x8, 0x2, 0x2}}, @TCA_EGRESS_BLOCK={0x8}]}, 0x270}, 0x1, 0x0, 0x0, 0x40080c6}, 0x8)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r6 = socket(0x840000000002, 0x3, 0x104)
connect$inet(r6, &(0x7f0000000900)={0x2, 0x0, @empty}, 0x10)
sendmmsg$inet(r6, &(0x7f0000005240), 0x264e33, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaa97aaaaffffffff29ff86dd600a843500140600fe0000000000000000bbfe8000000000000000000000000000aa00"/58, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0)
syz_emit_ethernet(0xae, &(0x7f0000000000)=ANY=[@ANYRES64=r6], 0x0)

1.030627261s ago: executing program 4 (id=1788):
socket$alg(0x26, 0x5, 0x0)
r0 = fsopen(&(0x7f0000000040)='efs\x00', 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x8}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r1}, 0x0, &(0x7f00000003c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='c:::/', 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x1e, 0x4, &(0x7f0000000680)=ANY=[], &(0x7f0000000640)='syzkaller\x00', 0x4, 0x98, &(0x7f0000000180)=""/152, 0x0, 0x0, '\x00', 0x0, 0x33}, 0x90)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0xa, 0x0, 0x8, 0x1}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x4, 0xd, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002a000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r3}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r2}, &(0x7f0000000380), &(0x7f00000003c0)}, 0x20)
unshare(0x22040400)
r4 = syz_open_dev$evdev(&(0x7f0000000340), 0x48, 0x1)
syz_usb_disconnect(r4)
syz_usb_connect(0x4, 0x24, &(0x7f0000000100)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r4, 0x40085507, &(0x7f00000003c0))
syz_usb_connect(0x5, 0x0, 0x0, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x4, [{0x0, 0x0}, {0x4, &(0x7f0000000540)=@lang_id={0x4, 0x3, 0x41a}}, {0xf7, &(0x7f0000000a40)=ANY=[@ANYRESHEX=r3]}, {0x0, 0x0}]})
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_emit_ethernet(0x6e, &(0x7f0000000780)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180c200000086dd6002adf700383a00fe880000000000000000000000000001ff020000000000000000000000000001040090780000000060fd906300403a0000000000000000000000ffffac1414aa00000000000000000000ffffac1414aa1e520b4c951ee12e498924c7dc65397852a8bd76be1a00df5f4540f561c798c7f0f4f28b75c39889911933100fb81f82f2e91a7a837723a5046243b5dcfc97e4a53d55ac2cba9275598ff6a4c75332b80ea65dab548259352a0acbc97136c35f9e38ea80523c70452aaef90f6c245a4b5b85b18bbc5669df3961514bb36ffd7564f3208484de4ab809c678fb16b1e2"], 0x0)

607.76445ms ago: executing program 3 (id=1789):
r0 = eventfd2(0x0, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = dup3(r1, r0, 0x0)
ioctl$SIOCGSTAMPNS(r2, 0x8907, &(0x7f0000000080))
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
setsockopt$sock_void(0xffffffffffffffff, 0x1, 0x1b, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r4=>0x0})
bind$can_j1939(r1, &(0x7f0000000240)={0x1d, r4, 0x100, {0x0, 0x0, 0x4}}, 0x18)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
r6 = syz_io_uring_setup(0x24f8, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r7=>0x0, &(0x7f0000000080)=<r8=>0x0)
r9 = socket$inet6_dccp(0xa, 0x6, 0x0)
bind$inet6(r9, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x1}, 0x1c)
syz_io_uring_submit(r7, r8, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r9, 0x80, &(0x7f0000000200)=@in6={0xa, 0x0, 0x0, @dev}})
io_uring_enter(r6, 0x5b43, 0x0, 0x0, 0x0, 0x0)
setsockopt$sock_int(r9, 0x1, 0x7, &(0x7f0000000740), 0x4)
write$cgroup_int(r5, &(0x7f0000000200), 0xf000)
getsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000100), &(0x7f0000000140)=0x4)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r3, &(0x7f0000001500)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[], 0x4c}}, 0x0)
readv(r0, &(0x7f0000000200)=[{&(0x7f0000000280)=""/181, 0xb5}], 0x1)

357.040756ms ago: executing program 2 (id=1790):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r1)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f000000bdc0)={'wlan1\x00'})
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0)
syz_usb_control_io$hid(r2, &(0x7f00000001c0)={0x24, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io(r2, &(0x7f0000000240)={0x2c, &(0x7f0000000000)={0x0, 0x23, 0xbd, {0xbd, 0x9, "72a3468a83b65674ef7c8f704360f09c5ab92d78ed844fd52086f641e0f14d3dbed960563335b738155ad4c5d14a23f70bd2d2eeee3551b301bedb51cee68e23cc2281683e9261aee0f61ebaeea3f69339199a13ed83e7859451f0b29b5c02f9977f62b722e015f5da87f71dce6bac54cefc310be6d2b1a2b7a301f4be15f8b11f1b44aa5515cf000000000000000074362d220e1068267f56ce16aa85ce57c34840c92c08445323feabdd79a3a869919f095a94dba8ea8bb9de01"}}, &(0x7f0000000100)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1004}}, &(0x7f0000000140)={0x0, 0xf, 0x26, {0x5, 0xf, 0x26, 0x4, [@ssp_cap={0x14, 0x10, 0xa, 0x5, 0x2, 0x9, 0x1ef00, 0x200, [0x3f00, 0xffc000]}, @ptm_cap={0x3}, @ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x1a, 0x8, 0x9, 0x6}]}}, &(0x7f0000000180)={0x20, 0x29, 0xf, {0xf, 0x29, 0x74, 0x3, 0x0, 0x9, "23a7d238", "b9869171"}}, &(0x7f0000000200)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x1, 0x18, 0x90, 0x9b, 0x6, 0x335f, 0x2}}}, &(0x7f0000000700)={0x84, &(0x7f0000000280)={0x20, 0x1, 0x92, "000848b6bf532c3548f6f65be1043cb8ae782ced044228b6004ca4ae36a6d63daf2b5ea4d90ff809343f0c79980b25dd531702fae65c071e2e75f3cec00753d0ae8cc559049951ebadaffea8aeb9854285851fe3422a1a363824647de926262cb40144adae1685ba1b895b9d05c702c6688a571d809e179c9086f4c8d483cd87a1064a5931d20d963ed14d7c6bd1e5fb939a"}, &(0x7f0000000340)={0x0, 0xa, 0x1, 0x40}, &(0x7f0000000380)={0x0, 0x8, 0x1}, &(0x7f00000003c0)={0x20, 0x0, 0x4, {0x0, 0x1}}, &(0x7f0000000400)={0x20, 0x0, 0x4, {0x120, 0x8}}, &(0x7f0000000440)={0x40, 0x7, 0x2}, &(0x7f0000000480)={0x40, 0x9, 0x1}, &(0x7f00000004c0)={0x40, 0xb, 0x2, 'xJ'}, &(0x7f0000000500)={0x40, 0xf, 0x2, 0x7ff}, &(0x7f0000000540)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x28}}, &(0x7f0000000580)={0x40, 0x17, 0x6, @remote}, &(0x7f00000005c0)={0x40, 0x19, 0x2, "03a3"}, &(0x7f0000000600)={0x40, 0x1a, 0x2, 0x1611}, &(0x7f0000000640)={0x40, 0x1c, 0x1, 0xf}, &(0x7f0000000680)={0x40, 0x1e, 0x1, 0x4}, &(0x7f00000006c0)={0x40, 0x21, 0x1, 0x3}})
syz_usb_control_io(r2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
getpid()
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000280)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0xfff9, 0x0, 0xffffffff, 0x8}, 0x9c)
socket$nl_route(0x10, 0x3, 0x0)
pipe(0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x3000003, 0x200000006c832, 0xffffffffffffffff, 0x0)
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f0000000000)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, &(0x7f0000000640)={{@my=0x1}, @hyper, 0x0, 0x2925, 0x0, 0x20000000, 0x4})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r5, 0x7a4, &(0x7f0000000040)={{@my=0x1}})
syz_usb_control_io$hid(r2, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

0s ago: executing program 4 (id=1792):
socket$alg(0x26, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f0000000400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000280)={&(0x7f0000000900)=ANY=[@ANYBLOB="20000000a234dece55b8f05e66db7c145183f0507fe985244380a2d0331567e39ab5af4be3246be00dbec30c08000000f67fa4e7edcfe046133d64d9c4f2a11d5c904954103fa6f58180b0d94b7005ee681d7dff234b0a6a03c4ce21dda745f5c2cb12813fa73ada4391ac5b11287d48b38972f4f3b1ea646f4c793fa6ae1af2fb6a527410adb3455175c8d452fcb59609dc2ad5c94bd3ebba73ebaeee4b9bf4dc8c76caacc6396ac00f04", @ANYRES16=r1, @ANYRES32, @ANYBLOB="da2112f059fc6884d6378069910918b568f35973c5e9b8dca5253bb108c18742b708437e3fa30b88e6cecec055c19da9342f69ad185ed8aa060ef69d655d45a27631092b27572573b97f993beec492da6dc501ad8dc8bbac185ee0ee476859af1141532a44a041bd6ac8c84dffbfe401a4211261757870636a054551a14c46569232c2b1c365cf9bc2fe807033b8f1db1ac977e2898ccc28a2cd5cd4610f8c664d461dd496f35f2c03b180a7d33ceb9f8fd98981"], 0x20}}, 0x20040000)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
r2 = io_uring_setup(0x666, &(0x7f00000002c0)={0x0, 0x4cf, 0x40, 0x0, 0x2})
r3 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_procs(r4, &(0x7f0000000200)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r5, &(0x7f0000000600), 0x12)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
read$FUSE(r6, &(0x7f0000002a40)={0x2020}, 0x2020)
setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(r3, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000003c0)="fe", 0x1}, {&(0x7f0000001240)="1eac4d20f8509e2139d2842c8faedef008bcac1025cbc63d2bfe0c7bbe51c5bf73985d5106bf5b5e7e5761716e35b468ea79633c916c4a8026f9408d056b8977df67c0e6fd0b1b3da5de5d003382ac95eade5dadad870ce3749452d2c1c3651ffff244be3078fdbfeb97d093bba60131e733d91c4ad38e7b52aa7afa9cb8e2351bd3f8a7a2a0425b071f6790992b8c2a51d944b0161c5c97fcdc19c2ef7c66ccc23c77a28a34b216c429444343ea056f171399dc03d56a1131ba74d31fc1012d3deff0e43309fc9e3b88bec90a7680aa74ccd581e02eb436a0009fa62097513d0c9533256d81978fae39288edcb833739d2988ccf5a564bc00edd1ab0853b873cbab3ef227f11325d72dbe2f435351610d01d0f74e180df6eaa94651336e7713414e499586edd5693e587a186fcb68a973e823e61a072aaa4fb9e3a03ff4c17c9e343684255efba0d1b149b22c2d81f1ac5eaccaab01ab108178e97eb8a45d5d6cdeca0d6b9af9f88cfee58935be6902ac7c6915d60548367d164990b142d472b9b5700191b1f978fb36bcde646385dcf5cb7adf1ec70baef4061d2da93d2f5eefae1081374d58ab54532755c1b8bf303584296145e9aad2e3ccef93f30da9c102db5cfe346baba2fd3f157cb6e825e607365ff8c6187e216dc4072e582874ce63166405e21644015f99d5713165a377bfdc3143928e8469b4e312ce1f9dff83fe7c8d9fca791af2b46f1650e3937c9ab589d5f93fb578503aa64042c66571649844d93257489c1b658140e4c194c329a1a2c0117d123a45b213a118dd608bd6bdb2e0a6782f785321ff48eac4158ad9efb3737a6cfbb21d0dba732558493aa09dfa7fa41b4922e4e205a4792c9694661a18eff0d932d824f6987aa3dafa7ddc9b0acd70d43263c78dde88b7c665abbeec1cf1016ddc321f713cc3c149eeda6443b5b278eb3a05b08d510650b055d3193c4d5bbe084431cc40a626e81827d8bf2379435ada42a99569b35faa3af53f90f4dcf7a7d1c2e6fe4d7739b135981d40ba00de019909748640d554a159e552c6a7a7c77b213fad40dd785cc4ee983266b3377fbc7845a44992f82656b8240c169697599074348a4bac29423612e4c0ba89a66d08033b54b4d8f8704ab9470fe6316dc6ba610b7f3c1b0428607b13d2cfbed5c82d9214a1e97edaa27ed011d42800467fd54cddec7841f2aa513e7c8956842ea69b6b80208a4acbe9b678a9ab48a26df1cebd283f0d8e2956d8e8a4aad5b563ae75ddaf9b167d70b0e96f42a4f1c5bef1e777fedcb380707fc7ac87e249f322a01660687c04d1bbeeefeecadf86c3ef805d79964a862877cfbff40eb340f7065bc759013cbdcb25305ba6812a853b8d8e1960227826acb24311ed0e67f84565dd8858ca3be23409569e15ba75120c35dffdc8a4b7688d5d02fedf88434274b828fec979ea029405cd1e7cadc867ebdc98c4a523178715828c1a6361e60ff1f2968efc20d6888ac2a6f81e37cbc7f1e89f3421825cc278df26c8722e1672fc9672a8d0a60dded6f0765ac61f8a91acf0195abc177e56cc91a9c11ccf95d2a58de5494e66cfa1e758438ee4bb163ee05927e551e4d05b308a0eb01cea0e43", 0x480}], 0x2}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f00000001c0)={0x0, 0x3d, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x0)
r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_inet_SIOCADDRT(r7, 0x890b, &(0x7f0000000040)={0x0, {0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x2, 0x4e21, @private=0xa010102}, {0x2, 0x4e23, @private=0xa010100}, 0x81, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000000)='macvtap0\x00', 0x2, 0x4, 0x7})
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x41, 0x3, 0x248, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b0, 0x1f0, 0x1f0, 0x1b0, 0x1f0, 0x3, 0x0, {[{{@ip={@dev, @broadcast, 0x0, 0x0, 'wlan1\x00', 'wg1\x00', {}, {}, 0x6}, 0x0, 0xb8, 0xe0, 0x0, {0x0, 0xffffffffa0028000}, [@common=@ttl={{0x28}}, @common=@socket0={{0x20}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ip={@dev, @multicast2, 0x0, 0x0, 'xfrm0\x00'}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x2a8)
close_range(r2, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

rintk_skb: 11 callbacks suppressed
[  368.975149][   T29] audit: type=1326 audit(1720374932.619:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11075 comm="syz.3.1349" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7d2e175bd9 code=0x0
[  369.044128][T11054] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  369.057766][T11054] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  369.289353][ T5102] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  369.319152][ T5102] asix 5-1:0.0: probe with driver asix failed with error -71
[  369.350328][ T5102] usb 5-1: USB disconnect, device number 37
[  369.422812][T11084] netlink: 192 bytes leftover after parsing attributes in process `syz.0.1350'.
[  369.531491][T11086] netlink: 'syz.1.1352': attribute type 72 has an invalid length.
[  370.145011][T11096] FAULT_INJECTION: forcing a failure.
[  370.145011][T11096] name failslab, interval 1, probability 0, space 0, times 0
[  370.169264][T11096] CPU: 1 PID: 11096 Comm: syz.4.1356 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  370.179480][T11096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  370.189536][T11096] Call Trace:
[  370.192804][T11096]  <TASK>
[  370.195718][T11096]  dump_stack_lvl+0x241/0x360
[  370.200389][T11096]  ? __pfx_dump_stack_lvl+0x10/0x10
[  370.205569][T11096]  ? __pfx__printk+0x10/0x10
[  370.210145][T11096]  ? __pfx___might_resched+0x10/0x10
[  370.215422][T11096]  should_fail_ex+0x3b0/0x4e0
[  370.220087][T11096]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  370.225785][T11096]  should_failslab+0x9/0x20
[  370.230292][T11096]  __kmalloc_noprof+0xd8/0x400
[  370.235090][T11096]  ? kfree+0x4e/0x360
[  370.239099][T11096]  tomoyo_realpath_from_path+0xcf/0x5e0
[  370.244674][T11096]  tomoyo_path_number_perm+0x23a/0x880
[  370.250158][T11096]  ? tomoyo_path_number_perm+0x208/0x880
[  370.255813][T11096]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  370.261853][T11096]  ? __fget_files+0x29/0x470
[  370.266466][T11096]  ? __fget_files+0x3f6/0x470
[  370.271156][T11096]  ? __fget_files+0x29/0x470
[  370.275769][T11096]  security_file_ioctl+0x75/0xb0
[  370.280734][T11096]  __se_sys_ioctl+0x47/0x170
[  370.285349][T11096]  do_syscall_64+0xf3/0x230
[  370.289877][T11096]  ? clear_bhb_loop+0x35/0x90
[  370.294575][T11096]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  370.300489][T11096] RIP: 0033:0x7f6907375bd9
[  370.304965][T11096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  370.324564][T11096] RSP: 002b:00007f6908176048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  370.333071][T11096] RAX: ffffffffffffffda RBX: 00007f6907503f60 RCX: 00007f6907375bd9
[  370.341062][T11096] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  370.349061][T11096] RBP: 00007f69081760a0 R08: 0000000000000000 R09: 0000000000000000
[  370.357026][T11096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  370.365077][T11096] R13: 000000000000000b R14: 00007f6907503f60 R15: 00007f690762fa68
[  370.373057][T11096]  </TASK>
[  370.457830][T11096] ERROR: Out of memory at tomoyo_realpath_from_path.
[  371.053667][T11123] fuse: Bad value for 'user_id'
[  371.093645][T11122] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1364'.
[  371.209189][T11131] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.1367'.
[  371.236774][ T5102] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  371.438371][ T5102] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  371.464186][ T5102] usb 5-1: New USB device found, idVendor=06cb, idProduct=73f5, bcdDevice= 0.00
[  371.474067][ T5102] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  371.485154][ T5102] usb 5-1: config 0 descriptor??
[  371.509098][ T5102] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  371.726754][   T25] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  371.914820][T11150] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  371.926461][   T25] usb 4-1: Using ep0 maxpacket: 8
[  371.942185][   T25] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  371.964283][   T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  371.993876][   T25] usb 4-1: config 0 descriptor??
[  372.427981][   T53] Bluetooth: Unexpected start frame (len 12)
[  372.455522][T11163] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  372.466531][T11163] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  372.855994][T11170] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0
[  373.209051][   T25] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  373.233516][   T25] asix 4-1:0.0: probe with driver asix failed with error -71
[  373.250965][   T25] usb 4-1: USB disconnect, device number 34
[  373.987754][T11183] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.1380'.
[  374.014150][ T5149] usb 5-1: USB disconnect, device number 38
[  374.672277][T11197] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[  374.678815][T11197] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  374.716772][T11197] vhci_hcd vhci_hcd.0: Device attached
[  374.750926][T11200] vhci_hcd: connection closed
[  374.751119][ T1057] vhci_hcd: stop threads
[  374.769245][ T1057] vhci_hcd: release socket
[  374.775207][ T1057] vhci_hcd: disconnect device
[  374.808749][ T5150] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  375.026753][ T5150] usb 4-1: Using ep0 maxpacket: 32
[  375.082036][ T5150] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=49.6b
[  375.096737][ T5150] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  375.117930][ T5150] usb 4-1: config 0 descriptor??
[  375.148222][ T5150] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  375.377896][T11224] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  375.393931][ T1095] usb 4-1: Failed to submit usb control message: -71
[  375.410492][ T5150] usb 4-1: USB disconnect, device number 35
[  375.413590][ T1095] usb 4-1: unable to send the bmi data to the device: -71
[  375.449743][ T1095] usb 4-1: unable to get target info from device
[  375.493644][ T1095] usb 4-1: could not get target info (-71)
[  375.499892][ T1095] usb 4-1: could not probe fw (-71)
[  375.676735][   T25] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  375.896679][   T25] usb 2-1: Using ep0 maxpacket: 8
[  375.913672][   T25] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  375.942396][   T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  375.962061][   T25] usb 2-1: config 0 descriptor??
[  376.036748][ T5150] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  376.258999][ T5150] usb 3-1: config 220 has too many interfaces: 184, using maximum allowed: 32
[  376.295390][ T5150] usb 3-1: config 220 has 1 interface, different from the descriptor's value: 184
[  376.318391][T11239] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  376.348264][ T5150] usb 3-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85
[  376.369265][T11241] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.1395'.
[  376.375689][T11239] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  376.389846][ T5150] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  376.433114][ T5150] gspca_main: sn9c2028-2.14.0 probing 0c45:8008
[  376.633201][ T5150] gspca_sn9c2028: read1 error -32
[  376.679199][ T5150] gspca_sn9c2028: read1 error -32
[  377.064616][   T25] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  377.120240][   T25] asix 2-1:0.0: probe with driver asix failed with error -71
[  377.156770][   T25] usb 2-1: USB disconnect, device number 38
[  378.051920][T11262] FAULT_INJECTION: forcing a failure.
[  378.051920][T11262] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  378.073704][T11262] CPU: 0 PID: 11262 Comm: syz.1.1401 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  378.083894][T11262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  378.093950][T11262] Call Trace:
[  378.097228][T11262]  <TASK>
[  378.100151][T11262]  dump_stack_lvl+0x241/0x360
[  378.104835][T11262]  ? __pfx_dump_stack_lvl+0x10/0x10
[  378.110041][T11262]  ? __pfx__printk+0x10/0x10
[  378.114643][T11262]  ? snprintf+0xda/0x120
[  378.118904][T11262]  should_fail_ex+0x3b0/0x4e0
[  378.123600][T11262]  _copy_to_user+0x2f/0xb0
[  378.128036][T11262]  simple_read_from_buffer+0xca/0x150
[  378.133421][T11262]  proc_fail_nth_read+0x1e9/0x250
[  378.138439][T11262]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  378.143985][T11262]  ? rw_verify_area+0x520/0x6b0
[  378.148842][T11262]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  378.154375][T11262]  vfs_read+0x204/0xbc0
[  378.158548][T11262]  ? __pfx_lock_release+0x10/0x10
[  378.163580][T11262]  ? do_sock_setsockopt+0x3e2/0x720
[  378.168769][T11262]  ? __pfx_vfs_read+0x10/0x10
[  378.173432][T11262]  ? __fget_files+0x29/0x470
[  378.178009][T11262]  ? __fget_files+0x3f6/0x470
[  378.182677][T11262]  ksys_read+0x1a0/0x2c0
[  378.186906][T11262]  ? __pfx_ksys_read+0x10/0x10
[  378.191657][T11262]  ? do_syscall_64+0x100/0x230
[  378.196411][T11262]  ? do_syscall_64+0xb6/0x230
[  378.201174][T11262]  do_syscall_64+0xf3/0x230
[  378.205665][T11262]  ? clear_bhb_loop+0x35/0x90
[  378.210341][T11262]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  378.216234][T11262] RIP: 0033:0x7f8244d746bc
[  378.220636][T11262] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[  378.240240][T11262] RSP: 002b:00007f8245b1f040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  378.248639][T11262] RAX: ffffffffffffffda RBX: 00007f8244f04038 RCX: 00007f8244d746bc
[  378.256600][T11262] RDX: 000000000000000f RSI: 00007f8245b1f0b0 RDI: 0000000000000004
[  378.264568][T11262] RBP: 00007f8245b1f0a0 R08: 0000000000000000 R09: 0000000000000000
[  378.272524][T11262] R10: 0000000020000240 R11: 0000000000000246 R12: 0000000000000001
[  378.280502][T11262] R13: 000000000000006e R14: 00007f8244f04038 R15: 00007f824502fa68
[  378.288468][T11262]  </TASK>
[  378.417742][T11270] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  378.649311][ T5150] usb 3-1: USB disconnect, device number 45
[  378.769847][   T25] usb 4-1: new low-speed USB device number 36 using dummy_hcd
[  378.899610][ T1244] ieee802154 phy0 wpan0: encryption failed: -22
[  378.906008][ T1244] ieee802154 phy1 wpan1: encryption failed: -22
[  378.947436][   T25] usb 4-1: device descriptor read/64, error -71
[  379.256892][   T25] usb 4-1: new low-speed USB device number 37 using dummy_hcd
[  379.406727][   T25] usb 4-1: device descriptor read/64, error -71
[  379.527368][   T25] usb usb4-port1: attempt power cycle
[  379.674582][T11297] FAULT_INJECTION: forcing a failure.
[  379.674582][T11297] name failslab, interval 1, probability 0, space 0, times 0
[  379.712040][T11297] CPU: 0 PID: 11297 Comm: syz.1.1414 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  379.722238][T11297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  379.732322][T11297] Call Trace:
[  379.735616][T11297]  <TASK>
[  379.738586][T11297]  dump_stack_lvl+0x241/0x360
[  379.743277][T11297]  ? __pfx_dump_stack_lvl+0x10/0x10
[  379.748478][T11297]  ? __pfx__printk+0x10/0x10
[  379.753094][T11297]  ? ref_tracker_alloc+0x332/0x490
[  379.758220][T11297]  should_fail_ex+0x3b0/0x4e0
[  379.762917][T11297]  ? skb_clone+0x20c/0x390
[  379.767343][T11297]  should_failslab+0x9/0x20
[  379.771848][T11297]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  379.777226][T11297]  skb_clone+0x20c/0x390
[  379.781472][T11297]  __netlink_deliver_tap+0x3cc/0x7c0
[  379.786763][T11297]  ? netlink_deliver_tap+0x2e/0x1b0
[  379.791958][T11297]  netlink_deliver_tap+0x19d/0x1b0
[  379.797155][T11297]  netlink_unicast+0x7b8/0x980
[  379.801920][T11297]  ? __pfx_netlink_unicast+0x10/0x10
[  379.807197][T11297]  ? __virt_addr_valid+0x183/0x520
[  379.812305][T11297]  ? __check_object_size+0x49c/0x900
[  379.817590][T11297]  ? bpf_lsm_netlink_send+0x9/0x10
[  379.822699][T11297]  netlink_sendmsg+0x8db/0xcb0
[  379.827466][T11297]  ? __pfx_netlink_sendmsg+0x10/0x10
[  379.832755][T11297]  ? __import_iovec+0x536/0x820
[  379.837594][T11297]  ? aa_sock_msg_perm+0x91/0x160
[  379.842528][T11297]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  379.847803][T11297]  ? security_socket_sendmsg+0x87/0xb0
[  379.853257][T11297]  ? __pfx_netlink_sendmsg+0x10/0x10
[  379.858537][T11297]  __sock_sendmsg+0x221/0x270
[  379.863213][T11297]  ____sys_sendmsg+0x525/0x7d0
[  379.867979][T11297]  ? __pfx_____sys_sendmsg+0x10/0x10
[  379.873340][T11297]  __sys_sendmsg+0x2b0/0x3a0
[  379.877926][T11297]  ? __pfx___sys_sendmsg+0x10/0x10
[  379.883027][T11297]  ? vfs_write+0x7c4/0xc90
[  379.887467][T11297]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  379.893810][T11297]  ? do_syscall_64+0x100/0x230
[  379.898587][T11297]  ? do_syscall_64+0xb6/0x230
[  379.903278][T11297]  do_syscall_64+0xf3/0x230
[  379.907796][T11297]  ? clear_bhb_loop+0x35/0x90
[  379.912479][T11297]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  379.918374][T11297] RIP: 0033:0x7f8244d75bd9
[  379.922782][T11297] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  379.942387][T11297] RSP: 002b:00007f8245b40048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  379.950802][T11297] RAX: ffffffffffffffda RBX: 00007f8244f03f60 RCX: 00007f8244d75bd9
[  379.958764][T11297] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003
[  379.966725][T11297] RBP: 00007f8245b400a0 R08: 0000000000000000 R09: 0000000000000000
[  379.974775][T11297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  379.982739][T11297] R13: 000000000000000b R14: 00007f8244f03f60 R15: 00007f824502fa68
[  379.990716][T11297]  </TASK>
[  379.993892][    C0] vkms_vblank_simulate: vblank timer overrun
[  380.096727][   T25] usb 4-1: new low-speed USB device number 38 using dummy_hcd
[  380.128293][   T25] usb 4-1: device descriptor read/8, error -71
[  380.185237][   T51] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  380.397240][   T25] usb 4-1: new low-speed USB device number 39 using dummy_hcd
[  380.413554][ T5096] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  380.433868][ T5096] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  380.446970][ T5096] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  380.461071][ T5096] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  380.468891][ T5096] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  380.476159][ T5096] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  380.537009][   T25] usb 4-1: device descriptor read/8, error -71
[  380.604043][   T51] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  380.664716][   T25] usb usb4-port1: unable to enumerate USB device
[  380.719896][   T51] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  380.724951][T11312] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  380.926501][   T51] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  381.398117][   T51] bridge_slave_1: left allmulticast mode
[  381.404722][   T51] bridge_slave_1: left promiscuous mode
[  381.422497][   T51] bridge0: port 2(bridge_slave_1) entered disabled state
[  381.452609][   T51] bridge_slave_0: left allmulticast mode
[  381.472068][   T51] bridge_slave_0: left promiscuous mode
[  381.489687][   T51] bridge0: port 1(bridge_slave_0) entered disabled state
[  382.487574][   T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  382.545233][   T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  382.577142][   T53] Bluetooth: hci0: command tx timeout
[  382.640561][   T51] bond0 (unregistering): Released all slaves
[  382.872209][T11302] chnl_net:caif_netlink_parms(): no params data found
[  383.097180][T11352] netlink: 'syz.1.1430': attribute type 3 has an invalid length.
[  383.749483][   T51] hsr_slave_0: left promiscuous mode
[  383.762682][ T5096] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  383.776479][ T5096] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  383.785336][ T5096] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  383.804729][ T5096] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  383.813413][ T5096] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  383.827254][ T5096] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  383.872927][   T51] hsr_slave_1: left promiscuous mode
[  383.927591][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  383.946817][   T51] batman_adv: batadv0: Removing interface: batadv_slave_0
[  384.009882][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  384.045333][   T51] batman_adv: batadv0: Removing interface: batadv_slave_1
[  384.191610][   T51] veth1_macvtap: left promiscuous mode
[  384.217531][   T51] veth0_macvtap: left promiscuous mode
[  384.223281][   T51] veth1_vlan: left promiscuous mode
[  384.244536][   T51] veth0_vlan: left promiscuous mode
[  384.659254][ T5096] Bluetooth: hci0: command tx timeout
[  384.700865][   T53] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  384.729922][   T53] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  384.763816][   T53] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  384.781645][   T53] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  384.825851][   T53] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  384.838424][   T53] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  385.681114][   T51] team0 (unregistering): Port device team_slave_1 removed
[  385.735412][   T51] team0 (unregistering): Port device team_slave_0 removed
[  385.950432][ T5096] Bluetooth: hci4: command tx timeout
[  386.403791][T11302] bridge0: port 1(bridge_slave_0) entered blocking state
[  386.440037][T11302] bridge0: port 1(bridge_slave_0) entered disabled state
[  386.460251][T11302] bridge_slave_0: entered allmulticast mode
[  386.474238][T11302] bridge_slave_0: entered promiscuous mode
[  386.487231][T11302] bridge0: port 2(bridge_slave_1) entered blocking state
[  386.494465][T11302] bridge0: port 2(bridge_slave_1) entered disabled state
[  386.502275][T11302] bridge_slave_1: entered allmulticast mode
[  386.517858][T11302] bridge_slave_1: entered promiscuous mode
[  386.563888][T11423] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  386.646702][   T25] IPVS: starting estimator thread 0...
[  386.663652][T11420] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer.
[  386.696009][T11302] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  386.736923][ T5096] Bluetooth: hci0: command tx timeout
[  386.736943][T11426] IPVS: using max 22 ests per chain, 52800 per kthread
[  386.759788][T11302] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  386.896990][ T5096] Bluetooth: hci2: command tx timeout
[  386.938774][T11302] team0: Port device team_slave_0 added
[  386.999587][T11302] team0: Port device team_slave_1 added
[  387.036801][   T25] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  387.128352][T11302] batman_adv: batadv0: Adding interface: batadv_slave_0
[  387.136123][T11302] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  387.177613][T11302] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  387.251572][T11383] chnl_net:caif_netlink_parms(): no params data found
[  387.264013][T11302] batman_adv: batadv0: Adding interface: batadv_slave_1
[  387.271158][   T25] usb 4-1: Using ep0 maxpacket: 16
[  387.286445][T11302] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  387.287861][   T25] usb 4-1: config 0 has an invalid interface number: 107 but max is 0
[  387.336793][T11302] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  387.398481][   T25] usb 4-1: config 0 has no interface number 0
[  387.404644][   T25] usb 4-1: config 0 interface 107 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7
[  387.424821][   T25] usb 4-1: config 0 interface 107 altsetting 0 endpoint 0x88 has invalid maxpacket 25189, setting to 1024
[  387.448239][   T25] usb 4-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60
[  387.458563][   T25] usb 4-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3
[  387.491833][   T25] usb 4-1: Product: syz
[  387.523049][   T25] usb 4-1: Manufacturer: syz
[  387.544011][   T25] usb 4-1: SerialNumber: syz
[  387.560559][   T25] usb 4-1: config 0 descriptor??
[  387.568614][   T25] keyspan 4-1:0.107: Keyspan 4 port adapter converter detected
[  387.584649][   T25] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 81
[  387.597618][   T25] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 1
[  387.626150][   T25] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB0
[  387.651456][   T25] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 2
[  387.664879][   T25] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB1
[  387.676410][   T25] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 4
[  387.679741][T11302] hsr_slave_0: entered promiscuous mode
[  387.702727][T11302] hsr_slave_1: entered promiscuous mode
[  387.706903][   T25] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB2
[  387.725600][T11302] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  387.734486][T11302] Cannot create hsr debugfs directory
[  387.738177][   T25] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 6
[  387.764573][   T25] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB3
[  387.833110][   T51] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  387.850940][ T5150] usb 4-1: USB disconnect, device number 40
[  387.904615][ T5150] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0
[  387.925257][ T5150] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1
[  387.962883][T11400] chnl_net:caif_netlink_parms(): no params data found
[  387.970644][ T5150] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2
[  388.017701][ T5096] Bluetooth: hci4: command tx timeout
[  388.024776][ T5150] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3
[  388.035575][ T5150] keyspan 4-1:0.107: device disconnected
[  388.087940][   T51] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  388.212691][   T51] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  388.281886][T11383] bridge0: port 1(bridge_slave_0) entered blocking state
[  388.301370][T11383] bridge0: port 1(bridge_slave_0) entered disabled state
[  388.314631][T11383] bridge_slave_0: entered allmulticast mode
[  388.332711][T11383] bridge_slave_0: entered promiscuous mode
[  388.350140][T11383] bridge0: port 2(bridge_slave_1) entered blocking state
[  388.366237][T11383] bridge0: port 2(bridge_slave_1) entered disabled state
[  388.374509][T11383] bridge_slave_1: entered allmulticast mode
[  388.391492][T11383] bridge_slave_1: entered promiscuous mode
[  388.396721][   T25] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  388.517202][   T51] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  388.587456][   T25] usb 3-1: Using ep0 maxpacket: 16
[  388.607872][   T25] usb 3-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  388.620502][   T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  388.628710][   T25] usb 3-1: Product: syz
[  388.632897][   T25] usb 3-1: Manufacturer: syz
[  388.637602][   T25] usb 3-1: SerialNumber: syz
[  388.657085][   T25] usb 3-1: config 0 descriptor??
[  388.680950][   T25] ssu100 3-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  388.785015][T11383] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  388.816795][ T5096] Bluetooth: hci0: command tx timeout
[  388.836219][T11400] bridge0: port 1(bridge_slave_0) entered blocking state
[  388.844961][T11400] bridge0: port 1(bridge_slave_0) entered disabled state
[  388.852746][T11400] bridge_slave_0: entered allmulticast mode
[  388.864796][T11400] bridge_slave_0: entered promiscuous mode
[  388.880750][T11383] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  388.919021][T11400] bridge0: port 2(bridge_slave_1) entered blocking state
[  388.928556][T11400] bridge0: port 2(bridge_slave_1) entered disabled state
[  388.939591][T11400] bridge_slave_1: entered allmulticast mode
[  388.954663][T11400] bridge_slave_1: entered promiscuous mode
[  388.987817][ T5096] Bluetooth: hci2: command tx timeout
[  388.993399][T11383] team0: Port device team_slave_0 added
[  389.051386][T11400] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  389.070089][T11383] team0: Port device team_slave_1 added
[  389.149921][T11400] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  389.382942][T11400] team0: Port device team_slave_0 added
[  389.405483][T11400] team0: Port device team_slave_1 added
[  389.421878][T11383] batman_adv: batadv0: Adding interface: batadv_slave_0
[  389.444054][T11383] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  389.471611][T11383] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  389.533761][   T51] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  389.689571][   T25] ssu100 3-1:0.0: probe with driver ssu100 failed with error -71
[  389.709921][   T25] usb 3-1: USB disconnect, device number 46
[  389.723108][T11383] batman_adv: batadv0: Adding interface: batadv_slave_1
[  389.735290][T11383] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  389.761390][T11383] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  389.810003][   T51] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  389.868623][T11400] batman_adv: batadv0: Adding interface: batadv_slave_0
[  389.875586][T11400] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  389.906501][T11400] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  389.921865][T11400] batman_adv: batadv0: Adding interface: batadv_slave_1
[  389.928978][T11400] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  389.956468][T11400] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  390.076538][   T51] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.096828][ T5096] Bluetooth: hci4: command tx timeout
[  390.335775][T11496] netlink: 172 bytes leftover after parsing attributes in process `syz.2.1463'.
[  390.473019][   T51] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.546106][T11400] hsr_slave_0: entered promiscuous mode
[  390.564496][T11400] hsr_slave_1: entered promiscuous mode
[  390.570895][T11400] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  390.586754][T11400] Cannot create hsr debugfs directory
[  390.623628][T11383] hsr_slave_0: entered promiscuous mode
[  390.674379][T11383] hsr_slave_1: entered promiscuous mode
[  390.680991][T11383] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  390.688954][T11383] Cannot create hsr debugfs directory
[  391.060536][ T5096] Bluetooth: hci2: command tx timeout
[  391.114003][T11509] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  391.125457][T11302] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  391.231242][T11302] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  391.253994][   T51] bridge_slave_1: left allmulticast mode
[  391.266795][   T51] bridge_slave_1: left promiscuous mode
[  391.276636][   T51] bridge0: port 2(bridge_slave_1) entered disabled state
[  391.304547][   T51] bridge_slave_0: left allmulticast mode
[  391.322169][   T51] bridge_slave_0: left promiscuous mode
[  391.346195][   T51] bridge0: port 1(bridge_slave_0) entered disabled state
[  391.370273][   T51] bridge_slave_1: left allmulticast mode
[  391.375969][   T51] bridge_slave_1: left promiscuous mode
[  391.403850][   T51] bridge0: port 2(bridge_slave_1) entered disabled state
[  391.425155][   T51] bridge_slave_0: left allmulticast mode
[  391.433176][   T51] bridge_slave_0: left promiscuous mode
[  391.446849][   T51] bridge0: port 1(bridge_slave_0) entered disabled state
[  391.479104][   T51] bridge_slave_1: left allmulticast mode
[  391.484808][   T51] bridge_slave_1: left promiscuous mode
[  391.491466][   T51] bridge0: port 2(bridge_slave_1) entered disabled state
[  391.502192][   T51] bridge_slave_0: left allmulticast mode
[  391.523206][   T51] bridge_slave_0: left promiscuous mode
[  391.535352][   T51] bridge0: port 1(bridge_slave_0) entered disabled state
[  391.546928][ T5149] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  391.746732][ T5149] usb 4-1: Using ep0 maxpacket: 16
[  391.759390][ T5149] usb 4-1: config 0 has an invalid interface number: 107 but max is 0
[  391.773772][ T5149] usb 4-1: config 0 has no interface number 0
[  391.787351][ T5149] usb 4-1: config 0 interface 107 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7
[  391.816948][ T5149] usb 4-1: config 0 interface 107 altsetting 0 endpoint 0x88 has invalid maxpacket 25189, setting to 1024
[  391.834001][ T5149] usb 4-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60
[  391.844218][ T5149] usb 4-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3
[  391.852737][ T5149] usb 4-1: Product: syz
[  391.858054][ T5149] usb 4-1: Manufacturer: syz
[  391.863661][ T5149] usb 4-1: SerialNumber: syz
[  391.897762][ T5149] usb 4-1: config 0 descriptor??
[  391.913751][ T5149] keyspan 4-1:0.107: Keyspan 4 port adapter converter detected
[  391.924227][ T5149] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 81
[  391.946235][ T5149] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 1
[  391.967567][ T5149] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB0
[  391.984000][ T5149] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 2
[  392.012985][ T5149] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB1
[  392.033651][ T5149] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 4
[  392.063478][ T5149] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB2
[  392.075761][ T5149] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 6
[  392.101250][ T5149] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB3
[  392.177255][ T5096] Bluetooth: hci4: command tx timeout
[  392.300661][   T25] usb 4-1: USB disconnect, device number 41
[  392.343282][   T25] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0
[  392.379932][   T25] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1
[  392.413890][   T25] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2
[  392.443465][   T25] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3
[  392.471709][   T25] keyspan 4-1:0.107: device disconnected
[  393.014420][T11539] netlink: 172 bytes leftover after parsing attributes in process `syz.3.1471'.
[  393.149205][ T5096] Bluetooth: hci2: command tx timeout
[  393.245821][   T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  393.260729][   T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  393.274836][   T51] bond0 (unregistering): Released all slaves
[  393.382612][   T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  393.393720][   T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  393.405008][   T51] bond0 (unregistering): Released all slaves
[  393.513013][   T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  393.525370][   T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  393.536257][   T51] bond0 (unregistering): Released all slaves
[  393.565069][T11302] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  393.586064][T11302] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  393.864010][T11544] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0
[  394.400599][T11552] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer.
[  395.145621][T11302] 8021q: adding VLAN 0 to HW filter on device bond0
[  395.362886][T11302] 8021q: adding VLAN 0 to HW filter on device team0
[  395.482715][   T51] hsr_slave_0: left promiscuous mode
[  395.500867][   T51] hsr_slave_1: left promiscuous mode
[  395.526101][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  395.534061][   T51] batman_adv: batadv0: Removing interface: batadv_slave_0
[  395.566166][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  395.591663][   T51] batman_adv: batadv0: Removing interface: batadv_slave_1
[  395.608740][   T51] hsr_slave_0: left promiscuous mode
[  395.615305][   T51] hsr_slave_1: left promiscuous mode
[  395.623579][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  395.631464][   T51] batman_adv: batadv0: Removing interface: batadv_slave_0
[  395.640015][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  395.647960][   T51] batman_adv: batadv0: Removing interface: batadv_slave_1
[  395.670950][   T51] hsr_slave_0: left promiscuous mode
[  395.687731][   T51] hsr_slave_1: left promiscuous mode
[  395.697827][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  395.715842][   T51] batman_adv: batadv0: Removing interface: batadv_slave_0
[  395.734663][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  395.754084][   T51] batman_adv: batadv0: Removing interface: batadv_slave_1
[  395.863513][   T51] veth1_macvtap: left promiscuous mode
[  395.877021][   T51] veth0_macvtap: left promiscuous mode
[  395.888882][   T51] veth1_vlan: left promiscuous mode
[  395.894246][   T51] veth0_vlan: left promiscuous mode
[  395.915126][   T51] veth1_macvtap: left promiscuous mode
[  395.924880][   T51] veth0_macvtap: left promiscuous mode
[  395.931821][   T51] veth1_vlan: left promiscuous mode
[  395.947257][   T51] veth0_vlan: left promiscuous mode
[  395.961747][   T51] veth1_macvtap: left promiscuous mode
[  395.976202][   T51] veth0_macvtap: left promiscuous mode
[  395.997697][   T51] veth1_vlan: left promiscuous mode
[  396.003087][   T51] veth0_vlan: left promiscuous mode
[  396.380070][T11585] netlink: 172 bytes leftover after parsing attributes in process `syz.3.1480'.
[  396.886899][   T25] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  396.968054][   T51] team0 (unregistering): Port device team_slave_1 removed
[  397.012588][   T51] team0 (unregistering): Port device team_slave_0 removed
[  397.077919][   T25] usb 3-1: Using ep0 maxpacket: 32
[  397.089110][   T25] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=49.6b
[  397.098539][   T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  397.112362][   T25] usb 3-1: config 0 descriptor??
[  397.153178][   T25] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  397.352180][ T1100] usb 3-1: Failed to submit usb control message: -71
[  397.361461][ T5149] usb 3-1: USB disconnect, device number 47
[  397.371966][ T1100] usb 3-1: unable to send the bmi data to the device: -71
[  397.382798][ T1100] usb 3-1: unable to get target info from device
[  397.391135][ T1100] usb 3-1: could not get target info (-71)
[  397.397194][ T1100] usb 3-1: could not probe fw (-71)
[  397.882722][   T51] team0 (unregistering): Port device team_slave_1 removed
[  397.924932][   T51] team0 (unregistering): Port device team_slave_0 removed
[  398.474118][T11597] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0
[  399.135482][   T51] team0 (unregistering): Port device team_slave_1 removed
[  399.205366][   T51] team0 (unregistering): Port device team_slave_0 removed
[  399.808360][ T5150] bridge0: port 1(bridge_slave_0) entered blocking state
[  399.815538][ T5150] bridge0: port 1(bridge_slave_0) entered forwarding state
[  399.904178][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  399.911413][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  400.250262][T11302] 8021q: adding VLAN 0 to HW filter on device batadv0
[  400.304509][T11383] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  400.340829][T11383] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  400.367803][T11383] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  400.454942][T11383] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  400.630405][T11400] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  400.687337][T11302] veth0_vlan: entered promiscuous mode
[  400.735149][T11400] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  400.787001][T11400] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  400.839912][T11400] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  400.903886][T11302] veth1_vlan: entered promiscuous mode
[  401.106006][   T51] IPVS: stop unused estimator thread 0...
[  401.132891][T11302] veth0_macvtap: entered promiscuous mode
[  401.143309][T11628] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1489'.
[  401.177020][T11302] veth1_macvtap: entered promiscuous mode
[  401.316184][T11302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  401.356754][T11302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  401.393897][T11302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  401.419587][T11302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  401.446221][T11302] batman_adv: batadv0: Interface activated: batadv_slave_0
[  401.506456][T11302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  401.554841][T11302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  401.578594][T11302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  401.590021][T11302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  401.602704][T11302] batman_adv: batadv0: Interface activated: batadv_slave_1
[  401.660924][T11400] 8021q: adding VLAN 0 to HW filter on device bond0
[  401.691807][T11302] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  401.711442][T11302] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  401.720482][T11302] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  401.735435][T11302] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  401.764970][T11383] 8021q: adding VLAN 0 to HW filter on device bond0
[  401.786770][    T9] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  401.881311][T11383] 8021q: adding VLAN 0 to HW filter on device team0
[  401.918949][T11400] 8021q: adding VLAN 0 to HW filter on device team0
[  401.964547][T11647] bridge0: port 1(bridge_slave_0) entered blocking state
[  401.971751][T11647] bridge0: port 1(bridge_slave_0) entered forwarding state
[  401.992580][T11647] bridge0: port 2(bridge_slave_1) entered blocking state
[  401.999789][T11647] bridge0: port 2(bridge_slave_1) entered forwarding state
[  402.016235][    T9] usb 4-1: config 220 has too many interfaces: 184, using maximum allowed: 32
[  402.027401][    T9] usb 4-1: config 220 has 1 interface, different from the descriptor's value: 184
[  402.046095][    T9] usb 4-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85
[  402.056997][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  402.081300][    T9] gspca_main: sn9c2028-2.14.0 probing 0c45:8008
[  402.103698][T11647] bridge0: port 1(bridge_slave_0) entered blocking state
[  402.110839][T11647] bridge0: port 1(bridge_slave_0) entered forwarding state
[  402.134433][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  402.146748][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  402.180044][T11647] bridge0: port 2(bridge_slave_1) entered blocking state
[  402.187320][T11647] bridge0: port 2(bridge_slave_1) entered forwarding state
[  402.281829][    T9] gspca_sn9c2028: read1 error -32
[  402.347763][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  402.366474][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  402.401974][T11383] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  402.531743][    T9] gspca_sn9c2028: read1 error -71
[  402.565591][    T9] sn9c2028 4-1:220.0: probe with driver sn9c2028 failed with error -71
[  402.596797][ T1736] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  402.602627][T11383] 8021q: adding VLAN 0 to HW filter on device batadv0
[  402.622948][    T9] usb 4-1: USB disconnect, device number 42
[  402.639430][T11400] 8021q: adding VLAN 0 to HW filter on device batadv0
[  402.659360][T11660] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  402.804500][T11383] veth0_vlan: entered promiscuous mode
[  402.813373][ T1736] usb 3-1: config index 0 descriptor too short (expected 23569, got 27)
[  402.820597][T11400] veth0_vlan: entered promiscuous mode
[  402.846656][ T1736] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  402.863630][T11400] veth1_vlan: entered promiscuous mode
[  402.881096][ T1736] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  402.902131][T11383] veth1_vlan: entered promiscuous mode
[  402.930017][ T1736] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  402.953495][ T1736] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  402.963545][ T1736] usb 3-1: Manufacturer: syz
[  402.973993][ T1736] usb 3-1: config 0 descriptor??
[  403.030858][T11400] veth0_macvtap: entered promiscuous mode
[  403.063181][T11383] veth0_macvtap: entered promiscuous mode
[  403.072785][T11400] veth1_macvtap: entered promiscuous mode
[  403.098537][T11383] veth1_macvtap: entered promiscuous mode
[  403.135740][T11400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  403.150031][T11400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  403.195647][T11400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  403.238777][T11400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  403.261960][T11400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  403.286011][ T5148] usb 3-1: USB disconnect, device number 48
[  403.300655][T11400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  403.314968][T11400] batman_adv: batadv0: Interface activated: batadv_slave_0
[  403.333438][T11677] netlink: 172 bytes leftover after parsing attributes in process `syz.3.1494'.
[  403.335367][T11383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  403.355372][T11383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  403.372155][T11383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  403.394639][T11383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  403.416889][T11383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  403.427483][T11383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  403.439210][T11383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  403.449856][T11383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  403.464997][T11383] batman_adv: batadv0: Interface activated: batadv_slave_0
[  403.495824][T11400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  403.513471][T11400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  403.526104][T11400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  403.537915][T11400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  403.549734][T11400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  403.561279][T11400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  403.596179][T11400] batman_adv: batadv0: Interface activated: batadv_slave_1
[  403.631892][T11383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  403.663356][T11383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  403.674330][T11383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  403.685225][T11383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  403.695625][T11383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  403.708372][T11383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  403.723313][T11383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  403.734204][T11383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  403.759976][T11383] batman_adv: batadv0: Interface activated: batadv_slave_1
[  403.780819][T11400] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  403.793378][T11400] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  403.816701][T11400] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  403.825546][T11400] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  403.870875][T11383] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  403.880413][T11383] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  403.900828][T11383] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  403.924265][T11383] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  404.255966][ T1100] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  404.275910][ T1100] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  404.323697][ T1057] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  404.344898][ T1057] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  404.449345][ T1057] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  404.461958][ T1100] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  404.470250][ T1736] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  404.472214][ T1100] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  404.485243][ T1057] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  404.686773][ T1736] usb 5-1: Using ep0 maxpacket: 16
[  404.723490][ T1736] usb 5-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  404.760304][T11716] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1442'.
[  404.766259][ T1736] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  404.800950][ T1736] usb 5-1: Product: syz
[  404.805201][ T1736] usb 5-1: Manufacturer: syz
[  404.813543][ T1736] usb 5-1: SerialNumber: syz
[  404.832075][ T1736] usb 5-1: config 0 descriptor??
[  404.852429][ T1736] ssu100 5-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  405.346027][T11739] netlink: 172 bytes leftover after parsing attributes in process `syz.0.1503'.
[  405.456966][  T784] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  405.668133][  T784] usb 4-1: config 220 has too many interfaces: 184, using maximum allowed: 32
[  405.697759][  T784] usb 4-1: config 220 has 1 interface, different from the descriptor's value: 184
[  405.734645][  T784] usb 4-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85
[  405.764305][  T784] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  405.809490][  T784] gspca_main: sn9c2028-2.14.0 probing 0c45:8008
[  405.862460][ T1736] ssu100 5-1:0.0: probe with driver ssu100 failed with error -71
[  405.899161][ T1736] usb 5-1: USB disconnect, device number 39
[  406.003769][T11751] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer.
[  406.029777][  T784] gspca_sn9c2028: read1 error -32
[  406.305786][  T784] gspca_sn9c2028: read1 error -71
[  406.324696][  T784] sn9c2028 4-1:220.0: probe with driver sn9c2028 failed with error -71
[  406.364081][  T784] usb 4-1: USB disconnect, device number 43
[  407.106712][T11787] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1511'.
[  407.372282][T11805] netlink: 172 bytes leftover after parsing attributes in process `syz.3.1516'.
[  408.315934][T11823] netlink: 4093 bytes leftover after parsing attributes in process `syz.4.1522'.
[  408.396809][ T5150] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  408.450449][ T5148] IPVS: starting estimator thread 0...
[  408.468582][T11822] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer.
[  408.559987][T11828] IPVS: using max 32 ests per chain, 76800 per kthread
[  408.597621][ T5150] usb 4-1: Using ep0 maxpacket: 16
[  408.624244][ T5150] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  408.646916][ T5150] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.673851][ T5150] usb 4-1: Product: syz
[  408.685527][ T5150] usb 4-1: Manufacturer: syz
[  408.704929][ T5150] usb 4-1: SerialNumber: syz
[  408.747666][ T5150] usb 4-1: config 0 descriptor??
[  408.755121][T11835] netlink: 172 bytes leftover after parsing attributes in process `syz.4.1527'.
[  408.766954][T11837] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1528'.
[  408.768607][ T5150] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  409.101668][T11837] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer.
[  409.147707][  T784] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  409.354450][  T784] usb 3-1: config 220 has too many interfaces: 184, using maximum allowed: 32
[  409.396649][  T784] usb 3-1: config 220 has 1 interface, different from the descriptor's value: 184
[  409.416728][  T784] usb 3-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85
[  409.425852][  T784] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  409.482780][  T784] gspca_main: sn9c2028-2.14.0 probing 0c45:8008
[  409.703325][  T784] gspca_sn9c2028: read1 error -32
[  409.765740][ T5150] ssu100 4-1:0.0: probe with driver ssu100 failed with error -71
[  409.798439][ T5150] usb 4-1: USB disconnect, device number 44
[  409.971220][  T784] gspca_sn9c2028: read1 error -71
[  409.982911][  T784] sn9c2028 3-1:220.0: probe with driver sn9c2028 failed with error -71
[  410.027455][  T784] usb 3-1: USB disconnect, device number 49
[  410.265261][T11864] netlink: 4093 bytes leftover after parsing attributes in process `syz.1.1536'.
[  410.522295][  T784] IPVS: starting estimator thread 0...
[  410.544615][T11868] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer.
[  410.555527][T11874] netlink: 172 bytes leftover after parsing attributes in process `syz.1.1540'.
[  410.666881][T11872] IPVS: using max 21 ests per chain, 50400 per kthread
[  410.859161][T11881] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  411.060740][T11892] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  411.100980][T11894] netlink: 4093 bytes leftover after parsing attributes in process `syz.3.1547'.
[  411.113023][T11895] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  411.286884][ T5179] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  411.436835][  T784] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[  411.476805][ T5148] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  411.486779][ T5179] usb 5-1: Using ep0 maxpacket: 32
[  411.499795][ T5179] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=49.6b
[  411.516709][ T5179] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  411.532182][ T5179] usb 5-1: config 0 descriptor??
[  411.558608][ T5179] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  411.617236][  T784] usb 1-1: Using ep0 maxpacket: 16
[  411.646516][  T784] usb 1-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  411.664666][  T784] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  411.673733][  T784] usb 1-1: Product: syz
[  411.681832][  T784] usb 1-1: Manufacturer: syz
[  411.686729][  T784] usb 1-1: SerialNumber: syz
[  411.697042][ T5148] usb 3-1: Using ep0 maxpacket: 16
[  411.706706][ T5148] usb 3-1: config 0 has an invalid interface number: 107 but max is 0
[  411.717286][  T784] usb 1-1: config 0 descriptor??
[  411.722359][ T5148] usb 3-1: config 0 has no interface number 0
[  411.739939][  T784] ssu100 1-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  411.748833][ T5148] usb 3-1: config 0 interface 107 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7
[  411.766029][ T5148] usb 3-1: config 0 interface 107 altsetting 0 endpoint 0x88 has invalid maxpacket 25189, setting to 1024
[  411.797316][ T5148] usb 3-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60
[  411.806936][ T5148] usb 3-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3
[  411.815347][ T5148] usb 3-1: Product: syz
[  411.820398][ T5148] usb 3-1: Manufacturer: syz
[  411.825223][ T5148] usb 3-1: SerialNumber: syz
[  411.860787][ T1736] usb 5-1: USB disconnect, device number 40
[  411.862354][ T5148] usb 3-1: config 0 descriptor??
[  411.875592][ T1100] usb 5-1: Failed to submit usb control message: -71
[  411.895783][ T1100] usb 5-1: unable to send the bmi data to the device: -71
[  411.908682][ T5148] keyspan 3-1:0.107: Keyspan 4 port adapter converter detected
[  411.929187][ T1100] usb 5-1: unable to get target info from device
[  411.945772][ T1100] usb 5-1: could not get target info (-71)
[  411.948118][ T5148] keyspan 3-1:0.107: found no endpoint descriptor for endpoint 81
[  411.980451][ T5148] keyspan 3-1:0.107: found no endpoint descriptor for endpoint 1
[  411.985384][ T1100] usb 5-1: could not probe fw (-71)
[  412.012511][    C0] hrtimer: interrupt took 155945 ns
[  412.019758][ T5148] usb 3-1: Keyspan 4 port adapter converter now attached to ttyUSB0
[  412.030296][ T5148] keyspan 3-1:0.107: found no endpoint descriptor for endpoint 2
[  412.058480][ T5148] usb 3-1: Keyspan 4 port adapter converter now attached to ttyUSB1
[  412.089126][ T5148] keyspan 3-1:0.107: found no endpoint descriptor for endpoint 4
[  412.142399][ T5148] usb 3-1: Keyspan 4 port adapter converter now attached to ttyUSB2
[  412.188006][ T5148] keyspan 3-1:0.107: found no endpoint descriptor for endpoint 6
[  412.209964][ T5148] usb 3-1: Keyspan 4 port adapter converter now attached to ttyUSB3
[  412.239832][ T5148] usb 3-1: USB disconnect, device number 50
[  412.281724][ T5148] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0
[  412.349238][T11913] netlink: 172 bytes leftover after parsing attributes in process `syz.3.1553'.
[  412.374621][ T5148] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1
[  412.401365][ T5148] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2
[  412.436353][ T5148] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3
[  412.459052][ T5148] keyspan 3-1:0.107: device disconnected
[  412.530647][ T5179] IPVS: starting estimator thread 0...
[  412.559417][T11915] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer.
[  412.686758][T11917] IPVS: using max 19 ests per chain, 45600 per kthread
[  412.763915][  T784] ssu100 1-1:0.0: probe with driver ssu100 failed with error -71
[  412.828292][  T784] usb 1-1: USB disconnect, device number 57
[  413.277165][T11939] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0
[  413.405679][ T1736] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  413.523599][T11946] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1564'.
[  413.608855][ T1736] usb 3-1: config 220 has too many interfaces: 184, using maximum allowed: 32
[  413.627583][T11949] netlink: 172 bytes leftover after parsing attributes in process `syz.3.1565'.
[  413.636359][ T1736] usb 3-1: config 220 has 1 interface, different from the descriptor's value: 184
[  413.658464][ T1736] usb 3-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85
[  413.678423][ T1736] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  413.708351][T11946] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer.
[  413.711048][ T1736] gspca_main: sn9c2028-2.14.0 probing 0c45:8008
[  413.915408][ T1736] gspca_sn9c2028: read1 error -32
[  413.920925][ T5096] Bluetooth: Unexpected start frame (len 18)
[  414.190116][ T1736] gspca_sn9c2028: read1 error -71
[  414.212097][ T1736] sn9c2028 3-1:220.0: probe with driver sn9c2028 failed with error -71
[  414.267371][ T1736] usb 3-1: USB disconnect, device number 51
[  414.324756][T11959] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer.
[  414.660681][ T1736] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  414.877219][ T1736] usb 4-1: Using ep0 maxpacket: 32
[  414.898777][ T1736] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=49.6b
[  414.936812][ T1736] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  415.002419][ T1736] usb 4-1: config 0 descriptor??
[  415.067003][ T1736] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  415.295767][ T5179] usb 4-1: USB disconnect, device number 45
[  415.302137][ T1100] usb 4-1: Failed to submit usb control message: -71
[  415.311570][ T1100] usb 4-1: unable to send the bmi data to the device: -71
[  415.343654][ T1100] usb 4-1: unable to get target info from device
[  415.362757][ T1100] usb 4-1: could not get target info (-71)
[  415.382462][ T1100] usb 4-1: could not probe fw (-71)
[  415.745240][ T1736] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  415.976787][ T1736] usb 5-1: config 220 has too many interfaces: 184, using maximum allowed: 32
[  416.002724][ T1736] usb 5-1: config 220 has 1 interface, different from the descriptor's value: 184
[  416.038515][ T1736] usb 5-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85
[  416.057340][ T1736] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  416.082979][ T1736] gspca_main: sn9c2028-2.14.0 probing 0c45:8008
[  416.240796][T12002] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer.
[  416.283212][ T1736] gspca_sn9c2028: read1 error -32
[  416.599964][ T1736] gspca_sn9c2028: read1 error -71
[  416.624230][ T1736] sn9c2028 5-1:220.0: probe with driver sn9c2028 failed with error -71
[  416.661957][ T1736] usb 5-1: USB disconnect, device number 41
[  417.079947][T12023] FAULT_INJECTION: forcing a failure.
[  417.079947][T12023] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  417.117545][T12023] CPU: 0 PID: 12023 Comm: syz.3.1588 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  417.127773][T12023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  417.137858][T12023] Call Trace:
[  417.141166][T12023]  <TASK>
[  417.144128][T12023]  dump_stack_lvl+0x241/0x360
[  417.148841][T12023]  ? __pfx_dump_stack_lvl+0x10/0x10
[  417.154076][T12023]  ? __pfx__printk+0x10/0x10
[  417.156728][ T5102] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  417.158676][T12023]  ? __pfx_lock_release+0x10/0x10
[  417.158710][T12023]  should_fail_ex+0x3b0/0x4e0
[  417.158739][T12023]  _copy_to_iter+0x43a/0x1960
[  417.158766][T12023]  ? __virt_addr_valid+0x183/0x520
[  417.158801][T12023]  ? __pfx__copy_to_iter+0x10/0x10
[  417.158829][T12023]  ? __virt_addr_valid+0x183/0x520
[  417.158853][T12023]  ? __virt_addr_valid+0x183/0x520
[  417.158875][T12023]  ? __virt_addr_valid+0x44e/0x520
[  417.158901][T12023]  ? __check_object_size+0x49c/0x900
[  417.158932][T12023]  __skb_datagram_iter+0x110/0x8c0
[  417.158958][T12023]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  417.158992][T12023]  skb_copy_datagram_iter+0xd1/0x250
[  417.159021][T12023]  netlink_recvmsg+0x2d0/0x11d0
[  417.159055][T12023]  ? __pfx_netlink_recvmsg+0x10/0x10
[  417.159087][T12023]  ? __pfx_aa_sk_perm+0x10/0x10
[  417.159111][T12023]  ? __pfx___might_resched+0x10/0x10
[  417.159132][T12023]  ? aa_sock_msg_perm+0x91/0x160
[  417.159158][T12023]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[  417.159175][T12023]  ? security_socket_recvmsg+0x90/0xb0
[  417.159195][T12023]  ? __pfx_netlink_recvmsg+0x10/0x10
[  417.159221][T12023]  sock_recvmsg+0x22f/0x280
[  417.159248][T12023]  ____sys_recvmsg+0x1db/0x470
[  417.159277][T12023]  ? __pfx_____sys_recvmsg+0x10/0x10
[  417.159321][T12023]  __sys_recvmsg+0x2f0/0x3e0
[  417.159350][T12023]  ? __pfx___sys_recvmsg+0x10/0x10
[  417.159402][T12023]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  417.159423][T12023]  ? do_syscall_64+0x100/0x230
[  417.304750][T12023]  ? do_syscall_64+0xb6/0x230
[  417.309461][T12023]  do_syscall_64+0xf3/0x230
[  417.313993][T12023]  ? clear_bhb_loop+0x35/0x90
[  417.318780][T12023]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  417.324707][T12023] RIP: 0033:0x7f7d2e175bd9
[  417.329249][T12023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  417.348883][T12023] RSP: 002b:00007f7d2efb2048 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  417.357337][T12023] RAX: ffffffffffffffda RBX: 00007f7d2e303f60 RCX: 00007f7d2e175bd9
[  417.365339][T12023] RDX: 0000000000000000 RSI: 00000000200030c0 RDI: 0000000000000003
[  417.373344][T12023] RBP: 00007f7d2efb20a0 R08: 0000000000000000 R09: 0000000000000000
[  417.381355][T12023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  417.389350][T12023] R13: 000000000000000b R14: 00007f7d2e303f60 R15: 00007f7d2e42fa68
[  417.392935][ T5102] usb 2-1: too many configurations: 65, using maximum allowed: 8
[  417.397337][T12023]  </TASK>
[  417.429680][ T5102] usb 2-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[  417.441192][ T5102] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  417.492629][ T5102] usb 2-1: Found UVC 0.00 device <unnamed> (046d:08c1)
[  417.512164][T12030] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  417.517303][ T5102] usb 2-1: No valid video chain found.
[  417.583155][T12033] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  417.697973][ T5102] usb 2-1: USB disconnect, device number 39
[  417.721312][T12029] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer.
[  417.853400][ T5096] Bluetooth: Unexpected start frame (len 18)
[  417.902419][ T5179] IPVS: starting estimator thread 0...
[  417.954773][T12042] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer.
[  418.006718][T12044] IPVS: using max 22 ests per chain, 52800 per kthread
[  418.051028][ T5150] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  418.236724][ T5150] usb 4-1: Using ep0 maxpacket: 16
[  418.244719][ T5150] usb 4-1: config 0 has an invalid interface number: 107 but max is 0
[  418.254609][ T5150] usb 4-1: config 0 has no interface number 0
[  418.286666][ T5150] usb 4-1: config 0 interface 107 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7
[  418.324453][ T5150] usb 4-1: config 0 interface 107 altsetting 0 endpoint 0x88 has invalid maxpacket 25189, setting to 1024
[  418.346418][ T5150] usb 4-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60
[  418.360404][ T5150] usb 4-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3
[  418.393864][ T5150] usb 4-1: Product: syz
[  418.402721][ T5150] usb 4-1: Manufacturer: syz
[  418.406842][ T5179] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  418.421455][ T5150] usb 4-1: SerialNumber: syz
[  418.448698][ T5150] usb 4-1: config 0 descriptor??
[  418.471665][ T5150] keyspan 4-1:0.107: Keyspan 4 port adapter converter detected
[  418.493033][ T5150] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 81
[  418.522330][ T5150] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 1
[  418.549097][ T5150] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB0
[  418.573414][ T5150] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 2
[  418.598026][ T5179] usb 3-1: Using ep0 maxpacket: 32
[  418.610891][ T5150] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB1
[  418.626461][ T5179] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=49.6b
[  418.632270][ T5150] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 4
[  418.668496][ T5179] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  418.686209][ T5150] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB2
[  418.698702][ T5179] usb 3-1: config 0 descriptor??
[  418.720965][ T5150] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 6
[  418.761653][ T5150] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB3
[  418.801831][ T5179] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  418.806475][ T5150] usb 4-1: USB disconnect, device number 46
[  418.865687][ T5150] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0
[  418.940274][ T5150] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1
[  418.988917][  T784] usb 3-1: USB disconnect, device number 52
[  418.998580][ T1057] usb 3-1: Failed to submit usb control message: -71
[  419.015230][ T1057] usb 3-1: unable to send the bmi data to the device: -71
[  419.035667][ T5150] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2
[  419.036796][ T1057] usb 3-1: unable to get target info from device
[  419.065069][ T5150] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3
[  419.092711][ T1057] usb 3-1: could not get target info (-71)
[  419.093270][ T5150] keyspan 4-1:0.107: device disconnected
[  419.111504][ T1057] usb 3-1: could not probe fw (-71)
[  419.148352][T12066] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  419.413703][T12072] tipc: Started in network mode
[  419.439752][T12072] tipc: Node identity ac14142a, cluster identity 4711
[  419.479399][T12072] tipc: Enabled bearer <udp:s>, priority 10
[  419.769905][T12083] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  419.888321][T12082] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer.
[  420.159849][   T29] audit: type=1326 audit(1720374983.809:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12094 comm="syz.1.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b6175bd9 code=0x7ffc0000
[  420.182233][    C1] vkms_vblank_simulate: vblank timer overrun
[  420.201616][T12102] macvlan0: entered promiscuous mode
[  420.213099][T12103] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1615'.
[  420.224484][T12102] macvlan0: left promiscuous mode
[  420.274191][   T29] audit: type=1326 audit(1720374983.809:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12094 comm="syz.1.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b6175bd9 code=0x7ffc0000
[  420.349455][   T29] audit: type=1326 audit(1720374983.809:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12094 comm="syz.1.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f48b6175bd9 code=0x7ffc0000
[  420.407998][   T29] audit: type=1326 audit(1720374983.809:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12094 comm="syz.1.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b6175bd9 code=0x7ffc0000
[  420.451008][   T29] audit: type=1326 audit(1720374983.809:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12094 comm="syz.1.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b6175bd9 code=0x7ffc0000
[  420.480203][ T5148] tipc: Node number set to 2886997034
[  420.506048][   T29] audit: type=1326 audit(1720374983.809:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12094 comm="syz.1.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f48b6175bd9 code=0x7ffc0000
[  420.546683][ T5150] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  420.567662][   T29] audit: type=1326 audit(1720374983.809:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12094 comm="syz.1.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b6175bd9 code=0x7ffc0000
[  420.596531][   T29] audit: type=1326 audit(1720374983.809:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12094 comm="syz.1.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7f48b6175bd9 code=0x7ffc0000
[  420.632448][   T29] audit: type=1326 audit(1720374983.809:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12094 comm="syz.1.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b6175bd9 code=0x7ffc0000
[  420.681634][   T29] audit: type=1326 audit(1720374983.809:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12094 comm="syz.1.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=333 compat=0 ip=0x7f48b6175bd9 code=0x7ffc0000
[  420.890748][ T5096] Bluetooth: Unexpected start frame (len 18)
[  420.897658][ T5150] usb 2-1: Using ep0 maxpacket: 8
[  420.906179][ T5150] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  420.917298][ T5150] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[  420.932438][ T5150] usb 2-1: New USB device found, idVendor=044f, idProduct=a01c, bcdDevice=bb.13
[  420.942283][ T5150] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  420.950806][ T5150] usb 2-1: Product: syz
[  420.957616][ T5150] usb 2-1: Manufacturer: syz
[  420.962253][ T5150] usb 2-1: SerialNumber: syz
[  420.987578][ T5150] usb 2-1: config 0 descriptor??
[  421.105755][T12127] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  421.277557][ T5148] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[  421.340462][T12132] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer.
[  421.467867][ T5179] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  421.491582][ T5148] usb 1-1: config 220 has too many interfaces: 184, using maximum allowed: 32
[  421.506017][ T5148] usb 1-1: config 220 has 1 interface, different from the descriptor's value: 184
[  421.530559][ T5148] usb 1-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85
[  421.563464][ T5148] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  421.578047][ T5148] gspca_main: sn9c2028-2.14.0 probing 0c45:8008
[  421.656926][ T5179] usb 4-1: Using ep0 maxpacket: 32
[  421.671211][ T5179] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=49.6b
[  421.689444][ T5179] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  421.710481][ T5179] usb 4-1: config 0 descriptor??
[  421.728085][ T5179] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  421.790014][ T5148] gspca_sn9c2028: read1 error -32
[  422.024313][ T5148] gspca_sn9c2028: read1 error -71
[  422.049105][ T5148] sn9c2028 1-1:220.0: probe with driver sn9c2028 failed with error -71
[  422.094567][ T5148] usb 1-1: USB disconnect, device number 58
[  422.138796][ T5150] usb 4-1: USB disconnect, device number 47
[  422.138863][ T2909] usb 4-1: Failed to submit usb control message: -71
[  422.185660][ T2909] usb 4-1: unable to send the bmi data to the device: -71
[  422.205487][ T2909] usb 4-1: unable to get target info from device
[  422.234305][ T2909] usb 4-1: could not get target info (-71)
[  422.258806][ T2909] usb 4-1: could not probe fw (-71)
[  422.804074][T12153] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer.
[  423.140925][ T1736] usb 2-1: USB disconnect, device number 40
[  423.269516][T12162] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1632'.
[  423.447064][T12164] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer.
[  423.464724][    C1] vkms_vblank_simulate: vblank timer overrun
[  424.254956][T12189] netlink: 558 bytes leftover after parsing attributes in process `syz.2.1644'.
[  424.276800][ T5102] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  424.416204][T12190] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1644'.
[  424.469927][ T5102] usb 2-1: Using ep0 maxpacket: 32
[  424.485911][ T5102] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  424.498474][ T5179] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  424.524294][ T5102] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  424.537388][ T5102] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  424.547384][ T5102] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  424.562584][ T5102] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  424.583789][ T5102] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  424.601029][ T5102] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  424.616929][ T5102] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  424.626210][ T5102] usb 2-1: Product: syz
[  424.631956][ T5102] usb 2-1: Manufacturer: syz
[  424.637361][ T5102] usb 2-1: SerialNumber: syz
[  424.707178][ T5179] usb 4-1: Using ep0 maxpacket: 8
[  424.721865][ T5179] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  424.735056][ T5179] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  424.747700][ T5179] usb 4-1: New USB device found, idVendor=17ef, idProduct=60ee, bcdDevice= 0.91
[  424.758166][ T5179] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  424.773852][ T5179] usb 4-1: config 0 descriptor??
[  424.869912][ T5102] cdc_ncm 2-1:1.0: bind() failure
[  424.882305][T12196] macvlan0: entered promiscuous mode
[  424.893162][T12196] macvlan0: left promiscuous mode
[  424.908199][ T5102] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  424.942803][ T5102] cdc_ncm 2-1:1.1: bind() failure
[  424.966062][ T5102] usb 2-1: USB disconnect, device number 41
[  425.196918][ T5148] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[  425.248573][ T5179] lenovo 0003:17EF:60EE.0003: hidraw0: USB HID v0.00 Device [HID 17ef:60ee] on usb-dummy_hcd.3-1/input0
[  425.350098][T12206] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer.
[  425.407110][ T5148] usb 1-1: Using ep0 maxpacket: 8
[  425.414645][ T5148] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  425.425816][ T5148] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[  425.445336][ T5148] usb 1-1: New USB device found, idVendor=044f, idProduct=a01c, bcdDevice=bb.13
[  425.456995][ T5148] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  425.466685][ T5148] usb 1-1: Product: syz
[  425.470937][ T5148] usb 1-1: Manufacturer: syz
[  425.475938][T12188] netlink: 'syz.3.1645': attribute type 10 has an invalid length.
[  425.498916][ T5148] usb 1-1: SerialNumber: syz
[  425.512925][ T5148] usb 1-1: config 0 descriptor??
[  425.679155][ T5148] usb 4-1: USB disconnect, device number 48
[  425.779329][   T29] kauditd_printk_skb: 56 callbacks suppressed
[  425.779346][   T29] audit: type=1326 audit(1720374989.429:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12193 comm="syz.0.1646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f38e7175bd9 code=0x7ffc0000
[  425.866374][   T29] audit: type=1326 audit(1720374989.459:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12193 comm="syz.0.1646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38e7175bd9 code=0x7ffc0000
[  425.931702][   T29] audit: type=1326 audit(1720374989.469:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12193 comm="syz.0.1646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f38e7175bd9 code=0x7ffc0000
[  425.991110][   T29] audit: type=1326 audit(1720374989.469:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12193 comm="syz.0.1646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38e7175bd9 code=0x7ffc0000
[  426.053673][   T29] audit: type=1326 audit(1720374989.469:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12193 comm="syz.0.1646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38e7175bd9 code=0x7ffc0000
[  426.109614][   T29] audit: type=1326 audit(1720374989.509:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12193 comm="syz.0.1646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f38e7175bd9 code=0x7ffc0000
[  426.131870][    C1] vkms_vblank_simulate: vblank timer overrun
[  426.176479][   T29] audit: type=1326 audit(1720374989.509:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12193 comm="syz.0.1646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38e7175bd9 code=0x7ffc0000
[  426.198944][    C1] vkms_vblank_simulate: vblank timer overrun
[  426.215654][   T29] audit: type=1326 audit(1720374989.509:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12193 comm="syz.0.1646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38e7175bd9 code=0x7ffc0000
[  426.252386][   T29] audit: type=1326 audit(1720374989.579:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12193 comm="syz.0.1646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=33 compat=0 ip=0x7f38e7175bd9 code=0x7ffc0000
[  426.278370][   T29] audit: type=1326 audit(1720374989.579:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12193 comm="syz.0.1646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38e7175bd9 code=0x7ffc0000
[  426.300807][    C1] vkms_vblank_simulate: vblank timer overrun
[  426.714055][ T2909] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  426.829882][ T2909] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  426.896797][ T1736] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  426.962661][ T2909] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  427.048264][ T2909] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  427.101691][ T1736] usb 2-1: config 220 has too many interfaces: 184, using maximum allowed: 32
[  427.121265][ T1736] usb 2-1: config 220 has 1 interface, different from the descriptor's value: 184
[  427.135168][ T1736] usb 2-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85
[  427.160390][ T1736] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  427.209090][   T53] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  427.225890][   T53] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  427.235459][   T53] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  427.244322][   T53] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  427.252192][   T53] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  427.269575][   T53] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  427.274934][ T1736] gspca_main: sn9c2028-2.14.0 probing 0c45:8008
[  427.404633][ T2909] bridge_slave_1: left allmulticast mode
[  427.439151][ T2909] bridge_slave_1: left promiscuous mode
[  427.461656][ T2909] bridge0: port 2(bridge_slave_1) entered disabled state
[  427.489039][ T1736] gspca_sn9c2028: read1 error -32
[  427.503413][ T1736] gspca_sn9c2028: read1 error -32
[  427.510067][ T2909] bridge_slave_0: left allmulticast mode
[  427.521883][ T2909] bridge_slave_0: left promiscuous mode
[  427.545531][ T2909] bridge0: port 1(bridge_slave_0) entered disabled state
[  427.841311][ T1736] usb 1-1: USB disconnect, device number 59
[  428.273328][T12250] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer.
[  428.854464][ T2909] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  428.879340][ T2909] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  428.895169][ T2909] bond0 (unregistering): Released all slaves
[  429.377353][   T53] Bluetooth: hci3: command tx timeout
[  429.453604][ T2909] hsr_slave_0: left promiscuous mode
[  429.475580][ T2909] hsr_slave_1: left promiscuous mode
[  429.485985][ T2909] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  429.494449][ T2909] batman_adv: batadv0: Removing interface: batadv_slave_0
[  429.529537][ T2909] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  429.558333][  T784] usb 2-1: USB disconnect, device number 42
[  429.582606][ T2909] batman_adv: batadv0: Removing interface: batadv_slave_1
[  429.689205][ T2909] veth1_macvtap: left promiscuous mode
[  429.695056][ T2909] veth0_macvtap: left promiscuous mode
[  429.707709][ T2909] veth1_vlan: left promiscuous mode
[  429.714143][ T2909] veth0_vlan: left promiscuous mode
[  429.737817][T12291] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1667'.
[  430.018418][T12309] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  430.149967][  T784] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  430.361173][  T784] usb 2-1: too many configurations: 65, using maximum allowed: 8
[  430.371487][  T784] usb 2-1: config 0 has no interfaces?
[  430.379073][  T784] usb 2-1: config 0 has no interfaces?
[  430.385904][  T784] usb 2-1: config 0 has no interfaces?
[  430.393375][  T784] usb 2-1: config 0 has no interfaces?
[  430.401471][  T784] usb 2-1: config 0 has no interfaces?
[  430.408685][  T784] usb 2-1: config 0 has no interfaces?
[  430.415489][  T784] usb 2-1: config 0 has no interfaces?
[  430.422865][  T784] usb 2-1: config 0 has no interfaces?
[  430.428952][  T784] usb 2-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[  430.439121][  T784] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  430.450695][  T784] usb 2-1: config 0 descriptor??
[  430.466740][ T5148] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  430.507098][T11647] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  430.620165][ T2909] team0 (unregistering): Port device team_slave_1 removed
[  430.662786][ T2909] team0 (unregistering): Port device team_slave_0 removed
[  430.678597][ T5148] usb 3-1: Using ep0 maxpacket: 16
[  430.686287][ T5148] usb 3-1: config 0 has an invalid interface number: 107 but max is 0
[  430.695565][ T5148] usb 3-1: config 0 has no interface number 0
[  430.701892][ T5148] usb 3-1: config 0 interface 107 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7
[  430.713367][T11647] usb 5-1: Using ep0 maxpacket: 8
[  430.718913][ T5148] usb 3-1: config 0 interface 107 altsetting 0 endpoint 0x88 has invalid maxpacket 25189, setting to 1024
[  430.731761][T12321] FAULT_INJECTION: forcing a failure.
[  430.731761][T12321] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  430.749500][T12321] CPU: 0 PID: 12321 Comm: syz.1.1670 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  430.759705][T12321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  430.769882][T12321] Call Trace:
[  430.773503][T12321]  <TASK>
[  430.776422][T12321]  dump_stack_lvl+0x241/0x360
[  430.781100][T12321]  ? __pfx_dump_stack_lvl+0x10/0x10
[  430.786376][T12321]  ? __pfx__printk+0x10/0x10
[  430.790964][T12321]  ? __pfx_lock_release+0x10/0x10
[  430.795986][T12321]  should_fail_ex+0x3b0/0x4e0
[  430.800661][T12321]  _copy_from_user+0x2f/0xe0
[  430.805248][T12321]  input_event_from_user+0x1e2/0x4a0
[  430.810527][T12321]  ? __pfx_input_event_from_user+0x10/0x10
[  430.816322][T12321]  ? input_inject_event+0xd6/0x340
[  430.821425][T12321]  evdev_write+0x4f2/0x7c0
[  430.825847][T12321]  ? __pfx_evdev_write+0x10/0x10
[  430.830775][T12321]  ? bpf_lsm_file_permission+0x9/0x10
[  430.836136][T12321]  ? security_file_permission+0x7f/0xa0
[  430.841678][T12321]  ? rw_verify_area+0x1d2/0x6b0
[  430.846551][T12321]  ? __pfx_evdev_write+0x10/0x10
[  430.851493][T12321]  vfs_write+0x2a2/0xc90
[  430.855731][T12321]  ? __pfx_vfs_write+0x10/0x10
[  430.860489][T12321]  ? __fget_files+0x29/0x470
[  430.865073][T12321]  ? __fget_files+0x3f6/0x470
[  430.869737][T12321]  ? __fget_files+0x29/0x470
[  430.874336][T12321]  ksys_write+0x1a0/0x2c0
[  430.878690][T12321]  ? __pfx_ksys_write+0x10/0x10
[  430.883548][T12321]  ? do_syscall_64+0x100/0x230
[  430.888321][T12321]  ? do_syscall_64+0xb6/0x230
[  430.893023][T12321]  do_syscall_64+0xf3/0x230
[  430.897547][T12321]  ? clear_bhb_loop+0x35/0x90
[  430.902240][T12321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  430.908147][T12321] RIP: 0033:0x7f48b6175bd9
[  430.912578][T12321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  430.932443][T12321] RSP: 002b:00007f48b6e60048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  430.940872][T12321] RAX: ffffffffffffffda RBX: 00007f48b6304038 RCX: 00007f48b6175bd9
[  430.948874][T12321] RDX: 00000000000012d8 RSI: 0000000020000040 RDI: 0000000000000004
[  430.956868][T12321] RBP: 00007f48b6e600a0 R08: 0000000000000000 R09: 0000000000000000
[  430.964848][T12321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  430.972826][T12321] R13: 000000000000006e R14: 00007f48b6304038 R15: 00007f48b642fa68
[  430.980818][T12321]  </TASK>
[  430.984075][    C0] vkms_vblank_simulate: vblank timer overrun
[  430.993854][T11647] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  431.003809][T11647] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[  431.017067][T11647] usb 5-1: New USB device found, idVendor=044f, idProduct=a01c, bcdDevice=bb.13
[  431.026415][T11647] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  431.035180][ T5148] usb 3-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60
[  431.044311][ T5148] usb 3-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3
[  431.052753][T11647] usb 5-1: Product: syz
[  431.064667][T11647] usb 5-1: Manufacturer: syz
[  431.073222][ T5148] usb 3-1: Product: syz
[  431.078684][T11647] usb 5-1: SerialNumber: syz
[  431.083729][ T5148] usb 3-1: Manufacturer: syz
[  431.099183][T11647] usb 5-1: config 0 descriptor??
[  431.105468][ T5148] usb 3-1: SerialNumber: syz
[  431.121050][ T5148] usb 3-1: config 0 descriptor??
[  431.132067][ T5148] keyspan 3-1:0.107: Keyspan 4 port adapter converter detected
[  431.165406][ T5148] keyspan 3-1:0.107: found no endpoint descriptor for endpoint 81
[  431.180836][ T5148] keyspan 3-1:0.107: found no endpoint descriptor for endpoint 1
[  431.193638][ T5148] usb 3-1: Keyspan 4 port adapter converter now attached to ttyUSB0
[  431.208148][ T5148] keyspan 3-1:0.107: found no endpoint descriptor for endpoint 2
[  431.232480][ T5148] usb 3-1: Keyspan 4 port adapter converter now attached to ttyUSB1
[  431.250449][ T5148] keyspan 3-1:0.107: found no endpoint descriptor for endpoint 4
[  431.265155][ T5148] usb 3-1: Keyspan 4 port adapter converter now attached to ttyUSB2
[  431.283561][ T5148] keyspan 3-1:0.107: found no endpoint descriptor for endpoint 6
[  431.294953][ T5148] usb 3-1: Keyspan 4 port adapter converter now attached to ttyUSB3
[  431.466777][   T53] Bluetooth: hci3: command tx timeout
[  431.561569][   T45] usb 3-1: USB disconnect, device number 53
[  431.593129][   T45] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0
[  431.630576][   T45] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1
[  431.653679][   T45] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2
[  431.682594][   T45] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3
[  431.704404][   T45] keyspan 3-1:0.107: device disconnected
[  431.868903][T12315] macvlan0: entered promiscuous mode
[  431.875424][T12315] macvlan0: left promiscuous mode
[  431.937144][   T29] kauditd_printk_skb: 34 callbacks suppressed
[  431.937165][   T29] audit: type=1326 audit(1720374995.579:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12307 comm="syz.4.1673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87b8d75bd9 code=0x7ffc0000
[  431.965658][    C0] vkms_vblank_simulate: vblank timer overrun
[  432.012224][T12236] chnl_net:caif_netlink_parms(): no params data found
[  432.034620][   T29] audit: type=1326 audit(1720374995.579:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12307 comm="syz.4.1673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87b8d75bd9 code=0x7ffc0000
[  432.270126][T12236] bridge0: port 1(bridge_slave_0) entered blocking state
[  432.288157][T12236] bridge0: port 1(bridge_slave_0) entered disabled state
[  432.303179][T12236] bridge_slave_0: entered allmulticast mode
[  432.317788][T12236] bridge_slave_0: entered promiscuous mode
[  432.360588][T12236] bridge0: port 2(bridge_slave_1) entered blocking state
[  432.378921][T12236] bridge0: port 2(bridge_slave_1) entered disabled state
[  432.396173][T12236] bridge_slave_1: entered allmulticast mode
[  432.406487][T12236] bridge_slave_1: entered promiscuous mode
[  432.460350][ T2909] IPVS: stop unused estimator thread 0...
[  432.470345][T12236] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  432.490551][T12236] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  432.568485][T12236] team0: Port device team_slave_0 added
[  432.589502][T12236] team0: Port device team_slave_1 added
[  432.628176][T12236] batman_adv: batadv0: Adding interface: batadv_slave_0
[  432.646034][T12236] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  432.679852][ T1736] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[  432.689259][T12236] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  432.704601][T12236] batman_adv: batadv0: Adding interface: batadv_slave_1
[  432.711727][T12236] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  432.748474][T12236] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  432.782089][ T5148] usb 2-1: USB disconnect, device number 43
[  432.869039][ T1736] usb 3-1: config 220 has too many interfaces: 184, using maximum allowed: 32
[  432.884414][T12236] hsr_slave_0: entered promiscuous mode
[  432.890117][ T1736] usb 3-1: config 220 has 1 interface, different from the descriptor's value: 184
[  432.901600][T12236] hsr_slave_1: entered promiscuous mode
[  432.902076][ T1736] usb 3-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85
[  432.924744][ T1736] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  432.935072][T12355] netlink: 88 bytes leftover after parsing attributes in process `syz.1.1680'.
[  432.954350][ T1736] gspca_main: sn9c2028-2.14.0 probing 0c45:8008
[  433.165124][ T5179] usb 5-1: USB disconnect, device number 42
[  433.184473][ T1736] gspca_sn9c2028: read1 error -32
[  433.206475][ T1736] gspca_sn9c2028: read1 error -32
[  433.536985][   T53] Bluetooth: hci3: command tx timeout
[  434.056852][T12380] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  434.183159][T12236] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  434.242770][T12236] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  434.291854][T12236] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  434.338688][T12236] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  434.570753][T12236] 8021q: adding VLAN 0 to HW filter on device bond0
[  434.628783][T12236] 8021q: adding VLAN 0 to HW filter on device team0
[  434.651728][  T784] bridge0: port 1(bridge_slave_0) entered blocking state
[  434.658870][  T784] bridge0: port 1(bridge_slave_0) entered forwarding state
[  434.693835][T11647] bridge0: port 2(bridge_slave_1) entered blocking state
[  434.701033][T11647] bridge0: port 2(bridge_slave_1) entered forwarding state
[  434.834602][T12236] 8021q: adding VLAN 0 to HW filter on device batadv0
[  434.963920][T12236] veth0_vlan: entered promiscuous mode
[  435.001740][T12236] veth1_vlan: entered promiscuous mode
[  435.064642][T12236] veth0_macvtap: entered promiscuous mode
[  435.084545][T12236] veth1_macvtap: entered promiscuous mode
[  435.124711][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  435.156328][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  435.182831][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  435.246418][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  435.272595][   T45] usb 3-1: USB disconnect, device number 54
[  435.281900][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  435.326127][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  435.350745][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  435.364072][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  435.394935][T12236] batman_adv: batadv0: Interface activated: batadv_slave_0
[  435.455228][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  435.472876][T12417] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1695'.
[  435.486343][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  435.505604][   T29] audit: type=1326 audit(1720374999.149:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12416 comm="syz.2.1695" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc19e175bd9 code=0x0
[  435.511362][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  435.559820][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  435.600900][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  435.616931][   T53] Bluetooth: hci3: command tx timeout
[  435.624106][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  435.636438][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  435.654746][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  435.670027][T12236] batman_adv: batadv0: Interface activated: batadv_slave_1
[  435.688931][T12429] warning: `syz.1.1696' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  435.728702][T12236] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  435.755543][T12236] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  435.787031][T12236] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  435.816785][T12236] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  436.060824][ T1100] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  436.081662][ T1100] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  436.208616][   T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  436.228517][T12443] FAULT_INJECTION: forcing a failure.
[  436.228517][T12443] name failslab, interval 1, probability 0, space 0, times 0
[  436.230163][   T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  436.264348][T12443] CPU: 0 PID: 12443 Comm: syz.4.1700 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  436.274561][T12443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  436.284637][T12443] Call Trace:
[  436.287937][T12443]  <TASK>
[  436.290885][T12443]  dump_stack_lvl+0x241/0x360
[  436.295594][T12443]  ? __pfx_dump_stack_lvl+0x10/0x10
[  436.300826][T12443]  ? __pfx__printk+0x10/0x10
[  436.305454][T12443]  ? __pfx___might_resched+0x10/0x10
[  436.310772][T12443]  should_fail_ex+0x3b0/0x4e0
[  436.315481][T12443]  ? create_io_worker+0xbf/0x540
[  436.320449][T12443]  should_failslab+0x9/0x20
[  436.324980][T12443]  kmalloc_trace_noprof+0x6c/0x2c0
[  436.330122][T12443]  create_io_worker+0xbf/0x540
[  436.334918][T12443]  io_wq_enqueue+0x8a0/0xb00
[  436.339574][T12443]  ? __pfx_io_wq_enqueue+0x10/0x10
[  436.344685][T12443]  ? __pfx_io_wq_work_match_item+0x10/0x10
[  436.350489][T12443]  ? io_prep_async_work+0x48f/0x7c0
[  436.355684][T12443]  io_queue_iowq+0x352/0x560
[  436.360280][T12443]  io_queue_async+0x3f9/0x4e0
[  436.364953][T12443]  io_submit_sqes+0xe67/0x1bf0
[  436.369731][T12443]  __se_sys_io_uring_enter+0x2d4/0x2670
[  436.375270][T12443]  ? vfs_write+0x7c4/0xc90
[  436.379685][T12443]  ? __pfx_vfs_write+0x10/0x10
[  436.384447][T12443]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  436.390422][T12443]  ? __fget_files+0x3f6/0x470
[  436.395105][T12443]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  436.401080][T12443]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  436.407399][T12443]  ? do_syscall_64+0x100/0x230
[  436.412168][T12443]  ? __x64_sys_io_uring_enter+0x21/0xf0
[  436.417710][T12443]  do_syscall_64+0xf3/0x230
[  436.422215][T12443]  ? clear_bhb_loop+0x35/0x90
[  436.426885][T12443]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  436.432775][T12443] RIP: 0033:0x7f87b8d75bd9
[  436.437241][T12443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  436.456840][T12443] RSP: 002b:00007f87b9af6048 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  436.465250][T12443] RAX: ffffffffffffffda RBX: 00007f87b8f03f60 RCX: 00007f87b8d75bd9
[  436.473217][T12443] RDX: 0000000000000000 RSI: 00000000000047ba RDI: 0000000000000005
[  436.481179][T12443] RBP: 00007f87b9af60a0 R08: 0000000000000000 R09: 0000000000000000
[  436.489140][T12443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  436.497112][T12443] R13: 000000000000000b R14: 00007f87b8f03f60 R15: 00007f87b902fa68
[  436.505103][T12443]  </TASK>
[  436.547116][T11647] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  436.608620][   T53] Bluetooth: hci1: unexpected cc 0x0402 length: 65 > 1
[  436.617147][   T53] Bluetooth: hci1: unexpected event for opcode 0x0402
[  436.766685][T11647] usb 2-1: Using ep0 maxpacket: 32
[  436.773490][T11647] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  436.832069][T11647] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  436.886937][T11647] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  436.941037][T11647] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  436.985349][T11647] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  437.014551][T11647] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  437.057060][T11647] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  437.091967][T11647] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  437.121884][T11647] usb 2-1: Product: syz
[  437.139758][T11647] usb 2-1: Manufacturer: syz
[  437.166121][T11647] usb 2-1: SerialNumber: syz
[  437.430245][T11647] cdc_ncm 2-1:1.0: bind() failure
[  437.454864][T11647] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  437.502187][T11647] cdc_ncm 2-1:1.1: bind() failure
[  437.532819][T11647] usb 2-1: USB disconnect, device number 44
[  437.566803][  T784] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[  437.749109][  T784] usb 3-1: config 220 has too many interfaces: 184, using maximum allowed: 32
[  437.766464][  T784] usb 3-1: config 220 has 1 interface, different from the descriptor's value: 184
[  437.794203][  T784] usb 3-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85
[  437.846166][  T784] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  437.906731][  T784] gspca_main: sn9c2028-2.14.0 probing 0c45:8008
[  438.112911][  T784] gspca_sn9c2028: read1 error -32
[  438.129389][  T784] gspca_sn9c2028: read1 error -32
[  438.826773][T11647] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  439.048803][T11647] usb 2-1: config index 0 descriptor too short (expected 4114, got 18)
[  439.080774][T12529] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1717'.
[  439.099484][T11647] usb 2-1: New USB device found, idVendor=066b, idProduct=20f9, bcdDevice=ff.94
[  439.119370][T11647] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  439.160833][   T29] audit: type=1326 audit(1720375002.809:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12528 comm="syz.4.1717" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f87b8d75bd9 code=0x0
[  439.188372][T11647] usb 2-1: Product: syz
[  439.192578][T11647] usb 2-1: Manufacturer: syz
[  439.226596][T11647] usb 2-1: SerialNumber: syz
[  439.249408][T11647] usb 2-1: config 0 descriptor??
[  439.485981][T12519] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  439.514038][T12519] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  439.547243][   T29] audit: type=1326 audit(1720375003.189:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12518 comm="syz.1.1715" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f48b6175bd9 code=0x0
[  439.662739][T12554] input: syz0 as /devices/virtual/input/input11
[  439.866707][ T1736] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  440.077441][ T1736] usb 4-1: too many configurations: 65, using maximum allowed: 8
[  440.109310][ T1736] usb 4-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[  440.131049][ T1736] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  440.184111][ T1736] usb 4-1: Found UVC 0.00 device <unnamed> (046d:08c1)
[  440.216646][ T5179] usb 3-1: USB disconnect, device number 55
[  440.243326][ T1736] usb 4-1: No valid video chain found.
[  440.339056][ T1244] ieee802154 phy0 wpan0: encryption failed: -22
[  440.345466][ T1244] ieee802154 phy1 wpan1: encryption failed: -22
[  440.466229][ T5179] usb 4-1: USB disconnect, device number 49
[  440.634312][   T29] audit: type=1326 audit(1720375004.279:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12576 comm="syz.2.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19e175bd9 code=0x7ffc0000
[  440.669088][ T5096] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  440.677726][ T5096] Bluetooth: hci1: Injecting HCI hardware error event
[  440.686121][   T53] Bluetooth: hci1: hardware error 0x00
[  440.877178][   T29] audit: type=1326 audit(1720375004.279:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12576 comm="syz.2.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19e175bd9 code=0x7ffc0000
[  440.899541][    C1] vkms_vblank_simulate: vblank timer overrun
[  440.964492][T12581] macvlan0: entered promiscuous mode
[  440.996517][   T29] audit: type=1326 audit(1720375004.279:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12576 comm="syz.2.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7fc19e175bd9 code=0x7ffc0000
[  441.020492][T12581] macvlan0: left promiscuous mode
[  441.044376][   T29] audit: type=1326 audit(1720375004.279:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12576 comm="syz.2.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19e175bd9 code=0x7ffc0000
[  441.066771][    C1] vkms_vblank_simulate: vblank timer overrun
[  441.131900][   T29] audit: type=1326 audit(1720375004.309:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12576 comm="syz.2.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19e175bd9 code=0x7ffc0000
[  441.185932][   T29] audit: type=1326 audit(1720375004.309:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12576 comm="syz.2.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc19e175bd9 code=0x7ffc0000
[  441.233038][   T29] audit: type=1326 audit(1720375004.309:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12576 comm="syz.2.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19e175bd9 code=0x7ffc0000
[  441.257517][ T1736] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[  441.268995][   T29] audit: type=1326 audit(1720375004.309:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12576 comm="syz.2.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19e175bd9 code=0x7ffc0000
[  441.449776][ T1736] usb 3-1: Using ep0 maxpacket: 8
[  441.469617][ T1736] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  441.501499][ T1736] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[  441.519976][ T1736] usb 3-1: New USB device found, idVendor=044f, idProduct=a01c, bcdDevice=bb.13
[  441.534345][ T1736] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  441.586065][ T1736] usb 3-1: Product: syz
[  441.608431][ T1736] usb 3-1: Manufacturer: syz
[  441.634394][ T1736] usb 3-1: SerialNumber: syz
[  441.646060][ T1736] usb 3-1: config 0 descriptor??
[  441.659816][T11647] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  441.727317][T11647] asix 2-1:0.0: probe with driver asix failed with error -71
[  441.766054][T11647] usb 2-1: USB disconnect, device number 45
[  441.767913][T12595] netlink: 1068 bytes leftover after parsing attributes in process `syz.4.1727'.
[  442.216740][T11647] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  442.420824][T11647] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  442.458492][T11647] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  442.471081][T11647] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  442.481575][T11647] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  442.530005][T11647] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  442.545159][T11647] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  442.555155][T11647] usb 2-1: Manufacturer: syz
[  442.598681][T11647] usb 2-1: config 0 descriptor??
[  442.897000][   T53] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  443.051733][T11647] appleir 0003:05AC:8243.0004: unknown main item tag 0x0
[  443.099060][T11647] appleir 0003:05AC:8243.0004: No inputs registered, leaving
[  443.137059][ T5150] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  443.149664][T11647] appleir 0003:05AC:8243.0004: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[  443.346796][ T5150] usb 5-1: Using ep0 maxpacket: 8
[  443.366414][ T5150] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  443.399947][ T5150] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  443.433996][ T5150] usb 5-1: config 0 descriptor??
[  443.640627][T11647] usb 3-1: USB disconnect, device number 56
[  444.074454][ T5150] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  444.093841][ T5150] asix 5-1:0.0: probe with driver asix failed with error -32
[  445.100621][ T5102] usb 2-1: USB disconnect, device number 46
[  445.505817][T12665] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  445.988296][   T29] kauditd_printk_skb: 31 callbacks suppressed
[  445.988310][   T29] audit: type=1326 audit(1720375009.639:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc907d75bd9 code=0x7ffc0000
[  446.047426][   T29] audit: type=1326 audit(1720375009.669:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc907d75bd9 code=0x7ffc0000
[  446.072671][T12679] macvlan0: entered promiscuous mode
[  446.087774][T12679] macvlan0: left promiscuous mode
[  446.124716][   T29] audit: type=1326 audit(1720375009.669:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7fc907d75bd9 code=0x7ffc0000
[  446.178348][   T29] audit: type=1326 audit(1720375009.669:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc907d75bd9 code=0x7ffc0000
[  446.250324][ T5148] usb 5-1: USB disconnect, device number 43
[  446.280691][   T29] audit: type=1326 audit(1720375009.669:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc907d75bd9 code=0x7ffc0000
[  446.387534][ T5150] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  446.407001][   T29] audit: type=1326 audit(1720375009.669:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc907d75bd9 code=0x7ffc0000
[  446.518711][   T29] audit: type=1326 audit(1720375009.669:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc907d75bd9 code=0x7ffc0000
[  446.598818][   T29] audit: type=1326 audit(1720375009.669:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7fc907d75bd9 code=0x7ffc0000
[  446.600284][ T1100] bond0: (slave bond_slave_0): interface is now down
[  446.656710][ T5150] usb 4-1: Using ep0 maxpacket: 8
[  446.668790][ T5150] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  446.683768][   T29] audit: type=1326 audit(1720375009.669:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc907d75bd9 code=0x7ffc0000
[  446.687720][ T5150] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[  446.716649][ T1100] bond0: (slave bond_slave_1): interface is now down
[  446.768610][ T5150] usb 4-1: New USB device found, idVendor=044f, idProduct=a01c, bcdDevice=bb.13
[  446.772015][ T1100] bond0: now running without any active interface!
[  446.786645][ T5150] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  446.795920][   T29] audit: type=1326 audit(1720375009.669:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=333 compat=0 ip=0x7fc907d75bd9 code=0x7ffc0000
[  446.809277][ T5150] usb 4-1: Product: syz
[  446.836708][ T5150] usb 4-1: Manufacturer: syz
[  446.841370][ T5150] usb 4-1: SerialNumber: syz
[  446.891810][ T5150] usb 4-1: config 0 descriptor??
[  447.315426][T12697] input: syz0 as /devices/virtual/input/input12
[  447.363872][T12707] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1760'.
[  447.421751][T11647] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  447.621493][T11647] usb 5-1: too many configurations: 65, using maximum allowed: 8
[  447.645383][T11647] usb 5-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[  447.682818][T11647] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  447.697589][T11647] usb 5-1: Found UVC 0.00 device <unnamed> (046d:08c1)
[  447.705224][T11647] usb 5-1: No valid video chain found.
[  447.884053][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  447.901204][T11647] usb 5-1: USB disconnect, device number 44
[  448.070243][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  448.163487][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  448.203290][T12716] FAULT_INJECTION: forcing a failure.
[  448.203290][T12716] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  448.217045][T12716] CPU: 0 PID: 12716 Comm: syz.1.1766 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  448.227316][T12716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  448.237379][T12716] Call Trace:
[  448.240651][T12716]  <TASK>
[  448.243570][T12716]  dump_stack_lvl+0x241/0x360
[  448.248246][T12716]  ? __pfx_dump_stack_lvl+0x10/0x10
[  448.253463][T12716]  ? __pfx__printk+0x10/0x10
[  448.258046][T12716]  ? __pfx_lock_release+0x10/0x10
[  448.263061][T12716]  should_fail_ex+0x3b0/0x4e0
[  448.267741][T12716]  _copy_to_iter+0x1f6/0x1960
[  448.272417][T12716]  ? __virt_addr_valid+0x183/0x520
[  448.277518][T12716]  ? __pfx_lock_release+0x10/0x10
[  448.282533][T12716]  ? __pfx__copy_to_iter+0x10/0x10
[  448.287635][T12716]  ? __virt_addr_valid+0x183/0x520
[  448.293868][T12716]  ? __virt_addr_valid+0x183/0x520
[  448.298973][T12716]  ? __virt_addr_valid+0x44e/0x520
[  448.304079][T12716]  ? __check_object_size+0x49c/0x900
[  448.309366][T12716]  __skb_datagram_iter+0x110/0x8c0
[  448.314470][T12716]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  448.320138][T12716]  skb_copy_datagram_iter+0xd1/0x250
[  448.325423][T12716]  netlink_recvmsg+0x2d0/0x11d0
[  448.330292][T12716]  ? __pfx_netlink_recvmsg+0x10/0x10
[  448.335577][T12716]  ? __pfx_aa_sk_perm+0x10/0x10
[  448.340439][T12716]  ? __fget_files+0x29/0x470
[  448.345017][T12716]  ? aa_sock_msg_perm+0x91/0x160
[  448.349949][T12716]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[  448.355225][T12716]  ? security_socket_recvmsg+0x90/0xb0
[  448.360674][T12716]  ? __pfx_netlink_recvmsg+0x10/0x10
[  448.365999][T12716]  sock_recvmsg+0x22f/0x280
[  448.370499][T12716]  __sys_recvfrom+0x256/0x3e0
[  448.375169][T12716]  ? __pfx___sys_recvfrom+0x10/0x10
[  448.380369][T12716]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  448.386348][T12716]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  448.392760][T12716]  __x64_sys_recvfrom+0xde/0x100
[  448.397707][T12716]  do_syscall_64+0xf3/0x230
[  448.402211][T12716]  ? clear_bhb_loop+0x35/0x90
[  448.406868][T12716]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.412745][T12716] RIP: 0033:0x7f48b61778a4
[  448.417142][T12716] Code: 89 4c 24 1c e8 ed 5a 02 00 44 8b 54 24 1c 8b 3c 24 45 31 c9 89 c5 48 8b 54 24 10 48 8b 74 24 08 45 31 c0 b8 2d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 04 24 e8 39 5b 02 00 48 8b 04
[  448.436816][T12716] RSP: 002b:00007f48b6e7fe80 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
[  448.445210][T12716] RAX: ffffffffffffffda RBX: 00007f48b6e7ffb0 RCX: 00007f48b61778a4
[  448.453161][T12716] RDX: 0000000000001000 RSI: 00007f48b6e80000 RDI: 0000000000000005
[  448.461117][T12716] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  448.469107][T12716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  448.477056][T12716] R13: 00007f48b6e7ff18 R14: 00007f48b6e80000 R15: 0000000000000000
[  448.485046][T12716]  </TASK>
[  448.610662][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  448.891581][   T35] bridge_slave_1: left allmulticast mode
[  448.924978][   T35] bridge_slave_1: left promiscuous mode
[  448.933507][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  448.969701][   T35] bridge_slave_0: left allmulticast mode
[  448.972786][ T1736] usb 4-1: USB disconnect, device number 50
[  448.975463][   T35] bridge_slave_0: left promiscuous mode
[  448.975663][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  449.043426][T12727] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1771'.
[  449.075282][ T5096] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  449.096796][ T5096] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  449.106116][ T5096] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  449.115475][ T5096] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  449.124129][ T5096] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  449.131539][ T5096] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  449.446659][ T5179] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  449.512965][T12737] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer.
[  449.646896][ T5179] usb 5-1: Using ep0 maxpacket: 32
[  449.684720][ T5179] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  449.722000][ T5179] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  449.780820][ T5179] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  449.807503][ T5179] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  449.817736][ T5179] usb 5-1: Product: syz
[  449.826313][ T5179] usb 5-1: Manufacturer: syz
[  449.831560][ T5179] usb 5-1: SerialNumber: syz
[  450.075638][ T5179] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 45 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  450.094607][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  450.128825][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  450.159748][   T35] bond0 (unregistering): Released all slaves
[  450.646888][ T5148] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[  450.869774][   T35] hsr_slave_0: left promiscuous mode
[  450.876034][   T35] hsr_slave_1: left promiscuous mode
[  450.927209][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  450.962722][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  450.971501][ T5148] usb 3-1: too many configurations: 65, using maximum allowed: 8
[  451.000336][ T5148] usb 3-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[  451.010254][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  451.027903][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  451.035068][ T5148] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  451.092513][   T35] veth1_macvtap: left promiscuous mode
[  451.152445][   T35] veth0_macvtap: left promiscuous mode
[  451.168243][   T35] veth1_vlan: left promiscuous mode
[  451.181451][   T35] veth0_vlan: left promiscuous mode
[  451.217657][   T53] Bluetooth: hci4: command tx timeout
[  451.251236][ T5148] usb 3-1: Found UVC 0.00 device <unnamed> (046d:08c1)
[  451.333279][ T5148] usb 3-1: No valid video chain found.
[  451.407027][ T5148] usb 3-1: USB disconnect, device number 57
[  451.417641][T12770] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1781'.
[  451.736922][T12776] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  452.013288][   T29] kauditd_printk_skb: 29 callbacks suppressed
[  452.013306][   T29] audit: type=1326 audit(1720375015.659:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12778 comm="syz.2.1784" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc19e175bd9 code=0x0
[  452.179511][ T1736] usb 5-1: USB disconnect, device number 45
[  452.188304][ T1736] usblp0: removed
[  452.613109][   T35] team0 (unregistering): Port device team_slave_1 removed
[  452.683863][   T35] team0 (unregistering): Port device team_slave_0 removed
[  453.296887][   T53] Bluetooth: hci4: command tx timeout
[  453.395601][T12795] vcan0: tx drop: invalid sa for name 0x0000000000000100
[  453.404635][T12733] chnl_net:caif_netlink_parms(): no params data found
[  453.747604][T12733] bridge0: port 1(bridge_slave_0) entered blocking state
[  453.781926][   T35] IPVS: stop unused estimator thread 0...
[  453.806486][T12733] bridge0: port 1(bridge_slave_0) entered disabled state
[  453.844704][T12733] bridge_slave_0: entered allmulticast mode
[  453.875457][T12733] bridge_slave_0: entered promiscuous mode
[  453.913692][T12733] bridge0: port 2(bridge_slave_1) entered blocking state
[  453.925018][T12733] bridge0: port 2(bridge_slave_1) entered disabled state
[  453.935637][T12733] bridge_slave_1: entered allmulticast mode
[  453.943578][T12733] bridge_slave_1: entered promiscuous mode
[  453.962923][T12779] ------------[ cut here ]------------
[  453.963314][   T35] ------------[ cut here ]------------
[  453.968766][T12779] refcount_t: decrement hit 0; leaking memory.
[  453.974244][   T35] WARNING: CPU: 0 PID: 35 at net/ipv4/tcp_ipv4.c:3521 tcp_sk_exit_batch+0xc1/0x130
[  453.980709][T12779] WARNING: CPU: 1 PID: 12779 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0
[  453.990105][   T35] Modules linked in:
[  453.999402][T12779] Modules linked in:
[  453.999421][T12779] CPU: 1 PID: 12779 Comm: syz.1.1783 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  454.003280][   T35] 
[  454.003291][   T35] CPU: 0 PID: 35 Comm: kworker/u8:2 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  454.007185][T12779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  454.017426][   T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  454.019633][T12779] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0
[  454.029846][   T35] Workqueue: netns cleanup_net
[  454.039785][T12779] Code: b2 00 00 00 e8 d7 54 e7 fc 5b 5d c3 cc cc cc cc e8 cb 54 e7 fc c6 05 fe f1 e8 0a 01 90 48 c7 c7 20 98 1f 8c e8 97 82 a9 fc 90 <0f> 0b 90 90 eb d9 e8 ab 54 e7 fc c6 05 db f1 e8 0a 01 90 48 c7 c7
[  454.049861][   T35] 
[  454.056058][T12779] RSP: 0018:ffffc90009e57940 EFLAGS: 00010246
[  454.060821][   T35] RIP: 0010:tcp_sk_exit_batch+0xc1/0x130
[  454.080437][T12779] 
[  454.080447][T12779] RAX: 89caa86a261e0f00 RBX: ffff88805afd5c40 RCX: 0000000000040000
[  454.080464][T12779] RDX: ffffc9000fe51000 RSI: 000000000003ffff RDI: 0000000000040000
[  454.080477][T12779] RBP: 0000000000000004 R08: ffffffff81585822 R09: 1ffffffff25f4eb1
[  454.082782][   T35] Code: 01 00 00 00 89 ee e8 2e af a2 f7 83 fd 01 75 07 e8 e4 aa a2 f7 eb 16 31 ff 89 ee e8 19 af a2 f7 85 ed 7e 39 e8 d0 aa a2 f7 90 <0f> 0b 90 4c 89 ff e8 04 62 01 00 48 89 d8 48 c1 e8 03 42 80 3c 28
[  454.088848][T12779] R10: dffffc0000000000 R11: fffffbfff25f4eb2 R12: ffffc90001e83950
[  454.088867][T12779] R13: dffffc0000000000 R14: 1ffff1100245c864 R15: ffff8880122e42c0
[  454.094464][   T35] RSP: 0018:ffffc90000ab7a88 EFLAGS: 00010293
[  454.096805][T12779] FS:  00007f48b6e816c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
[  454.096828][T12779] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  454.104771][   T35] 
[  454.104781][   T35] RAX: ffffffff89f37ce0 RBX: ffff88805afd56e8 RCX: ffff88801becda00
[  454.112753][T12779] CR2: 00007f87b8efa098 CR3: 000000002cce0000 CR4: 00000000003506f0
[  454.120719][   T35] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
[  454.120737][   T35] RBP: 0000000000000002 R08: ffffffff89f37cd7 R09: 1ffff1100b5fab88
[  454.140342][T12779] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  454.140359][T12779] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  454.140373][T12779] Call Trace:
[  454.140384][T12779]  <TASK>
[  454.140394][T12779]  ? __warn+0x163/0x4e0
[  454.140421][T12779]  ? refcount_warn_saturate+0xfa/0x1d0
[  454.140447][T12779]  ? report_bug+0x2b3/0x500
[  454.140468][T12779]  ? refcount_warn_saturate+0xfa/0x1d0
[  454.140496][T12779]  ? handle_bug+0x3e/0x70
[  454.140523][T12779]  ? exc_invalid_op+0x1a/0x50
[  454.148499][   T35] R10: dffffc0000000000 R11: ffffed100b5fab89 R12: ffff88805afd5c40
[  454.148519][   T35] R13: dffffc0000000000 R14: ffffc90000ab7b20 R15: ffff88805afd5640
[  454.156463][T12779]  ? asm_exc_invalid_op+0x1a/0x20
[  454.162563][   T35] FS:  0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
[  454.171467][T12779]  ? __warn_printk+0x292/0x360
[  454.178159][   T35] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  454.180356][T12779]  ? refcount_warn_saturate+0xfa/0x1d0
[  454.188325][   T35] CR2: 00007f87b8f04030 CR3: 000000007b97e000 CR4: 00000000003506f0
[  454.196279][T12779]  inet_twsk_kill+0x74b/0x890
[  454.204256][   T35] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  454.204274][   T35] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  454.204289][   T35] Call Trace:
[  454.204300][   T35]  <TASK>
[  454.212280][T12779]  inet_twsk_deschedule_put+0x3f/0x1e0
[  454.212312][T12779]  ? inet_twsk_purge+0x133/0x980
[  454.212341][T12779]  inet_twsk_purge+0x7fa/0x980
[  454.220341][   T35]  ? __warn+0x163/0x4e0
[  454.228288][T12779]  ? inet_twsk_purge+0x133/0x980
[  454.228324][T12779]  ? __pfx_inet_twsk_purge+0x10/0x10
[  454.228356][T12779]  ? __pfx___might_resched+0x10/0x10
[  454.228377][T12779]  ? do_raw_spin_unlock+0x13c/0x8b0
[  454.228409][T12779]  tcp_twsk_purge+0xcb/0x140
[  454.228430][T12779]  ? __pfx_tcp_sk_exit_batch+0x10/0x10
[  454.231710][   T35]  ? tcp_sk_exit_batch+0xc1/0x130
[  454.234637][T12779]  tcp_sk_exit_batch+0x28/0x130
[  454.238804][   T35]  ? report_bug+0x2b3/0x500
[  454.244246][T12779]  ? __pfx_tcp_sk_exit_batch+0x10/0x10
[  454.248748][   T35]  ? tcp_sk_exit_batch+0xc1/0x130
[  454.254191][T12779]  setup_net+0xa3b/0xca0
[  454.258768][   T35]  ? handle_bug+0x3e/0x70
[  454.263176][T12779]  ? __pfx_down_read_killable+0x10/0x10
[  454.271174][   T35]  ? exc_invalid_op+0x1a/0x50
[  454.279146][T12779]  ? __pfx_setup_net+0x10/0x10
[  454.284136][   T35]  ? asm_exc_invalid_op+0x1a/0x20
[  454.293084][T12779]  copy_net_ns+0x4e2/0x7b0
[  454.297836][   T35]  ? tcp_sk_exit_batch+0xb7/0x130
[  454.304410][T12779]  create_new_namespaces+0x425/0x7b0
[  454.309946][   T35]  ? tcp_sk_exit_batch+0xc0/0x130
[  454.317939][T12779]  ? bpf_lsm_capable+0x9/0x10
[  454.317976][T12779]  unshare_nsproxy_namespaces+0x124/0x180
[  454.322628][   T35]  ? tcp_sk_exit_batch+0xc1/0x130
[  454.330615][T12779]  ksys_unshare+0x619/0xc10
[  454.330651][T12779]  ? __pfx_ksys_unshare+0x10/0x10
[  454.330672][T12779]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  454.330706][T12779]  ? do_syscall_64+0x100/0x230
[  454.330742][T12779]  __x64_sys_unshare+0x38/0x40
[  454.330767][T12779]  do_syscall_64+0xf3/0x230
[  454.338789][   T35]  ? tcp_sk_exit_batch+0xc0/0x130
[  454.342035][T12779]  ? clear_bhb_loop+0x35/0x90
[  454.344946][   T35]  ? __pfx_tcp_sk_exit_batch+0x10/0x10
[  454.350417][T12779]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.350447][T12779] RIP: 0033:0x7f48b6175bd9
[  454.355358][   T35]  cleanup_net+0x89d/0xcc0
[  454.360133][T12779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  454.364262][   T35]  ? __pfx_cleanup_net+0x10/0x10
[  454.369202][T12779] RSP: 002b:00007f48b6e81048 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  454.374510][   T35]  ? process_scheduled_works+0x945/0x1830
[  454.379787][T12779] RAX: ffffffffffffffda RBX: 00007f48b6303f60 RCX: 00007f48b6175bd9
[  454.379806][T12779] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006a040000
[  454.379820][T12779] RBP: 00007f48b61e4aa1 R08: 0000000000000000 R09: 0000000000000000
[  454.384990][   T35]  process_scheduled_works+0xa2c/0x1830
[  454.389580][T12779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  454.389596][T12779] R13: 000000000000000b R14: 00007f48b6303f60 R15: 00007f48b642fa68
[  454.395054][   T35]  ? __pfx_process_scheduled_works+0x10/0x10
[  454.400068][T12779]  </TASK>
[  454.404919][   T35]  ? assign_work+0x364/0x3d0
[  454.409423][T12779] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  454.409437][T12779] CPU: 1 PID: 12779 Comm: syz.1.1783 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  454.409456][T12779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  454.409469][T12779] Call Trace:
[  454.409480][T12779]  <TASK>
[  454.409488][T12779]  dump_stack_lvl+0x241/0x360
[  454.409518][T12779]  ? __pfx_dump_stack_lvl+0x10/0x10
[  454.409542][T12779]  ? __pfx__printk+0x10/0x10
[  454.409573][T12779]  ? vscnprintf+0x5d/0x90
[  454.409594][T12779]  panic+0x349/0x860
[  454.409618][T12779]  ? __warn+0x172/0x4e0
[  454.409641][T12779]  ? __pfx_panic+0x10/0x10
[  454.409686][T12779]  __warn+0x346/0x4e0
[  454.409709][T12779]  ? refcount_warn_saturate+0xfa/0x1d0
[  454.409733][T12779]  report_bug+0x2b3/0x500
[  454.409754][T12779]  ? refcount_warn_saturate+0xfa/0x1d0
[  454.409778][T12779]  handle_bug+0x3e/0x70
[  454.409802][T12779]  exc_invalid_op+0x1a/0x50
[  454.409827][T12779]  asm_exc_invalid_op+0x1a/0x20
[  454.409853][T12779] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0
[  454.409874][T12779] Code: b2 00 00 00 e8 d7 54 e7 fc 5b 5d c3 cc cc cc cc e8 cb 54 e7 fc c6 05 fe f1 e8 0a 01 90 48 c7 c7 20 98 1f 8c e8 97 82 a9 fc 90 <0f> 0b 90 90 eb d9 e8 ab 54 e7 fc c6 05 db f1 e8 0a 01 90 48 c7 c7
[  454.409889][T12779] RSP: 0018:ffffc90009e57940 EFLAGS: 00010246
[  454.409907][T12779] RAX: 89caa86a261e0f00 RBX: ffff88805afd5c40 RCX: 0000000000040000
[  454.409922][T12779] RDX: ffffc9000fe51000 RSI: 000000000003ffff RDI: 0000000000040000
[  454.409936][T12779] RBP: 0000000000000004 R08: ffffffff81585822 R09: 1ffffffff25f4eb1
[  454.409950][T12779] R10: dffffc0000000000 R11: fffffbfff25f4eb2 R12: ffffc90001e83950
[  454.409964][T12779] R13: dffffc0000000000 R14: 1ffff1100245c864 R15: ffff8880122e42c0
[  454.409988][T12779]  ? __warn_printk+0x292/0x360
[  454.410020][T12779]  inet_twsk_kill+0x74b/0x890
[  454.410054][T12779]  inet_twsk_deschedule_put+0x3f/0x1e0
[  454.410078][T12779]  ? inet_twsk_purge+0x133/0x980
[  454.410106][T12779]  inet_twsk_purge+0x7fa/0x980
[  454.410130][T12779]  ? inet_twsk_purge+0x133/0x980
[  454.410162][T12779]  ? __pfx_inet_twsk_purge+0x10/0x10
[  454.410190][T12779]  ? __pfx___might_resched+0x10/0x10
[  454.410212][T12779]  ? do_raw_spin_unlock+0x13c/0x8b0
[  454.410241][T12779]  tcp_twsk_purge+0xcb/0x140
[  454.410259][T12779]  ? __pfx_tcp_sk_exit_batch+0x10/0x10
[  454.410287][T12779]  tcp_sk_exit_batch+0x28/0x130
[  454.410311][T12779]  ? __pfx_tcp_sk_exit_batch+0x10/0x10
[  454.410339][T12779]  setup_net+0xa3b/0xca0
[  454.410357][T12779]  ? __pfx_down_read_killable+0x10/0x10
[  454.410384][T12779]  ? __pfx_setup_net+0x10/0x10
[  454.410420][T12779]  copy_net_ns+0x4e2/0x7b0
[  454.410451][T12779]  create_new_namespaces+0x425/0x7b0
[  454.410481][T12779]  ? bpf_lsm_capable+0x9/0x10
[  454.410512][T12779]  unshare_nsproxy_namespaces+0x124/0x180
[  454.410534][T12779]  ksys_unshare+0x619/0xc10
[  454.410565][T12779]  ? __pfx_ksys_unshare+0x10/0x10
[  454.410585][T12779]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  454.410611][T12779]  ? do_syscall_64+0x100/0x230
[  454.410641][T12779]  __x64_sys_unshare+0x38/0x40
[  454.410663][T12779]  do_syscall_64+0xf3/0x230
[  454.410691][T12779]  ? clear_bhb_loop+0x35/0x90
[  454.410711][T12779]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.410735][T12779] RIP: 0033:0x7f48b6175bd9
[  454.410752][T12779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  454.410768][T12779] RSP: 002b:00007f48b6e81048 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  454.410787][T12779] RAX: ffffffffffffffda RBX: 00007f48b6303f60 RCX: 00007f48b6175bd9
[  454.410802][T12779] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006a040000
[  454.410815][T12779] RBP: 00007f48b61e4aa1 R08: 0000000000000000 R09: 0000000000000000
[  454.410828][T12779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  454.410840][T12779] R13: 000000000000000b R14: 00007f48b6303f60 R15: 00007f48b642fa68
[  454.410867][T12779]  </TASK>
[  454.415052][T12779] Kernel Offset: disabled