last executing test programs:

26.323060618s ago: executing program 2 (id=2325):
r0 = socket$inet6(0xa, 0x80803, 0x86)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@private1, @in, 0x4e21, 0xfffd, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@private2, 0x0, 0x32}, 0x0, @in=@multicast1}}, 0xe8)
syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="04230d00c90001", @ANYRESHEX], 0x10)
socket$can_raw(0x1d, 0x3, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="240000002a00000000000400002c10001a800c0004000000030000000000"], 0x24}, 0x1, 0x3000000}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="640000000001ff0100000000141a0000020000002400000000000180080001000108b9dc0d0022e324554395a45a028005000100000000002400028014000180080001000000000008000200ac1e00010c080288050001000000000008000740000000017506609f5ac3a21e7fe7c50bf02962880ea730721467047d1bacf65e69b23114589608eeb0abc32e3e922fa5b36d81a591f8e2a099844b8db8a042b513d74fc188ffcb737e111c6d7e77ede9ae52e7b30e698b1f2e00c796dc2c57afc4264da855a99e708d466aca9f4594bcecdadd91dde753e2b8042212f0e13443c03e96196cb8825424b4a7eea9eeb60e51743b2eff1020ca5039efdf48df907b87205398046852e5c24ccce9"], 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)={0x38, 0x0, 0x1, 0x201, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)={{0x14}, [@NFT_MSG_NEWSET={0xc0, 0x9, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x3}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_EXPRESSIONS={0x70, 0x12, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @dup={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_DUP_SREG_DEV={0x8}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0x2}]}}}, {0x10, 0x1, 0x0, 0x1, @reject={{0xb}, @void}}, {0x3c, 0x1, 0x0, 0x1, @log={{0x8}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_LOG_QTHRESHOLD={0x6, 0x4, 0x1, 0x0, 0xb0}, @NFTA_LOG_PREFIX={0x9, 0x2, 0x1, 0x0, 'syz0\x00'}, @NFTA_LOG_GROUP={0x6, 0x1, 0x1, 0x0, 0x8000}, @NFTA_LOG_GROUP={0x6, 0x1, 0x1, 0x0, 0x4}, @NFTA_LOG_LEVEL={0x8, 0x5, 0x1, 0x0, 0x3}]}}}]}, @NFTA_SET_EXPR={0x10, 0x11, 0x0, 0x1, @masq={{0x9}, @void}}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x205, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x38, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_EXPRESSIONS={0x10, 0x4, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @dup_ipv6={{0x8}, @void}}]}, @NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x14c}}, 0x0)
preadv(r3, &(0x7f0000000180)=[{&(0x7f0000001a80)=""/102400, 0x19000}, {0x0}], 0x2, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, 0x0, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x6, &(0x7f0000000280)=0x98e1)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
r6 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f0000000cc0)={0x1, @pix={0x0, 0x0, 0x20323159}})
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[], 0x7c}}, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r7 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280140010", @ANYRES8=0x0, @ANYBLOB="f5"], 0x48}}, 0x0)
sendmmsg$alg(r7, &(0x7f00000000c0), 0x492492492492627, 0x0)

25.189112949s ago: executing program 2 (id=2329):
openat$kvm(0xffffffffffffff9c, 0x0, 0x773100, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB], 0x114}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
sendfile(r1, r0, 0x0, 0x80009)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4)
setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, 0x0, 0x30c)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0xfffffd9d)
sendfile(r2, 0xffffffffffffffff, 0x0, 0x8000002b)

7.898748173s ago: executing program 1 (id=2365):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
r2 = dup(0xffffffffffffffff)
socket$rxrpc(0x21, 0x2, 0xa)
sendto$rxrpc(0xffffffffffffffff, 0x0, 0x0, 0x4000, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r3 = socket$inet6(0xa, 0x0, 0x0)
listen(r3, 0x0)
r4 = socket$inet_dccp(0x2, 0x6, 0x0)
r5 = syz_open_dev$cec(&(0x7f0000000400), 0x0, 0x2)
poll(&(0x7f00000005c0)=[{r5, 0x480}], 0x1, 0x7f)
r6 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
inotify_init()
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x0, 0x0, 0x8}, 0x48)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0cc5605, &(0x7f00000004c0)={0x1, @win={{0x0, 0x607, 0x53468444, 0x2}, 0x8, 0x0, &(0x7f0000000240)={{0x73f92634, 0x1, 0x5, 0x26}, &(0x7f0000000100)={{0x7, 0x1, 0x4, 0x8}, &(0x7f00000000c0)={{0xfffffffc, 0xbf48, 0x700, 0x4}}}}, 0x1, &(0x7f0000000380)="ca73eb6baf8f1af30daf8e7112fba6821766be660b4167b53a3926091c673a7654c11b32799fa197e1e4a7e82a42725c9665c4cbd3cd3af79d05cd5698ce60d258f41cd5850daf265bee2bb8f8", 0x9}})
ioctl$FS_IOC_GETFLAGS(r6, 0x40086607, &(0x7f0000001140))
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRESOCT=r4], 0x7)

7.321860069s ago: executing program 1 (id=2366):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x83, &(0x7f00000000c0), 0x8)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000080)={0x44, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000480)={0x2c, &(0x7f0000000580)=ANY=[@ANYBLOB=' \f@'], 0x0, 0x0, 0x0, 0x0})

5.966986818s ago: executing program 4 (id=2370):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CAP_HYPERV_SYNIC2(r2, 0x400448c9, &(0x7f0000000140))

5.189895241s ago: executing program 2 (id=2330):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = accept4(r0, &(0x7f00000000c0)=@in={0x2, 0x0, @loopback}, &(0x7f0000000000)=0x80, 0x80000)
sendmsg$nl_route(r1, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="b80000002100000228bd7000fddbdf25e90f1467060000070800000014000100fc00000000000000000000000000000814000100fe8000000000000000000000000000bb14000200fc01000000000000000000000000000114000200ff020000000000000000000000000001080010000004000014000100fe8000000000000000000000000000aa08000f00e30d00001400010000000000000000000000000000000001140011007465616d5f736c6176655f3100000000"], 0xb8}, 0x1, 0x0, 0x0, 0x40040}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x2e, &(0x7f0000000940)=ANY=[@ANYBLOB="aaaaaaaaaa20000000000011907800000000000000008903aaecb876049221bc3e1b71b93c3e411dc763c4e67a5284e9cbf8a446e16b0f5432a8d099676daf2ab93d0abff393fb50c5e6fd90eb6aeabb676c48f8fe001082bf0b901373b5ae0543858b14e27d18b5f70ae4dd2d698bb00e367c52f6316db2ea379486fde0cb1f3dbcdaabdb9ce4f7c359dc0546fccaa71bb539cf1cea655bd1674a06e208717686819c2bd57d4913b074c378dcc177a3579ca8a9bbc156589e1e0a63707587e4a9c4da4d80b4fecc37fa"], 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0xfffc, @remote}], 0x10)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000240)='highspeed\x00', 0xa)
syz_80211_inject_frame(&(0x7f0000000280)=@device_b, &(0x7f0000000580)=@data_frame={@a_msdu=@type11={{0x0, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1}, {0x3}, @device_a, @device_a, @initial, {0x3, 0x6}, @broadcast}, @a_msdu=[{@device_a, @device_b, 0x39, "3300629efba888e074692aedd7fb01e1be452f54c111a09c5dd1301f3a2932ccd35814f4035d8fb4c0cbf6c99576dfbc327572070ae362a101"}, {@device_a, @broadcast}, {@broadcast, @device_a, 0xa1, "545364cde8e6a73b634db4f49f7c83431713c915add9c3f7ba07fa887e6fba1de096ed8a631a63e7e5f87d8f34a93307bb99cf3f58d7d74e838ca8860667683b5709057f8000328f1aad1dbee2aefe2a9bea250bc4aab9af198a498eba39b3d8c19ffc98a35085d40177c35e7d96cb5ae94f53b647a1d70f283e22440190604cc360b91bdd4059824b960b027507ecb47976b064b04be62a960d8b6606d6ab1a62"}, {@broadcast, @device_b, 0x44, "ce1d63978b214ebcde625172b11545345b5f64382e31aac84d1eae70834f3965ebf11bda071eb5ac3ba525acd460a8c2b59d72fbafa69e50345a0d0ab1b9324c4b53f58a"}]}, 0x17a)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000800)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r6, @ANYBLOB="0a003400020206000802110000000000080026006c090000000000000000000074168d730f0e00c4e519f0417526f364dd9ec23c07d76f515d92185bc5411d883efda946c103b2937b01357e1e11e3f9a6ddd8f55471c94ff7597b16cac36c0099073601c398bd5ec622d949b7e803c30000000000000000ec10abdefa651b8ca4dc1ef62350dbbf5d31cd3fab7504e980dc909cca2576ea8db0b821b536ecc036c4dae47cc46c14a17499afae8f76feab62e0b6436bc9ac05682de02902fa27cb1e31c7889092390b2052403813b233f7928c4eed164036c865da1833b7f1d70fa0fcae0674a9b37bd0241d31d1f0ba659cc5ff6947"], 0x3c}}, 0x0)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$EBT_SO_SET_ENTRIES(r7, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x00', 0x19, 0x2, 0x1a6, [], 0x0, 0x0, &(0x7f0000000200)=[{}, {0x0, '\x00', 0x0, 0x0, 0x1, [{0x0, 0x0, 0x0, 'netpci0\x00', 'veth0_to_batadv\x00', 'batadv_slave_1\x00', 'geneve0\x00', @link_local, [], @dev, [], 0xde, 0xde, 0x116, [@physdev={{'physdev\x00', 0x0, 0x48}, {{'ipvlan0\x00', {}, 'pimreg0\x00'}}}], [], @snat={'snat\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2}]}, 0x1e6)
r8 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r8, 0xc004743e, &(0x7f0000000580))
ioctl$PPPIOCSPASS(r8, 0x5421, &(0x7f0000000080)={0x0, 0x0})
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f00000007c0)=ANY=[@ANYBLOB="383d20000802110000010802110000000802070000000000"], 0x18)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=ANY=[@ANYBLOB="100000000802110000010802110000000802110000002000000000000000002082848b960c121824"], 0x28)
socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$igmp(0x2, 0x3, 0x2)
sendto$inet(r9, &(0x7f0000000300)="e229fc04553d512e813124f99b80d5326782df004e2e54705982f0cb77cbbd52fceda2a7fedf3595e4ab7737f1e7fde3c3892bf4f107e2131e94fd9810ed68f7c9c22efc8c8cfa17fe00336361fee07d9d50c4c13b5e5bfba541a8d0ce278affdcd0625e649d17829a2d5a63131de996e92909871f6b01ec1b1a04375b96e2ce5b9100f6ff0000000000000000000000000087941817a3496c400d95b24a55f53551c1699ec7868f36f10fa2c68a03592e3c4a48f8a21715120bf6f4126e3747d1359e39cf6e095718ef36e2f61dbad20f8b3d4ee9cf4b55a1487835021d520ab85ef59b60580b4ed75e727bd76f47ab6bb2e631e1a1a45ab2d0db275cc3633f12aa7ce126c318616bb54f9bae2e2311daad7b254448e552bda71cdc3aa6fe18537822d6fc30114d83bfd5d6aa027f0a146206ceead6d5b347619419d5881ee325672b7476afcdfade51b9ae568b40c2fc91a52d29c7e5e596610cb36edc8116000dd8a93a9551f7d7d2d62a56939938a171c1ed960f59a6e013e557fad71b3b8986d14dbaf649f5340f75ffa296eec9d8b788623901aca301c07124efee955f1a7cde6c8931b13b3eb3ec", 0xffffff6d, 0x4048041, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)

5.042978951s ago: executing program 4 (id=2372):
socket$kcm(0x10, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
syz_open_dev$vbi(0x0, 0x3, 0x2)
r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r0, 0x80dc5521, &(0x7f0000003600)=""/120)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_AUTHENTICATE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000007c0)={0x68, r2, 0x11, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @key_params=[@NL80211_ATTR_KEY_IDX={0x5}], @NL80211_ATTR_AUTH_TYPE={0x8}, @key_params=[@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY_TYPE={0x8}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "8f4a637c378cc749c208b1f784"}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random}]]}, 0x68}}, 0x0)
socket$inet(0x2, 0x1, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000002040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
listen(r4, 0xfffffffd)
ioctl$FIOCLEX(r5, 0x5451)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000023c0)='net/tcp\x00')
read$FUSE(r6, &(0x7f0000000000)={0x2020}, 0xf8)
read$FUSE(r6, &(0x7f0000002400)={0x2020}, 0x2020)

4.205983496s ago: executing program 1 (id=2377):
socket$l2tp(0x2, 0x2, 0x73)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_audit(0x10, 0x3, 0x9)
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x0)
fcntl$dupfd(r0, 0x0, r0)
syz_open_procfs(0x0, &(0x7f0000001180)='fd\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r1 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{0xc, 0x110, 0xa}], 0xc}, 0x0)
syz_open_dev$dri(&(0x7f00000000c0), 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$packet(0x11, 0x3, 0x300)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io(r2, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0)
pipe(&(0x7f0000000100))
r3 = socket(0x1, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, &(0x7f0000000100)=@framed={{}, [@ldst={0x4, 0x3, 0x1, 0x0, 0xa}]}, &(0x7f0000000040)='GPL\x00'}, 0x90)
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="7fbc000000000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r4, @ANYBLOB="08000a00cc"], 0x44}}, 0x0)

3.835044137s ago: executing program 3 (id=2380):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(0xffffffffffffffff, &(0x7f0000000140)={0x15, 0x110, 0xfa00, {0xffffffffffffffff, 0x0, 0x30, 0x30, 0x0, @in6={0x1b, 0x0, 0x0, @loopback}, @in={0x2, 0x0, @loopback}}}, 0x118)
r1 = syz_io_uring_setup(0x16d2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB='/'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r1, 0x2d7e, 0x0, 0x0, 0x0, 0x0)
r5 = openat$ubi_ctrl(0xffffff9c, &(0x7f0000000080), 0x400, 0x0)
setsockopt$inet_dccp_int(r5, 0x21, 0xa, &(0x7f00000000c0)=0x1, 0x4)
bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
writev(r0, &(0x7f0000000280)=[{&(0x7f0000000200)="67a818beb2c030ce59945b", 0xb}, {&(0x7f00000002c0)="f4afc7c4b6802b8658dccf64734759521d789b5e2fb90d1b34dcca64c9c2535a90f4cb5f4e2dcbacd258b8ee70897480b0602c8bbca2ae4fec8e36b11fc5345182971bc367a4c041c900a7675f9ff44fb0ebc5865b6cea867a0fb3cb0eac64a4f6129c0bfc3a21a0e3812d2c996681c0b37f01000000547cebe75df441c7a58dea602de316d682dcd578ce2bb98cf21e96813fa139a0ece7403c90e6cdb9dd7e152e36235cc569742dddd79d0679d3276107c3362f44cb7ca738bfe16f6b7e86629453c846a3847394c308031f598e86f5888800f85f7f18370378124daff08b2a32ddb6c6a7e82502d3d4cd21827b7b73dd012e9ae10512d616993726e3d25de4aae2da8339f43c32da7b4f7945d4d19b4956634dff1c933bbdc7712547c4d0b282ded48347623faf0cc9d760a10ab49df2df4e004d25cd2e79091e01456e9d60aa946ccea7a3b8a43dbe8de477364acffd3ee73280bcc16103c7410d78e76ccf6a0e7a5c92e6149f1d69a8", 0x16c}, {0x0}], 0x3)
syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x109400)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000040)=0x2000000, 0x4)
r6 = socket$rds(0x15, 0x5, 0x0)
dup(r6)
r7 = getpgid(0xffffffffffffffff)
fcntl$setown(r6, 0x8, r7)

3.83070176s ago: executing program 2 (id=2381):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r2 = syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000002180)='./file0\x00', 0x0, &(0x7f0000008380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000004340)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_LSEEK(r1, &(0x7f00000021c0)={0x18, 0x0, r3, {0x7}}, 0x18)
read$FUSE(r1, &(0x7f0000002240)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_IOCTL(r1, &(0x7f0000002140)={0x20, 0x0, r4}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002840)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000000001000480000000000e1ff95000000000000002ba7e1d30cb599e83f040000f300000000bd01212fb56f040026fbfefc41056bd8174b79ed317142fa9ea4158123751c5c652fbc1626cca2a2ad75806150ae0209e62f51ee988e6e06c8206ac6939fc404004900c788b277be1cb79b0a4dcf23d410f6accd3641110bec4e90a634199e07f8f6eb968f200e011ea665c45a34b8580218ce740068720000074e8b1715807ea0ca469e468eea3fd2f73902ebcfcf49822775985bf313405b367e81c700000040000000000200000000005335000000143ea70c2ab40c7cb70cc8943a6d60d7c4900282e147d08e0af4b29df814f5691db43a5c00000004000000000089faff01210cce39bf405f1e846c12423a164a330100846f26ad03dd65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d6155102b1ced1e8019e63c850af895abba14f6fbd7fb5e2a431ab914040000000000010092c9f4609646b6c5c29647d2f950a959cf9938d6dfcb8ed2cbdc2ba9d580609e31c3fa90812a533ce206e7e57a79d6fce424c2204dd418c005479ecab19bdfb15a32a4fd67ce446adb431d07db79240acaf091231b986e77d05d988d6efdffdf48dca02113a38300cabf2b7543ffc166955709009e000000000061629d1822f720ec23812770d72c700a44e113d17088fdd00600000f7889b8c7044f56ff0300016842d7c31cb7fc6d09f0b35bb2248600000000006cd4970400cac6f45a6922ded2e29514af463f747c08f4010586903500000000000000000000be34cf0f9d640dd782ac0cbc46903243d0d0f4bc7f253d0500000032daaf281c450e64c33aac8f23e7d1c94c4505a9839688b008c370494f6734b771546d9552d3bb2da0d000000000000000009125c97f0400f5e1671bc5eb7739daa7820a91cb0e732df2ae0000c747e00a4fbfe8942fa859cd28bdaa1509309926c77fbcb15ec58b42b400005a6b649dd5f13cd776e6c7c4b5c4b0de20e033b378553ead4c8cc530b62c36364e6505992209bdbc6203da7a3797246a6adef071102f0aa2c40095ddd05176f5cb8bd99e1ba0f9568f3e3876bba7bf973334e7919a080000000000000004fb996ad919f7e9672ce107000000ad882f2aead166c94500be902ee7dabc768eb9ec13f334aae90981ecaf5f744f22f2e45afe2c9e8632276cffe5f1fc215c0797d0244cf1ce269d10525745caaa3f77d1b80116cb9a38400242010000000100000091a0116f4693133138583da5e10b434697b0443b7b4ddfb3ace29e16e5a881336aad0974269a1025e2a9a135c0508af1aec2926627b43bba1229a7466bdca64f514b7911458da09fe8681916d408d753226a83ae2434ccd3fc508216aea86833030f569d61dc998620fcf4eeb92e7bc511df63c53b82514493b8f3c74f44ba184d40e87612024da1a1ebe316923865f037c01d71b5de81121046d84b18acb5cbea7eecad9b6dd46ed83515cd9f140e5f00019be25b5910a3193e90be231a05fd82e6003969c3f081ff1d0eb50a04d14644234828cbb5aaa0ece702abdd425fa25ae04a2315c89064df633700000000d9e5953ea67310993d01000000000000003ac753358791b1490273ca535e05b11d815237743a5b79ad45de2a3c91257f02c2f30f5513662809073710937ed0055b238f466e1442f8ec7a5b394228035039ceeb452dca75f9ff5332b4c4777a58a0aa9a821667c68549e9da89ad4274ce2d3d7619936768a84a1465fff4eedba55955434f132ab7b884057aeb68f3d675a79907a72ace70902459f6950a06a03507838231a335ae759ed25534f2e90a7def4b3d4af7fd47ab1a701e4b7a7dfc1d12775ed0a31bc7b5855880aa767e68fe6b7aa5ac115724b6cb8fcebb67719eccd87b06b38566cf61ad2f307a79d2ce9801837bf0bd3af0271de700eef2795d28cb0017000000000000000000e052d93194121b774d21a0317d0346078400004652c769fd3d3e661a2fb511164f1502abc461e66499cac468142ac4eb3f19c042163e0bdb88b82de384a8055e8b1e24294b0546cce481ff5618b7b9585dbb64d66debf219fa479abf22f3d64fe82e466ea6f27859946e72f8ce659e340c714809ec4d060bb1c9cfcde57b79625e2979fe689a5a246cbbd488f43f46b2536f175f46dfb27d5229467270246ab53616c46edf34c559d3de0c59ca3305e66825715e5e4cd5b54c1b05c09f04337a76a30373baac3ecec91fd546308a0004be94dfab28c2a51dc816df0000000000c12254f041804f7f7074356789b1d4dd55f3e045a48241a4ce04d06acb2cf11eab759ba78da5da0f26126d4cf2c73e5f94030000040000000000000000c301985d603403592486204054be3fdda91f9e315886941928e5a8bc1a00e69a98c0a8f7192f6ee93cc4124cf4e7610915efc08c834a44e1d685d6835a40b5bc615949cbcd98d044fa492aa38717481455e86dcd7816ad8940bd192595369d89ae6eadeb9117e8b94ab422c8d62f858875dccdbc89572231ef5d6df6a9c55f8df763c7c64da7cc017e1e3f5cd4cb9fe6d19b11d4d38239d318016e622b9683b7e46be64dc097982e23462392a0cd05afb2e060fd42ef00dfbd057311aab94f307d10c7a1af0d8e5a0fcb547475d13c0000000000000000f1cc97103d714d1abb901f866d9d629b4fb185f45790517c4a0f5c6a5024e3359e8d83e3f6edf9e2afb57f000000b45cfb0a3c1303a98e4ed531ac11cca1cd744b431de74c7cd6533adaa8ec749061b2959d53da626aa189781dc1be4d5c81aebc0cada819895b377d4f17a7878ba99864ae84464744c605646caf2e06b13eba7ba10acf77d91b2297e9573abb0a4da534d735a223626402b308daf7835780fa6f4e410000000000fb00000000000000000000b94952139bd4bdbccc5e334c49584655c4fce8c5bb7c54664aef6d780100358aa54b4b49926c4be9ee4659153d9fa95d07cc4efdab2c5f4503148d0255d0b748366dafe042d78479c21d830e1431ed6d646d13e8e7230300920a5642bbed1dee9b46b6f02e572024ccf3c8edd82660e5d74c52be71d780c300000000000000000000000000000000000044ff72f96f084f4b6cdcb1b4a9d8e9f99f1b85497d0c3df704c8a0034c09caeeb0e34799b755649883539258a7b33dcef15d8fd1953ebaaa3cff81a0de7a05a440f20f6b273ceb8678f10378b670be7504dabd1471355d853292775d0366891f0bcf0a6087ed4f1f25ef52394db3e9d8318bbb9baff3db95bfd68a08ded5027a7ca2a64ca081c6b2f7b895cdf98b763ebab9451c65eced6f5f97a541210806d885762ac3150225036c7eccd7a05593abd963f9a02df58085115e54f675e6a08d25b5722cabf989b4bbc562e073b81bae61f05c5e1f90e021340b60cc5fb8fdb09b6d20b092b70f77f0f428d2000000000000000000000000006cc6f64f583a26a78f7f417f66c0af32f5194ddfce51e5aff28f621bb2fd2a5ab719823488d6e869b08d3d4ac7950c60144cf77437e29895a23282e3c65e015d1c334832a90ee77d93596e3f12e9ca8c67c7f3c9b66c9cb03edec184ad1d9544c7a3be250e471dca00000078544d79c0efe4094e561eeb26ee4c81106d03c004bc1589ef6e13648999c8735e2634009aaa90c571fa3c07238697b1db783c52715055445e96995fe3273b0346b03fc742c06aa3947e0d9cf0c99b5e245ede85893112deea8bd3355a32ec15e1242f170a51f28cea4105541e96a52da4984d26bd29cb0623f00c6b0a4c00ad406d729babc9d1550a683c349017a340444000000000000000000000920ca49f7cc8194aaebdcae5a62bb7587b57f41f1c2034911f23e6bd0291b3f19f03a0a15dea685a8ab75b3c60391afa5483231305402b52a8f9863800f127d6b4518f73a847ca583e855d70c6a4a53f61ad753d5e740db44afd32b019d9e8b41361c2c104fe52837a19006952fe2724c0105ab158a54a6a73000000000000000000000000b0d135da438cbe303f3ae070def97d6649b5a693ff5c788e5a406e1d06942ed51bff073011f6e6c29d3ea22e5fc26c7fbe37656229a6a12857ae9ed131ccdd513066bc9422ec38a1dc5212986d9bc330a23eb3b200af1a3678c2bfbe4b4ba6e8471495f6e82c5ee425973c590253e875352a3acaee044868f9b80f8fdc9d402007bb4c8df1b69d3d2b364ec9e4ed2f554118684eff1adf5b49b6b29232198e682dfa45dced8b332c40dc37dfe7a59e252ddc33ea9072dcd697a700cfac90b487660795f564ddb61fa3e4835f936984200000000000000000008e9f7bc3a00cd72ced7684e264e45398f7087734fcf2023a7a4c880f562f46f14cdc1bf472d74bc0c777b1021ff75de086c08f72a41399d3a3065b2f50a531cc90edbf88370ff50ba1aa6cc59076165a3ab90a3c90527b7c9711cf85bbb0cb0aebc47ab5c65458c40020f2cfb10e5f0a1594ae491e8756446e6873a8b222ae7e58dd7640666e359fc583e17ed6bcb30c0fafbba761e756ca80286d38bb92dd9ba17c1bb628e5b8d52c9a02a67f788ab88dca817cb4886942a279e06f45c8c936f5c46e1a2b4097471ca0ee26bcfabf7adb9c90a10539d960dec5c84464f6bc68318e7e899acf20ea41b071132d7a5945e941334855ce6149deaae1b5b83045e83bfc208079e6e58ebb4176b126c743111c5a712f465a3007d665ac21c43a544947c9d13e5206a21025f6acd47c2d333e648dcbf2e4989a1d4a176fe8f7a8cf0aeaf9736118b036639cb35810ea88213ff2a0842d420d418d026a101222a4ebd18fc89f04b5a9056ca6c00308936679474fa83bdf6eac126c9be33c551bccd42d8000736ed9a64ff7cb87d44c9bcf821c96dcd34aadfcc42fabd5976cedc9a4eef24764168056d0645c7aa007d6"], &(0x7f0000000140)='GPL\x00'}, 0x48)
r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
r7 = fcntl$dupfd(r6, 0x0, r6)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000180)={r5, r7}, 0xc)
lstat(&(0x7f0000008800)='./file0\x00', 0x0)
getdents(r2, &(0x7f000000ad40)=""/4096, 0x1000)
read$FUSE(r1, &(0x7f0000008d00)={0x2020}, 0x2020)
syz_fuse_handle_req(r1, &(0x7f000000bd40)="eb0a4c1b25216c3dd049e8e72267cc6e998a6299980086616a227625cba3990964558888d179e9b1e01368bc995b1c347e02bea5da4f0475919926cc129f502d1aafba84c9edfcd04759b2ff76d527b915c2d64fc06c125bda166134977bde62b6ed5fc437439a46925bcd4c9d73edd8c8f66049ac94d92f8a6f62f989bfaff2103ab7a74348af5f756fe57005bc2f64ed0f23c658d556e0b72db65ef0cfe44dd3ecade9c22c0184ac55566ee83430c72e7a7021a6ba4120d249663142a3dc3ebffa6621f22829ac18a6509a5b45054aa58ae7d58f661a8957f4c652545cd566747f87e579f10caa62bc64ea74310ea7104e0def423b5e2ae0567b1e441f18dccd7c7447873963e56288e0b6a8bf9cd1240889f341dbf9d7e08b873a0e8fb7c3e47bd42955a1226f0bf2548cba759626f318239f3218d01924d60a65e46e916c9c24c320276e5f826c61697aa49c2f223e461975e781828b6be74ecfb2dff011cd171a10fff6813add0ee789aa4b002ac62193369b05ae50d7fb87f137d6fcdd0a94d77d054847b73cb1a891f4b0cfc5b4eec79f57286ea118159572e8a65bb31834641b6124eccb8966b3bb1e6f58985007cce603b569ca386879b672c7b50602455c425ec669e75b2217fd6d65c5fe185ec5b81ded255dd1fe9b45581e612e8d535e98491a6ba05f32b84418b2a91e573de50cc7da43007e18150e4458bf49aa7001555d6da47b7d211c668684bed0743277986076abea52910c516f32f21bbf2d18c52ba94653ad4346189ca74d6b58d4dccf882e3b0009f2821b0fb6e838d608704c63043bda14150de5fa0c8941a237d6b17f9b2b2a7e0428e9f705581b2c8a623f9654be52d454ce71377e4e899c30b0b3118557eb5c5333b22d4454657f4fa965af85b68f633fb7214d530b7ae0c93ab1cd09bed950637ebb3144deea756e72908c53f8b6faca140b48105f7175ef842587747fc7e1eb9b4b36fcd10e86b0cc032a9dfbfb2506b417295f9f7dfd638f08d637f6f457bd1ba0bc1d57d639d0060901cd4d9accb66fa10287834e3db11ab66e9ffa22cd1690a814fcff7d0b0526a839c85ef056d487fe42751feec31a92a70f9e8e77c4e3535e0a62c37ecbdb536ac08a22c391a32c6797757c98a6a703a82b46329d4773959a74710dc1ebdfb956c195d99dbc6ddcf64d1e5df887e4f7b287c12e1b318f34510512e857be167e5deae2808db35fbad1a894d67d24b67da31b902b9fdd5c8edc00ee4232047059055533f563deb1e0ee28c36a477da3efdc7d7f9edb666ea59b90dec0a89fa3ea62202c8b2a3ab9de235761671c318ee45a120fde649d489ac7eb38222d889000831b09ae5dd5c87445963726983019e66708d9eed3f7adf8ebed263caa12d4e094511eee32a5004f0f518ce30cc400705d32706e65af612858485d3a9b83a2cc7bdb5a6a848981d2af176c954f84d7ec295ea3929658cf8bf9c6f77b2134205cf06e7986e999dbe1c1c4cf61dbdc91937158e5e7f4c22ce88486f8a40aeb04404cc297e792d000b8ae4c1e9065ffd1ec8030059657b6d27b204f0c670769883955202c3dac3d4ef6bbd6c3e35c8936afdfd395cdd31fc0b12a049baf96aa3c7ba94c61e3d9e323742b834e5a9a06e140e2349033fe5560ccefa511fc414feeef52e0b95ab2f173539fa7192063df755469fd4c570a2f63a2d528b07c94a793ce7baed161b3b86bb9d24639c1bf5d3843110873f50ab0097ba189eb9da6e7d97f95ecbf685113aecf453ff8a11d744d86ad9e0ff73e9624bb80542f77587b3691fdb02b266930c46c7069a8cfb08a07c754f05a224c6f24cc09ace97a1b0051da17c75a9fb89d0de6b45966757885c3283328646ddda7b47c9edf1ca69bace29a953ea580b3aa32ceeb0b0947e1bc05baaeebbdbab5a861a9ccab4c9b9b6b257a26488ef5ec2c3dd1be956efb2b22fb3049f3aea3018f90ad001d9941af37dda06f69f6595e764b2748a08034553eade4a7ef7fff2b4d79bde89d91104579c03801780d2def6c3257190e0309832547a177140ed48c4125c559b28f70de795ed23e4c7dda0b6aea344b69ff2ea04a2536e90bda713e0f4747bac0886bc52fb73e9845fdd7d3bb90f8a465f4321a4ad7b5fd158b9acfbfb8495f2400a140c05eafa7da293a31f8744713e2bb4ca8e75f91a30c8f8fc3b2cb8b57a88bd657418b8ae25e9eb8f714e46a6340d381ab35e6b8e3f0b52d966595f9d3da9511884d65577a51179713def6c4cd2bc2286a9c1c40cd05ad0a3015d38b164946a5ca8489819609564243367a10c138409c2073584fd8c9db254ebbb73797b611902f4b7fec9fc27a983ddd715171d07f751e40cb4ef85551ea1c8b5fcfae40448b1f597efaa73ed611cf2c05270a072ef70f16664068060e65e4c2e852a625760b730c5e9cc1a351bb11da37e09c1c95ecfa14283da6d41950f9cb1b1438e71895d8ddc6ce834aefb354618373cb081b2272a76f9a722978fc2c3487809db562358209392a95b6703d8b421358f178446381b515c8acf4323469949b4a70c45e50f33bb5da3f756d42482e6c9dd2906a4a338f859c935653a968019085f44ede7a6984b47ba5a25907404434db39cc7cb385d5d413f58948552e38997718fca31ba4a12d19f0f82b163bf48144f4be18f72fd14bde71f12ba2b2680383bcaab35b9c724e6f17326893c35ca26c90fe2b8915f374b2140330583ff1590f308d761a2100db618c9dd605954f594adbb787264725142ce564f88bb930d5d1d257a2ca6235908c89f7fbfb912193a6e81521a12d6e3da8907047534aa28737fe365e4524d7b598a79c2e77c745f363b5b91b6ed486c26dbe03491b00cd1f6c115d18619c32df71127f5768685f8ba18ea0bfe65bc9aab03ea48bfc7eb1086c0b80e922dddf8754152ace3d9f53c9e7b36ff2ff9b18729ee619e6ab518f76265e5afc307aebce1de1912d2665f9fa34eae981f8c4413ab291303d28c6f98d94ff3a6dbc73e4847cee1fc47a4ea27fad59d4484b020332d1258087eec90680d9ed7f946f38bb5c2e3c10a923b796d367c4902c5e91822b315fcd60fef959557547260fb4d77b4bee042b9b443635b6263bf3b6e1b63e41a86639a8061a68da6f93225c51aad1a6aa353ca73bc23441960a12f3c33dba846955641d4ab749592a5cf9a650edad5adc6b0b088430bcf3f9077dab7c85f025adeef8874a022615a1a4fa443ac7528069ac9514194705f42a733f5428780273487721e43b2a50b232c704ab32f2ba666c54905f9dd7b592a489a16de437061d2d292e7bc809ba6801cecc05cbdd62e7f6e9d5cd3a0dd403422f797d6fd7ea8640475a8d5a5aed7997e94c1f0402fd6bd068016ec96bda527f0d439dee7189ad317020542d0fe9edf071b8243c87b8de724693c2d01d35a4526a57cac8ffbd57ef848fba1124471bc7b6a20a96e346fed0d4b8d4a0422d348f42c3d99489ab8f41784d81c97cd0adce23de0e5b82e45831a09250e4fb9cacce2eab1a8c23f6af189b60df59a4c6b7fd41bd6e90358b2a9c9cbdf8e0a659b6e9288883bb4462606edf9b63487689cb23877e97cd7d6151b14bc5fe1c995b70f0582c208c60dc7e66cea421ce491cd7c7811609b75d088ffc40731d765dbdf79a47e8a6d9a02f62f6dc9be3aa3f5fed91dae7e691bbec9fc4ca57a6420dfc1e1ebbe93ad9519fcfa6fa33f0cd072c40149f47db1aa2b75b99c09ec2f6b9e68e0838a8327acdacaeaa75f4feec7a73465d00f6667bcef9ddc25b3f5ef381d8d0a05f64b8c055fa57c48c2d3e145f935c02ad678744b4cddb3981b2b61f0a1f7c06b0379bced71ef8900111e19b9ad0c134c9b07f4d790e287d603cc7cf6cfc7d06a36b2a115eb5b67eb1288119eb7c76994ec21b53477f24eb29458396ef772d7c8d6e1cff1360bc8969fcbbf13afbcffd0f373d5b378f51649a7be09a7e2cb007163e5f4e0bbe09b8ebf4cb188474cb0413b57ecb5d0687b3a275e0e4028ab3e1d975d94672e172e4615ebdd4c0b6e85494ed399486fb0bcd01e52014663258f50e86646c82e09a8dbd51a2a869229dc2180024012bd2087c3c0f4c37d3fc56b453f470531d1500d2baa5d9ed476b18550de4da25343418023ad591d5a20d18d0ff6dda9e81eb2706f0d70767adeada9f6c652f95223cf1419a59674ce962d68b7c2ad75f2f3a0e22930f0c110d84b66553cf3b9dcb43ee61916fda4c75ed4fce78679ff1d6263f989eb56ad6b959ecefbfc8a8b2ca3d28fd1174f89e4e8fcee0f1188b1a119f6fa97be356a8de0a3ee31f98040045123191423e9dfd1f6e8b11c0e9ccc607c6d0c9b21b445c6b2bfad3e52599e23363f0aa4b3bd9c7b53142f9b02e41a1c10d1f231481ce84aaba88f59f48050fd19c7e0ea15a3f632d769f11dd17a97df7e76aeb69652d969e3256df73a653e1cdd392e652bb6e3c04da13f6ee398c84deaa38d6205ddd9654abc3d8ca5caccd5cac124046d71b36ab3f06603db4be7b55972bf59e1e80d1348f9ef2b7e5ff968b20b0f25e961a1564cb099589a63e8134f2e3eb748a276f78297675d3574479168ad3cec15605c6f89b8cef0d854a094a79ed63558f5c55bfbc4a4fc5dee26debb3e89bd7fca8ecae8afa4c537788fdac2102b42a50885832aa927b48785d3fe8edd8f05b320361c75a11ef1bba66dc1e3ea233a223da37cde1a354c1403646d42f44310579ebb158e8329e3f0f37f898e9e1a2d3cc55c4432bcb90bccb818920e6f948689818bdfbd8371663bc4819708e26e70a5c4b795ffd73af491a73e00d484c04664900abc24e396d1ed3f55f9fd68c7edb1ed4f3b0d0de27ac6c05ea8b655ddb4c0041e020088c9d4ea4a31fafce90749f03acdcec93939a4d7748457761642cdabe33e6038d85ad791c51817625ae6d44003f8338028e2195ada86a543d6e1ffac1c2fb6bcfdeca6a43ab628f175d8e739a434d3210f199d4e8ab7f3d637c2739e765fe63d78c4abca07d645913bad973df6356d6882a66b1830daa3a9e629c0d929c71bb08360fa61fd88c7af6106bff684410e57ebf64bf5758321f0c9f34a37d704f251daf1bbb61320c6c14c7e2e67050a50b45d8f166e7c10135c0e7f316cb6ba354120cbca947e69228908f752cbe40f6c83abc56ae67bc8e2ba21f6926a85a6ae8ea0e349916e07aa7dd11fe20aba56bd6bd211f93b7b528c39081d7b9b4e68924f2c98e55ed0dc6f8ab88725d1a84ec9ba9fd2ce653b375bc2ddc31cede66da528ca470b2f7f43f2ce24ccd920854d1195a6df853ccfd1f55090c0128b23c445d4cf87c5b223287148d148e7dd85717a62fa8a8271610070ea257a3668fd0ee8c38702f4e9264001669581b46b9b89a8e02ca442fbc370884090518708df4c822e01eb30df005419d1d8ad7273501159b327e0967eb98ee174ec4d1c1052e3cac716ecdea0a61a2ac0c70f5c4ffd3300b6f6c75f99ece1ec055b09fde8f5cff2f05912c68eee46e22377412439f249d4ee68e54350686cf7f0080eba730200850da29d7101544dacccdd5c28d00e0284b8b3ed075cf5cb5a9eb0f17770b5dfe54085b602ecaaf4d12a53254a40f7829b5f083855ad6772eacf1f4f10a75d87fc4d2bf60e82e6d2404e215e78e1957c5d7c63cee8a25d8018778e6b31692b4171f53c88bcb492c9df6e187e71ffda5ec153c73a4e8600dbeed7268608ebfb9771f33ccf64cca36bfd59e16f6a7126bbd811fd3bea696d7db617a9633d979a0bc2713af4360813dad2e33764918b0102dcab001b360b65b597f0b3d8598ea306de579fce94c124d280675dd376b0452604d9d0b42b695899f062834a9dc29fe360898ba2916770227317a2f237e42e53388596c42b076991f0c85d482a4e010dfa684f534730d9301c58f6c7f54ec400587103ee92f694763e76c027840fd500545fba6fa31a8dbc9ca70cef688c8b068432cfac247f0cbe50efa9848200fb2cc3bc1ad2ccc4169a0be3c6620af4b6ba1ba80286ec8a5bc98c6234b3b8fe9843fafe6fbd5046b9f7fdf9976075fbcfe8ad541725b428171f02d77b9419b0687cadfdecbc992f627056975e5c57b13ab54201d5fb24a0040f2edb2d0e5d50dedbd4a269085b59ad603bdae48283c2e4aba16950c03105ea092b73a349ffb55f56e79c32d5dd6933d70e6939aba5def01d69d8d2123005d195bca5d1943c63cf3df99bdcc59d41a96a0085e447b6395c48c39d2dceae54d7f873136929fb0730a0813a60c7932b5b7363c975cfbb7a6f5ac11258e5d1f0cfcab4f8a612d858328ec77f5de29f3900bf3705761c677132d5c75b271a09900c69c1e7a10ac85e4c7e06dd55863b02c5eee1d820cdce745ad01b3c915e2335310e9a03f280e50cf53bc7be35839830c7f89669ce6d93b7011d0caeeb770a56020486befb1ee12bcbb529330a1a025f2ce84955fcc5d50142f3cba636425a00a25d4f65e66ef3a54937027e07e48e1b72444d4029a5fff2cd2c48487141aab8e9c5e7ca4625ebbf0466a0ddf20d74c3dfb97743f22549ca1420aaaed6716bde3522ae24ff329791667210969846eee361deffae054c05631fa75ff6c7c72f0abf6f81b9e921df40351eba0e8163d6b23fbaebaa780ab50c1a1d4b8155a6d308d0f36427a1cf5e5e813da250e0fda6f6d3402202cc1cc32d8e3758a833794bf7c2f111ca4013eef764a36f42fdc88179b28f7164e9d8eef6b184f3ada1708d94a4b6b73f105b0bcf8245486a9fe89f0c755d5790dbf7cfa91d5dacdbacc87a2ca7067f5681426d68b7557cc71e9e8188129ebb939e539b6c325fe7e8ef3e991f1d7dd7e2ea8ed6c03e06bfd688f31670aaae4115d7e163aa6f54df14f4e46ee9e50eb68203d2a48836c82ab7f5d18854a0d7cf8f2abc11bb97b1bab7f3a6358be2d290e2e80bd5a236c22e876b6fa0ce5e8bca0c8146f3c256b873f691cce6e2e280aa1cac62acd43ef449c8ff2320dc7afb4a763c6ce4c3fbd6881aceb279b0cb5b3e8ef477c0045301b97e57230016efdf6cadc347ae4e7beb06847320f3889c8fe603a70880826b77d3357dd0baf551c3770602065d3b3028308d119c2d59723592ea9ee4e02f9732cf546534abe91818803d0edbc56b1a4367914061e95ed72a55fda3b44ff237e4dcfabe3c017aebee0bf562e8c3a04e7ea0a3d1182e9df1d4865c9e66b1e7da393d3d7f1a416efdff45f8a0a90321a049335134bc38577f34b23396bcfe68d6371314989d2536d27b7874ef9799a5a54377162f00279a693796ba9e1be7ed60b0e4c4d2060552743c289db8bd0d18a5f27854d9b570432b9de1a07b74fc3d0969268bdb2fe869272fd0c3c2ac557a00874ccb0a99dc0aa262b5809c282be92a9ca47a183386496a32af20a43e31d4350db08fffc30135399e045bd06ae914b09c81aecb520465578c3dfb5fac6ba039bb6e9afcaceb7a64e37d5037e1468249fa36c1f0e85e5d145de01ae543e10a3ce2c4150b484d8cec8c4021fc5d3a46a8cca4588ef768bc9f093d121a76d1ce39809d00740a23c47c0da85c1941e02843adc1ae7c6291e12d734960358d5d636cddd6debe0caee625b52e6653bc688576e8b3d349c3b8ada4d6d58e2b66661bc68302bfdd12c9cc3d51c209c75d0050fb120a85a4b0983a2914db351e29882a4d58a9d3f37b1512d04c1f031c8f8d4b2f65d8f147e0361af17ca3b981ef1f5b81d87e2b704a09cd67dda1d49667248c323b3f329c92fe8ce261e1e04cbdd3c39ae554a8205dcf691c0b25872c89e078a653951bffa0916fc0f3aa85a2d43d4fcd3493237ba244e6e5f1a8da5dfc80aaa483746dbe1d795665af59b9cd1ca54268d204f5846a9929b842ecd482b558441be6512b480b6f2d6c492a03799aaba631af412779827ff54c851ce42aab093d460cc60ad12eff8597e303aa52668d2050843ad33a99bc0426c05dd84525ace4a62c224c1359f5b70ea5e23d32291782d8de79f43523129fd7fad479327b689df0938db0ebde9da5aa494734e28afd4edfabc5ebadd34e8a1ebf61699bc00152537a9628ee34da13122644cfac2fa12d9462b70dad7037b54fa3a04a768057f582a4ed16c89570ec38e052917c300cc9dfb9415e42b43d57b4792c8ffc34ab44848faa36be35a043954498de4439a2967b1ea86ed16ff3bcfdb2a4260a9f0136a8f3c06e43641b6c16b6c56b86a3669131e14e8f078a182bc91b3ff5d1f905dfef1d5c2d390ab4036c67639112c4998d41cc7650ee5940a8cb70a50a7e62af6c42c35e1c897de7d7817a806c80964b32f8b4a7b2a7cc99546915434b8ba8f8d72a87462bcb98f6c06206db432c363fe9d76a412d9450e6d2434ed7ee9a6c6fb04f8d3708fb9defb199151cfee01449a22e8d93f1cb1fa309a352a55086d2b330fc914a324e4fb47bfd582fa6e6e9237e203a5944259d2affd8308ca87c14a51806483600c1662dec8c2531d0400c9c1e889554ca398251be3e0aea19ee7c8107ebea4ef60ed66c9fae3aa9745ee89d2e53ada1c358809fb448b55dd174c1fc540fe05f078ae529a17c360529fa930f271f30a85d218349c89b6bd2ab3fa8cc7123db21f616fa8dab0b8ca3b5bca0b533c58c7af873c01e81fe801b033d3fd0d6d875f17fc9119c660647deaba27ca0d5e6d9cece64cdd93a54de691140ffb66d1265d01122ff03c2cf105830fb51a92f8cca9664b2bf134eeb5df8747a4bd038859938f38e432b6d5251793612a16f90b4a09b7b932c46a5f93799e9518fbee4887510ba954aecb6fcf7b703f313c5277484dc0a43eb3c5b2074cc93ddc9aa52866cae1b5429a5ba7dbec193a78df6804c6b23e3f5f5e7609e6457097a9cb2065640a8c7280c07753fdca4dbcb50a3b1c5ecc95d651d15ddf949fabad6b263235741e27be66aa6e483f3d50eff0924b351bd6086bcda88d9ebe2b66d2f8d37fc3dd7c629396a639c5a179bdf751f521ddf669f5f4ddb73ba3af7b15efa31306f6a73b22b4c1904a76032c9bd99b84e7935a9e5e53cb6c4408c00e6dfd25b6061443a3dda3a8b849ea5db81dfa272d104ec19fff84cec1a33b8a1096e10da7f055cb5d54a781f1676dffe128201cc08468973f2899c59b3c067c0b428a25564bdad3e2e73432496c71289dde51c4a3456a73041ba1f0e503ff288a0afdb1dab1b53401dd2daa5e207ae4caafc8da533fb801acd84fd97687d99082b3143e70b2d99480903a59f1af45f8e8890ab991a460811604bc0db5eacd5c6af681cb7f1fde4142c8dc962653574e0332e2906fcbc777cdf0d7bbeab338cf0188a1705515ab423138e7348ffbab58ccf527ba8229cb6675a27e777654db648942ce760f99103ee319db5ba6b21f4d47c1047876f841d1c370aabdbcd5c6cce144e8f860c5e6984b160da56683076912ae162e1728fa1fc875f5d84442ffa7876c1787ee404d01e1006f2da9715b06ef6b60ed61e3481c7be490a86a11506fb015fc1d292d0cc8ae3bb9b38cfba18366c66a5433b4b877c0c93411c5eeba57b9b1ed4d2b756bc875164b912d11f405ac99c01844d27d5e9a4c081edf4cd65a6c125385dddc984c90e5bd818f4badf124e3dd2a387cfde24b3ac2fec35043be977da205a8da2cb28dc0596bd925ba48ccaa27be1df7672c01e7068f5bd95aa418400f7d359732915982327116918e24e83b0080d95adb5e81719845aa98e2f0c9639ef3dbe78dd6f3e8233eefca51a5b146f7d9b12bf8dcd3ba6aacb88646bef9f52d2aabab6d5ff882d7552b0414031cd1357a4396e0bda1b6e3b533044232d0e4a7eaaddb0676815c0c9b120ae479657fbd0da8cb36b7f6d6dd27684c21d71bb40f73f3588a843e2fa521f3e0147c0b89b18005bd88aa27010725f795bcb0f164ec215b47f75b546371ed5bb04c7274b3d91b5d79370ac7f9e40c34689b049c8da66708999ddbb341cefa854d4cb7838c2e140a4673d8742aaa58be95c7b934ae093476134fe0c97f6c0c6a3578e19ce941464b134d30cd2eb03e6ed94e4453ca5c016fd32b69092e9265b0d6be2553e01b62bcee99de6aa85ca9f9f02111d7fd7a7133b2ee5ceebbca89f5ef91ca7ad41d30973b68a4dbaff6d928bc26bb9b331177f8906c3ba5b050910010d449f1dc859cf672233a50d03dc10863d4158cbd418a90efd912f689ea72b1de5d0e27f79f291379417c1900d383f0ed6e6ebb34f5cca6b9091ad1d13283d9879a6898202d856c35294ef4e9ed62f6b9acf6c0f3821246ec56d3c034a76da9fefece5f0892034a5566c0d14a3cb6305b58d4df8c3bc75bab7b180b37268e7e906f616ffc7a084b51b619bf44ea380bd6bcfdcd7faa5842160f22132edd36545f192e7f9f023ce92e8a10a9fe9132fb248c329289366cbbb7dbc24718c0de5062dffade14e2a0d4ed31c5b6124d71b286312a37a766f93e543a2ac3272aebf4a6e245f4b427b2ed30953996b1b98eda39ae28481cdac60bc4edf564341bcfffe305f366c2f12f6e60bc6e22ab40ac6a5ab4ec8a0059bb3428047cbd834154529787bd518c3e1be46c4d5a838ecf950b93ce2772c6ea7a10a14f35653c3ec34d419220b4b30da6f89f96ddd43c7eea092046935ec54ad830d99522d1cc3e18670bbdc8c7f66ec6a826a9f88aa4eada71eb31ceb306f23fde50cce81cdde54ec014d5be539d99e393916371efe85e8eda9f678b167e706e60d6d5f4496465dd192053c8867e00b015cac136231b54d5cb10100a926bc05e84e08adf731bebede2479701e66ba494e6f3c1a2bc2b25f547ec677b88857ceb3a71c8e507840cd3bfff3eb4b765bb7140b12daf546e80e881bc5f16f4fde99ec63d105fb902be23c3531a4a118a6226d958f5bb24157289a94d2759bdc2c4600299cac69db511f082288008cda66215a9cd076e251a2c3a4474a85fbacbfe71cdd3c83c154d18c4849c5e48fb90f682b678452ae45b16677f74fd2e53c52b063665da3b8e24cd7efbde69376fe361414b5414e5f20e8d467c3b2149860880feb581399f8175169bb9cffa59c6532f06b920cce5e9ef60d53b2f8290f2496a409c9dac3442216c37167408ffab4304dda38925cade36c65c97c61614bc0991469c6c9e816acb88fdd4cadf6f13246f0ab3eba15b29afd11b483b1b768e2133003f610ccddae2baa385b64dd678028dc73cf08b8729f1bd18a97cfc0b3462bdfe874fd341dd32a4d5489beadfb5f63ad2cc514dba5d4b35b9485085acd447f71eddb41b3cd4e5f3c2ec8848066d9f63984d345f80d8ea27c376b353b7b0339fa06ae4f7ca96500521e127ba9d14e27eeca2630c5eedcfdbf3fd32c5a665d6560147a36ea95eff2b154a856863f145f59967f3d4fde7ced138d9b0cbf438c99f96694fd1d2683462e0dd03f972d6c424656a02dcbc2e510a222f87f66c1fb1cd3fa70855312228b2ae17ce4f3744fff062df327a8171c00c76575d0866c5f61c35b739acf6961c4e2d67558fdd0a2bcf396d4664292655a6fae805999200", 0x2000, &(0x7f0000008ac0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000002200)=ANY=[@ANYBLOB="b00000000000000000000000000000000000000000000000000000000000000005"], 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r8=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000003bc0)={r8, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000001640)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000100)={0x0, 0x2, &(0x7f00000000c0)={&(0x7f0000001bc0)=ANY=[@ANYBLOB="5c0000000206010100000000000000000000000005000100070000000900020073797a32000000000500050000000000050004000000000014000780080008400000009008000640000600000d0003006c6973743a736574"], 0x5c}}, 0x0)
r10 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000da29b5408205c4005fac000000010902120001000000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r10, 0x0, 0x0)

3.719185736s ago: executing program 4 (id=2382):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0xfffc, @empty}], 0x10)
sendmmsg$inet6(r0, &(0x7f0000000080)=[{{&(0x7f00000084c0)={0xa, 0xfffc, 0x0, @loopback}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000100)="88", 0x1}], 0x1}}], 0x1, 0x0)
getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x82, 0x0, &(0x7f0000000180))

3.575257388s ago: executing program 3 (id=2383):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_NET_SET(r0, &(0x7f0000000480)={0x0, 0xa00, &(0x7f0000000440)={&(0x7f00000003c0)={0x28, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0xc9}, @TIPC_NLA_NET_ADDR={0x8}]}]}, 0x28}}, 0x0)

3.45019183s ago: executing program 3 (id=2384):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0xffffffff, @mcast1}, 0x1c)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="50000000020601030000000000000000030000000900020073797a30000000000900020073797a30884228d8070000000005000500000000000500040000000000040007800d0003006861c83a52d873683a6d616300000000199b8668dbbc0bbc8d4bc56661e69635eb695a2af4fb6037d6547a27e17bdcfddc314854da6f287a3c9fd995af69784aa0754f0bf3ade755b4c195fa"], 0x50}}, 0x0)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r2, @ANYBLOB="01e5c300000000fb04003b1c2100080003", @ANYRES32=r1, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0)

3.318772691s ago: executing program 4 (id=2385):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) (async)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) (async)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000380)={0x1, 0x0, 0x0, &(0x7f0000000280)=""/233, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000780)={0x0, 0x1, 0x0, &(0x7f0000000700)=""/99, 0x0})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) (async)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b704000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b704000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1e7d, 0x2c2e, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x0, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x5c, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x2}]}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}}, 0x0) (async)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x5c, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x2}]}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10)
syz_usb_control_io$hid(r3, &(0x7f0000000240)={0x14, 0x0, 0x0, &(0x7f00000007c0)={0x0, 0x22, 0x6, {[@local=@item_012={0x0, 0x2, 0x4}, @local=@item_4={0x3, 0x2, 0x0, "cb340640"}]}}, 0x0}, 0x0)
socketpair(0x25, 0x2, 0xc844, &(0x7f0000000bc0)) (async)
socketpair(0x25, 0x2, 0xc844, &(0x7f0000000bc0))
openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x494880, 0x21) (async)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x494880, 0x21)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000680)={0x1b, 0x0, 0x0, 0x4, 0x0, 0xffffffffffffffff, 0x8001, '\x00', 0x0, r6, 0x2, 0x4, 0x1f}, 0x48)
r8 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000940)=@generic={&(0x7f0000000600)='./file0\x00', 0x0, 0x10}, 0x14)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x11, 0x21, &(0x7f0000000800)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8b9e}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @exit, @ldst={0x2, 0x2, 0x1, 0x5, 0xf, 0xfffffffffffffff4, 0xfffffffffffffffc}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x7, 0x0, 0x9, 0xa, 0xb, 0x10, 0x10}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x800}, @map_val={0x18, 0x9, 0x2, 0x0, r6, 0x0, 0x0, 0x0, 0x7}, @jmp={0x5, 0x1, 0x1, 0x1, 0xb, 0x100, 0xfffffffffffffff0}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000003c0)='GPL\x00', 0xef, 0xbe, &(0x7f0000000400)=""/190, 0x40f00, 0x7, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f00000005c0)={0x4, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000980)=[r7, r8, r2, r2], &(0x7f00000009c0)=[{0x5, 0x5, 0x10, 0x3}, {0x0, 0x2, 0xe, 0x4}, {0x5, 0x2, 0xc, 0x8}, {0x4, 0x4, 0x1, 0xa}, {0x2, 0x1, 0xa, 0xc}, {0x4, 0x4, 0xc, 0xb}, {0x2, 0x2, 0xa, 0x7}, {0x2, 0x5, 0x7, 0x6}], 0x10, 0xb2}, 0x90)
ioctl$EVIOCGMASK(r6, 0x80104592, &(0x7f00000001c0)={0x14, 0x3e, &(0x7f0000000180)="2a5f0063e59ced698ac117089616bee18810967464a54acffb90039e3ca602c899c2bdf623ce26efa518d3c5476dca22991441a6afa2ab9369417615a809"})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000640))
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)) (async)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000))
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
read$char_usb(0xffffffffffffffff, &(0x7f0000001840)=""/4090, 0xffa)
ioctl$VHOST_SET_VRING_ENDIAN(r0, 0x4008af13, &(0x7f0000000040)={0x1, 0x1071}) (async)
ioctl$VHOST_SET_VRING_ENDIAN(r0, 0x4008af13, &(0x7f0000000040)={0x1, 0x1071})
ioctl$UI_SET_SNDBIT(0xffffffffffffffff, 0x4004556a, 0x2)

3.318593474s ago: executing program 3 (id=2386):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001480)={0x18, 0x3d, 0xb, 0x0, 0x0, {0x3}, [@typed={0x4, 0x0, 0x0, 0x0, @binary}]}, 0x18}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/pids.max\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f00000000c0), 0x12)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000000)={<r4=>0x0, 0x9, 0x10, 0xbbee, 0x8}, &(0x7f0000000080)=0x18)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r3, 0x84, 0x77, &(0x7f00000000c0)={r4, 0x3, 0x3, [0x7f, 0x3, 0x1]}, 0xe)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000740)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_DISASSOCIATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r2, @ANYRESDEC=r1, @ANYRES32=r6, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x24004010}, 0x4801)

3.224954273s ago: executing program 3 (id=2387):
r0 = socket$netlink(0x10, 0x3, 0x0)
close(0xffffffffffffffff)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x401)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001880)=[{&(0x7f000001aa80)=""/102393, 0x18ff9}], 0x1, 0x0, 0x0)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x8, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="1806000000000000000000000000000018120000", @ANYRES32=r2, @ANYRES64=0x0, @ANYBLOB="c79c6c9fe9fe22e173bcae822305b2ea52d9de83843df8cdd0897c524eadf50a5549045763d8b3ae3bbf76429d2f2f352bad87beca8a9f8348c7ab85c7242597b3b8f0cf2c634aee8bb1d4b46ae6ae79fda3af684590b47dbc6c0853f3dc200a2ce242b9a420fd3c3da1a8d1c23f78a4325646dcbdabb8846a0ebd642b747b4abc47309e0bc2608a9f34890626666b418228ebd4c072c55371a4acaaa80812f3b26f09ad5e97116cc796", @ANYRESHEX=r2], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x200000b, 0x5c9d930b3949c3b4, r0, 0x82a34000)
r3 = userfaultfd(0x801)
r4 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f00000000c0)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20)
setsockopt$inet6_int(r4, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x4)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x180000, @empty}, 0x1c)
r5 = memfd_create(&(0x7f0000000340)='D\xa3\xd5Wj\x00\x00x0\xc1\xac\x1a\x1a\vG\xa9~vB\xbc\t\x00\x00\x00VoA\xaa\xbc\xee[\xe1\xa2\xe0\xff\x04\x00\x00\x00\\i\xcf\t\xb0\xa9 +H/\x1a\xe7\x95\xce\"\"\xbd\xf9!\xfd\xa4\xcaN\x84\xadS\x8bqE\x99\x01t\xb1\x1f|\x99PL\x92\x8f\xc2\xf9\xcd\x8cj\x03X\x05\x17mwI\xf0\x01\xe5z\xcdJ)\xc7\xfa)\xaa}\xef\xbb\xf5\xcd\xb1o5\x18\xd6\v\x85q\x98\x9bB\xb9\xea\xe7\xff\x7f\x00\x00T\xc0\xd2\t?\bpBl\xf4*8\xc6\xe5\x06P\xc11\f^\x7f\x8e\xc1\xd1Wra\x19)\xe3\x8f\xd9\x9f\x15\x1e\xf2\x18\r\xad\b\xe0\x96NH\x85\r+\xfc\xb3\xdd\xddhg \x03\xa7\x92\xff\x00+h\xb7@#K\x9cMY\xd3\x9b\b-G\xb1\xdaS\x81\xb2\x93\xb83\x8a\x94*\x8d\\\b\xff/\xa1\xc0\xf9&\xd3M\xf6\n\xff\x83k\xe6\rDa\x16\xbd\x1a\xb2w\b', 0x0)
write(r5, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000140)={@local}, &(0x7f0000000040)=0x20)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
r6 = socket(0x10, 0x3, 0x0)
bind$netlink(r6, &(0x7f0000177ff4)={0x10, 0x0, 0xffffffff}, 0xc)
write(r6, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26)
setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
r7 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000000200))
timer_settime(0x0, 0x0, 0x0, 0x0)
write(r6, &(0x7f0000000000)='\"', 0x1)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000400)={0x0, &(0x7f0000000240)}, 0x8)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000ccb000/0x2000)=nil, 0x800000})

2.900369086s ago: executing program 3 (id=2388):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000740)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_DISASSOCIATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x1c, r1, 0x11, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) (fail_nth: 1)

1.467092789s ago: executing program 0 (id=2389):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[], 0x0, 0x32}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f000000b5c0)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x3, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x3}}, 0x0}, 0x90)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
socket$key(0xf, 0x3, 0x2)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000080)={{{@in=@rand_addr=0x64010101, @in=@remote, 0x0, 0x0, 0x4e21, 0x1, 0x2, 0x0, 0x0, 0x4, 0x0, 0xee00}, {0x8, 0x9, 0x0, 0x0, 0x2000000000}, {0x0, 0x4}, 0x0, 0x0, 0x1, 0x0, 0x2}, {{@in=@loopback, 0x4d5, 0x32}, 0x0, @in6=@mcast1, 0x0, 0x0, 0x0, 0x1}}, 0xe4)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000077, 0x0)

1.302582213s ago: executing program 1 (id=2390):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
r2 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, &(0x7f0000000000)=0xfff)
r3 = getpgid(0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000000080)={{0x1009, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x5, 0x0, 0x1, r3, 0x0, 0x0, 'syz1\x00', 0x0})
close_range(r1, 0xffffffffffffffff, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, 0x0, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000000)={'ip6tnl0\x00'})
unshare(0x20040400)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000080)=[{0x0}], 0x1)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
r6 = syz_open_dev$vbi(&(0x7f0000000780), 0x3, 0x2)
write$binfmt_misc(r6, &(0x7f00000002c0)=ANY=[], 0x4)
ioctl$VIDIOC_PREPARE_BUF(r6, 0xc058560f, &(0x7f0000000840)=@overlay={0x0, 0x5, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "8f5aa78a"}})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_SET(r8, &(0x7f0000000240)={&(0x7f0000000100), 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="200025bd7000fedbdf253e0000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c746963617374000500830000000000"], 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="640000000206010100000000000000000000000005000400000000000900020073797a30000000000500010007000000050005000a0000001400078008001140fffa000005001500fc00000015000300686173683a69702c706f72742c6e657400000000162e84c32fc68227872877fec96b27d9a03673b84a8d90381dc8c14670e55024fa6ee3fe37eb04289f65ddb1278287d5584341732c"], 0x64}}, 0x0)
r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="546100007a57618a2738b9606031ba36e1cbf5b87c108fbc0acca8da2829b2cdcafe", @ANYRES16=r10, @ANYBLOB="0100000000000000000003000000400001802c00040014000100020000007f00000100000000000000001400020002000000e000000200000000000000000d0001007564703a73797a3100000000"], 0x54}}, 0x0)
poll(&(0x7f0000000200)=[{r4, 0x1184}], 0x1, 0x1)

1.29835454s ago: executing program 4 (id=2391):
socket(0x0, 0x3, 0x0)
getpid()
socket$xdp(0x2c, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x794, &(0x7f0000000640)={{0x12, 0x1, 0x210, 0xaf, 0x31, 0x78, 0x20, 0x451, 0x3410, 0x82ed, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x782, 0x3, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x71, 0x9, 0x4, 0x27, 0x78, 0x3a, 0x4, [], [{{0x9, 0x5, 0x3, 0x0, 0x20, 0x3, 0xf, 0xf, [@generic={0x22, 0x2, "e4a5c66eaa6071aef1ab10e5972fee2c20a498d135e9bf8dd66aa20a19be6938"}, @generic={0x9a, 0x5, "ad841814862494cc68edf44620fb7923df4d598c9b63256352e01020a3cbe47ca210528417e7d0404aaf96d4afc3765d765d7047c8de357e6e16771aa626b3e89c00ca43a1e49aa4b702e34e6e8045b5ecd45a66bb906dcbd9f84dd929a4eb28c83fbea37c2949625aecd165e9d32ec015df26f8b292bea8b9aca3f8ce1d8f9c264fb254dfa44f9e17a9bfe7f57bc52b3aada01bf31235bd"}]}}, {{0x9, 0x5, 0xd, 0x0, 0x3ff, 0x3, 0x5, 0x5b, [@generic={0xd4, 0x1, "57de41ffd53e07e923821f8a2f13d8409ee404c23e61e4169e020b3854ac29282747e2d7a48d4d80c176f54b903ef906ddf43af57d3d5114b4c1c26ae5b3e3155910ca403b8739dcbc07a84292bd775ef8aefa27a9c173a8ba67b4a3cc15bb0a1a7b622140da973c3baffd408fccc999abaf671911d439f473ac79d305d70358bb6350ac08b9f36a8afba9885b1bbfaee9ec239f1381ed6686512e991afb8fcf88663a282f64b96871e56f8ef45d708326680e0287e7ca7d900a3d6cff00551344d40c266a0cfa4cf7284050e6f5328e4663"}]}}, {{0x9, 0x5, 0xe, 0x3, 0x20, 0x7, 0x6a, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x31, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0x4, 0x1, 0xb}]}}, {{0x9, 0x5, 0x9, 0x0, 0x400, 0x9, 0x6, 0x0, [@generic={0x22, 0x2, "d3c26db18f64b99555d30eadae5b4447d50c3c08ad2b2cdabae3af43670b9900"}]}}]}}, {{0x9, 0x4, 0x53, 0x6, 0x8, 0x48, 0xbb, 0xe2, 0x1, [@cdc_ncm={{0x6, 0x24, 0x6, 0x0, 0x1, "d6"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x81, 0x5, 0x2, 0x9}, {0x6, 0x24, 0x1a, 0xc, 0x10}, [@mbim_extended={0x8, 0x24, 0x1c, 0x7, 0x2d, 0xffff}]}], [{{0x9, 0x5, 0x4, 0x0, 0x10, 0x6, 0x2, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x9, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x3, 0x306e}]}}, {{0x9, 0x5, 0xd, 0x0, 0x8, 0x9, 0x2, 0x31, [@generic={0x26, 0x3, "f5fbb099863ad81c041b62a0cd0baadd7cf799372fad8072595828e712ba293bc5a0daaa"}, @generic={0x27, 0x6, "749ebe32dfd497d521250ef8efb6517c13401356a747735f345656c29675fa68fdbc2f9e00"}]}}, {{0x9, 0x5, 0x18, 0x1, 0x200, 0x2, 0x6, 0x4}}, {{0x9, 0x5, 0x80, 0x4, 0x400, 0x7, 0xdd, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x34, 0x9}]}}, {{0x9, 0x5, 0x4, 0x4, 0x8, 0x72, 0x7c, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x4, 0xb}]}}, {{0x9, 0x5, 0x5, 0x2, 0x20, 0xff, 0x6, 0xff, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x3, 0x6}]}}, {{0x9, 0x5, 0xe, 0x10, 0x200, 0x6, 0x8, 0xfb}}, {{0x9, 0x5, 0x8, 0x10, 0x8, 0xfd, 0x9, 0x33, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0xf7, 0x101}, @generic={0xd0, 0x23, "24ba3ed5f2cb8917102b5c92d078a5c14ad5d2d2ff7c18f3a1cac9f797cc71ebe9441b404210062267f00bf739e706693436c27cdccfc7d2373313f9e5e407cde2feff8665a66f840e42324079c02396dac390c6acbd2ec9ad9746210ee9173f1ef3406878abef0959310a584e7ee500846ed2f2726037846145fa1ea9bd8a8adda582f5a2272a31659e9150800afd09e84e09ba6a2885db01c0c2960faafda7c7cbe55175221c0f32060321f34b126c6855a1c787ed74b28cb69a0870e0af3a92113afc0af26060930b5f94408d"}]}}]}}, {{0x9, 0x4, 0xb1, 0xec, 0x10, 0x9a, 0x3f, 0xa2, 0xf, [@cdc_ncm={{0x9, 0x24, 0x6, 0x0, 0x1, "9cfaa3b3"}, {0x5, 0x24, 0x0, 0xd}, {0xd, 0x24, 0xf, 0x1, 0x9, 0x200, 0xd9b4, 0x3}, {0x6, 0x24, 0x1a, 0xf, 0x6a}, [@mbim_extended={0x8, 0x24, 0x1c, 0xa, 0x9, 0x3}]}, @uac_as={[@format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0xcc, 0x2, 0x7, 0x4, "e0fa"}, @format_type_i_discrete={0xf, 0x24, 0x2, 0x1, 0x7, 0x1, 0x81, 0x2, "3ec583fecf6c80"}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x4, 0x1, 0x2, 0x1, "cc"}, @as_header={0x7, 0x24, 0x1, 0xaa, 0x4, 0x4}, @as_header={0x7, 0x24, 0x1, 0x9, 0x2b, 0x3}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0xb, 0x3, 0xd, 0x3}]}], [{{0x9, 0x5, 0x8, 0x10, 0x10, 0x10, 0xff, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0xbd, 0x1}]}}, {{0x9, 0x5, 0x80, 0x4, 0x10, 0xc8, 0x7, 0x2}}, {{0x9, 0x5, 0xb, 0x0, 0x60, 0xe, 0x8, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x0, 0xc21}, @uac_iso={0x7, 0x25, 0x1, 0x83, 0x8, 0x3ad}]}}, {{0x9, 0x5, 0x9, 0x10, 0x40, 0x1, 0x5, 0x7, [@generic={0xab, 0x10, "4ae750d47886c0d246753d0bf387c7b3c49ec1c30eba4be684d1a3d316bfc7bf21c591df9c3cabf27de8413046c61d199db801d675c5a57038f2f2ee286f245fbf02422a0cd082a9f1fd06620a1bb74327a725f7c3e1e5c05f6be3142159f2e4f2b993d784d446b416bb9b7fea11d2529f25058f29b701a54a4360cd201326c4658878457565a1904c1951701bd4537c37bdd244a65a3bba7075d6ed033bd6659da423188042603d87"}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x9, 0x8e3}]}}, {{0x9, 0x5, 0x8, 0x4, 0x40, 0x5, 0xff, 0x7}}, {{0x9, 0x5, 0x5, 0x1, 0x10, 0x5, 0xc, 0x8, [@generic={0xb6, 0x6, "188987ead5838b578d4cb06691bfc582a06b599bd4a0cc99203a06103e06cc913b4da42585a4e329d0f081c699d3e7e7cc34ec3f7a70757bb7adb1e00526d2693bca0ec13ec892744650c8e15465400f6b85b89d9d36c46616ca99f73398d6210848fb8857cd4cf463b09b78020c87c8fb9e771e02b010467df3cb113d2a1cf139853a7b46360dae8e2a6f8a3001dc5f2fab35cfd79499a53a1f1ea591d21d537ff467d0abfda0dcce63fa96b76ddc64f6f05b13"}]}}, {{0x9, 0x5, 0x4, 0x1, 0x20, 0xfc, 0x4, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x2, 0x3}]}}, {{0x9, 0x5, 0x3, 0x0, 0x400, 0xa, 0x97, 0x5}}, {{0x9, 0x5, 0xf, 0xc, 0x3ff, 0xf9, 0xe, 0xfe}}, {{0x9, 0x5, 0xf, 0x0, 0x3ff, 0xa8, 0x0, 0x80}}, {{0x9, 0x5, 0x9, 0x0, 0x8, 0x3, 0xc, 0x8b, [@generic={0x8e, 0x22, "4d91e3e30b786fe3ac0272095260abf73798e41703466fdc9ef0c8796f623824d118a898da22107f995177c4b9e92bdae21dc7ae4be0ec7f28ff9db79994e9f0041e8a3c7cb779c992a007453bd6e9b87a424a43d54d910b6884f1f0bdec7baa26703b7ac4a2c77b8b611bb0dbb78405f810b5f41beaee6e7fb96ef4883c278bd0113c710dc41ed3af722f23"}, @generic={0x59, 0x3f, "db7c0f0af5612b7e4e68cbf755ef32fb6b0bef65b8c0df6b79d28fa5d3a20e42ae8318edf13632f69d908ec5eb0269402cf69e97db6de0e85ef194a28bd9f7215bcacb14a619ffbbdd7c562cc2f6115933fd24eeeef512"}]}}, {{0x9, 0x5, 0x6, 0x0, 0x400, 0x6, 0xff, 0xc6, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x8, 0x6}]}}, {{0x9, 0x5, 0xd, 0xc, 0xaadbaa09874364f7, 0x2, 0x8, 0x1, [@generic={0x38, 0x4, "7089a87ef36f506699eefa2aff6fa442d919ee3d30a86ba03c6e6fbfd9828b46cb2d1adeffcc348c68bff80272220eb398c753d7c209"}]}}, {{0x9, 0x5, 0x4, 0x0, 0x10, 0x9, 0x9, 0xf8}}, {{0x9, 0x5, 0xc, 0x0, 0x400, 0x2, 0xd2, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x9, 0x5}]}}, {{0x9, 0x5, 0x81, 0x8, 0x0, 0x1, 0x4, 0x7, [@generic={0x21, 0x27, "8e037b1270dc372a985f59024c77389532c451f8d4bcf558af77d0d413a92a"}, @generic={0x2, 0xf}]}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r1 = io_uring_setup(0x0, &(0x7f0000000080)={0x0, 0x3ea0, 0x800})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(0xffffffffffffffff, 0x10, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

1.297887777s ago: executing program 0 (id=2392):
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xa, 0x8, 0x42, 0x40}, 0x48)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f00000002c0)="05040800d3fc030000004788031c09102f28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x8864, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000180), 0x6100, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r4, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
r5 = socket(0x10, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
socket$key(0xf, 0x3, 0x2)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2)
r8 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12', 0x2)
ftruncate(r8, 0xffff)
fcntl$addseals(r8, 0x409, 0x7)
r9 = ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f0000000140)={r8, 0x0, 0x0, 0xfffffffff0000000})
ioctl$DMA_BUF_IOCTL_SYNC(r9, 0xc0086202, &(0x7f0000000000))
sendmsg$nl_xfrm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b00)=ANY=[@ANYBLOB="540100001000130700000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32=0xee00], 0x154}}, 0x0)

828.045253ms ago: executing program 0 (id=2393):
r0 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @dev}}, 0x1e)
syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f00000000c0))
timer_create(0x3, &(0x7f00000000c0)={0x0, 0x20, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100))
r1 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
syz_open_dev$usbfs(0x0, 0x0, 0x0)
syz_io_uring_setup(0x5169, &(0x7f0000000080), &(0x7f0000000200), &(0x7f0000000000))
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000040)={0x0, 0x0, 0x0, "27425b895f17386bcec1d8665c0084feea0be6b8a80052d063e6179d13f019e3"})
r2 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000040))
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f00000000c0)=0x10000)
write$binfmt_elf32(r2, 0x0, 0x4cd)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000100))
write$dsp(r2, &(0x7f0000000140)="755a5398d512d39077459e67ee110daa", 0x10)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_GET_HW_INFO(r3, 0x3b8a, &(0x7f00000000c0)={0x28, 0x2, 0x0, 0x0, 0x0})
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0c000310"], 0xf)
r4 = syz_io_uring_setup(0x0, 0x0, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="b800000019000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000fc3cf0b0506f31fbceef88e10000000000000000000000000000000000000000000000fdfffff7ec2cab28e494470000000000ac3ced0b9166328cec4f7d80"], 0xb8}}, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'wlan1\x00', &(0x7f00000001c0)=@ethtool_eee={0x44, 0x0, 0x4a, 0xff, 0x101, 0x74, 0x7, 0x10000, [0x7, 0x7f]}})
fcntl$setpipe(r4, 0x407, 0x4)
r5 = fsmount(r1, 0x0, 0x0)
r6 = openat$cgroup_procs(r5, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r6, &(0x7f0000000140), 0x12)

678.909595ms ago: executing program 1 (id=2394):
r0 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @dev}}, 0x1e)
syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f00000000c0))
timer_create(0x3, &(0x7f00000000c0)={0x0, 0x20, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100))
r1 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
syz_open_dev$usbfs(0x0, 0x0, 0x0)
syz_io_uring_setup(0x5169, &(0x7f0000000080), &(0x7f0000000200), &(0x7f0000000000))
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000040)={0x0, 0x0, 0x0, "27425b895f17386bcec1d8665c0084feea0be6b8a80052d063e6179d13f019e3"})
r2 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000040))
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f00000000c0)=0x10000)
write$binfmt_elf32(r2, 0x0, 0x4cd)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000100))
write$dsp(r2, &(0x7f0000000140)="755a5398d512d39077459e67ee110daa", 0x10)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_GET_HW_INFO(r3, 0x3b8a, &(0x7f00000000c0)={0x28, 0x2, 0x0, 0x0, 0x0})
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0c000310"], 0xf)
r4 = syz_io_uring_setup(0x0, 0x0, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="b800000019000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000fc3cf0b0506f31fbceef88e10000000000000000000000000000000000000000000000fdfffff7ec2cab28e494470000000000ac3ced0b9166328cec4f7d80"], 0xb8}}, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'wlan1\x00', &(0x7f00000001c0)=@ethtool_eee={0x44, 0x0, 0x4a, 0xff, 0x101, 0x74, 0x7, 0x10000, [0x7, 0x7f]}})
fcntl$setpipe(r4, 0x407, 0x4)
r5 = fsmount(r1, 0x0, 0x0)
r6 = openat$cgroup_procs(r5, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r6, &(0x7f0000000140), 0x12)

615.778226ms ago: executing program 0 (id=2395):
socket$nl_xfrm(0x10, 0x3, 0x6)
socket(0x10, 0x3, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x0, 0x100000005, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x8, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x1}], 0x1}}], 0x1, 0x0)

444.759451ms ago: executing program 2 (id=2396):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
syz_usb_connect(0x1, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x39, 0x21, 0x89, 0x8, 0x424, 0x7850, 0x1e8d, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x85, 0x57, 0xf3}}]}}]}}, 0x0)
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$PTP_PEROUT_REQUEST2(r2, 0x40383d0c, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0x541b, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
r5 = openat$sndseq(0xffffff9c, &(0x7f0000001240), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r5, 0xc0a45320, &(0x7f00000000c0)={{0x80}, 'port1\x00', 0x32d, 0x120003})
close_range(r4, 0xffffffffffffffff, 0x3f)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_RETRY_TIMEOUT={0x6, 0x1, 0x73}]}]}, 0x28}}, 0x0)

315.348314ms ago: executing program 0 (id=2397):
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x2, 0x0, @private=0xa010103}, 0x10, 0x0, 0x0, &(0x7f0000000a80)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}, @rdma_args={0x48, 0x114, 0x1, {{0x0, 0x3212}, {0x0}, 0x0}}], 0x90}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
ioctl$EVIOCGABS20(r3, 0x40044591, 0x0)
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000000))
epoll_wait(r4, &(0x7f0000000180)=[{}], 0x1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x3, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}, {0x4e22, 0x0, 0x28, 0x0, @wg=@data={0x4, 0x0, 0x0, '\x00'/16}}}}}}, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000000)={@my=0x0})
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r5, 0x0)
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r2, 0x7a5, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_LAST_MEMBER_CNT={0x8}]}}}]}, 0x3c}}, 0x0)
timer_create(0x4, &(0x7f00000000c0)={0x0, 0x18, 0x0, @thr={&(0x7f0000000340)="fa2b409ba152a5df5a246fc19edf2c2cd8f2490f5a07883c5e0bbb8baedc3093132fb1dc73acd8efd082c31b2fa8fb3253c9d366a79ae24d146438ba6475c504531d4c3f89b572f9041b512cd7341147fd4c339d72dd7585faaf03c7707443570b525b23e96effdaf4b0c53d55e8c53c590e7f2f702e6b96396ffe78ace1c344df473cc7b64b7dabdd62f07a34143ea57387d6588134a2321355afd0e863329e6094d88c490f314ffdbe5762cbc776725f0e29875b543622823db50b99aa89c53f52cd2e99becf3c71b522a6978ffcd004c810b8557e89ac6da6ecf2f8a5809525d78035", &(0x7f0000000200)="0d32dadb41265a6c708be2ec4904b79e6b135f7949cff971c14b329848e670f9f2b82e701b42573ac55dddcffa873a155d32ad94bd02a5bf6a77a943f1b16e8fded0fb94a00f23ef510137a8198f0d02ee01539f1bb9f7dc6828b7f4263e3b95f3d4f051be990755fa8885b4ab069abde330272c98b035974c36f204cd44ed6b75abd48c9ad976a3da881cf0af0621c572b0b708bde67ae49274ae79a6e77a9c0ec66ee449a056371f3d04e988f8b5c5f5092078e530"}}, &(0x7f0000000140))

207.211203ms ago: executing program 1 (id=2398):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002ac0)=@delchain={0x2a8, 0x65, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8}, @TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_flower={{0xb}, {0x38, 0x2, [@TCA_FLOWER_KEY_ICMPV6_CODE={0x5}, @TCA_FLOWER_KEY_TCP_DST_MASK={0x6}, @TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK={0x14}, @TCA_FLOWER_KEY_UDP_SRC_MASK={0x6}, @TCA_FLOWER_KEY_ICMPV6_TYPE={0x5}]}}, @filter_kind_options=@f_route={{0xa}, {0x21c, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_ACT={0x208, 0x6, [@m_ctinfo={0xb4, 0x0, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_CTINFO_ZONE={0x6}]}, {0x80, 0x6, "55eb88be72ea2bba577976ef9b5ab407e07afa05e4594285326849c2ec806d7b79f86d10adeb18245c150ce2b9eaeb2380aa7104a6df31aefd38f6b7bb0a45721ccbc5daab03190ea553ce464d09642e4ff5eeaf1f2e6171c16bc9ed3d7f4e1d714b45e839ac2719fe34dbba607211f211a9b5b79c050373b7bea3b5"}, {0xc}, {0xc}}}, @m_nat={0xcc, 0x0, 0x0, 0x0, {{0x8}, {0x54, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{}, @rand_addr, @loopback}}, @TCA_NAT_PARMS={0x28, 0x1, {{}, @rand_addr, @broadcast}}]}, {0x53, 0x6, "ef93daeef78df7f9a037a0d7a2f92a1cc341deabba437fc636cbf66a843bc4e0304e79be1f16cfa199b042be92c52b0490cb3ccc8a115bd7fba1ddd4a3ea8aa011548c0a44af30d92f016d58b7280b"}, {0xc}, {0xc}}}, @m_bpf={0x40, 0x0, 0x0, 0x0, {{0x8}, {0x18, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6}, @TCA_ACT_BPF_OPS={0xc, 0x4, [{}]}]}, {0x4}, {0xc}, {0xc}}}, @m_ctinfo={0x44, 0x0, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_CPMARK_MASK={0x8}]}, {0xd, 0x6, "41be356e964e7745f9"}, {0xc}, {0xc}}}]}]}}]}, 0x2a8}}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x4000)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0xc4382, 0x0)
r3 = dup(r2)
r4 = socket$alg(0x26, 0x5, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fchmod(r5, 0x504)
open(&(0x7f0000000100)='.\x00', 0x591002, 0x408)
bind$alg(r4, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-avx2\x00'}, 0x58)
r6 = accept4(r4, 0x0, 0x0, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000080)=0x100000001, 0x4)
connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f0000000540), 0x4)
setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x304, 0x37}, "475566172f45f011", "bd14060000000000000092f94413582b", "00001000", "4e67cb72f328ac2f"}, 0x28)
writev(r7, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000d00)="5d49b0", 0x3}], 0x2)
recvfrom$unix(r5, &(0x7f0000000180)=""/189, 0xbd, 0x100, &(0x7f0000000300)=@abs={0x1, 0x0, 0x4e23}, 0x6e)
sendfile(r6, r3, 0x0, 0x8a000)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map, 0xffffffffffffffff, 0x4}, 0x10)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b000905", @ANYRES32], 0x0)

76.919741ms ago: executing program 0 (id=2399):
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@mcast1, 0x800, 0x0, 0x0, 0x1}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x180000, @empty}, 0x1c)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000140)={@local}, &(0x7f0000000040)=0x20)

16.192567ms ago: executing program 4 (id=2400):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0)
mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x2001048, 0x0)
mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x211807d, 0x0)
write$binfmt_elf32(r1, &(0x7f00000001c0)=ANY=[], 0x69)
close(r0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f000000e280)={0x2020}, 0x2020)
socket$inet_smc(0x2b, 0x1, 0x0)
r4 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000400)='vlan1\x00', 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8}, 0x90)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_int(r5, &(0x7f0000000080)='hugetlb.2MB.rsvd.limit_in_bytes\x00', 0x2, 0x0)
read(r6, &(0x7f00000000c0)=""/138, 0x8a)
socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x1, 0x803, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
capget(&(0x7f0000000000)={0x20080522}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0xffdf, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4}, 0x0)

0s ago: executing program 2 (id=2401):
r0 = socket(0x10, 0x803, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
dup3(r1, r2, 0x0)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={<r4=>0xffffffffffffffff})
mknod(0x0, 0x0, 0x0)
r5 = open$dir(0x0, 0x0, 0x0)
open$dir(0x0, 0x0, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYRES64=r5, @ANYRES8=r5, @ANYRES64=r4, @ANYBLOB="41e874e1c08f18b617ca2140660e326fe3bda9ccaddc9b75ddbac6891c6794a49b7572dd176aca1784c9449268812e995aca33e10611d7e370ce84e2d91ef15cb458dbe519d97a2744c5ed994782ea9130562b6d4ee15ca564", @ANYRESHEX=r0], 0x7)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0)
syz_emit_vhci(0x0, 0xf)
syz_open_dev$sndmidi(0x0, 0x0, 0x141101)
dup(0xffffffffffffffff)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00', @ANYRES16=r8, @ANYBLOB="0100000000000000001f0100000006000a004e22000014000900fe0000000000000000000000000000aa050002000a"], 0x38}}, 0x0)
iopl(0x3)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00005d4000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)

kernel console output (not intermixed with test programs):

 device number 87 using dummy_hcd
[  652.576671][  T784] usb 5-1: Using ep0 maxpacket: 16
[  652.627861][  T784] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  652.645442][  T784] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  652.658876][  T784] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  652.668646][  T784] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  652.686476][  T784] usb 5-1: config 0 descriptor??
[  653.178104][T14697] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  653.195383][T14401] usb 1-1: new high-speed USB device number 121 using dummy_hcd
[  653.197284][T14697] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  653.231035][  T784] hid-generic 0003:0158:0100.0023: unknown main item tag 0x1
[  653.255307][  T784] hid-generic 0003:0158:0100.0023: unexpected long global item
[  653.264083][  T784] hid-generic 0003:0158:0100.0023: probe with driver hid-generic failed with error -22
[  653.427475][T14401] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  653.440208][   T25] usb 5-1: USB disconnect, device number 87
[  653.455341][T14401] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  653.488980][T14401] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  653.509687][   T29] audit: type=1326 audit(1720685755.281:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14716 comm="syz.1.2136" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7402579 code=0x0
[  653.514985][T14401] usb 1-1: config 0 descriptor??
[  653.588157][T14401] pwc: Askey VC010 type 2 USB webcam detected.
[  654.182728][    T8] gspca_nw80x: reg_w err -71
[  654.193742][    T8] nw80x 4-1:0.0: probe with driver nw80x failed with error -71
[  654.207789][    T8] usb 4-1: USB disconnect, device number 96
[  654.432582][T14401] pwc: recv_control_msg error -71 req 02 val 2c00
[  654.456874][T14401] pwc: recv_control_msg error -71 req 04 val 1000
[  654.470376][T14401] pwc: recv_control_msg error -71 req 04 val 1300
[  654.481195][T14401] pwc: recv_control_msg error -71 req 04 val 1400
[  654.496850][T14401] pwc: recv_control_msg error -71 req 02 val 2000
[  654.509848][T14401] pwc: recv_control_msg error -71 req 02 val 2100
[  654.528740][T14401] pwc: recv_control_msg error -71 req 04 val 1500
[  654.547297][T14401] pwc: recv_control_msg error -71 req 02 val 2500
[  654.560531][T14401] pwc: recv_control_msg error -71 req 02 val 2400
[  654.577843][T14401] pwc: recv_control_msg error -71 req 02 val 2600
[  654.594519][T14401] pwc: recv_control_msg error -71 req 02 val 2900
[  654.604032][T14401] pwc: recv_control_msg error -71 req 02 val 2800
[  654.621883][T14401] pwc: recv_control_msg error -71 req 04 val 1100
[  654.639840][T14401] pwc: recv_control_msg error -71 req 04 val 1200
[  654.664694][T14401] pwc: Registered as video71.
[  654.703035][T14401] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input134
[  654.745976][T14401] usb 1-1: USB disconnect, device number 121
[  654.937479][T14745] FAULT_INJECTION: forcing a failure.
[  654.937479][T14745] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  654.952749][T14745] CPU: 0 PID: 14745 Comm: syz.3.2145 Not tainted 6.10.0-rc7-syzkaller-00025-ga19ea421490d #0
[  654.962955][T14745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  654.973038][T14745] Call Trace:
[  654.976352][T14745]  <TASK>
[  654.979301][T14745]  dump_stack_lvl+0x241/0x360
[  654.983994][T14745]  ? __pfx_dump_stack_lvl+0x10/0x10
[  654.989290][T14745]  ? __pfx__printk+0x10/0x10
[  654.993891][T14745]  ? __pfx_lock_release+0x10/0x10
[  654.998917][T14745]  ? aa_label_sk_perm+0x4f0/0x6d0
[  655.003952][T14745]  should_fail_ex+0x3b0/0x4e0
[  655.008662][T14745]  _copy_from_iter+0x43a/0x1960
[  655.013574][T14745]  ? __pfx__copy_from_iter+0x10/0x10
[  655.018929][T14745]  bcm_sendmsg+0x157/0x7a0
[  655.023396][T14745]  ? __pfx_bcm_sendmsg+0x10/0x10
[  655.028383][T14745]  ? aa_sock_msg_perm+0x91/0x160
[  655.033375][T14745]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  655.038694][T14745]  ? security_socket_sendmsg+0x87/0xb0
[  655.044176][T14745]  ? __pfx_bcm_sendmsg+0x10/0x10
[  655.049150][T14745]  __sock_sendmsg+0x221/0x270
[  655.053858][T14745]  ____sys_sendmsg+0x525/0x7d0
[  655.058658][T14745]  ? __pfx_____sys_sendmsg+0x10/0x10
[  655.063985][T14745]  __sys_sendmmsg+0x4af/0x740
[  655.068688][T14745]  ? __pfx___sys_sendmmsg+0x10/0x10
[  655.073900][T14745]  ? __pfx_lock_acquire+0x10/0x10
[  655.079021][T14745]  ? mark_lock+0x9a/0x350
[  655.083384][T14745]  ? __pfx_lock_release+0x10/0x10
[  655.088442][T14745]  ? __mutex_unlock_slowpath+0x21d/0x750
[  655.094093][T14745]  ? __fget_files+0x3f6/0x470
[  655.098798][T14745]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  655.104790][T14745]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  655.111136][T14745]  __ia32_compat_sys_sendmmsg+0xa2/0xc0
[  655.116707][T14745]  __do_fast_syscall_32+0xb4/0x120
[  655.121837][T14745]  ? exc_page_fault+0x590/0x8c0
[  655.126705][T14745]  do_fast_syscall_32+0x34/0x80
[  655.131571][T14745]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  655.137918][T14745] RIP: 0023:0xf7433579
[  655.141992][T14745] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  655.161637][T14745] RSP: 002b:00000000f5d4c57c EFLAGS: 00000206 ORIG_RAX: 0000000000000159
[  655.170068][T14745] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020001b00
[  655.178047][T14745] RDX: 000000000000003a RSI: 0000000000000000 RDI: 0000000000000000
[  655.186024][T14745] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  655.193999][T14745] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  655.201974][T14745] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  655.209968][T14745]  </TASK>
[  655.546252][T14751] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2148'.
[  655.689694][   T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  656.074400][   T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  656.102388][   T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  656.111259][   T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  656.121340][   T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  656.135797][   T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  656.143470][   T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  656.239330][   T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  656.436227][   T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  656.587835][   T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  656.710482][T14768] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2157'.
[  656.746758][   T53] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  656.759108][   T53] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  656.768538][   T53] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  656.780437][   T53] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  656.791033][   T53] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  656.798644][   T53] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  656.815278][   T25] usb 5-1: new high-speed USB device number 88 using dummy_hcd
[  657.053441][   T25] usb 5-1: Using ep0 maxpacket: 32
[  657.071438][ T5145] usb 1-1: new high-speed USB device number 122 using dummy_hcd
[  657.098411][   T25] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  657.141134][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  657.168397][   T25] usb 5-1: config 0 descriptor??
[  657.178801][   T25] gspca_main: nw80x-2.14.0 probing 055f:d001
[  657.193813][   T12] bridge_slave_1: left allmulticast mode
[  657.201791][   T12] bridge_slave_1: left promiscuous mode
[  657.209813][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  657.220144][   T12] bridge_slave_0: left allmulticast mode
[  657.226454][   T12] bridge_slave_0: left promiscuous mode
[  657.232394][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  657.275422][ T5145] usb 1-1: device descriptor read/64, error -71
[  657.385405][    T8] usb 3-1: new high-speed USB device number 96 using dummy_hcd
[  657.555387][ T5145] usb 1-1: new high-speed USB device number 123 using dummy_hcd
[  657.599495][    T8] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  657.613362][    T8] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  657.624411][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  657.637213][    T8] usb 3-1: config 0 descriptor??
[  657.647232][    T8] pwc: Askey VC010 type 2 USB webcam detected.
[  657.725361][ T5145] usb 1-1: device descriptor read/64, error -71
[  657.755698][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  657.772265][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  657.786948][   T12] bond0 (unregistering): Released all slaves
[  657.845709][T14755] chnl_net:caif_netlink_parms(): no params data found
[  657.855576][ T5145] usb usb1-port1: attempt power cycle
[  658.205553][ T5092] Bluetooth: hci0: command tx timeout
[  658.271419][T14755] bridge0: port 1(bridge_slave_0) entered blocking state
[  658.279156][T14755] bridge0: port 1(bridge_slave_0) entered disabled state
[  658.291696][T14755] bridge_slave_0: entered allmulticast mode
[  658.300965][T14755] bridge_slave_0: entered promiscuous mode
[  658.315318][ T5145] usb 1-1: new high-speed USB device number 124 using dummy_hcd
[  658.356075][ T5145] usb 1-1: device descriptor read/8, error -71
[  658.406538][T14755] bridge0: port 2(bridge_slave_1) entered blocking state
[  658.428774][T14755] bridge0: port 2(bridge_slave_1) entered disabled state
[  658.439854][T14755] bridge_slave_1: entered allmulticast mode
[  658.448584][T14755] bridge_slave_1: entered promiscuous mode
[  658.603885][   T12] hsr_slave_0: left promiscuous mode
[  658.646698][ T5145] usb 1-1: new high-speed USB device number 125 using dummy_hcd
[  658.670861][   T12] hsr_slave_1: left promiscuous mode
[  658.691580][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  658.700900][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  658.701497][ T5145] usb 1-1: device descriptor read/8, error -71
[  658.717902][    T8] pwc: recv_control_msg error -71 req 02 val 2c00
[  658.727972][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  658.739958][    T8] pwc: recv_control_msg error -71 req 04 val 1000
[  658.751289][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  658.763284][    T8] pwc: recv_control_msg error -71 req 04 val 1300
[  658.773322][    T8] pwc: recv_control_msg error -71 req 04 val 1400
[  658.784395][    T8] pwc: recv_control_msg error -71 req 02 val 2000
[  658.792829][   T12] veth1_macvtap: left promiscuous mode
[  658.798884][   T12] veth0_macvtap: left promiscuous mode
[  658.799495][    T8] pwc: recv_control_msg error -71 req 02 val 2100
[  658.804870][   T12] veth1_vlan: left promiscuous mode
[  658.815747][    T8] pwc: recv_control_msg error -71 req 04 val 1500
[  658.817835][   T12] veth0_vlan: left promiscuous mode
[  658.829394][    T8] pwc: recv_control_msg error -71 req 02 val 2500
[  658.837792][    T8] pwc: recv_control_msg error -71 req 02 val 2400
[  658.852242][    T8] pwc: recv_control_msg error -71 req 02 val 2600
[  658.861621][    T8] pwc: recv_control_msg error -71 req 02 val 2900
[  658.875778][    T8] pwc: recv_control_msg error -71 req 02 val 2800
[  658.876710][ T5145] usb usb1-port1: unable to enumerate USB device
[  658.882900][    T8] pwc: recv_control_msg error -71 req 04 val 1100
[  658.903022][    T8] pwc: recv_control_msg error -71 req 04 val 1200
[  658.912646][    T8] pwc: Registered as video71.
[  658.925570][    T8] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input135
[  658.937307][ T5092] Bluetooth: hci1: command tx timeout
[  658.961479][    T8] usb 3-1: USB disconnect, device number 96
[  659.057729][   T25] gspca_nw80x: reg_w err -71
[  659.065710][   T25] nw80x 5-1:0.0: probe with driver nw80x failed with error -71
[  659.094474][   T25] usb 5-1: USB disconnect, device number 88
[  659.745534][T14802] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2159'.
[  659.826173][   T12] team0 (unregistering): Port device team_slave_1 removed
[  659.910261][   T12] team0 (unregistering): Port device team_slave_0 removed
[  660.299465][ T5092] Bluetooth: hci0: command tx timeout
[  660.773366][T14755] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  660.798873][   T29] audit: type=1326 audit(1720685762.571:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14813 comm="syz.0.2163" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7486579 code=0x0
[  660.804799][T14773] chnl_net:caif_netlink_parms(): no params data found
[  660.882484][T14755] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  661.005532][ T5092] Bluetooth: hci1: command tx timeout
[  661.073399][T14755] team0: Port device team_slave_0 added
[  661.094901][T14755] team0: Port device team_slave_1 added
[  661.170589][T14824] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2165'.
[  661.197470][T14755] batman_adv: batadv0: Adding interface: batadv_slave_0
[  661.206161][T14755] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  661.283310][T14755] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  661.346783][T14755] batman_adv: batadv0: Adding interface: batadv_slave_1
[  661.362175][T14755] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  661.392572][T14755] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  661.423837][T14773] bridge0: port 1(bridge_slave_0) entered blocking state
[  661.459192][T14773] bridge0: port 1(bridge_slave_0) entered disabled state
[  661.493147][T14773] bridge_slave_0: entered allmulticast mode
[  661.520190][T14773] bridge_slave_0: entered promiscuous mode
[  661.537292][T14773] bridge0: port 2(bridge_slave_1) entered blocking state
[  661.546878][T14773] bridge0: port 2(bridge_slave_1) entered disabled state
[  661.592232][T14773] bridge_slave_1: entered allmulticast mode
[  661.629260][T14773] bridge_slave_1: entered promiscuous mode
[  661.807639][T14835] FAULT_INJECTION: forcing a failure.
[  661.807639][T14835] name failslab, interval 1, probability 0, space 0, times 0
[  661.835355][T14835] CPU: 0 PID: 14835 Comm: syz.0.2167 Not tainted 6.10.0-rc7-syzkaller-00025-ga19ea421490d #0
[  661.845586][T14835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  661.855717][T14835] Call Trace:
[  661.859029][T14835]  <TASK>
[  661.861989][T14835]  dump_stack_lvl+0x241/0x360
[  661.866761][T14835]  ? __pfx_dump_stack_lvl+0x10/0x10
[  661.872017][T14835]  ? __pfx__printk+0x10/0x10
[  661.876664][T14835]  ? __pfx___might_resched+0x10/0x10
[  661.882009][T14835]  should_fail_ex+0x3b0/0x4e0
[  661.886743][T14835]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  661.892506][T14835]  should_failslab+0x9/0x20
[  661.897067][T14835]  __kmalloc_noprof+0xd8/0x400
[  661.901876][T14835]  ? kfree+0x4e/0x360
[  661.905992][T14835]  tomoyo_realpath_from_path+0xcf/0x5e0
[  661.911593][T14835]  tomoyo_path_number_perm+0x23a/0x880
[  661.917116][T14835]  ? __lock_acquire+0x1346/0x1fd0
[  661.922197][T14835]  ? tomoyo_path_number_perm+0x208/0x880
[  661.927882][T14835]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  661.933961][T14835]  ? __fget_files+0x29/0x470
[  661.938646][T14835]  ? __fget_files+0x3f6/0x470
[  661.943384][T14835]  security_file_ioctl_compat+0x75/0xb0
[  661.949000][T14835]  __se_compat_sys_ioctl+0xd6/0xca0
[  661.954256][T14835]  ? __pfx___se_compat_sys_ioctl+0x10/0x10
[  661.960134][T14835]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  661.966173][T14835]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  661.972529][T14835]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  661.979162][T14835]  ? lockdep_hardirqs_on+0x99/0x150
[  661.984409][T14835]  __do_fast_syscall_32+0xb4/0x120
[  661.989560][T14835]  ? exc_page_fault+0x590/0x8c0
[  661.994428][T14835]  do_fast_syscall_32+0x34/0x80
[  661.999303][T14835]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  662.005653][T14835] RIP: 0023:0xf7486579
[  662.009728][T14835] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  662.029355][T14835] RSP: 002b:00000000f5d9f57c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  662.037812][T14835] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80
[  662.045805][T14835] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  662.053784][T14835] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  662.061764][T14835] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  662.069742][T14835] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  662.077790][T14835]  </TASK>
[  662.110844][T14835] ERROR: Out of memory at tomoyo_realpath_from_path.
[  662.146232][T14755] hsr_slave_0: entered promiscuous mode
[  662.158321][T14755] hsr_slave_1: entered promiscuous mode
[  662.189150][T14773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  662.207492][T14773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  662.368932][ T5092] Bluetooth: hci0: command tx timeout
[  662.444575][T14773] team0: Port device team_slave_0 added
[  662.518313][T14773] team0: Port device team_slave_1 added
[  662.751477][T14773] batman_adv: batadv0: Adding interface: batadv_slave_0
[  662.775520][T14773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  662.814460][T14773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  662.931416][T14859] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2172'.
[  663.025511][   T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  663.037709][   T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  663.081885][T14773] batman_adv: batadv0: Adding interface: batadv_slave_1
[  663.089254][ T5092] Bluetooth: hci1: command tx timeout
[  663.108839][T14773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  663.135270][T14773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  663.175085][   T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  663.186038][   T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  663.329846][   T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  663.360368][   T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  663.390386][   T29] audit: type=1326 audit(1720685765.161:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14866 comm="syz.2.2175" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7417579 code=0x0
[  663.472248][T14773] hsr_slave_0: entered promiscuous mode
[  663.480496][T14773] hsr_slave_1: entered promiscuous mode
[  663.487485][T14773] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  663.496198][T14773] Cannot create hsr debugfs directory
[  663.521066][   T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  663.533354][   T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  663.625613][   T25] usb 5-1: new high-speed USB device number 89 using dummy_hcd
[  663.817122][   T25] usb 5-1: Using ep0 maxpacket: 16
[  663.833967][   T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  663.858701][   T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  663.887797][   T25] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  663.899833][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  663.960948][   T25] usb 5-1: config 0 descriptor??
[  663.972750][   T12] bridge_slave_1: left allmulticast mode
[  663.999109][   T12] bridge_slave_1: left promiscuous mode
[  664.008216][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  664.020474][   T12] bridge_slave_0: left allmulticast mode
[  664.026789][   T12] bridge_slave_0: left promiscuous mode
[  664.032712][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  664.461855][ T5092] Bluetooth: hci0: command tx timeout
[  664.502283][T14870] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  664.565641][T14870] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  664.639958][   T25] hid-generic 0003:0158:0100.0024: unknown main item tag 0x1
[  664.660459][   T25] hid-generic 0003:0158:0100.0024: unexpected long global item
[  664.688156][   T25] hid-generic 0003:0158:0100.0024: probe with driver hid-generic failed with error -22
[  664.838023][   T25] usb 5-1: USB disconnect, device number 89
[  664.956899][ T5145] usb 3-1: new high-speed USB device number 97 using dummy_hcd
[  665.175383][ T5092] Bluetooth: hci1: command tx timeout
[  665.184821][ T5145] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  665.195838][ T5145] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  665.204939][ T5145] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  665.223968][ T5145] usb 3-1: config 0 descriptor??
[  665.229760][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  665.242063][ T5145] pwc: Askey VC010 type 2 USB webcam detected.
[  665.253956][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  665.272722][   T12] bond0 (unregistering): Released all slaves
[  665.620381][T14906] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2182'.
[  665.885810][   T12] hsr_slave_0: left promiscuous mode
[  665.909584][   T12] hsr_slave_1: left promiscuous mode
[  665.931014][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  665.947785][T14913] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2183'.
[  665.958206][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  665.977081][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  666.005337][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  666.068348][   T12] veth1_macvtap: left promiscuous mode
[  666.084382][   T12] veth0_macvtap: left promiscuous mode
[  666.090232][   T12] veth1_vlan: left promiscuous mode
[  666.094391][ T5145] pwc: recv_control_msg error -71 req 02 val 2c00
[  666.105577][   T12] veth0_vlan: left promiscuous mode
[  666.114745][ T5145] pwc: recv_control_msg error -71 req 04 val 1000
[  666.122840][ T5145] pwc: recv_control_msg error -71 req 04 val 1300
[  666.130784][ T5145] pwc: recv_control_msg error -71 req 04 val 1400
[  666.138276][ T5145] pwc: recv_control_msg error -71 req 02 val 2000
[  666.155402][ T5145] pwc: recv_control_msg error -71 req 02 val 2100
[  666.162603][ T5145] pwc: recv_control_msg error -71 req 04 val 1500
[  666.170661][ T5145] pwc: recv_control_msg error -71 req 02 val 2500
[  666.181167][ T5145] pwc: recv_control_msg error -71 req 02 val 2400
[  666.188584][ T5145] pwc: recv_control_msg error -71 req 02 val 2600
[  666.196018][ T5145] pwc: recv_control_msg error -71 req 02 val 2900
[  666.202981][ T5145] pwc: recv_control_msg error -71 req 02 val 2800
[  666.215759][ T5145] pwc: recv_control_msg error -71 req 04 val 1100
[  666.222785][ T5145] pwc: recv_control_msg error -71 req 04 val 1200
[  666.240822][ T5145] pwc: Registered as video71.
[  666.252855][ T5145] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input136
[  666.291029][ T5145] usb 3-1: USB disconnect, device number 97
[  666.948102][   T12] team0 (unregistering): Port device team_slave_1 removed
[  667.000926][   T12] team0 (unregistering): Port device team_slave_0 removed
[  667.752723][T14755] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  668.244590][   T29] audit: type=1326 audit(1720685770.011:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14942 comm="syz.4.2188" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73c9579 code=0x0
[  668.382552][T14755] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  668.449455][T14755] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  668.529312][T14755] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  668.767857][T14961] RDS: rds_bind could not find a transport for 2001::1, load rds_tcp or rds_rdma?
[  668.822166][ T5145] usb 3-1: new high-speed USB device number 98 using dummy_hcd
[  669.027605][ T5145] usb 3-1: Using ep0 maxpacket: 32
[  669.068509][ T5145] usb 3-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91
[  669.101914][ T5145] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  669.136224][ T5145] usb 3-1: config 0 descriptor??
[  669.183386][ T5145] gspca_main: sunplus-2.14.0 probing 0458:7006
[  669.291816][T14755] 8021q: adding VLAN 0 to HW filter on device bond0
[  669.488456][T14755] 8021q: adding VLAN 0 to HW filter on device team0
[  669.543826][ T4869] bridge0: port 1(bridge_slave_0) entered blocking state
[  669.551140][ T4869] bridge0: port 1(bridge_slave_0) entered forwarding state
[  669.573382][ T4869] bridge0: port 2(bridge_slave_1) entered blocking state
[  669.580653][ T4869] bridge0: port 2(bridge_slave_1) entered forwarding state
[  669.663500][T14773] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  669.673462][ T5146] usb 5-1: new high-speed USB device number 90 using dummy_hcd
[  669.708066][T14773] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  669.738109][T14773] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  669.766129][T14773] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  669.888196][ T5146] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  669.909407][ T5146] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  669.934322][ T5146] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  669.958776][ T5146] usb 5-1: config 0 descriptor??
[  669.987230][ T5146] pwc: Askey VC010 type 2 USB webcam detected.
[  670.088043][T14755] 8021q: adding VLAN 0 to HW filter on device batadv0
[  670.158210][T14773] 8021q: adding VLAN 0 to HW filter on device bond0
[  670.267693][ T5145] gspca_sunplus: reg_w_riv err -71
[  670.295481][ T5145] sunplus 3-1:0.0: probe with driver sunplus failed with error -71
[  670.296085][T14773] 8021q: adding VLAN 0 to HW filter on device team0
[  670.324087][ T5145] usb 3-1: USB disconnect, device number 98
[  670.353554][ T4869] bridge0: port 1(bridge_slave_0) entered blocking state
[  670.360813][ T4869] bridge0: port 1(bridge_slave_0) entered forwarding state
[  670.419746][T14755] veth0_vlan: entered promiscuous mode
[  670.434269][ T4869] bridge0: port 2(bridge_slave_1) entered blocking state
[  670.441575][ T4869] bridge0: port 2(bridge_slave_1) entered forwarding state
[  670.494683][T14755] veth1_vlan: entered promiscuous mode
[  670.698691][T14755] veth0_macvtap: entered promiscuous mode
[  670.758117][T14755] veth1_macvtap: entered promiscuous mode
[  670.868407][ T5146] pwc: recv_control_msg error -71 req 02 val 2c00
[  670.890759][ T5146] pwc: recv_control_msg error -71 req 04 val 1000
[  670.929486][ T5146] pwc: recv_control_msg error -71 req 04 val 1300
[  670.930362][T14755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  670.971275][ T5146] pwc: recv_control_msg error -71 req 04 val 1400
[  670.982017][ T5146] pwc: recv_control_msg error -71 req 02 val 2000
[  670.995842][ T5146] pwc: recv_control_msg error -71 req 02 val 2100
[  671.002330][T14755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  671.002357][T14755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  671.002379][T14755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  671.002396][T14755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  671.050336][ T5146] pwc: recv_control_msg error -71 req 04 val 1500
[  671.062415][ T5146] pwc: recv_control_msg error -71 req 02 val 2500
[  671.078605][T14755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  671.099618][ T5146] pwc: recv_control_msg error -71 req 02 val 2400
[  671.112177][T14755] batman_adv: batadv0: Interface activated: batadv_slave_0
[  671.118600][ T5146] pwc: recv_control_msg error -71 req 02 val 2600
[  671.144505][ T5146] pwc: recv_control_msg error -71 req 02 val 2900
[  671.155977][ T5146] pwc: recv_control_msg error -71 req 02 val 2800
[  671.185685][ T5146] pwc: recv_control_msg error -71 req 04 val 1100
[  671.195593][ T5146] pwc: recv_control_msg error -71 req 04 val 1200
[  671.207342][T14773] 8021q: adding VLAN 0 to HW filter on device batadv0
[  671.220604][T14755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  671.230689][ T5146] pwc: Registered as video71.
[  671.252600][T14755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  671.275231][T14755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  671.277058][ T5146] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input137
[  671.307486][T14755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  671.335166][T14755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  671.357973][ T5146] usb 5-1: USB disconnect, device number 90
[  671.370568][T14755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  671.398757][T14755] batman_adv: batadv0: Interface activated: batadv_slave_1
[  671.454509][T14755] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  671.495394][T14755] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  671.524231][T14755] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  671.555555][T14755] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  671.774322][T15007] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2198'.
[  671.856269][T14773] veth0_vlan: entered promiscuous mode
[  671.909243][T14773] veth1_vlan: entered promiscuous mode
[  672.004472][ T7872] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  672.025008][ T7872] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  672.091999][T14773] veth0_macvtap: entered promiscuous mode
[  672.115455][   T29] audit: type=1326 audit(1720685773.881:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15016 comm="syz.2.2200" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7417579 code=0x0
[  672.137044][    C1] vkms_vblank_simulate: vblank timer overrun
[  672.187219][ T7868] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  672.189331][T14773] veth1_macvtap: entered promiscuous mode
[  672.215272][ T7868] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  672.327708][T14773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  672.357092][T14773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  672.375239][T14773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  672.409692][T14773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  672.438656][T14773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  672.475145][T14773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  672.494620][T14773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  672.518836][T14773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  672.538386][T14773] batman_adv: batadv0: Interface activated: batadv_slave_0
[  672.582821][T14773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  672.590800][T15037] FAULT_INJECTION: forcing a failure.
[  672.590800][T15037] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  672.607905][T15037] CPU: 0 PID: 15037 Comm: syz.4.2203 Not tainted 6.10.0-rc7-syzkaller-00025-ga19ea421490d #0
[  672.613796][T14773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  672.618090][T15037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  672.618110][T15037] Call Trace:
[  672.618121][T15037]  <TASK>
[  672.618132][T15037]  dump_stack_lvl+0x241/0x360
[  672.618172][T15037]  ? __pfx_dump_stack_lvl+0x10/0x10
[  672.618204][T15037]  ? __pfx__printk+0x10/0x10
[  672.618237][T15037]  ? __pfx_lock_release+0x10/0x10
[  672.618263][T15037]  ? tomoyo_path_number_perm+0x71a/0x880
[  672.618294][T15037]  ? __lock_acquire+0x1346/0x1fd0
[  672.618322][T15037]  should_fail_ex+0x3b0/0x4e0
[  672.618359][T15037]  _copy_to_user+0x2f/0xb0
[  672.618386][T15037]  video_usercopy+0xe5e/0x1180
[  672.618431][T15037]  ? __pfx_subdev_do_ioctl_lock+0x10/0x10
[  672.618462][T15037]  ? __pfx_video_usercopy+0x10/0x10
[  672.618515][T15037]  ? __fget_files+0x29/0x470
[  672.618549][T15037]  v4l2_ioctl+0x18c/0x1e0
[  672.618586][T15037]  v4l2_compat_ioctl32+0x1da/0x260
[  672.618621][T15037]  __se_compat_sys_ioctl+0x51c/0xca0
[  672.618652][T15037]  ? __pfx___se_compat_sys_ioctl+0x10/0x10
[  672.618691][T15037]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  672.618720][T15037]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  672.618752][T15037]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  672.618785][T15037]  ? lockdep_hardirqs_on+0x99/0x150
[  672.618818][T15037]  __do_fast_syscall_32+0xb4/0x120
[  672.618852][T15037]  ? exc_page_fault+0x590/0x8c0
[  672.618906][T15037]  do_fast_syscall_32+0x34/0x80
[  672.618939][T15037]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  672.618975][T15037] RIP: 0023:0xf73c9579
[  672.618996][T15037] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  672.619020][T15037] RSP: 002b:00000000f5ce257c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  672.619046][T15037] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0585605
[  672.619079][T15037] RDX: 00000000200000c0 RSI: 0000000000000000 RDI: 0000000000000000
[  672.619094][T15037] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  672.619109][T15037] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  672.619124][T15037] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  672.619157][T15037]  </TASK>
[  672.869199][T14773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  672.884356][T14773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  672.898755][T14773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  672.914046][T14773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  672.939480][T14773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  672.950814][T14773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  672.981794][T14773] batman_adv: batadv0: Interface activated: batadv_slave_1
[  673.091013][T14773] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  673.154405][T14773] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  673.186889][T14773] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  673.206338][T15047] loop0: detected capacity change from 0 to 7
[  673.235180][T14773] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  673.240140][T15047] Dev loop0: unable to read RDB block 7
[  673.282931][T15047]  loop0: AHDI p4
[  673.297555][T15047] loop0: partition table partially beyond EOD, truncated
[  673.648594][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  673.681038][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  673.717122][ T4869] usb 5-1: new high-speed USB device number 91 using dummy_hcd
[  673.742036][  T955] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  673.778733][  T955] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  673.845356][    T8] usb 1-1: new high-speed USB device number 126 using dummy_hcd
[  673.918310][ T4869] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  673.965609][ T4869] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  674.002577][ T4869] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  674.035177][ T4869] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  674.058205][    T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 142, changing to 11
[  674.087095][T15043] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  674.108831][    T8] usb 1-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  674.145784][    T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  674.173094][T15073] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2210'.
[  674.215035][    T8] usb 1-1: config 0 descriptor??
[  674.346146][ T4869] aiptek 5-1:17.0: Aiptek using 400 ms programming speed
[  674.387553][ T4869] input: Aiptek as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:17.0/input/input138
[  674.405283][ T5150] usb 3-1: new high-speed USB device number 99 using dummy_hcd
[  674.501406][   T29] audit: type=1400 audit(1720685776.271:635): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=2626200D3A6B420A537761705073733A20202020202020202020202020202030206B420A4C6F636B65643A2020202020202020202020202020202030206B420A544850656C696769626C653A2020202020202020202020300A566D466C6167733A207264207368206D72206D77206D65206D73207364200A31666666663030302D3230303030303030202D2D2D702030303030303030302030303A30302030200A53697A653A20202020202020202020202020202020202034206B420A4B65726E656C5061676553697A653A202020202020202034206B420A4D4D555061676553697A653A202020202020202020202034206B pid=15056 comm="syz.0.2209"
[  674.631243][ T4869] usb 5-1: USB disconnect, device number 91
[  674.631318][    C0] aiptek 5-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  674.712698][ T5150] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  674.754223][ T5150] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  674.796559][ T5150] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  674.851674][ T5150] usb 3-1: config 0 descriptor??
[  674.891437][ T5150] pwc: Askey VC010 type 2 USB webcam detected.
[  675.090929][    T8] usbhid 1-1:0.0: can't add hid device: -71
[  675.135403][    T8] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  675.187916][    T8] usb 1-1: USB disconnect, device number 126
[  675.453498][   T29] audit: type=1326 audit(1720685777.221:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15095 comm="syz.3.2215" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf749f579 code=0x0
[  675.703843][T15109] A link change request failed with some changes committed already. Interface bond_slave_1 may have been left with an inconsistent configuration, please check.
[  675.925933][   T29] audit: type=1400 audit(1720685777.691:637): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=15114 comm="syz.1.2219"
[  676.026057][ T5150] pwc: recv_control_msg error -71 req 02 val 2c00
[  676.039591][ T5150] pwc: recv_control_msg error -71 req 04 val 1000
[  676.085047][ T5150] pwc: recv_control_msg error -71 req 04 val 1300
[  676.112493][ T5150] pwc: recv_control_msg error -71 req 04 val 1400
[  676.131756][ T5150] pwc: recv_control_msg error -71 req 02 val 2000
[  676.153056][ T5150] pwc: recv_control_msg error -71 req 02 val 2100
[  676.179695][ T5150] pwc: recv_control_msg error -71 req 04 val 1500
[  676.215664][ T5150] pwc: recv_control_msg error -71 req 02 val 2500
[  676.239527][ T5150] pwc: recv_control_msg error -71 req 02 val 2400
[  676.282072][ T5150] pwc: recv_control_msg error -71 req 02 val 2600
[  676.312273][ T5150] pwc: recv_control_msg error -71 req 02 val 2900
[  676.344289][ T5150] pwc: recv_control_msg error -71 req 02 val 2800
[  676.375351][ T5150] pwc: recv_control_msg error -71 req 04 val 1100
[  676.402693][ T5150] pwc: recv_control_msg error -71 req 04 val 1200
[  676.457596][ T5150] pwc: Registered as video71.
[  676.478801][   T29] audit: type=1326 audit(1720685778.221:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15120 comm="syz.0.2220" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7486579 code=0x7ffc0000
[  676.488848][ T5150] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input139
[  676.586346][   T29] audit: type=1326 audit(1720685778.221:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15120 comm="syz.0.2220" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7486579 code=0x7ffc0000
[  676.587371][ T5150] usb 3-1: USB disconnect, device number 99
[  676.725360][   T29] audit: type=1326 audit(1720685778.221:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15120 comm="syz.0.2220" exe="/root/syz-executor" sig=0 arch=40000003 syscall=291 compat=1 ip=0xf7486579 code=0x7ffc0000
[  676.817114][T15139] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2223'.
[  676.841888][   T29] audit: type=1326 audit(1720685778.221:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15120 comm="syz.0.2220" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7486579 code=0x7ffc0000
[  676.949515][   T29] audit: type=1326 audit(1720685778.221:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15120 comm="syz.0.2220" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7486579 code=0x7ffc0000
[  677.131423][   T29] audit: type=1326 audit(1720685778.221:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15120 comm="syz.0.2220" exe="/root/syz-executor" sig=0 arch=40000003 syscall=436 compat=1 ip=0xf7486579 code=0x7ffc0000
[  677.215807][T15157] bridge_slave_1: left allmulticast mode
[  677.221537][T15157] bridge_slave_1: left promiscuous mode
[  677.270268][   T29] audit: type=1326 audit(1720685778.221:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15120 comm="syz.0.2220" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7486579 code=0x7ffc0000
[  677.324393][T15157] bridge0: port 2(bridge_slave_1) entered disabled state
[  677.393225][T15157] bridge_slave_0: left allmulticast mode
[  677.409623][T15157] bridge_slave_0: left promiscuous mode
[  677.439589][T15157] bridge0: port 1(bridge_slave_0) entered disabled state
[  677.548219][ T5150] usb 4-1: new high-speed USB device number 97 using dummy_hcd
[  677.744045][ T5150] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  677.785179][ T5150] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid wMaxPacketSize 0
[  677.815443][ T5150] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  677.868912][ T5150] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  677.905218][ T5150] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  677.966626][ T5150] usb 4-1: config 0 descriptor??
[  678.207019][ T5092] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  678.219563][ T5092] Bluetooth: hci1: Injecting HCI hardware error event
[  678.229408][ T5092] Bluetooth: hci1: hardware error 0x00
[  678.405321][ T5146] usb 1-1: new high-speed USB device number 127 using dummy_hcd
[  678.469877][ T5150] plantronics 0003:047F:FFFF.0025: unknown main item tag 0x1
[  678.487725][ T5150] plantronics 0003:047F:FFFF.0025: No inputs registered, leaving
[  678.560421][ T5150] plantronics 0003:047F:FFFF.0025: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  678.597513][ T5146] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 142, changing to 11
[  678.625253][ T5146] usb 1-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  678.649534][ T5146] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  678.682706][ T5146] usb 1-1: config 0 descriptor??
[  679.227107][T15210] openvswitch: netlink: Unknown nsh attribute 0
[  679.268728][ T5146] usbhid 1-1:0.0: can't add hid device: -71
[  679.297433][ T5146] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  679.315274][T15216] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2237'.
[  679.339298][T15210] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2236'.
[  679.341012][ T5146] usb 1-1: USB disconnect, device number 127
[  679.701727][T15224] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2239'.
[  679.899509][   T29] kauditd_printk_skb: 25 callbacks suppressed
[  679.899528][   T29] audit: type=1326 audit(1720685781.671:670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15223 comm="syz.1.2239" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b2579 code=0x7fc00000
[  679.966048][    T8] usb 4-1: reset high-speed USB device number 97 using dummy_hcd
[  680.286070][ T5092] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  680.375359][ T5146] usb 5-1: new high-speed USB device number 92 using dummy_hcd
[  680.507699][   T29] audit: type=1326 audit(1720685782.281:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15223 comm="syz.1.2239" exe="/root/syz-executor" sig=0 arch=40000003 syscall=354 compat=1 ip=0xf73b2579 code=0x7fc00000
[  680.595325][ T5146] usb 5-1: Using ep0 maxpacket: 16
[  680.611435][ T5146] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  680.634072][   T29] audit: type=1326 audit(1720685782.281:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15223 comm="syz.1.2239" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b2579 code=0x7fc00000
[  680.679193][ T5146] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  680.703930][ T5150] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  680.721131][ T5146] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  680.731062][   T29] audit: type=1326 audit(1720685782.281:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15223 comm="syz.1.2239" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b2579 code=0x7fc00000
[  680.765618][ T5146] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  680.784704][ T5146] usb 5-1: config 0 descriptor??
[  680.814603][   T29] audit: type=1326 audit(1720685782.281:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15223 comm="syz.1.2239" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b2579 code=0x7fc00000
[  680.851512][   T29] audit: type=1326 audit(1720685782.281:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15223 comm="syz.1.2239" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b2579 code=0x7fc00000
[  680.889840][   T29] audit: type=1326 audit(1720685782.281:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15223 comm="syz.1.2239" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b2579 code=0x7fc00000
[  680.942951][   T29] audit: type=1326 audit(1720685782.351:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15250 comm="syz.2.2245" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7417579 code=0x0
[  680.988371][   T29] audit: type=1326 audit(1720685782.761:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15258 comm="syz.1.2247" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b2579 code=0x7ffc0000
[  681.017312][ T5150] usb 1-1: Using ep0 maxpacket: 16
[  681.057095][ T5150] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  681.095519][ T5150] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  681.106543][   T29] audit: type=1326 audit(1720685782.761:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15258 comm="syz.1.2247" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b2579 code=0x7ffc0000
[  681.142644][ T5150] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  681.174675][ T5150] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  681.219301][ T5150] usb 1-1: config 0 descriptor??
[  681.424985][T15271] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2249'.
[  681.460194][T15238] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  681.503754][T15238] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  681.567995][ T5146] hid-generic 0003:0158:0100.0026: unknown main item tag 0x1
[  681.585264][ T5146] hid-generic 0003:0158:0100.0026: unexpected long global item
[  681.594176][ T5146] hid-generic 0003:0158:0100.0026: probe with driver hid-generic failed with error -22
[  681.855946][  T784] usb 5-1: USB disconnect, device number 92
[  681.916781][ T5150] usbhid 1-1:0.0: can't add hid device: -71
[  681.948609][ T5150] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  681.975584][ T5150] usb 1-1: USB disconnect, device number 2
[  681.999890][ T5148] usb 4-1: USB disconnect, device number 97
[  682.445443][  T784] usb 2-1: new high-speed USB device number 98 using dummy_hcd
[  682.650705][  T784] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  682.684806][  T784] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  682.726127][  T784] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  682.745175][  T784] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  682.765294][T15283] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  682.805335][ T5146] usb 3-1: new high-speed USB device number 100 using dummy_hcd
[  682.996490][ T5146] usb 3-1: Using ep0 maxpacket: 32
[  683.019259][ T5146] usb 3-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91
[  683.073472][ T5146] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  683.117372][ T5146] usb 3-1: config 0 descriptor??
[  683.130496][  T784] aiptek 2-1:17.0: Aiptek using 400 ms programming speed
[  683.141804][ T5146] gspca_main: sunplus-2.14.0 probing 0458:7006
[  683.160761][  T784] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input140
[  683.233721][  T784] usb 2-1: USB disconnect, device number 98
[  683.233801][    C0] aiptek 2-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  683.566491][T15312] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2260'.
[  683.729159][T15314] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2
[  683.738877][T15314] netdevsim netdevsim4: Falling back to sysfs fallback for: ./file0
[  684.011454][T15324] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2265'.
[  684.224113][ T5146] gspca_sunplus: reg_w_riv err -71
[  684.233650][ T5146] sunplus 3-1:0.0: probe with driver sunplus failed with error -71
[  684.252407][ T5146] usb 3-1: USB disconnect, device number 100
[  684.637525][T15337] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2269'.
[  684.665871][  T784] usb 2-1: new high-speed USB device number 99 using dummy_hcd
[  684.865308][  T784] usb 2-1: Using ep0 maxpacket: 16
[  684.886972][T15340] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  684.895875][T15340] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  684.904608][T15340] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  684.913484][T15340] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  684.941288][  T784] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  684.988517][  T784] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  685.014378][  T784] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  685.015889][   T29] kauditd_printk_skb: 32 callbacks suppressed
[  685.015913][   T29] audit: type=1326 audit(1720685786.751:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15338 comm="syz.4.2271" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73c9579 code=0x7ffc0000
[  685.082804][   T29] audit: type=1326 audit(1720685786.751:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15338 comm="syz.4.2271" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73c9579 code=0x7ffc0000
[  685.110812][  T784] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  685.140027][  T784] usb 2-1: config 0 descriptor??
[  685.199073][T15347] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2272'.
[  685.264916][T15349] netlink: 'syz.2.2273': attribute type 29 has an invalid length.
[  685.286031][T15349] netlink: 'syz.2.2273': attribute type 29 has an invalid length.
[  685.312293][T15349] netlink: 'syz.2.2273': attribute type 29 has an invalid length.
[  685.326512][T15349] netlink: 'syz.2.2273': attribute type 29 has an invalid length.
[  685.351299][T15351] syzkaller1: entered promiscuous mode
[  685.369036][T15351] syzkaller1: entered allmulticast mode
[  685.805488][   T57] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  685.827934][  T784] usbhid 2-1:0.0: can't add hid device: -71
[  685.847529][  T784] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  685.860895][  T784] usb 2-1: USB disconnect, device number 99
[  686.025428][   T57] usb 1-1: Using ep0 maxpacket: 32
[  686.032878][   T57] usb 1-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91
[  686.049155][   T57] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  686.050892][ T1249] ieee802154 phy0 wpan0: encryption failed: -22
[  686.065847][ T1249] ieee802154 phy1 wpan1: encryption failed: -22
[  686.066612][   T57] usb 1-1: config 0 descriptor??
[  686.092205][T15373] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2282'.
[  686.143583][   T57] gspca_main: sunplus-2.14.0 probing 0458:7006
[  686.175575][ T5146] usb 3-1: new high-speed USB device number 101 using dummy_hcd
[  686.369342][ T5145] usb 5-1: new high-speed USB device number 93 using dummy_hcd
[  686.395939][ T5146] usb 3-1: Using ep0 maxpacket: 32
[  686.404292][ T5146] usb 3-1: New USB device found, idVendor=2201, idProduct=012c, bcdDevice=e7.87
[  686.435680][ T5146] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  686.487720][ T5146] usb 3-1: config 0 descriptor??
[  686.510735][ T5146] usb 3-1: probing VID:PID(2201:012C)   
[  686.530356][ T5146] usb 3-1: Could not find two sets of bulk-in/out endpoint pairs
[  686.554560][ T5146] vub300 3-1:0.0: probe with driver vub300 failed with error -22
[  686.598019][ T5145] usb 5-1: config 0 has an invalid interface number: 94 but max is 0
[  686.606778][ T5145] usb 5-1: config 0 has no interface number 0
[  686.613135][ T5145] usb 5-1: New USB device found, idVendor=0545, idProduct=800d, bcdDevice= 3.0a
[  686.625621][ T5145] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  686.638018][ T5145] usb 5-1: config 0 descriptor??
[  686.833900][   T29] audit: type=1326 audit(1720685788.601:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15378 comm="syz.1.2284" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b2579 code=0x7ffc0000
[  686.884033][   T29] audit: type=1326 audit(1720685788.601:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15378 comm="syz.1.2284" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b2579 code=0x7ffc0000
[  686.908511][   T29] audit: type=1326 audit(1720685788.601:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15378 comm="syz.1.2284" exe="/root/syz-executor" sig=0 arch=40000003 syscall=291 compat=1 ip=0xf73b2579 code=0x7ffc0000
[  686.941996][   T29] audit: type=1326 audit(1720685788.601:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15378 comm="syz.1.2284" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b2579 code=0x7ffc0000
[  687.026027][   T29] audit: type=1326 audit(1720685788.641:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15378 comm="syz.1.2284" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b2579 code=0x7ffc0000
[  687.093866][T15368] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  687.122387][T15368] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  687.157999][T15387] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2285'.
[  687.227164][   T57] gspca_sunplus: reg_w_riv err -71
[  687.235748][   T57] sunplus 1-1:0.0: probe with driver sunplus failed with error -71
[  687.269806][   T57] usb 1-1: USB disconnect, device number 3
[  687.401365][T15397] sock: sock_timestamping_bind_phc: sock not bind to device
[  687.794530][T15407] FAULT_INJECTION: forcing a failure.
[  687.794530][T15407] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  687.821617][T15407] CPU: 0 PID: 15407 Comm: syz.3.2291 Not tainted 6.10.0-rc7-syzkaller-00025-ga19ea421490d #0
[  687.831892][T15407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  687.841991][T15407] Call Trace:
[  687.845309][T15407]  <TASK>
[  687.848282][T15407]  dump_stack_lvl+0x241/0x360
[  687.853020][T15407]  ? __pfx_dump_stack_lvl+0x10/0x10
[  687.858277][T15407]  ? __pfx__printk+0x10/0x10
[  687.862926][T15407]  ? __pfx_lock_release+0x10/0x10
[  687.868005][T15407]  ? sock_recvmsg_nosec+0xa6/0x1d0
[  687.873181][T15407]  should_fail_ex+0x3b0/0x4e0
[  687.877931][T15407]  _copy_from_user+0x2f/0xe0
[  687.882576][T15407]  get_compat_msghdr+0xae/0x730
[  687.887498][T15407]  ? __pfx_get_compat_msghdr+0x10/0x10
[  687.893015][T15407]  ? rcu_is_watching+0x15/0xb0
[  687.897831][T15407]  do_recvmmsg+0x52a/0xae0
[  687.902307][T15407]  ? __pfx_lock_acquire+0x10/0x10
[  687.907380][T15407]  ? __pfx_do_recvmmsg+0x10/0x10
[  687.912363][T15407]  ? kstrtouint_from_user+0x128/0x190
[  687.917820][T15407]  ? vfs_write+0x7c4/0xc90
[  687.922354][T15407]  __sys_recvmmsg+0x1a8/0x270
[  687.927095][T15407]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  687.933126][T15407]  ? __pfx___sys_recvmmsg+0x10/0x10
[  687.938378][T15407]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  687.944768][T15407]  __ia32_compat_sys_recvmmsg_time32+0xbf/0xd0
[  687.951005][T15407]  __do_fast_syscall_32+0xb4/0x120
[  687.956181][T15407]  ? exc_page_fault+0x590/0x8c0
[  687.961096][T15407]  do_fast_syscall_32+0x34/0x80
[  687.966006][T15407]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  687.972461][T15407] RIP: 0023:0xf749f579
[  687.976572][T15407] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  687.996225][T15407] RSP: 002b:00000000f5d9757c EFLAGS: 00000206 ORIG_RAX: 0000000000000151
[  688.004692][T15407] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000
[  688.012703][T15407] RDX: 000000000000002e RSI: 0000000000000002 RDI: 0000000000000000
[  688.020720][T15407] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  688.028735][T15407] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  688.036751][T15407] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  688.044786][T15407]  </TASK>
[  688.255622][T15415] bridge_slave_1: left allmulticast mode
[  688.261349][T15415] bridge_slave_1: left promiscuous mode
[  688.271502][T15415] bridge0: port 2(bridge_slave_1) entered disabled state
[  688.280924][T15418] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2295'.
[  688.298174][T15415] bridge_slave_0: left allmulticast mode
[  688.303906][T15415] bridge_slave_0: left promiscuous mode
[  688.319271][T15415] bridge0: port 1(bridge_slave_0) entered disabled state
[  688.452724][ T5146] usb 5-1: USB disconnect, device number 93
[  688.655421][   T57] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  688.760209][ T5146] usb 3-1: USB disconnect, device number 101
[  688.852006][   T57] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  688.863353][   T57] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid wMaxPacketSize 0
[  688.874075][   T57] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  688.887947][   T57] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  688.897799][   T57] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  688.908727][   T57] usb 1-1: config 0 descriptor??
[  689.106549][T15426] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2297'.
[  689.293356][   T29] audit: type=1804 audit(1720685791.061:719): pid=15430 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2299" name="/" dev="pidfs" ino=15731 res=1 errno=0
[  689.388875][   T57] plantronics 0003:047F:FFFF.0027: unknown main item tag 0x1
[  689.397582][ T5146] usb 3-1: new high-speed USB device number 102 using dummy_hcd
[  689.439289][   T57] plantronics 0003:047F:FFFF.0027: No inputs registered, leaving
[  689.460139][   T57] plantronics 0003:047F:FFFF.0027: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  689.615997][ T5146] usb 3-1: Using ep0 maxpacket: 32
[  689.623427][ T5146] usb 3-1: New USB device found, idVendor=2201, idProduct=012c, bcdDevice=e7.87
[  689.636640][ T5146] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  689.656245][ T5146] usb 3-1: config 0 descriptor??
[  689.674818][ T5146] usb 3-1: probing VID:PID(2201:012C)   
[  689.693707][ T5146] usb 3-1: Could not find two sets of bulk-in/out endpoint pairs
[  689.748267][ T5146] vub300 3-1:0.0: probe with driver vub300 failed with error -22
[  689.822849][T14401] hid-generic 0000:0000:0000.0028: unknown main item tag 0x0
[  689.844073][T14401] hid-generic 0000:0000:0000.0028: unknown main item tag 0x0
[  689.853286][T14401] hid-generic 0000:0000:0000.0028: unknown main item tag 0x0
[  689.864607][T14401] hid-generic 0000:0000:0000.0028: unknown main item tag 0x0
[  689.884955][T14401] hid-generic 0000:0000:0000.0028: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  690.105318][ T4869] usb 5-1: new high-speed USB device number 94 using dummy_hcd
[  690.328706][ T4869] usb 5-1: config 0 has no interfaces?
[  690.344615][ T4869] usb 5-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  690.382434][ T4869] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  690.423805][ T4869] usb 5-1: config 0 descriptor??
[  690.515838][T15423] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  690.525663][T15423] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  690.635439][ T5146] usb 4-1: new high-speed USB device number 98 using dummy_hcd
[  690.670837][  T784] usb 5-1: USB disconnect, device number 94
[  690.790737][ T7875] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  690.866228][T14401] usb 1-1: reset high-speed USB device number 4 using dummy_hcd
[  690.878813][ T5146] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  690.911850][ T5146] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  690.946692][ T7875] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  690.957271][ T5146] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  690.976192][ T5146] usb 4-1: config 0 descriptor??
[  690.997147][ T5146] pwc: Askey VC010 type 2 USB webcam detected.
[  691.025693][T14401] usb 1-1: device descriptor read/64, error -32
[  691.099208][ T7875] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  691.230963][ T7875] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  691.316675][T14401] usb 1-1: reset high-speed USB device number 4 using dummy_hcd
[  691.321646][ T5092] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  691.339459][ T5092] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  691.350245][ T5092] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  691.359817][ T5092] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  691.378330][ T5092] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  691.389932][ T5092] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  691.495392][T14401] usb 1-1: device descriptor read/64, error -32
[  691.690912][ T7875] bridge_slave_1: left allmulticast mode
[  691.707782][ T7875] bridge_slave_1: left promiscuous mode
[  691.721523][ T7875] bridge0: port 2(bridge_slave_1) entered disabled state
[  691.742653][ T7875] bridge_slave_0: left allmulticast mode
[  691.749317][ T7875] bridge_slave_0: left promiscuous mode
[  691.762273][ T7875] bridge0: port 1(bridge_slave_0) entered disabled state
[  691.785328][T14401] usb 1-1: reset high-speed USB device number 4 using dummy_hcd
[  691.838399][T14401] usb 1-1: device descriptor read/8, error -32
[  691.887194][ T5092] Bluetooth: hci0: command tx timeout
[  691.898378][T15471] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2313'.
[  691.920716][ T5150] usb 3-1: USB disconnect, device number 102
[  691.971186][ T5146] pwc: recv_control_msg error -71 req 02 val 2c00
[  691.986483][ T5146] pwc: recv_control_msg error -71 req 04 val 1000
[  692.010928][ T5146] pwc: recv_control_msg error -71 req 04 val 1300
[  692.034853][ T5146] pwc: recv_control_msg error -71 req 04 val 1400
[  692.050855][ T5146] pwc: recv_control_msg error -71 req 02 val 2000
[  692.073828][ T5146] pwc: recv_control_msg error -71 req 02 val 2100
[  692.092161][ T5146] pwc: recv_control_msg error -71 req 04 val 1500
[  692.123466][ T5146] pwc: recv_control_msg error -71 req 02 val 2500
[  692.173338][ T5146] pwc: recv_control_msg error -71 req 02 val 2400
[  692.190948][ T5146] pwc: recv_control_msg error -71 req 02 val 2600
[  692.215315][ T5146] pwc: recv_control_msg error -71 req 02 val 2900
[  692.247131][ T5146] pwc: recv_control_msg error -71 req 02 val 2800
[  692.261997][ T5146] pwc: recv_control_msg error -71 req 04 val 1100
[  692.280735][ T5146] pwc: recv_control_msg error -71 req 04 val 1200
[  692.308058][ T5146] pwc: Registered as video71.
[  692.331813][ T5146] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input141
[  692.375004][ T5146] usb 4-1: USB disconnect, device number 98
[  692.625277][  T784] usb 5-1: new high-speed USB device number 95 using dummy_hcd
[  692.823624][    T8] usb 1-1: USB disconnect, device number 4
[  692.831738][  T784] usb 5-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  692.850956][  T784] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  692.878381][  T784] usb 5-1: config 0 descriptor??
[  692.894116][  T784] gspca_main: spca508-2.14.0 probing 8086:0110
[  692.971401][ T7875] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  693.006047][ T7875] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  693.052780][ T7875] bond0 (unregistering): Released all slaves
[  693.115953][  T784] gspca_spca508: reg_read err -32
[  693.144164][  T784] gspca_spca508: reg_read err -32
[  693.173817][  T784] gspca_spca508: reg_read err -32
[  693.232704][T14401] usb 4-1: new high-speed USB device number 99 using dummy_hcd
[  693.453651][T14401] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  693.485305][T14401] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  693.485390][ T5092] Bluetooth: hci1: command tx timeout
[  693.495336][T14401] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  693.510309][T14401] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  693.522157][T14401] usb 4-1: config 0 descriptor??
[  693.715450][  T784] gspca_spca508: reg_read err -110
[  693.721105][  T784] gspca_spca508: reg_read err -32
[  693.738628][  T784] gspca_spca508: reg write: error -32
[  693.744150][  T784] spca508 5-1:0.0: probe with driver spca508 failed with error -32
[  693.771569][T15462] chnl_net:caif_netlink_parms(): no params data found
[  693.818232][  T784] usb 5-1: USB disconnect, device number 95
[  693.927987][ T7875] hsr_slave_0: left promiscuous mode
[  693.942282][T14401] cm6533_jd 0003:0D8C:0022.0029: unknown main item tag 0x0
[  693.969814][ T7875] hsr_slave_1: left promiscuous mode
[  693.976506][T14401] cm6533_jd 0003:0D8C:0022.0029: unknown main item tag 0x0
[  694.017700][T14401] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0D8C:0022.0029/input/input142
[  694.031941][ T7875] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  694.075391][ T7875] batman_adv: batadv0: Removing interface: batadv_slave_0
[  694.081085][T14401] cm6533_jd 0003:0D8C:0022.0029: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0
[  694.117438][ T7875] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  694.154008][ T7875] batman_adv: batadv0: Removing interface: batadv_slave_1
[  694.262763][ T7875] veth1_macvtap: left promiscuous mode
[  694.274659][ T7875] veth0_macvtap: left promiscuous mode
[  694.296753][ T7875] veth1_vlan: left promiscuous mode
[  694.302071][ T7875] veth0_vlan: left promiscuous mode
[  694.728013][   T53] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  694.746894][   T53] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  694.766976][   T53] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  694.777810][   T53] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  694.788218][   T53] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  694.796630][   T53] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  694.979861][   T29] audit: type=1326 audit(1720685796.741:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15504 comm="syz.4.2323" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73c9579 code=0x7ffc0000
[  695.027053][   T29] audit: type=1326 audit(1720685796.741:721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15504 comm="syz.4.2323" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73c9579 code=0x7ffc0000
[  695.060750][   T29] audit: type=1326 audit(1720685796.761:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15504 comm="syz.4.2323" exe="/root/syz-executor" sig=0 arch=40000003 syscall=291 compat=1 ip=0xf73c9579 code=0x7ffc0000
[  695.125469][   T29] audit: type=1326 audit(1720685796.761:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15504 comm="syz.4.2323" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73c9579 code=0x7ffc0000
[  695.193932][   T29] audit: type=1326 audit(1720685796.771:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15504 comm="syz.4.2323" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73c9579 code=0x7ffc0000
[  695.219854][   T29] audit: type=1326 audit(1720685796.791:725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15504 comm="syz.4.2323" exe="/root/syz-executor" sig=0 arch=40000003 syscall=436 compat=1 ip=0xf73c9579 code=0x7ffc0000
[  695.260947][   T29] audit: type=1326 audit(1720685796.791:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15504 comm="syz.4.2323" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73c9579 code=0x7ffc0000
[  695.292050][   T25] usb 4-1: reset high-speed USB device number 99 using dummy_hcd
[  695.322002][   T29] audit: type=1326 audit(1720685796.801:727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15504 comm="syz.4.2323" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73c9579 code=0x7ffc0000
[  695.565570][ T5092] Bluetooth: hci1: command tx timeout
[  695.723938][ T7875] team0 (unregistering): Port device team_slave_1 removed
[  695.797241][ T7875] team0 (unregistering): Port device team_slave_0 removed
[  696.768629][   T57] usb 5-1: new high-speed USB device number 96 using dummy_hcd
[  696.833373][T15483] batadv0: entered promiscuous mode
[  696.843779][T15483] batadv0: left promiscuous mode
[  696.851557][ T5092] Bluetooth: hci2: command tx timeout
[  696.985624][   T57] usb 5-1: Using ep0 maxpacket: 32
[  697.001726][   T57] usb 5-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91
[  697.021702][   T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  697.047384][   T57] usb 5-1: config 0 descriptor??
[  697.071134][   T57] gspca_main: sunplus-2.14.0 probing 0458:7006
[  697.328958][T15462] bridge0: port 1(bridge_slave_0) entered blocking state
[  697.365573][T15462] bridge0: port 1(bridge_slave_0) entered disabled state
[  697.387492][T15462] bridge_slave_0: entered allmulticast mode
[  697.435351][T15462] bridge_slave_0: entered promiscuous mode
[  697.497786][T15462] bridge0: port 2(bridge_slave_1) entered blocking state
[  697.505007][T15462] bridge0: port 2(bridge_slave_1) entered disabled state
[  697.538518][T15462] bridge_slave_1: entered allmulticast mode
[  697.596993][T15462] bridge_slave_1: entered promiscuous mode
[  697.645843][ T5092] Bluetooth: hci1: command tx timeout
[  697.754414][T15462] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  697.928142][T15462] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  697.940731][ T5146] usb 4-1: USB disconnect, device number 99
[  698.136011][   T57] gspca_sunplus: reg_w_riv err -71
[  698.160065][   T57] sunplus 5-1:0.0: probe with driver sunplus failed with error -71
[  698.188564][   T57] usb 5-1: USB disconnect, device number 96
[  698.196778][T15462] team0: Port device team_slave_0 added
[  698.263168][T15462] team0: Port device team_slave_1 added
[  698.365076][   T53] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  698.384040][   T53] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  698.393397][   T53] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  698.405770][   T53] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  698.413595][   T53] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  698.426774][   T53] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  698.482597][T15514] chnl_net:caif_netlink_parms(): no params data found
[  698.550774][T15462] batman_adv: batadv0: Adding interface: batadv_slave_0
[  698.577602][T15462] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  698.642900][T15462] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  698.739835][ T7875] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  698.752731][ T7875] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  698.880434][T15462] batman_adv: batadv0: Adding interface: batadv_slave_1
[  698.899076][T15462] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  698.925768][ T5092] Bluetooth: hci2: command tx timeout
[  698.943039][T15462] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  699.090592][ T7875] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  699.115791][ T7875] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  699.273902][ T7875] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  699.284267][ T7875] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  699.349391][T15514] bridge0: port 1(bridge_slave_0) entered blocking state
[  699.357390][T15514] bridge0: port 1(bridge_slave_0) entered disabled state
[  699.364667][T15514] bridge_slave_0: entered allmulticast mode
[  699.372923][T15514] bridge_slave_0: entered promiscuous mode
[  699.375332][   T57] usb 4-1: new high-speed USB device number 100 using dummy_hcd
[  699.425762][T15462] hsr_slave_0: entered promiscuous mode
[  699.436117][T15462] hsr_slave_1: entered promiscuous mode
[  699.443705][T15462] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  699.455272][T14401] usb 5-1: new high-speed USB device number 97 using dummy_hcd
[  699.476938][T15462] Cannot create hsr debugfs directory
[  699.503250][ T7875] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  699.513861][ T7875] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  699.536151][T15514] bridge0: port 2(bridge_slave_1) entered blocking state
[  699.547617][T15514] bridge0: port 2(bridge_slave_1) entered disabled state
[  699.554895][T15514] bridge_slave_1: entered allmulticast mode
[  699.562970][T15514] bridge_slave_1: entered promiscuous mode
[  699.586494][   T57] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  699.615387][   T57] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  699.637211][   T57] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  699.653110][   T57] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  699.667464][T14401] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  699.679336][T15562] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  699.709422][T14401] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  699.723143][T14401] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  699.732875][ T5092] Bluetooth: hci1: command tx timeout
[  699.738885][T14401] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  699.750857][T14401] usb 5-1: config 0 descriptor??
[  699.808960][T15514] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  699.897965][T15514] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  699.957918][   T57] aiptek 4-1:17.0: Aiptek using 400 ms programming speed
[  699.980043][   T57] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input143
[  700.053957][   T57] usb 4-1: USB disconnect, device number 100
[  700.060047][    C1] aiptek 4-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  700.194005][T14401] cm6533_jd 0003:0D8C:0022.002A: unknown main item tag 0x0
[  700.209774][T15514] team0: Port device team_slave_0 added
[  700.225372][T14401] cm6533_jd 0003:0D8C:0022.002A: unknown main item tag 0x0
[  700.238446][T14401] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.002A/input/input144
[  700.291443][T14401] cm6533_jd 0003:0D8C:0022.002A: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0
[  700.407684][T15514] team0: Port device team_slave_1 added
[  700.525718][ T5092] Bluetooth: hci4: command tx timeout
[  700.569437][T15569] batadv0: entered promiscuous mode
[  700.579612][T15569] batadv0: left promiscuous mode
[  700.719753][T15514] batman_adv: batadv0: Adding interface: batadv_slave_0
[  700.732936][T15514] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  700.793496][T15514] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  700.816097][T14401] usb 5-1: USB disconnect, device number 97
[  700.897602][ T7875] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  700.909772][ T7875] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  700.947303][T15514] batman_adv: batadv0: Adding interface: batadv_slave_1
[  700.954332][T15514] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  700.982156][T15514] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  700.999050][T15557] chnl_net:caif_netlink_parms(): no params data found
[  701.015502][ T5092] Bluetooth: hci2: command tx timeout
[  701.025802][   T57] usb 4-1: new high-speed USB device number 101 using dummy_hcd
[  701.051047][ T7875] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  701.061902][ T7875] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  701.193666][ T7875] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  701.204723][ T7875] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  701.212835][   T57] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  701.226614][   T57] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  701.237646][   T57] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  701.247430][   T57] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  701.258148][   T57] usb 4-1: config 0 descriptor??
[  701.304654][T15514] hsr_slave_0: entered promiscuous mode
[  701.315833][T15514] hsr_slave_1: entered promiscuous mode
[  701.322606][T15514] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  701.331683][T15514] Cannot create hsr debugfs directory
[  701.558751][ T7875] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  701.575188][ T7875] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  701.610391][T15557] bridge0: port 1(bridge_slave_0) entered blocking state
[  701.626084][T15557] bridge0: port 1(bridge_slave_0) entered disabled state
[  701.638464][T15557] bridge_slave_0: entered allmulticast mode
[  701.649736][T15557] bridge_slave_0: entered promiscuous mode
[  701.688110][   T57] cm6533_jd 0003:0D8C:0022.002B: unknown main item tag 0x0
[  701.707105][   T57] cm6533_jd 0003:0D8C:0022.002B: unknown main item tag 0x0
[  701.730364][   T57] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0D8C:0022.002B/input/input145
[  701.780550][   T57] cm6533_jd 0003:0D8C:0022.002B: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0
[  701.845843][T15557] bridge0: port 2(bridge_slave_1) entered blocking state
[  701.868435][T15557] bridge0: port 2(bridge_slave_1) entered disabled state
[  701.895538][T15557] bridge_slave_1: entered allmulticast mode
[  701.906959][T15557] bridge_slave_1: entered promiscuous mode
[  702.189674][T15557] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  702.283460][T15557] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  702.324661][T15592] batadv0: entered promiscuous mode
[  702.345923][T15592] batadv0: left promiscuous mode
[  702.553381][T15557] team0: Port device team_slave_0 added
[  702.582355][T15557] team0: Port device team_slave_1 added
[  702.595043][ T5145] usb 4-1: USB disconnect, device number 101
[  702.606551][ T5092] Bluetooth: hci4: command tx timeout
[  702.716926][ T7875] bridge_slave_1: left allmulticast mode
[  702.722645][ T7875] bridge_slave_1: left promiscuous mode
[  702.731949][ T7875] bridge0: port 2(bridge_slave_1) entered disabled state
[  702.754574][ T7875] bridge_slave_0: left allmulticast mode
[  702.771120][ T7875] bridge_slave_0: left promiscuous mode
[  702.785675][ T7875] bridge0: port 1(bridge_slave_0) entered disabled state
[  703.029079][T15616] netlink: 85644 bytes leftover after parsing attributes in process `syz.4.2342'.
[  703.042903][T15616] netlink: zone id is out of range
[  703.085574][T15616] netlink: zone id is out of range
[  703.099529][ T5092] Bluetooth: hci2: command tx timeout
[  703.121531][T15616] netlink: zone id is out of range
[  703.141961][T15616] netlink: zone id is out of range
[  703.152150][T15616] netlink: zone id is out of range
[  703.162140][T15616] netlink: zone id is out of range
[  703.168247][T15616] netlink: zone id is out of range
[  703.173537][T15616] netlink: zone id is out of range
[  703.181404][T15616] netlink: zone id is out of range
[  703.186817][T15616] netlink: zone id is out of range
[  703.425988][T15619] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  703.771226][ T7875] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  703.783097][ T7875] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  703.795406][ T7875] bond0 (unregistering): Released all slaves
[  703.964096][ T7875] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  703.979863][ T7875] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  703.991292][ T7875] bond0 (unregistering): Released all slaves
[  704.114087][T15613] batadv_slave_1: entered allmulticast mode
[  704.134772][T15614] pim6reg: entered allmulticast mode
[  704.184656][T15615] pim6reg: left allmulticast mode
[  704.190735][T15615] batadv_slave_1: left allmulticast mode
[  704.235973][T15557] batman_adv: batadv0: Adding interface: batadv_slave_0
[  704.243010][T15557] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  704.270477][T15557] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  704.283686][T15557] batman_adv: batadv0: Adding interface: batadv_slave_1
[  704.299553][T15557] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  704.325521][    C0] vkms_vblank_simulate: vblank timer overrun
[  704.340777][T15557] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  704.648040][T15462] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  704.673425][   T29] audit: type=1326 audit(1720685806.431:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15623 comm="syz.3.2344" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749f579 code=0x7ffc0000
[  704.695438][    C0] vkms_vblank_simulate: vblank timer overrun
[  704.703232][ T5092] Bluetooth: hci4: command tx timeout
[  704.710293][T15462] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  704.786928][   T29] audit: type=1326 audit(1720685806.431:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15623 comm="syz.3.2344" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749f579 code=0x7ffc0000
[  704.870359][   T29] audit: type=1326 audit(1720685806.431:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15623 comm="syz.3.2344" exe="/root/syz-executor" sig=0 arch=40000003 syscall=291 compat=1 ip=0xf749f579 code=0x7ffc0000
[  704.908289][   T29] audit: type=1326 audit(1720685806.431:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15623 comm="syz.3.2344" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749f579 code=0x7ffc0000
[  704.968083][T15632] netlink: 'syz.3.2346': attribute type 72 has an invalid length.
[  704.977223][   T29] audit: type=1326 audit(1720685806.431:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15623 comm="syz.3.2344" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749f579 code=0x7ffc0000
[  705.009708][T15632] netlink: 1016 bytes leftover after parsing attributes in process `syz.3.2346'.
[  705.035314][T15462] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  705.052868][   T29] audit: type=1326 audit(1720685806.431:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15623 comm="syz.3.2344" exe="/root/syz-executor" sig=0 arch=40000003 syscall=436 compat=1 ip=0xf749f579 code=0x7ffc0000
[  705.089505][T15462] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  705.113631][   T29] audit: type=1326 audit(1720685806.431:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15623 comm="syz.3.2344" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749f579 code=0x7ffc0000
[  705.150441][   T29] audit: type=1326 audit(1720685806.431:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15623 comm="syz.3.2344" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749f579 code=0x7ffc0000
[  705.192997][   T29] audit: type=1326 audit(1720685806.441:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15623 comm="syz.3.2344" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf749f579 code=0x7ffc0000
[  705.232043][   T29] audit: type=1326 audit(1720685806.441:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15623 comm="syz.3.2344" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749f579 code=0x7ffc0000
[  705.233799][T15557] hsr_slave_0: entered promiscuous mode
[  705.327887][T15634] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2347'.
[  705.355684][T15557] hsr_slave_1: entered promiscuous mode
[  705.368388][T15557] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  705.384477][T15557] Cannot create hsr debugfs directory
[  705.629879][ T5146] usb 4-1: new high-speed USB device number 102 using dummy_hcd
[  705.796645][ T7875] hsr_slave_0: left promiscuous mode
[  705.802795][ T7875] hsr_slave_1: left promiscuous mode
[  705.815247][ T5146] usb 4-1: Using ep0 maxpacket: 8
[  705.824783][ T7875] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  705.833492][ T5146] usb 4-1: unable to read config index 0 descriptor/start: -61
[  705.842540][ T5146] usb 4-1: can't read configurations, error -61
[  705.849979][ T7875] batman_adv: batadv0: Removing interface: batadv_slave_0
[  705.860380][ T7875] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  705.868156][ T7875] batman_adv: batadv0: Removing interface: batadv_slave_1
[  705.881233][ T7875] hsr_slave_0: left promiscuous mode
[  705.891357][ T7875] hsr_slave_1: left promiscuous mode
[  705.898017][ T7875] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  705.905783][ T7875] batman_adv: batadv0: Removing interface: batadv_slave_0
[  705.913734][ T7875] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  705.921402][ T7875] batman_adv: batadv0: Removing interface: batadv_slave_1
[  705.963803][ T7875] veth1_macvtap: left promiscuous mode
[  705.970721][ T7875] veth0_macvtap: left promiscuous mode
[  705.976505][ T7875] veth1_vlan: left promiscuous mode
[  705.981887][ T7875] veth0_vlan: left promiscuous mode
[  705.989049][ T7875] veth1_macvtap: left promiscuous mode
[  705.994613][ T7875] veth0_macvtap: left promiscuous mode
[  706.001377][ T5146] usb 4-1: new high-speed USB device number 103 using dummy_hcd
[  706.009363][ T7875] veth1_vlan: left promiscuous mode
[  706.014686][ T7875] veth0_vlan: left promiscuous mode
[  706.198686][ T5146] usb 4-1: Using ep0 maxpacket: 8
[  706.208981][ T5146] usb 4-1: unable to read config index 0 descriptor/start: -61
[  706.226602][ T5146] usb 4-1: can't read configurations, error -61
[  706.239169][ T5146] usb usb4-port1: attempt power cycle
[  706.655547][ T5146] usb 4-1: new high-speed USB device number 104 using dummy_hcd
[  706.702917][ T5146] usb 4-1: Using ep0 maxpacket: 8
[  706.718488][ T5146] usb 4-1: unable to read config index 0 descriptor/start: -61
[  706.737719][ T5146] usb 4-1: can't read configurations, error -61
[  706.765810][ T5092] Bluetooth: hci4: command tx timeout
[  706.833069][ T7875] team0 (unregistering): Port device team_slave_1 removed
[  706.885822][ T7875] team0 (unregistering): Port device team_slave_0 removed
[  706.895783][ T5146] usb 4-1: new high-speed USB device number 105 using dummy_hcd
[  706.941341][ T5146] usb 4-1: Using ep0 maxpacket: 8
[  706.954147][ T5146] usb 4-1: unable to read config index 0 descriptor/start: -61
[  706.972360][ T5146] usb 4-1: can't read configurations, error -61
[  706.979779][ T5146] usb usb4-port1: unable to enumerate USB device
[  707.947513][ T7875] team0 (unregistering): Port device team_slave_1 removed
[  708.011223][ T7875] team0 (unregistering): Port device team_slave_0 removed
[  708.754321][T15636] ɶƣ0GCTw
�: entered promiscuous mode
[  708.887627][T15645] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  709.073945][T15642] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2350'.
[  709.089165][T15514] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  709.304052][T15514] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  709.317597][T15514] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  709.337389][T15514] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  709.358154][T15650] batadv_slave_1: entered allmulticast mode
[  709.392417][T15462] 8021q: adding VLAN 0 to HW filter on device bond0
[  709.468761][T15649] pim6reg: entered allmulticast mode
[  709.470122][T15652] netlink: 98524 bytes leftover after parsing attributes in process `syz.4.2352'.
[  709.488241][T15650] pim6reg: left allmulticast mode
[  709.488573][T15652] net_ratelimit: 394 callbacks suppressed
[  709.488592][T15652] netlink: zone id is out of range
[  709.493435][T15650] batadv_slave_1: left allmulticast mode
[  709.499308][T15652] netlink: zone id is out of range
[  709.499325][T15652] netlink: zone id is out of range
[  709.531450][T15652] netlink: zone id is out of range
[  709.537047][T15652] netlink: zone id is out of range
[  709.542212][T15652] netlink: zone id is out of range
[  709.550131][T15652] netlink: zone id is out of range
[  709.556738][T15652] netlink: zone id is out of range
[  709.565912][T15652] netlink: zone id is out of range
[  709.572859][T15652] netlink: zone id is out of range
[  709.806196][   T29] kauditd_printk_skb: 8 callbacks suppressed
[  709.806219][   T29] audit: type=1326 audit(1720685811.561:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15651 comm="syz.3.2353" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749f579 code=0x7ffc0000
[  709.937943][   T29] audit: type=1326 audit(1720685811.611:747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15651 comm="syz.3.2353" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749f579 code=0x7ffc0000
[  709.990057][   T29] audit: type=1326 audit(1720685811.611:748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15651 comm="syz.3.2353" exe="/root/syz-executor" sig=0 arch=40000003 syscall=291 compat=1 ip=0xf749f579 code=0x7ffc0000
[  710.012810][   T29] audit: type=1326 audit(1720685811.611:749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15651 comm="syz.3.2353" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749f579 code=0x7ffc0000
[  710.044925][T15462] 8021q: adding VLAN 0 to HW filter on device team0
[  710.066936][   T29] audit: type=1326 audit(1720685811.611:750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15651 comm="syz.3.2353" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749f579 code=0x7ffc0000
[  710.097180][   T29] audit: type=1326 audit(1720685811.611:751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15651 comm="syz.3.2353" exe="/root/syz-executor" sig=0 arch=40000003 syscall=436 compat=1 ip=0xf749f579 code=0x7ffc0000
[  710.127126][   T29] audit: type=1326 audit(1720685811.611:752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15651 comm="syz.3.2353" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749f579 code=0x7ffc0000
[  710.155551][   T29] audit: type=1326 audit(1720685811.611:753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15651 comm="syz.3.2353" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749f579 code=0x7ffc0000
[  710.200551][T15660] netlink: 'syz.4.2354': attribute type 72 has an invalid length.
[  710.218647][T15660] netlink: 1016 bytes leftover after parsing attributes in process `syz.4.2354'.
[  710.237302][   T57] bridge0: port 1(bridge_slave_0) entered blocking state
[  710.244537][   T57] bridge0: port 1(bridge_slave_0) entered forwarding state
[  710.290531][   T29] audit: type=1326 audit(1720685811.611:754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15651 comm="syz.3.2353" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf749f579 code=0x7ffc0000
[  710.364327][   T29] audit: type=1326 audit(1720685811.611:755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15651 comm="syz.3.2353" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749f579 code=0x7ffc0000
[  710.392500][   T57] bridge0: port 2(bridge_slave_1) entered blocking state
[  710.399789][   T57] bridge0: port 2(bridge_slave_1) entered forwarding state
[  710.690386][T15557] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  710.844250][T15514] 8021q: adding VLAN 0 to HW filter on device bond0
[  710.859745][T15557] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  710.918860][T15557] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  710.992999][T15557] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  711.177357][T15514] 8021q: adding VLAN 0 to HW filter on device team0
[  711.221936][T15462] 8021q: adding VLAN 0 to HW filter on device batadv0
[  711.279082][T15686] usb usb1: check_ctrlrecip: process 15686 (syz.3.2358) requesting ep 01 but needs 81
[  711.283314][   T57] bridge0: port 1(bridge_slave_0) entered blocking state
[  711.295982][   T57] bridge0: port 1(bridge_slave_0) entered forwarding state
[  711.448774][   T57] bridge0: port 2(bridge_slave_1) entered blocking state
[  711.456051][   T57] bridge0: port 2(bridge_slave_1) entered forwarding state
[  711.464386][T15691] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  711.874031][T15462] veth0_vlan: entered promiscuous mode
[  711.993229][T15698] batadv_slave_1: entered allmulticast mode
[  712.031856][T15462] veth1_vlan: entered promiscuous mode
[  712.069757][T15695] pim6reg: entered allmulticast mode
[  712.129124][T15557] 8021q: adding VLAN 0 to HW filter on device bond0
[  712.160939][T15557] 8021q: adding VLAN 0 to HW filter on device team0
[  712.171124][T15695] pim6reg: left allmulticast mode
[  712.178681][T15695] batadv_slave_1: left allmulticast mode
[  712.194111][T15698] netlink: 61044 bytes leftover after parsing attributes in process `syz.3.2361'.
[  712.235488][ T5146] usb 5-1: new high-speed USB device number 98 using dummy_hcd
[  712.322911][T15514] 8021q: adding VLAN 0 to HW filter on device batadv0
[  712.393700][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[  712.401000][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[  712.449379][ T5146] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  712.495967][ T5146] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  712.533596][T15462] veth0_macvtap: entered promiscuous mode
[  712.540378][ T5146] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  712.547551][T15713] netlink: 'syz.3.2363': attribute type 72 has an invalid length.
[  712.565804][ T5146] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  712.580480][T15713] netlink: 1016 bytes leftover after parsing attributes in process `syz.3.2363'.
[  712.586762][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[  712.596886][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[  712.610571][ T5146] usb 5-1: config 0 descriptor??
[  712.643090][T15462] veth1_macvtap: entered promiscuous mode
[  712.703068][T15462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  712.713796][T15462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  712.724832][T15462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  712.765697][T15462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  712.798448][T15462] batman_adv: batadv0: Interface activated: batadv_slave_0
[  712.843936][T15462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  712.866641][T15462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  712.897284][T15462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  712.919285][T15462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  712.941105][T15462] batman_adv: batadv0: Interface activated: batadv_slave_1
[  713.012468][T15462] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  713.021586][T15462] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  713.035559][T15462] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  713.054014][T15462] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  713.070735][ T5146] cm6533_jd 0003:0D8C:0022.002C: unknown main item tag 0x0
[  713.087336][ T5146] cm6533_jd 0003:0D8C:0022.002C: unknown main item tag 0x0
[  713.112338][ T5146] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.002C/input/input146
[  713.145230][ T5093] usb 4-1: new high-speed USB device number 106 using dummy_hcd
[  713.157949][ T5146] cm6533_jd 0003:0D8C:0022.002C: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0
[  713.200753][T15514] veth0_vlan: entered promiscuous mode
[  713.258638][T15514] veth1_vlan: entered promiscuous mode
[  713.391292][ T5093] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  713.423746][T15557] 8021q: adding VLAN 0 to HW filter on device batadv0
[  713.434711][ T5093] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  713.475206][ T5093] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  713.484319][ T5093] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  713.519746][ T5093] usb 4-1: config 0 descriptor??
[  713.538905][   T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  713.574442][   T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  713.670313][   T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  713.698952][T15514] veth0_macvtap: entered promiscuous mode
[  713.704852][   T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  713.795049][T15514] veth1_macvtap: entered promiscuous mode
[  713.908256][T15514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  713.938774][T15734] FAULT_INJECTION: forcing a failure.
[  713.938774][T15734] name failslab, interval 1, probability 0, space 0, times 0
[  713.954419][T15514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  713.965564][T15734] CPU: 0 PID: 15734 Comm: syz.1.2309 Not tainted 6.10.0-rc7-syzkaller-00025-ga19ea421490d #0
[  713.975783][T15734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  713.985882][T15734] Call Trace:
[  713.989198][T15734]  <TASK>
[  713.992165][T15734]  dump_stack_lvl+0x241/0x360
[  713.996908][T15734]  ? __pfx_dump_stack_lvl+0x10/0x10
[  714.002168][T15734]  ? __pfx__printk+0x10/0x10
[  714.006831][T15734]  ? __pfx___might_resched+0x10/0x10
[  714.010798][T15514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  714.012148][T15734]  should_fail_ex+0x3b0/0x4e0
[  714.027348][T15734]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  714.033117][T15734]  should_failslab+0x9/0x20
[  714.035732][ T5093] cm6533_jd 0003:0D8C:0022.002D: unknown main item tag 0x0
[  714.037647][T15734]  __kmalloc_noprof+0xd8/0x400
[  714.045957][T15514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  714.049627][T15734]  ? kfree+0x4e/0x360
[  714.049673][T15734]  tomoyo_realpath_from_path+0xcf/0x5e0
[  714.060153][ T5093] cm6533_jd 0003:0D8C:0022.002D: unknown main item tag 0x0
[  714.063435][T15734]  tomoyo_path_number_perm+0x23a/0x880
[  714.063475][T15734]  ? __lock_acquire+0x1346/0x1fd0
[  714.069210][T15514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  714.076196][T15734]  ? tomoyo_path_number_perm+0x208/0x880
[  714.076233][T15734]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  714.076309][T15734]  ? __fget_files+0x29/0x470
[  714.076343][T15734]  ? __fget_files+0x3f6/0x470
[  714.090531][ T5093] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0D8C:0022.002D/input/input147
[  714.097212][T15734]  security_file_ioctl_compat+0x75/0xb0
[  714.097259][T15734]  __se_compat_sys_ioctl+0xd6/0xca0
[  714.097292][T15734]  ? __pfx___se_compat_sys_ioctl+0x10/0x10
[  714.097332][T15734]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  714.103168][T15514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  714.108947][T15734]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  714.108985][T15734]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  714.109019][T15734]  ? lockdep_hardirqs_on+0x99/0x150
[  714.109052][T15734]  __do_fast_syscall_32+0xb4/0x120
[  714.109087][T15734]  ? exc_page_fault+0x590/0x8c0
[  714.109121][T15734]  do_fast_syscall_32+0x34/0x80
[  714.135548][ T5093] cm6533_jd 0003:0D8C:0022.002D: input,hiddev1,hidraw1: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0
[  714.140549][T15734]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  714.140597][T15734] RIP: 0023:0xf746f579
[  714.148645][T15514] batman_adv: batadv0: Interface activated: batadv_slave_0
[  714.152395][T15734] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  714.182236][T15699] batadv0: entered promiscuous mode
[  714.185429][T15734] RSP: 002b:00000000f5d8857c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  714.185462][T15734] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c01064ab
[  714.185479][T15734] RDX: 0000000020000240 RSI: 0000000000000000 RDI: 0000000000000000
[  714.185496][T15734] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  714.185510][T15734] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  714.185524][T15734] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  714.185557][T15734]  </TASK>
[  714.304668][T15734] ERROR: Out of memory at tomoyo_realpath_from_path.
[  714.385697][T15699] batadv0: left promiscuous mode
[  714.485284][ T5093] usb 5-1: reset high-speed USB device number 98 using dummy_hcd
[  714.614031][T15514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  714.646793][T15514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  714.698490][T15514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  714.732160][T15514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  714.783035][T15514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  714.822212][   T29] kauditd_printk_skb: 13 callbacks suppressed
[  714.822233][   T29] audit: type=1326 audit(1720685816.591:769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15740 comm="syz.1.2365" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf746f579 code=0x7ffc0000
[  714.822240][T15514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  714.835906][   T29] audit: type=1326 audit(1720685816.601:770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15740 comm="syz.1.2365" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf746f579 code=0x7ffc0000
[  714.850564][    C1] vkms_vblank_simulate: vblank timer overrun
[  714.932308][T15514] batman_adv: batadv0: Interface activated: batadv_slave_1
[  714.944507][T15557] veth0_vlan: entered promiscuous mode
[  715.011804][    T8] usb 4-1: USB disconnect, device number 106
[  715.027638][T15514] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  715.095169][T15514] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  715.124179][T15514] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  715.134349][T15514] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  715.274026][T15557] veth1_vlan: entered promiscuous mode
[  715.420457][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  715.435393][T14401] usb 2-1: new high-speed USB device number 100 using dummy_hcd
[  715.451269][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  715.477294][T15557] veth0_macvtap: entered promiscuous mode
[  715.528961][T15557] veth1_macvtap: entered promiscuous mode
[  715.577169][   T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  715.621916][   T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  715.655389][T15557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  715.657164][T14401] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  715.677129][T15557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  715.696879][T14401] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  715.700466][T15557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  715.718662][T14401] usb 2-1: config 0 descriptor??
[  715.726779][T15557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  715.730727][T14401] cp210x 2-1:0.0: cp210x converter detected
[  715.743293][T15557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  715.755323][T15557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  715.765349][T15557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  715.776755][   T45] usb 5-1: USB disconnect, device number 98
[  715.783613][T15557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  715.812454][T15557] batman_adv: batadv0: Interface activated: batadv_slave_0
[  715.893745][T15557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  715.907920][T15557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  715.921754][T15557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  715.933064][T15557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  715.935382][T14401] cp210x 2-1:0.0: failed to get vendor val 0x370b size 1: -121
[  715.944136][T15557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  715.975177][T14401] cp210x 2-1:0.0: querying part number failed
[  715.981273][T15557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  716.006005][T14401] usb 2-1: cp210x converter now attached to ttyUSB0
[  716.012057][T15557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  716.028309][T15557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  716.063675][T15557] batman_adv: batadv0: Interface activated: batadv_slave_1
[  716.153295][T15557] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  716.195328][T15557] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  716.226339][T15557] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  716.255680][T15557] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  716.269728][T15769] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  716.381305][T15770] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2368'.
[  716.523009][   T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  716.553523][   T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  716.657543][T15779] FAULT_INJECTION: forcing a failure.
[  716.657543][T15779] name failslab, interval 1, probability 0, space 0, times 0
[  716.670301][T15779] CPU: 0 PID: 15779 Comm: syz.0.2369 Not tainted 6.10.0-rc7-syzkaller-00025-ga19ea421490d #0
[  716.680493][T15779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  716.680844][ T7875] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  716.690558][T15779] Call Trace:
[  716.690571][T15779]  <TASK>
[  716.690583][T15779]  dump_stack_lvl+0x241/0x360
[  716.690623][T15779]  ? __pfx_dump_stack_lvl+0x10/0x10
[  716.690657][T15779]  ? __pfx__printk+0x10/0x10
[  716.690700][T15779]  ? __asan_memset+0x23/0x50
[  716.690729][T15779]  should_fail_ex+0x3b0/0x4e0
[  716.690768][T15779]  should_failslab+0x9/0x20
[  716.690800][T15779]  kmalloc_node_track_caller_noprof+0xda/0x440
[  716.690835][T15779]  ? nf_ct_ext_add+0x1a2/0x3e0
[  716.690869][T15779]  krealloc_noprof+0x7d/0x120
[  716.690900][T15779]  nf_ct_ext_add+0x1a2/0x3e0
[  716.690936][T15779]  init_conntrack+0x8bf/0x1310
[  716.690971][T15779]  ? __pfx_init_conntrack+0x10/0x10
[  716.691004][T15779]  ? __pfx___nf_conntrack_find_get+0x10/0x10
[  716.691029][T15779]  ? __local_bh_enable_ip+0x168/0x200
[  716.691064][T15779]  nf_conntrack_in+0xd59/0x1880
[  716.691114][T15779]  ? __pfx_nf_conntrack_in+0x10/0x10
[  716.691153][T15779]  ? ipt_do_table+0x312/0x1860
[  716.691179][T15779]  ? __pfx_ipt_do_table+0x10/0x10
[  716.691211][T15779]  ? ipv4_conntrack_defrag+0x2a2/0x5a0
[  716.691242][T15779]  ? ip_sabotage_in+0x55/0x290
[  716.691273][T15779]  ? __pfx_ipv4_conntrack_in+0x10/0x10
[  716.691295][T15779]  nf_hook_slow+0xc3/0x220
[  716.691333][T15779]  ? __pfx_ip_rcv_finish+0x10/0x10
[  716.691363][T15779]  ? __pfx_ip_rcv_finish+0x10/0x10
[  716.691392][T15779]  NF_HOOK+0x29e/0x450
[  716.691426][T15779]  ? NF_HOOK+0x9a/0x450
[  716.691454][T15779]  ? __pfx_NF_HOOK+0x10/0x10
[  716.691482][T15779]  ? ip_rcv_core+0x7ff/0xd10
[  716.691515][T15779]  ? __pfx_ip_rcv_finish+0x10/0x10
[  716.691555][T15779]  ? __pfx_ip_rcv+0x10/0x10
[  716.691587][T15779]  __netif_receive_skb+0x2bf/0x650
[  716.691624][T15779]  ? __pfx_lock_acquire+0x10/0x10
[  716.691647][T15779]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  716.691684][T15779]  ? __pfx___netif_receive_skb+0x10/0x10
[  716.691722][T15779]  ? __kasan_slab_alloc+0x66/0x80
[  716.691753][T15779]  ? read_tsc+0x9/0x20
[  716.691779][T15779]  ? timekeeping_get_ns+0x2c0/0x420
[  716.691824][T15779]  ? netif_receive_skb+0x131/0x890
[  716.691855][T15779]  ? netif_receive_skb+0x131/0x890
[  716.691887][T15779]  netif_receive_skb+0x1e8/0x890
[  716.691920][T15779]  ? tun_rx_batched+0x160/0x8f0
[  716.691951][T15779]  ? __pfx_netif_receive_skb+0x10/0x10
[  716.691996][T15779]  ? tun_rx_batched+0x160/0x8f0
[  716.692025][T15779]  tun_rx_batched+0x1b7/0x8f0
[  716.692056][T15779]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  716.692086][T15779]  ? __pfx_lock_acquire+0x10/0x10
[  716.692112][T15779]  ? __pfx_tun_rx_batched+0x10/0x10
[  716.692164][T15779]  tun_get_user+0x2f35/0x4560
[  716.727868][ T7875] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  716.729981][T15779]  ? tun_get_user+0x2a2f/0x4560
[  716.730036][T15779]  ? __pfx_tun_get_user+0x10/0x10
[  716.962641][T15779]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  716.968141][T15779]  ? tun_get+0x1e/0x2f0
[  716.972330][T15779]  ? tun_get+0x1e/0x2f0
[  716.976519][T15779]  ? tun_get+0x27d/0x2f0
[  716.980789][T15779]  tun_chr_write_iter+0x113/0x1f0
[  716.985836][T15779]  vfs_write+0xa72/0xc90
[  716.990113][T15779]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  716.995675][T15779]  ? __pfx_vfs_write+0x10/0x10
[  717.000488][T15779]  ksys_write+0x1a0/0x2c0
[  717.004874][T15779]  ? __pfx_ksys_write+0x10/0x10
[  717.009756][T15779]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  717.016372][T15779]  ? lockdep_hardirqs_on+0x99/0x150
[  717.021591][T15779]  __do_fast_syscall_32+0xb4/0x120
[  717.026725][T15779]  ? exc_page_fault+0x590/0x8c0
[  717.031632][T15779]  do_fast_syscall_32+0x34/0x80
[  717.036506][T15779]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  717.042866][T15779] RIP: 0023:0xf73c1579
[  717.046965][T15779] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  717.066695][T15779] RSP: 002b:00000000f5cda540 EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[  717.075126][T15779] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000020000200
[  717.083108][T15779] RDX: 0000000000000022 RSI: 00000000f73adff4 RDI: 0000000000000000
[  717.091087][T15779] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  717.099067][T15779] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  717.107047][T15779] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  717.115040][T15779]  </TASK>
[  717.381401][T15788] netlink: 1068 bytes leftover after parsing attributes in process `syz.0.2371'.
[  717.385804][T15786] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  717.658642][T15786] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2330'.
[  717.801743][T15804] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  717.880192][T15786] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  718.155316][ T5150] usb 2-1: USB disconnect, device number 100
[  718.178896][ T5150] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  718.215879][ T5150] cp210x 2-1:0.0: device disconnected
[  718.444448][T15824] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  718.796103][ T5150] usb 2-1: new high-speed USB device number 101 using dummy_hcd
[  718.981792][T15844] netlink: 1068 bytes leftover after parsing attributes in process `syz.3.2384'.
[  719.016792][ T5150] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  719.059503][ T5150] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  719.090327][ T5150] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  719.110179][ T5150] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  719.128774][   T45] usb 3-1: new high-speed USB device number 103 using dummy_hcd
[  719.139417][ T5150] usb 2-1: config 0 descriptor??
[  719.204214][T14755] cgroup: fork rejected by pids controller in /syz3
[  719.359193][   T45] usb 3-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f
[  719.375235][   T45] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  719.402555][   T45] usb 3-1: config 0 descriptor??
[  719.445317][T14382] usb 5-1: new high-speed USB device number 99 using dummy_hcd
[  719.588886][ T7875] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  719.588942][ T5150] cm6533_jd 0003:0D8C:0022.002E: unknown main item tag 0x0
[  719.589087][ T5150] cm6533_jd 0003:0D8C:0022.002E: unknown main item tag 0x0
[  719.602481][ T7875] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  719.655264][T14382] usb 5-1: Using ep0 maxpacket: 32
[  719.664439][T14382] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  719.677440][ T5150] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0D8C:0022.002E/input/input148
[  719.705213][T14382] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  719.715055][T14382] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00
[  719.745984][ T5150] cm6533_jd 0003:0D8C:0022.002E: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0
[  719.788535][T14382] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  719.839580][T14382] usb 5-1: config 0 descriptor??
[  719.846967][ T7875] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  719.883696][ T7875] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  719.982439][T14401] usb 2-1: USB disconnect, device number 101
[  720.052077][ T7875] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  720.074916][ T7875] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  720.161482][ T7875] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  720.182978][ T7875] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  720.302016][   T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  720.315553][   T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  720.326943][   T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  720.339571][   T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  720.351181][   T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  720.364480][   T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  720.481064][T14382] usbhid 5-1:0.0: can't add hid device: -71
[  720.504761][T14382] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  720.548127][T14382] usb 5-1: USB disconnect, device number 99
[  721.160861][T15879] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  721.361782][T15887] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2392'.
[  721.563736][ T7875] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  721.565729][ T5150] usb 5-1: new high-speed USB device number 100 using dummy_hcd
[  721.606684][ T7875] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  721.653979][ T7875] bond0 (unregistering): Released all slaves
[  721.778976][ T5150] usb 5-1: Using ep0 maxpacket: 32
[  721.819687][ T5150] usb 5-1: unable to get BOS descriptor or descriptor too short
[  721.841811][ T5150] usb 5-1: unable to read config index 0 descriptor/start: -71
[  721.872273][T14401] usb 3-1: USB disconnect, device number 103
[  721.882097][ T5150] usb 5-1: can't read configurations, error -71
[  722.445456][   T53] Bluetooth: hci0: command tx timeout
[  722.576658][T15913] =======================================================
[  722.576658][T15913] WARNING: The mand mount option has been deprecated and
[  722.576658][T15913]          and is ignored by this kernel. Remove the mand
[  722.576658][T15913]          option from the mount to silence this warning.
[  722.576658][T15913] =======================================================
[  722.665639][ T7875] ------------[ cut here ]------------
[  722.671166][ T7875] Have pending ack frames!
[  722.716924][ T7875] WARNING: CPU: 1 PID: 7875 at net/mac80211/main.c:1691 ieee80211_free_ack_frame+0x4a/0x50
[  722.727317][ T7875] Modules linked in:
[  722.731257][ T7875] CPU: 1 PID: 7875 Comm: kworker/u8:11 Not tainted 6.10.0-rc7-syzkaller-00025-ga19ea421490d #0
[  722.742254][ T7875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  722.752772][ T7875] Workqueue: netns cleanup_net
[  722.757696][ T7875] RIP: 0010:ieee80211_free_ack_frame+0x4a/0x50
[  722.763907][ T7875] Code: 00 00 00 e8 d8 2d 61 fe 31 c0 5b c3 cc cc cc cc e8 cb 73 a7 f6 c6 05 17 1a a9 04 01 90 48 c7 c7 60 42 e1 8c e8 97 a1 69 f6 90 <0f> 0b 90 90 eb cb 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  722.784433][ T7875] RSP: 0018:ffffc9000450f7d0 EFLAGS: 00010246
[  722.790896][ T7875] RAX: 1b68e068e7618f00 RBX: ffff88802cd348c0 RCX: ffff88806a863c00
[  722.799057][ T7875] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  722.807169][ T7875] RBP: ffffc9000450f8d8 R08: ffffffff81585822 R09: fffffbfff1c39994
[  722.815242][ T7875] R10: dffffc0000000000 R11: fffffbfff1c39994 R12: ffffc9000450f840
[  722.823259][ T7875] R13: dffffc0000000000 R14: ffff88806043150c R15: ffff88801d47d630
[  722.831355][ T7875] FS:  0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
[  722.841384][ T7875] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  722.848822][ T7875] CR2: 00007f1b4e5833b0 CR3: 000000002bdf6000 CR4: 00000000003506f0
[  722.856908][ T7875] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  722.864934][ T7875] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  722.873006][ T7875] Call Trace:
[  722.874073][T15862] chnl_net:caif_netlink_parms(): no params data found
[  722.876366][ T7875]  <TASK>
[  722.876413][ T7875]  ? __warn+0x163/0x4e0
[  722.876450][ T7875]  ? ieee80211_free_ack_frame+0x4a/0x50
[  722.876489][ T7875]  ? report_bug+0x2b3/0x500
[  722.876520][ T7875]  ? ieee80211_free_ack_frame+0x4a/0x50
[  722.876559][ T7875]  ? handle_bug+0x3e/0x70
[  722.876594][ T7875]  ? exc_invalid_op+0x1a/0x50
[  722.876628][ T7875]  ? asm_exc_invalid_op+0x1a/0x20
[  722.920551][ T7875]  ? __warn_printk+0x292/0x360
[  722.925429][ T7875]  ? ieee80211_free_ack_frame+0x4a/0x50
[  722.931032][ T7875]  idr_for_each+0x1e2/0x2d0
[  722.935878][ T7875]  ? __pfx_ieee80211_free_ack_frame+0x10/0x10
[  722.942737][ T7875]  ? __pfx_idr_for_each+0x10/0x10
[  722.948427][ T7875]  ? kobject_put+0x272/0x480
[  722.953080][ T7875]  ? kfree+0x149/0x360
[  722.957281][ T7875]  ieee80211_free_hw+0xd0/0x480
[  722.962199][ T7875]  mac80211_hwsim_del_radio+0x329/0x4c0
[  722.967890][ T7875]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[  722.974023][ T7875]  hwsim_exit_net+0x5c1/0x670
[  722.978880][ T7875]  ? __pfx_hwsim_exit_net+0x10/0x10
[  722.984141][ T7875]  ? __ip_vs_dev_cleanup_batch+0x239/0x260
[  722.990066][ T7875]  cleanup_net+0x802/0xcc0
[  722.994544][ T7875]  ? __pfx_cleanup_net+0x10/0x10
[  722.999651][ T7875]  ? process_scheduled_works+0x945/0x1830
[  723.005525][ T7875]  process_scheduled_works+0xa2c/0x1830
[  723.011166][ T7875]  ? __pfx_process_scheduled_works+0x10/0x10
[  723.016026][T14382] usb 2-1: new high-speed USB device number 102 using dummy_hcd
[  723.017533][ T7875]  ? assign_work+0x364/0x3d0
[  723.029849][ T7875]  worker_thread+0x86d/0xd50
[  723.034510][ T7875]  ? __kthread_parkme+0x169/0x1d0
[  723.039993][ T7875]  ? __pfx_worker_thread+0x10/0x10
[  723.045248][ T7875]  kthread+0x2f0/0x390
[  723.050097][ T7875]  ? __pfx_worker_thread+0x10/0x10
[  723.055949][ T7875]  ? __pfx_kthread+0x10/0x10
[  723.060615][ T7875]  ret_from_fork+0x4b/0x80
[  723.065243][ T7875]  ? __pfx_kthread+0x10/0x10
[  723.069895][ T7875]  ret_from_fork_asm+0x1a/0x30
[  723.074750][ T7875]  </TASK>
[  723.077918][ T7875] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  723.085237][ T7875] CPU: 1 PID: 7875 Comm: kworker/u8:11 Not tainted 6.10.0-rc7-syzkaller-00025-ga19ea421490d #0
[  723.095604][ T7875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  723.105701][ T7875] Workqueue: netns cleanup_net
[  723.110521][ T7875] Call Trace:
[  723.113837][ T7875]  <TASK>
[  723.116812][ T7875]  dump_stack_lvl+0x241/0x360
[  723.121545][ T7875]  ? __pfx_dump_stack_lvl+0x10/0x10
[  723.126913][ T7875]  ? __pfx__printk+0x10/0x10
[  723.131559][ T7875]  ? _printk+0xd5/0x120
[  723.135776][ T7875]  ? vscnprintf+0x5d/0x90
[  723.140143][ T7875]  panic+0x349/0x860
[  723.144070][ T7875]  ? __warn+0x172/0x4e0
[  723.148265][ T7875]  ? __pfx_panic+0x10/0x10
[  723.152711][ T7875]  ? show_trace_log_lvl+0x4e6/0x520
[  723.157936][ T7875]  ? ret_from_fork_asm+0x1a/0x30
[  723.162903][ T7875]  __warn+0x346/0x4e0
[  723.166899][ T7875]  ? ieee80211_free_ack_frame+0x4a/0x50
[  723.172465][ T7875]  report_bug+0x2b3/0x500
[  723.176807][ T7875]  ? ieee80211_free_ack_frame+0x4a/0x50
[  723.182369][ T7875]  handle_bug+0x3e/0x70
[  723.186545][ T7875]  exc_invalid_op+0x1a/0x50
[  723.191071][ T7875]  asm_exc_invalid_op+0x1a/0x20
[  723.195938][ T7875] RIP: 0010:ieee80211_free_ack_frame+0x4a/0x50
[  723.202109][ T7875] Code: 00 00 00 e8 d8 2d 61 fe 31 c0 5b c3 cc cc cc cc e8 cb 73 a7 f6 c6 05 17 1a a9 04 01 90 48 c7 c7 60 42 e1 8c e8 97 a1 69 f6 90 <0f> 0b 90 90 eb cb 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  723.221720][ T7875] RSP: 0018:ffffc9000450f7d0 EFLAGS: 00010246
[  723.227791][ T7875] RAX: 1b68e068e7618f00 RBX: ffff88802cd348c0 RCX: ffff88806a863c00
[  723.235776][ T7875] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  723.243748][ T7875] RBP: ffffc9000450f8d8 R08: ffffffff81585822 R09: fffffbfff1c39994
[  723.251830][ T7875] R10: dffffc0000000000 R11: fffffbfff1c39994 R12: ffffc9000450f840
[  723.259819][ T7875] R13: dffffc0000000000 R14: ffff88806043150c R15: ffff88801d47d630
[  723.267805][ T7875]  ? __warn_printk+0x292/0x360
[  723.272604][ T7875]  idr_for_each+0x1e2/0x2d0
[  723.277221][ T7875]  ? __pfx_ieee80211_free_ack_frame+0x10/0x10
[  723.283307][ T7875]  ? __pfx_idr_for_each+0x10/0x10
[  723.288362][ T7875]  ? kobject_put+0x272/0x480
[  723.292966][ T7875]  ? kfree+0x149/0x360
[  723.297059][ T7875]  ieee80211_free_hw+0xd0/0x480
[  723.301939][ T7875]  mac80211_hwsim_del_radio+0x329/0x4c0
[  723.307508][ T7875]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[  723.313605][ T7875]  hwsim_exit_net+0x5c1/0x670
[  723.318295][ T7875]  ? __pfx_hwsim_exit_net+0x10/0x10
[  723.323506][ T7875]  ? __ip_vs_dev_cleanup_batch+0x239/0x260
[  723.329327][ T7875]  cleanup_net+0x802/0xcc0
[  723.333755][ T7875]  ? __pfx_cleanup_net+0x10/0x10
[  723.338725][ T7875]  ? process_scheduled_works+0x945/0x1830
[  723.344449][ T7875]  process_scheduled_works+0xa2c/0x1830
[  723.350025][ T7875]  ? __pfx_process_scheduled_works+0x10/0x10
[  723.356036][ T7875]  ? assign_work+0x364/0x3d0
[  723.360654][ T7875]  worker_thread+0x86d/0xd50
[  723.365274][ T7875]  ? __kthread_parkme+0x169/0x1d0
[  723.370327][ T7875]  ? __pfx_worker_thread+0x10/0x10
[  723.375467][ T7875]  kthread+0x2f0/0x390
[  723.379562][ T7875]  ? __pfx_worker_thread+0x10/0x10
[  723.384680][ T7875]  ? __pfx_kthread+0x10/0x10
[  723.389281][ T7875]  ret_from_fork+0x4b/0x80
[  723.393740][ T7875]  ? __pfx_kthread+0x10/0x10
[  723.398346][ T7875]  ret_from_fork_asm+0x1a/0x30
[  723.403140][ T7875]  </TASK>
[  723.406517][ T7875] Kernel Offset: disabled
[  723.410942][ T7875] Rebooting in 86400 seconds..