last executing test programs:

8.852286266s ago: executing program 4 (id=1907):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000000)={@loopback, 0x0, 0x1, 0x0, 0xf}, 0x20)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000340)={{}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]})
r6 = memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0)
write$binfmt_elf64(r6, &(0x7f0000000540)=ANY=[@ANYBLOB="7f454c46020000000d0200aa1e1c170003003e000839a59434d90a2742a24e000000000000000000deef14b40028e27ebdfd74dafc20380003"], 0xfebe)
execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049e9)

8.739510704s ago: executing program 3 (id=1909):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x0, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000740)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8}]}}}, @IFLA_MASTER={0x8, 0x4}]}, 0x44}}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x4001, 0x3, 0x2b0, 0x138, 0x0, 0x148, 0x0, 0x148, 0x218, 0x240, 0x240, 0x218, 0x240, 0x7fffffe, 0x0, {[{{@ip={@loopback, @local, 0x0, 0x0, 'ip6gretap0\x00', 'netdevsim0\x00'}, 0x0, 0xf0, 0x138, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'lo\x00', {0x0, 0x0, 0x1ff, 0x0, 0x0, 0xed, 0x7}}}, @common=@unspec=@connlabel={{0x28}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private1, 'ip6erspan0\x00'}}}, {{@ip={@local, @loopback, 0x0, 0x0, 'veth0_vlan\x00', 'macvtap0\x00'}, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28, 'rpfilter\x00', 0x2}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x310)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001980)=ANY=[@ANYBLOB="14000000100001000000000090d60ab529f98c7576521ad10000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000028100000000000000797a30000000000900030073797a32000000001400000011000100"/125], 0x7c}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000ac0)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000a80)={&(0x7f0000001c00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000020a05000000000000000000030000055300060059e71b2c8afa07a3e3992d652e9bc41e1be11daf180e1943aa7522fb8174d7a6cd36d59681de9691d24d5194d99a58a6fcb0a6584c7564f6d17697cd351e78479952c15658c555e80732a3e833dd63000900010073797a30000000000900010073797a300000000044000000180a01020000000000000000020000060c00054000050000000000000000020073797a31000000000800074000000000080007400000000108000740000000002c000000140a00000000000000000000010000030900020073797a32000000000900010073797a3000000000fc000000160a050000000000000000000a000007bc00038008000240000000044000038014000100697036746e6c30000000000000000000140001006261746164765f736c6176865f3000001400010073797a5f74756e000000000000000000680003801400010076657468310000000000000000000000140001007866726d3000000000000000000000001400010073797a6b616c6c65723e00000000000014000100766c616e310000000000000000315f746f5f6261746164760008000140000000000c00054000000000000000030c000540000000000000000408000740000000010900020073797a3100000000b8010000060a0102000000000000000003000003ac000480100001800b000100736f636b65740000300001800700010072740000240002800800014000000013080001400000001308000140000000120800024000000003680001800a0001006d61746368000000580002803a000300f9555fec8c24dd613100cfbb6544debe63320c168f3186898fbd65569a9ccf84dc60beda587b7d430f8e547427121c6ae122f26e39f200000800024000000004080002400000086e0800010029242a001c00058008000140000000f9080001400000002f080001400000006208000a400000000334000580080002400000000008000140000000110800014000000004080002400000000208000a4000000002080002400000000208000940000000018b00074015a55cd553ae33ffb16fc4c2ced2884df571a5853a3941ad3178a5eb88f9f3745d9d5ea290070dc041863b7919b431a4269cd4561709cb840cad340e56ddbe707df4c9bcde7dac9022950a056c76b4f2562780ba2ce6f1061a3ff4f36d16a027cccaf1b781b014bb9008442727cddedda744499c81e807c604754e0c2c2ba2253bc1f56ff3e366000900020073797a3000000000140000001100010000000000000000000000000a00000000000000000000004e73356686281f1c14551bed8e5ffe37f22e7d9aecd699ac0fb3bde2c2873a7d942417d771a856231b0ac719b3a7ce8bf8454957a0aed2cefe351e36373c3a289db86322f9899d9084fa1a3017aa630f056fdefefc15204c187ed90d3b1d8fbb8e4d8faeecb430fafd6834c8bff59ca8bddd36562b6780b3b9c024f9dd0efc59419b3a20002c102874b494c420556980194ec3f091ee"], 0x3cc}, 0x1, 0x0, 0x0, 0x40000}, 0x4c801)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xc}, @NFTA_CT_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000001940)={0x0, 0x0, &(0x7f0000001900)={&(0x7f0000001400)={{0x14}, [@NFT_MSG_DELTABLE={0x1c, 0x2, 0xa, 0x201, 0x0, 0x0, {0x5, 0x0, 0x5}, [@NFTA_TABLE_FLAGS={0x8}]}, @NFT_MSG_NEWSETELEM={0x2ec, 0xc, 0xa, 0x201, 0x0, 0x0, {0x5, 0x0, 0x4}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x2c0, 0x3, 0x0, 0x1, [{0x1b0, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPRESSIONS={0xb0, 0xb, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_LIMIT_TYPE={0x8}]}}}, {0x20, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_FIB_FLAGS={0x8, 0x3, 0x1, 0x0, 0x28}, @NFTA_FIB_DREG={0x8, 0x1, 0x1, 0x0, 0x10}]}}}, {0x2c, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_CSUM_FLAGS={0x8, 0x8, 0x1, 0x0, 0x1}, @NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0xab}, @NFTA_PAYLOAD_CSUM_OFFSET={0x8}]}}}, {0x18, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @void}}, {0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}, {0x1c, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x17}]}}}]}, @NFTA_SET_ELEM_KEY_END={0xb8, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0x76, 0x1, "a9ced1af17270da7d568877308c31902d14c986165f0e2af436d04b2218e8b31cb75f886b40719e7b4746f2321e62412e55d5ddb7b0d60fdc6c93ea99b48f566a31c9014605cd6a295f1f87a6fdb400c3b3c6b1491e056bc6924154d39dc91d0aafa3aa5aa6158dba051e214f7307b155f4b"}, @NFTA_DATA_VALUE={0x38, 0x1, "00f50fe86a2022a1b528ebdcfee21c0a0042290df837110aaee8cdbe65e5b7bb0920e654d82212c14f457aa998789084c4c0ab7d"}, @NFTA_DATA_VALUE={0x4}]}, @NFTA_SET_ELEM_KEY_END={0x44, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0x40, 0x1, "ad9ce8328fa8052f8bc55ff7f36b8fcda6c03b215e22e7d92bdda4b59418e1f6913a542f651935b490137dcce2ee71183546c517ff1f0c2615c0b7ec"}]}]}, {0x10c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY_END={0xac, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0x66, 0x1, "e6d8f898a3afa3180c88f026da3452d959b8d8a0d9c108bf9605f43f5cbb68c7ed35b0ce50957c97862721d05442d683c1727369d9b6e66a73dfc01bd6a87bc4465b139ff296664b8450f49439149dcde854007653f417334e13d9a2358f4c4ed646"}, @NFTA_DATA_VALUE={0x3f, 0x1, "5f3d4d2ce03ddaf50db8196d2ab8304201a7a5d8e1f79918122424c389ac9d3fb418d81707e8eedf6fa56d3077896d3db2b19ea5a7da9ac15e2861"}]}, @NFTA_SET_ELEM_EXPRESSIONS={0x5c, 0xb, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @log={{0x8}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_LOG_QTHRESHOLD={0x6, 0x4, 0x1, 0x0, 0x401}, @NFTA_LOG_PREFIX={0x8, 0x2, 0x1, 0x0, 'TEE\x00'}, @NFTA_LOG_QTHRESHOLD={0x6, 0x4, 0x1, 0x0, 0x7}, @NFTA_LOG_FLAGS={0x8, 0x6, 0x1, 0x0, 0x10}]}}}, {0x10, 0x1, 0x0, 0x1, @fwd={{0x8}, @val={0x4}}}, {0xc, 0x1, 0x0, 0x1, @rt={{0x7}, @void}}, {0xc, 0x1, 0x0, 0x1, @cmp={{0x8}, @void}}]}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWTABLE={0x34, 0x0, 0xa, 0x3, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TABLE_USERDATA={0x4}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}, @NFT_MSG_NEWFLOWTABLE={0x74, 0x16, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0xfff}]}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x3d8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r5, 0x8982, &(0x7f00000000c0)={0x0, 'macsec0\x00'})
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000a00)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000009c0)={&(0x7f0000000940)=ANY=[@ANYBLOB="7c00000000010300000000000000000100ac1e01010800020000000010060003401f0100000c00028005000100840000da1b96f06eae0b0bd404d10ae50006f093c389ff15145390797ddc0100000c00028005000100110000000c000280050001002f0000000610124000020000140005800e0001"], 0x7c}, 0x1, 0x0, 0x0, 0x4048844}, 0x4002)
socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$sock_inet_SIOCDELRT(r1, 0x890c, &(0x7f0000000000)={0x0, {0x2, 0x4e21, @loopback}, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}, {0x2, 0x4e21, @remote}, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x6, 0x0, 0x8})
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_BT_SECURITY(r7, 0x112, 0x4, 0x0, 0x1000000000000)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={0xffffffffffffffff, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000100)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140), &(0x7f00000001c0)=[0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0), &(0x7f0000000300), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000680)}}, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000001240), r3)
sendmsg$DEVLINK_CMD_RATE_GET(r3, &(0x7f0000001380)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001340)={&(0x7f0000001280)={0x84, r8, 0x0, 0x70bd26, 0x25dfdbfb, {}, [@DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}]}, 0x84}, 0x1, 0x0, 0x0, 0xc0}, 0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'})

7.383632395s ago: executing program 2 (id=1913):
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0xffd8)
mkdir(0x0, 0x0)
chdir(0x0)
open(&(0x7f0000000040)='./file0\x00', 0x40c5, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file2\x00', 0x10001, 0x85)
socket$caif_stream(0x25, 0x1, 0x1)
r2 = socket$inet6(0xa, 0x3, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x10, &(0x7f0000000000), 0x4)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x0, 0x1)
r3 = open(&(0x7f0000000040)='./file2\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000000300), 0x0, 0x0)
r4 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_DQBUF(r4, 0xc0585611, &(0x7f0000000140)=@mmap={0x0, 0x9, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "d3f61e4a"}, 0x0, 0x1, {}, 0x4})
ioctl$BTRFS_IOC_DEFRAG(r3, 0x4c00, 0x3)
r5 = socket$nl_route(0x10, 0x3, 0x0)
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080), 0x8101, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0x14, 0x30, 0x871a15abc695fa3d}, 0x14}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000300)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @private, @loopback}, '\b\x00\x00\x00\x00\x00 \x00'}}}}}, 0x0)

7.349779364s ago: executing program 3 (id=1914):
syz_emit_vhci(0x0, 0xd)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
sched_setparam(0x0, &(0x7f0000000400))
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000003a80)={<r2=>0x0, 0x1c, &(0x7f0000003980)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}]}, &(0x7f0000003ac0)=0x10)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x6d, &(0x7f0000000080)={r2}, &(0x7f00000000c0)=0x18)
r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
r4 = userfaultfd(0x801)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000280)={{&(0x7f0000576000/0xd000)=nil, 0xd000}})
write$binfmt_aout(r3, &(0x7f00000001c0)=ANY=[@ANYRESOCT=r0], 0xc8)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=ANY=[@ANYRESOCT=r1], 0x38}, 0x1, 0x0, 0x0, 0x4c005}, 0x800)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r6, {0x2, 0x4e20, @rand_addr=0x64010101}, 0x2, 0x0, 0x4, 0x3}}, 0x2e)
accept4(0xffffffffffffffff, &(0x7f0000000540)=@nl=@unspec, &(0x7f0000000200)=0x80, 0x800)
mount_setattr(0xffffffffffffffff, 0x0, 0x100, 0x0, 0x0)
r7 = syz_open_dev$loop(&(0x7f0000000180), 0x7, 0x2480)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
write$binfmt_aout(r8, &(0x7f0000000100)=ANY=[], 0x1a3)
r9 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x4b8, 0x0, 0xffffffff, 0xffffffff, 0x120, 0xffffffff, 0x3e8, 0xffffffff, 0xffffffff, 0x3e8, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x100, 0x120, 0x0, {}, [@common=@srh={{0x30}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}}, @common=@mh={{0x28}, {',\n'}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@private0, @remote, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x2c8, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00'}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00'}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "17449c9c2a05e759713135ea9408fe6ca9b4b6152370a8dc206c4db34042a37edc63bd17a99fdd947c344b24556921c070477e13b6acb2af09498a96130edac4"}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x518)
ioctl$LOOP_CONFIGURE(r7, 0x4c0a, &(0x7f00000002c0)={r8, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00000014000800000000000000007f"}})

5.249608584s ago: executing program 4 (id=1916):
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="03000096ebc2c66584601f003d5eceea86c5b4e4c22e7d73f8c4023570f400684f05afa738be36eec766c4520117c4509c8aa8113e9030f33d953fabfa1f8be7a4dcf4eacafd3b2610329733906bb2051dfe326329d8fa7e4921add887812104e226bf9cf3fab7af4a47805227c0b05145b51fadabcd55be1fd272b82f6dd32f35208d7aac762d4e6de900"/154], 0x9a)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f22"], 0x22)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240), 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
gettid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000400)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x8)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x15)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0x2, 0x1000, 0x3, 0x1, 0x1d48, 0xffffffffffffffff, 0x5fff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x4}, 0x48)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1e, 0xe, &(0x7f0000001600)=ANY=[@ANYBLOB="b702000000000000bfa30000000000001403000000feffff7a0af0ff1100000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7040000050000006a0af2fe00000000850000007c000000b700000000000000950000000000000000e154cd844a954b26c933f7ffffffffffffff55bb2007ee51050512b5b42128aa090a79507df79f298129da487130d5f24bf901115e17392ac66ad029d1c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1efc5f9094fa737c28b994a8512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d6f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804d4a69bf9bc5fa77ee293fbd165a5a7c31de7910d1ed4065a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db3503680e5e5971ff4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dacfeb47479321a0574fb304bc2a1681989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f3de8726c2a61ec45c19f97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde0745db06753a7ac7fe13cab6692422a46e9ffe2d4a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c9bdce38c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c5f1e24d9f679e4fbe948dfb4cc4af05c28308241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5490f6589880ed6eea7b9c670012be05e7de0940313c5870786554df2623d58f5ace92d028f2c71a6ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77962a2cd8a104e16b77d5f7f13b1640d43e11801140caf1a8b1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b905fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af0a77fbcf2cd1d0000002000000001c800000000000000000000000928ee53595a779d243a48cea769470424d28804c026ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf34117a82a96b2ced73abb8e4bb718d6ee7aebf9ef40662d7836d252c566f5ee938a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c74f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7eee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab50fe82d5a96b09c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada209bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cdfba05e3633be3f00000001762e5f5a3a0bc33fdbe28a5ffc83f2f08544eb2794e7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5d81e750d50515a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f85d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d801002653c4d9818708e27c89b552d3fcd11ebce9c764c714c9402c21d181aae59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff2a8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4000000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b850580994484305d7a1759782ae57773e0d8b0ab900edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af0bd91e328b6a6f732a91f0e2e9120be61e58c79d497247d278888901d44bf77ff246605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c2d0836395fe39f0e11c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc71300000000000021000000b12f0ec0412268860027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b50f3ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861ddb54684cb73e7aeefae47fa09fd88e6043bd52ae84c1bb0c8a6b769f952283a1f4e3842edb3d42c68a2102fa1296dfff4a979369b0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e81163bde261fd00000000007271e28ef6806bc8e139c49b91c76b0d3958f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d1b8b90bc0df4c4b51b1f922a44ec675203bf8d1548e49262727c3de6daab3b4ed15aa99802e45d0620617e839b5237ddfcf103c91e61d174e3be6c9fd47398797e3b814e751ff31ecb42de6dd9d6b88121aaa680c236a303914e00150e1ec3f144ebc28287d5b51cfb8cabb844d12b140767d0fc24425590024b2e431722392489e3d43b3e31438a0138988083c47c61384d54e9a40fba01cac6e59ec82edc764840fe551c1d57442970cd8e59b9f41094e158c0a1ee855d8515599685486c2a21fa1c107531a0db8306441e8408b34aa90e9736e672d74cb8e78f8bdb93a23d024fc200796836ab396911a56231e953efad6cd83db32ffc595d970108e9547ea0000002730d5d1b70fe8b458ac1651135037b6cb9c8053299f77ab84c5b9fd2f764c3caa9c69377c397d310ddc7bc4bfa165def7b49e28ef196ae263b6829a8419d8860f56c86c288964ac4bc19839d96ff24b981c3a4fd6f93a000000ea9d6b06dafae4c91177"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0xa}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x50)
syz_emit_ethernet(0x84, &(0x7f00000002c0)={@local, @local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, '\x00', 0x4e, 0x2f, 0x0, @remote, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x37}}, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x880b, 0x0, 0x0, [0x4]}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, [0xb, 0x3, 0x40]}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x6]}, {0x8, 0x88be, 0x2, {{0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d}}}}}}}}}, 0x0)

5.030214608s ago: executing program 2 (id=1917):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
clock_gettime(0x2, &(0x7f0000000040)={0x0, <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=ANY=[@ANYRESOCT=r2, @ANYRES16=r3, @ANYRESHEX=r0, @ANYRES32=r4, @ANYBLOB="0800050002000000"], 0x24}}, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x26e1, 0x0)
close(r5)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f000000a300))
ioctl$SIOCSIFHWADDR(r5, 0x8b37, &(0x7f0000000600)={'wlan1\x00', @remote})
sendmsg$NL80211_CMD_CONNECT(r1, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000900)=ANY=[@ANYBLOB="50000000080211000001080211000000ffffffffffff000006000000000000000700010071f949364f2115f8e26f0006020202020202010802848b960c1218242d1a0c000d0600000000000000040088001900000001000400000080"], 0x52)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000340), 0xffffffffffffffff)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000380)={'batadv0\x00', <r9=>0x0})
sendmsg$BATADV_CMD_GET_GATEWAYS(r6, &(0x7f0000000440)={0x0, 0xa6, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="0107fc000000000000000a00060008000300", @ANYRES32=r9, @ANYBLOB], 0x1c}}, 0x0)
sendmsg$BATADV_CMD_SET_HARDIF(r5, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000480)={&(0x7f0000000640)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="000e2bbd7000fedbdf2310000700000000020000ffff08003c000100000083366e9f46236b8d4aaf19c917c58ba63f7ccb5d020b54af7d8ce769bcb2a2c3b350437b10722439df10164f1de2a105bbd9b55103618011feeb1abc9ff13d8dee72accde5b51abe087165e0141695fd6fcded680b7e4ef27b44c3b4a1d71089f76ca09c48eba2c15463a3288951b42cc8740dd205333ae97a059240dfd3564a"], 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x40054)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="160b00000000000000ce4bb60919ff8ef40d4d1fa480ba0000000000e6a78e81dc301a17e4cbe7e0b3d80099d4c3db7d1190d920ee0d1037d68a3bdff58b9644ab7a4f849870d8d57bf479abfb3793a0423431e5144addd0694d060000000000000081043a718d03fd0c096663961ca9a50982c86bb615a0306190077f5a22230ed4373df1046ebd12b344a4adb5928f88b8a9c7420a66ec5818c4e5a03eee7e61566dda6148a3bfe243a34a608d44f15ca9d7fb12d18c1c02cdf4e2bd07df04000000b0d2cf", @ANYRES16=r11, @ANYBLOB="010000000000000000004a00000008000300feffffff0e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x3c}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, 0x0, 0x0)
r12 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/pid\x00')
setns(r12, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
syz_open_procfs(0x0, &(0x7f0000000000)='maps\x00')
ioctl$NS_GET_USERNS(0xffffffffffffffff, 0xb701, 0x0)

4.913332073s ago: executing program 0 (id=1918):
add_key$user(&(0x7f0000000180), &(0x7f0000000000)={'syz', 0x0}, &(0x7f00000005c0)='\x00', 0x1, 0xfffffffffffffffe)
mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000ed000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SOUND_MIXER_READ_RECSRC(r1, 0x80044dfd, &(0x7f0000000040))

4.821808693s ago: executing program 3 (id=1920):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x15, 0x10, 0x0, 0x0, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48)

4.581077371s ago: executing program 0 (id=1921):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
io_uring_setup(0x497c, &(0x7f00000001c0)={0x0, 0x0, 0x2000, 0x0, 0x21f})
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000a80)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8}, 0x1c, &(0x7f0000000100)}}], 0x1, 0x0)
shutdown(0xffffffffffffffff, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, &(0x7f0000000340)=ANY=[@ANYBLOB="0000010040c3f2be96f36c88a50bc51cc1e42968f148337dedb747e6c68f6541a3387929b2"], 0x9)
creat(0x0, 0x1de)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000980)={0x23b, 0x7d, 0x0, {{0x500, 0xfa, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x04nodev{cvfox%\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x12, '\xcf\xab\x00\x10\x00\x00\x00\x16\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x5e, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x9d,;\x9e\x1dR\xc3\xd6\xda\x9b\xf6\x99\xfa\x88\xda\xcel\xde{\xa4\xa4\x00\xb4\xb0\xb4\xdb\xf6\xc6\x9ai\xd0\x17\xce\xc4Y\x06\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1a'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x23b)
writev(0xffffffffffffffff, &(0x7f0000003480)=[{&(0x7f00000034c0)="50bdc2efb8d0fecba7b9f07a11d112390f893112a87c4a10d97d6bd1cab082d5766613a937e7a6767af05b68c4338a3c306fec8bb9b83d8f28a04683cbd386d1d8e427b02d3ff427a0569c1682e4dcc4aa4757a01f0ec405b764df476ddc99387f04b96c82a87b3945b849965bf6320d38c85cbe36014658c0df25ec9415a444d6be387de48cac69f15b6b1d45c0f8e62b54f0ca13368cae0645969feb781db89a70463e42d3197672063faab45c46b5c3e621282991cdde50f9af1a12760812b23b29dd4fffe2a0cb4474e9fafdaf2083280a3be1f0a57329a984d2ef5e62186ac555a55e8a273c0834f2da14f0b8b6242a12cc1af203bc142cef6c0048d3e56fcb85e0deef0fa9f3c18f9a7c04caae4d57d3d4b139660a533aa9e25045e93e1be2261e166c6b7ac7855446fb863c0e6ef7c8137202ee7c52450c78c89d8a7aa278b5511e9b769209ac0747084b9c553150d8a6f060153252b4c5fe69a0ab271f85b7400358206e9d220b0065b3f94657afb4bf982e641cbe07c8f3e92b17e7e2c49174fd3bd89719d465f6de1708e1e25ad6185203cd51b939d485865504efc571ecc5915767c3b0dbd097e80c38532d7a322e48fab7a6811816d6247a644864248d635bd61b46ab09bfcebf86e06c08fb112d072365afa6bf1292f540586e16bc640f031c740a04bf61df1aa00b99ff99a49c73d5dffd1523c6d5c2d028ce3577110f15447cd87914a5534f45d9e69a8e51bfdf343f70c7c4a5ccbc62b4ad632d48f93a38361907ed686b76cda7ed98df7f04d881712280db912133fbbcef41e918e6cda8a1b25da503721e13bad3dee199f9357260c4aa7ebe23ec5c13ed13f33f9176ef2cbdec432fd6d07cdabbb051985fbd4d69f9eb09f3d6b1e78870ac6a59eba73fa5df0d1a708d2673684856cf504a2d3bcb0038605831c965e8e0c6090a0457462a6ea7564f57696219af371c120cd4565d1e278f233d738245b758e6e6b4d7c434fc5ecaaf72cc57889d10c1e2c465a12fdb25d0f653e464cab62a4179f5bab38c560a12dd5852ed2684c30787774690cb7b4f9b5f4c573759a60946d7e6708d4c520354cd7b310986ecb5569f3ba1e322ccd2282fb8ca57588b21c46ca0bfc1d50bb43cada0ca6c8337d66e6829eadfab60c38bbf58cad9e611b3ed84dd8f00be795673b5a611ebb1e11a54b533d9d064b5df4d1203bbf1f82a9f63c178e9441b538539193b28b70a6045e6c8f1cbddf97ff79525801bb9bbf59ed76fafcc29c8317f3f50ef5cedf5f767747ecbee95bbf7251a92382ab1ee0ac10c206ee6a4cdd4ac3fa8607c66ba19309fb0fb646c787d226d55b9f8158a3835ee5d1565f5c4fb41339088f06cc89c670da67fe33ce1f20327bd989de43e6a62a135e0ff3d3949b08bc6d46aec46ad100059cbf987054690de9764ad56dcecf5afcd19cfad537b571f324858908b86213b7420e12733cd6a192bf1f69651ea1043b9fb12bc29ced691f7ee3eaac4618732f173c424707bcac7cea3e023da9af43a7e6c465feab01f246adaf8d573e5aa578af8b36ffdd39c1d48787739bae6582b63cb7755a9ddca85a0614994d793b8f023a0ad28b5e2172a06d59ddd646e8e8de0022902f6016d60019c4ec2a753d41ddc47303d4b490c116083eb19dc36e0805b4b748f47189d288db04be485cceb5a0656e0466877526b6395bc9053cd0d703127eb912964c052442535d2d03b89cd4e1a63ceefaf043509416f79dc7507c0f84dbe881bee0d73b4e40c062d953ab2eb631bca3d71aa08bc903953cc0cb71b04b11123f5ac9ce03501c7c706130808bba16f2ccc7b0b7a5da5ca9e48e46d08f04be516249298198cf8487e3361abf2071f9d41974e9ecde5db520960eea20028ab27517b7a8ea820209107a79da17bb2c4fd11da3a4b7f71c211517c7c2c823efa85ffc100286a987a81fd266f3df86704af9a227b06f93d6ab9a220f9572591e2628233691ec5cbd04220143bdcf6b7cae2d562b98c2db8cb7534d4774159fb6b47efb7a2bcc2b8726f9dfbf68b96b3341cd9452765af2c48a2430f242facd2ef9bfb99edb16ba68c4cc7f098b4d561fc04e51121fae6d25fdff1c86e13f97c1b432c006eef5424662f657143ea858ce7e3797f40089facdf96fa10eea15a20d107e89eeab1526939f6f46cfdac6717691d8aa01819f1992d1652ff3b02661e209633270dae9b024e11933ab0f11487d488c60927ba56b12add87e89503e1d2075cd68b48da65a150c798b671effccb21332c980b59250cce776df49d4d6e958172508d325a7dc7ca539dd89db8a0a22022b9cd2b1a545c8e10d3e836b2f7f379c1d868f90dfde77c157d03a72c49985607d2fdfe31ec68acf31dba08755a63fe2acc8682ddf707b1a1e81a7fb1cc51aedb44c354bf053a2fac29845322ef612b89c5b70fac061075dd7ad7c715534d801850deb118b7414369b0357e2694d88bfffae67e82fc82202286459c8cef40ad588f750c7f50d8107f0c9c51c345d101772b921d69954ff8c41bc6fc49a8b101176f60f15515e726c94ac27a6ddd8f03fb47ef616b5d17cf00e78d8909518082ef86e32c42b8dd72c8ee084171ea61465ca3b4169b6e3abd300a1c2247ee45eed29948355096f6dba394a56d8df4addd4529d834ec8f27d4957d81fca5091004ad3ecc98acb72392689b8145a5a9ec8736464c6544a64ca40c44359429b91690bb592707c6f3d93a85766ca6a754f5bfa8824d8ca6510df9b39abb5c84281f61100507d2014eba19031e654601f0c7d7ae9c45ebbe587fbc2dd299c14c8af310c5ac41be08ea71ca18fe732eeca736af024bbafc77e38883647dec12", 0x7f0}], 0x1)
r1 = syz_open_dev$video(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_QUERYCTRL(r1, 0xc0445624, &(0x7f00000000c0)={0x8000001, 0x0, "679c51ecbc83d1e22e845e3ede57135adc714d432546da16827000"})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00'}, 0x10)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f00000010c0)={0x84, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x4e, &(0x7f0000000000)=0x1, 0x4)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0xfffe, 0x0, @loopback={0x0, 0xa8aaaafffeaaaa1e}}, 0x1c)
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f00000002c0)={0x34, &(0x7f0000000500)={0x0, 0x0, 0x2, "ef26"}, &(0x7f00000001c0)={0x0, 0xa, 0x1}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f00000007c0)={0x44, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x2000006, 0x10, r3, 0xffffe000)

3.750576304s ago: executing program 4 (id=1923):
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet(0x2, 0x3, 0x6)
syz_emit_vhci(&(0x7f0000000b40)=ANY=[@ANYBLOB="040e05003d20"], 0x7)
r2 = openat(r0, 0x0, 0x1451c2, 0x0)
ftruncate(r2, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCDELRT(r3, 0x890c, &(0x7f0000000140)={0x0, {0x2, 0x4e23, @remote}, {0x2, 0x4e20, @loopback}, {0x2, 0x0, @multicast2}, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000100)='veth0_macvtap\x00', 0x7, 0x8000000000000001, 0x7ff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'team_slave_1\x00'})
r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000100)={0x2015})
read$FUSE(r4, &(0x7f0000001ac0)={0x2020}, 0x2020)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff})
r7 = dup3(r0, r6, 0x80000)
fallocate(r7, 0x6, 0x8, 0xfffffffffffffff8)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
socket$packet(0x11, 0x3, 0x300)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000001080)={0x0, 0x0, 0x0, {0x2000, 0x1}, {0x6a, 0x2}, @ramp={0x100, 0x8, {0x9, 0x6, 0x0, 0x4}}})
r8 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x862b01)
ioctl$EVIOCSMASK(r8, 0x40104593, &(0x7f0000000180)={0x1, 0x67, &(0x7f0000000100)="f13b8716bcfdcca0c8af3538908cd9249f533b44e0242eab855e96f55b9ffada39f62d8b23dd050e4bd47c6e12e3bd98840d9ae70008ed417a94f6c6b2fccb3a3bcb625653302c9301e4fe75a70cdee4c457f97a50895e6577df2340fb458bd55be572ac782da8"})
write$char_usb(r8, &(0x7f0000000040), 0x0)
ioctl$TIOCMIWAIT(0xffffffffffffffff, 0x545c, 0x0)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xd, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18efff0000000000000000000000000085800000cb0000009500000000000000"], &(0x7f0000000140)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

3.621264173s ago: executing program 1 (id=1924):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000540)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10)
write$binfmt_script(r1, &(0x7f00000002c0), 0x1000a)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x4, 0x4, 0x3e8, 0x200, 0x200, 0x200, 0x300, 0x300, 0x300, 0x4, 0x0, {[{{@arp={@remote, @broadcast, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local={0x2}}, {@mac}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'bridge0\x00', 'erspan0\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@arp={@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local}, {@mac=@multicast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_vlan\x00', 'ipvlan1\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x438)

3.617765494s ago: executing program 3 (id=1925):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELCHAIN={0x20, 0x5, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000000)=@mgmt_frame=@beacon={{{}, {}, @device_b}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x2, [{0xb}, {0x16, 0x1}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x71, 0x7}, @void}, 0x39)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001740)={0x20, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_SCAN_SUPP_RATES={0x4}]}, 0x20}}, 0x0)

3.391486482s ago: executing program 1 (id=1926):
r0 = socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000900)=@base={0x12, 0xff, 0x4, 0xfff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x48)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
syz_emit_ethernet(0x44a, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaa00aaaaaaaaaa0086dd60cb653e04143a00fe800000000000000000000000000000ff0200000000000000000000000000018600907800000000000000000000000000087db4265c9f6aa3b46521199ea778d105c24ac1fd5315e8b977edb940e63f49a7129f45462e5eecc39f468544e3c13aa9017ccd638e784912ef2c2589d0d45cf0ed4bbe90921800000077130c3818a2eaac43f1a6efc4f7772852ea05bff405aa28758ba53e0f2060e4e027f24bb723a5571d0da2ebeb3fe47f34e606cb3987e3681841f511126b773758e143f6be25d6965fcca35155fec3f970e2067f5db8a5de787eaf96b5957e6b988c02ae9fe26ec3118d9fdcca129d1269b290f687cde5b4eaba737c806335ca0d1e43697d144c6df4dc0d31e84004bc22e87b6e2daab5674479c76a1be360d309e7e7e5fa089032b331a3ceea18d92124681c0b78a0f1665ffcba0bee11950f6b4912bb302b3e648fad7ff4862ccc823e720fdb20af8ab0a6a09dfcdacf69923d60a0efeacf81e1e7e17db9547a4962bdec794c013af7210e54d43f3fe7da2f88c674f4cfd818f6a7461368bf62f1d5f98fd9394eb74bf0559f1c6b1ebec57dba007f143108ca4be3fa330cc21a411b0b7af23ebd9282be17fb702a5ca61650b283eec78e0280e4f2713b42bd4e3615c48c55c1abe5827601038109736f9c6b7242e7c9c917309397b864eedf5ca71db1debb609b6381b54955706017731319e0cc41083f99bd11da748b47d8715080899eb15caf19df36632b73bb22596b8e16186a2e51e277f8c78df609ca44a83914e8f7a8b053210573941b560ff8b114326678c6851c74596300b1c2a1ddc0af5b4cb5f15fa61e42214341368152275070973f3063f35fded9eeb535a0837783921dc2b705e0a0ceacca1882ff23813bc9199a9be39559c9f82a7452ce6113780cd7d26f532b72603afbfe994f5baf7257c9a33b9ac1ecd0b69da263daa9ac7e6a8d4400341926ed1f0c0e9086009c7945c0b255716f5b0dac45a9af480dc1f17beba2a2cddeafed29ecc91ce704895e28d0c46e639591c667a7f34500ea98ef557801dccf733fa61f3cf6740e40418745a42a738440ba9fc2ec415ba0fbf34800e6987b902302d552cf869eb350a9a862cd946f8285b03f03067dc9bae653dc701d97c7e6f7c1f0767624ac9e48b041c51697968b1e1733921270e569ac0b1ac7c25d00936ad05f14d67d3225d6a8cecd9fb63205ab14131e2e742977860e4a38ec056cda185aa357a059d0180056816a7902bdc0951253005099039bd945a6a4e525123cd4fcb8c5b335626464707fc21e92039b9190020eb9ef84c61cddede466a4c3ea2572927153997c33433ce9de0a7d2ed0b5fb0dce9cc6630bd0635a66be0cb490689169618184e896233d49b8f0e0717ae5d557333d54887ed8d983ee01091326af86e76583131104c66753efd58c32e499be23a05249b98e505c4c0237e2e70506fed29a33169d02b74ba5cbefad267e1107f4468e1144ece9656d35b88e405405fbb143"], 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newlink={0x50, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FWMARK={0x8, 0x14, 0x3}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @local}}]}}}]}, 0x50}, 0x1, 0xba01}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000", @ANYRES32, @ANYBLOB="00000000000010006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0xe6, &(0x7f0000000140)=""/230, 0x0, 0x8}, 0x90)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, 0x0, 0x0)
socket$inet(0x2, 0x0, 0x0)
unshare(0x40400)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x4, &(0x7f0000001540)=ANY=[@ANYBLOB="18020000e2ffffff00000000000000c685000000360000009500001800000000922ae83713ab9600010000801b10fb54a8cb72d232ad558c46fff4208d4990ec11ce9413ac30e00bd0081f8504e19a5183d769676520e98a263345e44d5ad12bca35510100c4d86abeb12303ff1c9fe0d0020000d60400000007d3670000008aff66d6b3181ffc1d62a3954c1198bbc4fa13aee48ca9e8969faebf3183fe803ab3f5024b52dc265b36fc9dae00a09404f01f9504d0976d252bd8d24538556e5e57bee3b8cf464ef3c6a7def8bad3ca6e3abdb21696e340bb8e2a093add57196b40def3858ef569147fa4108328392d322ab5df10a2f69a6bdf72ee7944e810d0223917c3d042410f57466f59544047d6d8ac44060000000000ee16c729300d2301800000000000002b5a8b05fcc154ad5290a8cdb97c343f454ff69dd6cbde49b28a6cb5f4fc0001745cff6e00e7ffffff0000acf3209a08439f1ff01779b6f6df7e02aa6d7760525b595fe1f697bc114ed1778e97a3f0395f946974cfb458be2a34cf924dc37b5592bf17956f3547497aba814382ff67b345b677a9d6523d87008000000400000000003fe8613ca29ff92be0d8deffff7b68136b0046d535dd39c0f35408869e9b342b953f91447e6b9eab304f134306320600a44095254b45a6c1312a13696c7202df5f764713504facc532c5a6d44d99ec7530ed7b0311000000000000e54e9072a22d911f4a2c2e2fa806e63c5cd98a8569a6d6bcfb000064885117e2ad910eae67e0ebe380d0f648713e68153579e02d71c58d147b00821ab9a6475b31e1ebf1369a04000000fbf3983f283f2f00000000992774814d63c933912d000006000000a66acb0a38856929e7d8b1b06c9bd5d7e5490f3b8596b694ea9483bd4bd287c83dd998a74694d18bdd8ad0983bc90770bbd26a82b9d99d5fc04563b523c47ef8c33400e90d02000000000000000edf1147a7afe772cd45af8aeffe2753088e02ca6bb2feec446ce7dbce66f0a93a03371320980865c7c62ea4d8f8a864dce9fa85aeb0454349100296ee2dba39c3f6fd6cf96714e11fe03b5062809a7418b165dd0336d226bac1e1223be1c97b15175d0e664beb126000e96549e1a1228c686edb475b705eaa9515c96f4fc6b3c925ea404e0f1de61026dc6c6618580fd6ce9eac602c1756f6d1056712412131ed9925989e01eae489ec7052e0ed72c326c7a8aa63999e2297c54ce1822d14b7c7699a9d0600f11f2e7f474cffbc35bc8623cd5eb68af82275a940be0400000000000000bcc3fbe7d90de96d6a8e9f32f18d1f606b381e4903b500000000000000000000004a2357ba5f6000de1cfa88b7165dcf4f2aaee86d4802000000000000008fdb686d5da2a42e4b5024b6535811f362201d4f82012e6af704973d04ea923c19e6cb723c1923b3eea2d73e176dff383c9fbbac53dfdcb1a68c98e96fe39eec23963faf3ebed3409144c7c53d6318ced678a621450a9b01e9f2772e5f2999d3435da02556e36c3215d2bd4e96c93bff3ad04a82ff3cfadcf65eb92adc6c68d66b11cb2d7556414a86dfa94bb7aa52c7febb1e9b2efcbbc5bccf9d39bed802f4f056976a9a362ee9cc624ec454b90200fd9603f96908bddc14500000000000000000000000000044d917c62b27679913075731e8fddb07c10c82002d60181588ae63a440454287de9e340f611267f37bdd0f2d21cb06fcaf45a0a297e396f428d43371424b307eef82c5d6d19f3ef0d3b8f7fa51957e3099caab31133b34a1d3eebc0f0c9056df2e9667ba0b55695c78d4010079b07e7aef7785e2486472b5cba1f3346c1e8e23deb8c82bb6eb2c72c484241dc3b66da78260f800fffd39368b952f6f4a10295c50c887a31d8b543c5d10f2dbd4d0b84eaad43feb6e169a9f2fcff7000000000000000000e011bc6366f56fa787f212c1f8c0f47f50b1e9b5d841ea55fe569bb7bf1e78191c8a02ad436725771738a2a98891971e3b932352896e1ea10f62e8ef7a87e16151b39d6c27575714540d8c293a3fa4b5a825360423c1cbc8b5d19167152823ed853140edda002c16c842b168bb55f6bb713deb57d0aa78d6d4e5fc5be2c402bd246128f41bcb02000000892b135a92e8c844938aa98ba4839a1408a696454d40e5eed4d4dce481ca86bfac54c330331b7f2cde17cbaeb0377696faf546ecbe742d73d47d726a50f6e752f3325255bd7e8b5923aa3cfb6f7e06494f21ca450139c558000000000000000000000800000000000000000075aa0000000000000000000000005560bd9eb81e839e4992e64b074a66cccccf00334fa94da8477be7d99b558ec6a5b1596ac1e7617c6b32eed0cc70286caf2c5189a103f4b0b04aff171c4d388ccf67fea37e782f025c04fe8ba975cf616c7134d6934e2594c853cde330a193a967d907a8c88fcb033e680f559a72150cb900bafcd536f48797915a2fe9922ce27300009e1b36aa4730117d9b00000000003c630000000000008fbbd11b015c415ca04192fbfb1a8b0e3460af35771dbac10062835c9bab3ad09f7a022c52d800000000000000000000400000000000000000000000007be52c0d05b4cd120400000000000000000000000000006ec473c54399b7b8aa1ee46132fc45da8292631178cecf19550108b8b8423de42957ffe9bb6d752e68d2bc2ce777a17bf4dfdfee5de0f3e4dadf51ab03d2165ccc9562827b762fa611ba5f32861c19dffe1dc9fd5c41cd46cf131fd6b0c2ddad90ac33f768f9ecc70327c59918fa5a249befe98262f53c8182d95f6da3698a6a88c2c31d801a8f1f5e0ce05138d5422da0a6a62b9dfe1f39775d1d0c9186096415f544aaf76b0a1c877a6c826a5adcfb22c4a0e5a46271caa3eaf4f389dd5f3c20dbddc0377a4266d7b9fd61b9287e9b4be0a413ee31be0ddecab0ef7b25cba1fb3654ddf291ecb7768ac1e177042cb4c452fa6b396695000000000080ffffff87da23d6855500fe8510b51e13a890e394b84a6ea2cc8d42b97c697c29122298d55e2e1cca8e07abda2606a3f381c64b9fec0000000a7965e4854e8e3572ad5149b3872342dea9252132860c9af1bd5fe263c0313dea5d6e0c11a466d6892ed65f34667dd79b07b5cbdd8aa7dd561a26b5562d4861a7e1b0f48930e0b696ea3bee7eb72794e163d7aeac9a0fa5403ac9cb421eae283b0550f1d0d339cd7b96e71d3ab48ad9d7975e0c9b117f71d3ab80a0c9b0284ecc469fa6181c9c71fce07a6ffb23296a107763138e8d9876291af2076890c47925ac773d95d2ca42acb3e5f3a1550665b898462c139ffd0106bc8a61b6117d252efcab7106b4c3a3c13a70ff452e9d2096142c517b0e91b5cf88332faca5b3ee96363065c3ce32d3d39ec36e20d597e05664f2526bd918090649da11f7299789d00f5024df1e99d3efecb9b457642fe810370ba4fbe00fa60a28af966a27a1659e448bbe43a1dcd2ea760018b57a36ac41ef2051a7b703d55c0602540663016e20d50385766df4dac47802a55bd38dd767ee9960c6daa704fc5d01a1459134d1b9edfde3be9e25a110228c64253588ff420644dbc0854e69a7bdda72f93ceaccf92cfe7dd6296c950db10f6dd8a5ef9b73cf6a12a1ba16fdc7e35b805f4fd2fcff0a623722149c1465e4de2d53f0f10b14c21865027abc71a12cb1e9f8029c7a20000000eeb0d53a83e518c8d2052c08b515d9d0bde24ac4e798040c7db0bb03c019507d6377f3d5dd94a27abc6d6b120d61f772407e0d2cb50d29168b68aef9f176b4c3aa8b21279d4ea9c1f669aa8c2c17d5b3a8d1dda58d26f1019af04b7774c85d5bce8be010f27c5211938031c3404680b01279c778bd1fe1b48c4b5b8e0fe756e54a8d76b7cec5e3407d93b4eadc446440607de844acf5524a4657e33af2115547b735b57b5092d0bc8fa6acb832509abe0882d570ce400aaebd7baff88526608d6991aac95751671174129457e4a03aca69d82b64b89e6ad6ed1e275ec5002e48170e4c7b4f3971481098dedb88fba90770e44bf404d5a97fefe2fe8e459fe45933b78c7ab5fe985a480193a20fb07da1455fb283df68af569ac82aa6dc703e29bf158931fb79f2abfa6ff7eb8c4f381c9da58bea460e2ead969933e5391970ca4fddd64da2e5df9c4d82044068caaaab771b37bb06bbe673056d849825525f1120b2250fc48520381f7a74b1c687781cb6b23e67b918844b83dbaeeb559ec8520d710dd6d6b4e64838bd434a36ed03fc0c488b24571032ffbc9f8ce97041e1bc4729d539358dc9599c1266b9ce2cb6dd0ad57a6e9d3d4a11a27f70b2934c96237e2ba09c58eeda678d4d08b6da99b7a86e946215afb1b48792fde54492e306cb5342e2589874b603a1de972b1f09cc350096f5c3e814118af9ba0793cfdf20c77b34eacfdf63ce59ec4d2f867bf884e941559b068d908325667672b5e1cf71f4829c0493e8b141489ed926b822becead7a0a2b4a4c008ab16b616d60f347e4da54f06443507efe57ea62399ef4eb11b2f559e1b056456a53998bf1c6d13c92e75136147f91aecf020000eb1b51bf700b3c0bf54bc3745ff313c5e75dc66386897f6ee45429371b8d0878c442ad2fe9baf85c1390da13efc353ccbef950c29f39ddf436f0d9bf1be1515ed251d8b6f11ecb16b1e8d1ed04196e9b6c2f9e068b7749bb6c1f533e493f22c901662c65cb761dc2eeff2f698bd4dbae83e2dfdc4f1c7f918a00515c1bc189d10ec22b35c92725cbf0ba244fd029c4f026f68e000000060000ab0476c3fd7f7c1e5c000000000000000000000011e43e39d3f4394fbfa13c416b1c443c5e52eea726491ad75100ebad7c6d5a665c59a3fb158e43da904f19e7e8daa4e90390b8da945f6cd78536c0d2be07221f85ad46b180f256d4d84592811d15d65896b66b63a46705338b67b72dc1c3075fcdc5cbffb0366151632ba5be8ae815dfea9fadfd31c473a24a73d3e5116c3023b3563c72d26fbd59877132bde5ca4ef8d92fd3613c768b35223f6fd0b5e9a8b98cccf1e2b4612e620e3a159d6365c9045aaa826aa0ee6d26cf0397ce674c20824584b464ebdc2f3ea26a7aec4570b242a6677a4e9187f8591c3a9bdc14a31ae7c034bb19da845de69d1300e4a8b6e345c2e31cdf127f77102ef0e576ed1ff4133599882c14943558737da0ed246603d768933b36d8f8df3add2e17ce644347c419a7795b6308d4455dc680be6ee2ee7fae761292d67249baedbd6c03ec95dc0966ccdb319aaa9f8a35b24cc7b7c9c47934a261aeff831dc52d9e54fe0d54641b413298432427eaba265f3ecbffbd3b8465f1acf2073edb06f65241744909ead745c68b260803e7369beabb2740e55e48450c9c3399cb70434463"], &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x40}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001380)={r5, 0xfe, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd48175dc, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x38, 0x0}}, 0x10)
mkdir(&(0x7f0000001300)='./file0\x00', 0xa8)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
fchdir(r6)
creat(&(0x7f0000002000)='./file3aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, 0x0, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r7, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x200, 0x70bd27, 0x25dfdbfc, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
sendto$inet6(r7, &(0x7f0000000000)="eb", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

3.185000761s ago: executing program 2 (id=1927):
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0xffd8)
mkdir(0x0, 0x0)
chdir(0x0)
open(&(0x7f0000000040)='./file0\x00', 0x40c5, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file2\x00', 0x10001, 0x85)
socket$caif_stream(0x25, 0x1, 0x1)
r2 = socket$inet6(0xa, 0x3, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x10, &(0x7f0000000000), 0x4)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x0, 0x1)
r3 = open(&(0x7f0000000040)='./file2\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000000300), 0x0, 0x0)
r4 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_DQBUF(r4, 0xc0585611, &(0x7f0000000140)=@mmap={0x0, 0x9, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "d3f61e4a"}, 0x0, 0x1, {}, 0x4})
ioctl$BTRFS_IOC_DEFRAG(r3, 0x4c00, 0x3)
r5 = socket$nl_route(0x10, 0x3, 0x0)
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080), 0x8101, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0x14, 0x30, 0x871a15abc695fa3d}, 0x14}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000300)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @private, @loopback}, '\b\x00\x00\x00\x00\x00 \x00'}}}}}, 0x0)

2.866009728s ago: executing program 1 (id=1928):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
openat$dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$DMA_BUF_SET_NAME_A(0xffffffffffffffff, 0x40086203, 0x0)
getpeername$packet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@getchain={0x24, 0x66, 0x0, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0xfff3}, {0x0, 0xfff3}, {0x0, 0x6}}}, 0x24}}, 0x0)
r0 = socket$kcm(0x2, 0x3, 0x84)
sendmsg$inet(r0, &(0x7f0000000a00)={&(0x7f0000000040)={0x2, 0x0, @dev}, 0x10, 0x0}, 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000080)={0x41, 0x1000}, 0x10)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000003580)={0x2, 0x0, @dev}, 0x10)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @broadcast}, 0x65)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000480)={0x0, 0x241, &(0x7f0000000440)={&(0x7f0000000200)={0x28, r4, 0x1, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1d}]}]}, 0x28}}, 0x0)

2.71230488s ago: executing program 2 (id=1929):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000000)={@loopback, 0x0, 0x1, 0x0, 0xf}, 0x20)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000340)={{}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]})
r6 = memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0)
write$binfmt_elf64(r6, &(0x7f0000000540)=ANY=[@ANYBLOB="7f454c46020000000d0200aa1e1c170003003e000839a59434d90a2742a24e000000000000000000deef14b40028e27ebdfd74dafc20380003"], 0xfebe)
execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049e9)

2.690647538s ago: executing program 3 (id=1930):
preadv(0xffffffffffffffff, &(0x7f0000000ec0)=[{&(0x7f0000000cc0)=""/79, 0x4f}, {&(0x7f0000000a80)=""/145, 0x91}, {&(0x7f0000000b40)=""/160, 0xa0}, {&(0x7f0000000500)=""/2, 0x2}, {&(0x7f0000000c00)=""/131, 0x83}, {&(0x7f0000000f40)=""/112, 0x70}, {&(0x7f0000000e40)=""/99, 0x63}], 0x7, 0x59dc, 0x0)
syz_emit_vhci(0x0, 0xd)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
sched_setparam(0x0, &(0x7f0000000400))
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000003a80)={<r2=>0x0, 0x1c, &(0x7f0000003980)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}]}, &(0x7f0000003ac0)=0x10)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x6d, &(0x7f0000000080)={r2}, &(0x7f00000000c0)=0x18)
r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
r4 = userfaultfd(0x801)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000280)={{&(0x7f0000576000/0xd000)=nil, 0xd000}})
write$binfmt_aout(r3, &(0x7f00000001c0)=ANY=[@ANYRESOCT=r0], 0xc8)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=ANY=[@ANYRESOCT=r1], 0x38}, 0x1, 0x0, 0x0, 0x4c005}, 0x800)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r6, {0x2, 0x4e20, @rand_addr=0x64010101}, 0x2, 0x0, 0x4, 0x3}}, 0x2e)
accept4(0xffffffffffffffff, &(0x7f0000000540)=@nl=@unspec, &(0x7f0000000200)=0x80, 0x800)
mount_setattr(0xffffffffffffffff, 0x0, 0x100, 0x0, 0x0)
r7 = syz_open_dev$loop(&(0x7f0000000180), 0x7, 0x2480)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
write$binfmt_aout(r8, &(0x7f0000000100)=ANY=[], 0x1a3)
r9 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x4b8, 0x0, 0xffffffff, 0xffffffff, 0x120, 0xffffffff, 0x3e8, 0xffffffff, 0xffffffff, 0x3e8, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x100, 0x120, 0x0, {}, [@common=@srh={{0x30}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}}, @common=@mh={{0x28}, {',\n'}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@private0, @remote, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x2c8, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00'}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00'}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "17449c9c2a05e759713135ea9408fe6ca9b4b6152370a8dc206c4db34042a37edc63bd17a99fdd947c344b24556921c070477e13b6acb2af09498a96130edac4"}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x518)
ioctl$LOOP_CONFIGURE(r7, 0x4c0a, &(0x7f00000002c0)={r8, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00000014000800000000000000007f"}})

2.597192192s ago: executing program 1 (id=1931):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f00000016c0), 0x3af4701e)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r3 = socket(0x200000100000011, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
bind$packet(r3, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000100)=0x3c0, 0x43)
sendfile(r3, r2, 0x0, 0x80004700)

2.245866059s ago: executing program 1 (id=1932):
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f00000000c0)=@pppol2tpv3={0x18, 0x1, {0x3, r0, {0x2, 0x0, @multicast1}, 0x2}}, 0x2e)
sendmmsg(0xffffffffffffffff, &(0x7f0000000280)=[{{0x0, 0x700003a, 0x0, 0x0, 0x0, 0x0, 0x700}, 0x4}], 0x400000000000085, 0x0)

2.243488715s ago: executing program 0 (id=1933):
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="03000096ebc2c66584601f003d5eceea86c5b4e4c22e7d73f8c4023570f400684f05afa738be36eec766c4520117c4509c8aa8113e9030f33d953fabfa1f8be7a4dcf4eacafd3b2610329733906bb2051dfe326329d8fa7e4921add887812104e226bf9cf3fab7af4a47805227c0b05145b51fadabcd55be1fd272b82f6dd32f35208d7aac762d4e6de900"/154], 0x9a)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f22"], 0x22)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240), 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
gettid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000400)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x8)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x15)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0x2, 0x1000, 0x3, 0x1, 0x1d48, 0xffffffffffffffff, 0x5fff, '\x00', 0x0, r0, 0x0, 0x0, 0x4}, 0x48)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1e, 0xe, &(0x7f0000001600)=ANY=[@ANYBLOB="b702000000000000bfa30000000000001403000000feffff7a0af0ff1100000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7040000050000006a0af2fe00000000850000007c000000b700000000000000950000000000000000e154cd844a954b26c933f7ffffffffffffff55bb2007ee51050512b5b42128aa090a79507df79f298129da487130d5f24bf901115e17392ac66ad029d1c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1efc5f9094fa737c28b994a8512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d6f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804d4a69bf9bc5fa77ee293fbd165a5a7c31de7910d1ed4065a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db3503680e5e5971ff4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dacfeb47479321a0574fb304bc2a1681989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f3de8726c2a61ec45c19f97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde0745db06753a7ac7fe13cab6692422a46e9ffe2d4a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c9bdce38c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c5f1e24d9f679e4fbe948dfb4cc4af05c28308241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5490f6589880ed6eea7b9c670012be05e7de0940313c5870786554df2623d58f5ace92d028f2c71a6ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77962a2cd8a104e16b77d5f7f13b1640d43e11801140caf1a8b1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b905fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af0a77fbcf2cd1d0000002000000001c800000000000000000000000928ee53595a779d243a48cea769470424d28804c026ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf34117a82a96b2ced73abb8e4bb718d6ee7aebf9ef40662d7836d252c566f5ee938a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c74f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7eee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab50fe82d5a96b09c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada209bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cdfba05e3633be3f00000001762e5f5a3a0bc33fdbe28a5ffc83f2f08544eb2794e7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5d81e750d50515a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f85d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d801002653c4d9818708e27c89b552d3fcd11ebce9c764c714c9402c21d181aae59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff2a8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4000000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b850580994484305d7a1759782ae57773e0d8b0ab900edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af0bd91e328b6a6f732a91f0e2e9120be61e58c79d497247d278888901d44bf77ff246605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c2d0836395fe39f0e11c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc71300000000000021000000b12f0ec0412268860027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b50f3ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861ddb54684cb73e7aeefae47fa09fd88e6043bd52ae84c1bb0c8a6b769f952283a1f4e3842edb3d42c68a2102fa1296dfff4a979369b0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e81163bde261fd00000000007271e28ef6806bc8e139c49b91c76b0d3958f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d1b8b90bc0df4c4b51b1f922a44ec675203bf8d1548e49262727c3de6daab3b4ed15aa99802e45d0620617e839b5237ddfcf103c91e61d174e3be6c9fd47398797e3b814e751ff31ecb42de6dd9d6b88121aaa680c236a303914e00150e1ec3f144ebc28287d5b51cfb8cabb844d12b140767d0fc24425590024b2e431722392489e3d43b3e31438a0138988083c47c61384d54e9a40fba01cac6e59ec82edc764840fe551c1d57442970cd8e59b9f41094e158c0a1ee855d8515599685486c2a21fa1c107531a0db8306441e8408b34aa90e9736e672d74cb8e78f8bdb93a23d024fc200796836ab396911a56231e953efad6cd83db32ffc595d970108e9547ea0000002730d5d1b70fe8b458ac1651135037b6cb9c8053299f77ab84c5b9fd2f764c3caa9c69377c397d310ddc7bc4bfa165def7b49e28ef196ae263b6829a8419d8860f56c86c288964ac4bc19839d96ff24b981c3a4fd6f93a000000ea9d6b06dafae4c91177"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0xa}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x50)
syz_emit_ethernet(0x84, &(0x7f00000002c0)={@local, @local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, '\x00', 0x4e, 0x2f, 0x0, @remote, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x37}}, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x880b, 0x0, 0x0, [0x4]}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, [0xb, 0x3, 0x40]}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x6]}, {0x8, 0x88be, 0x2, {{0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d}}}}}}}}}, 0x0)

2.019708418s ago: executing program 1 (id=1934):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r1, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=@newlink={0x40, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_IKEY={0x8, 0x4, 0xffff}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x40}}, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
set_mempolicy(0x3, &(0x7f0000000040)=0x9, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'bridge0\x00', <r4=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}]}}}]}, 0x40}}, 0x20044040)
syz_usb_connect(0x0, 0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000e8445a40ca0735a8fa21000000010902120001000060000904"], 0x0)
syz_usb_connect(0x0, 0x3d, &(0x7f0000001540)={{0x12, 0x1, 0x0, 0xd3, 0xc4, 0xad, 0x8, 0xf11, 0x1031, 0x7c0c, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0xff, 0xff, 0xff, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x7, 0x5, "8c9be78b85"}]}}, {{0x9, 0x5, 0x3}}]}}]}}]}}, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r5, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r6 = socket$inet6(0xa, 0x3, 0x84)
setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000100)={{{@in=@multicast2, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@mcast2, 0x0, 0x32}, 0x0, @in=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
syz_open_dev$mouse(0x0, 0x0, 0x0)
dup(0xffffffffffffffff)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write(r7, &(0x7f0000000000)="3f000000010040", 0x7)
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, 0x0)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
shmget$private(0x0, 0x2000, 0x100, &(0x7f0000002000/0x2000)=nil)
mmap(&(0x7f000097a000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

1.228058607s ago: executing program 2 (id=1935):
r0 = socket(0x10, 0x803, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x10}, 0xc)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000340), 0xc, &(0x7f0000000540)={&(0x7f0000000c80)={0x180, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0x38, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_NET={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_ID={0x8}]}, @TIPC_NLA_NODE={0xc4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY={0x49, 0x4, {'gcm(aes)\x00', 0x21, "e6245b66d3d5f86ba451e347a087fe1c5035bd2888c106120bcc8a64f1cd4b9bc7"}}, @TIPC_NLA_NODE_ID={0x6d, 0x3, "0d70de683fb363478394087a577e0ec7fe9eea08ed9e3bc4dc8db3d9f489e376afc7b258da0f1cbf9e7a08cac6f2c6c46a73c1ff87b84c13be20cfda38e31c023e8da0df0d485385d63c576f280ec36e7d36e484454cd735daaa62950e95973cbe8cebd52f07fcf6c4"}]}, @TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}, @TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ID={0x8}]}]}, 0x180}}, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x1c}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0xbe8}, {&(0x7f00000007c0)=""/154, 0xc0f}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

1.202541414s ago: executing program 4 (id=1936):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000540)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10)
write$binfmt_script(r1, &(0x7f00000002c0), 0x1000a)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x4, 0x4, 0x3e8, 0x200, 0x200, 0x200, 0x300, 0x300, 0x300, 0x4, 0x0, {[{{@arp={@remote, @broadcast, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local={0x2}}, {@mac}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'bridge0\x00', 'erspan0\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@arp={@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local}, {@mac=@multicast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_vlan\x00', 'ipvlan1\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x438)

1.137524699s ago: executing program 3 (id=1937):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
clock_gettime(0x2, &(0x7f0000000040)={0x0, <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=ANY=[@ANYRESOCT=r2, @ANYRES16=r3, @ANYRESHEX=r0, @ANYRES32=r4, @ANYBLOB="0800050002000000"], 0x24}}, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x26e1, 0x0)
close(r5)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f000000a300))
ioctl$SIOCSIFHWADDR(r5, 0x8b37, &(0x7f0000000600)={'wlan1\x00', @remote})
sendmsg$NL80211_CMD_CONNECT(r1, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000900)=ANY=[@ANYBLOB="50000000080211000001080211000000ffffffffffff000006000000000000000700010071f949364f2115f8e26f0006020202020202010802848b960c1218242d1a0c000d0600000000000000040088001900000001000400000080"], 0x52)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000340), 0xffffffffffffffff)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000380)={'batadv0\x00', <r9=>0x0})
sendmsg$BATADV_CMD_GET_GATEWAYS(r6, &(0x7f0000000440)={0x0, 0xa6, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="0107fc000000000000000a00060008000300", @ANYRES32=r9, @ANYBLOB], 0x1c}}, 0x0)
sendmsg$BATADV_CMD_SET_HARDIF(r5, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000480)={&(0x7f0000000640)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="000e2bbd7000fedbdf2310000700000000020000ffff08003c000100000083366e9f46236b8d4aaf19c917c58ba63f7ccb5d020b54af7d8ce769bcb2a2c3b350437b10722439df10164f1de2a105bbd9b55103618011feeb1abc9ff13d8dee72accde5b51abe087165e0141695fd6fcded680b7e4ef27b44c3b4a1d71089f76ca09c48eba2c15463a3288951b42cc8740dd205333ae97a059240dfd3564a"], 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x40054)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="160b00000000000000ce4bb60919ff8ef40d4d1fa480ba0000000000e6a78e81dc301a17e4cbe7e0b3d80099d4c3db7d1190d920ee0d1037d68a3bdff58b9644ab7a4f849870d8d57bf479abfb3793a0423431e5144addd0694d060000000000000081043a718d03fd0c096663961ca9a50982c86bb615a0306190077f5a22230ed4373df1046ebd12b344a4adb5928f88b8a9c7420a66ec5818c4e5a03eee7e61566dda6148a3bfe243a34a608d44f15ca9d7fb12d18c1c02cdf4e2bd07df04000000b0d2cf", @ANYRES16=r11, @ANYBLOB="010000000000000000004a00000008000300feffffff0e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x3c}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, 0x0, 0x0)
r12 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/pid\x00')
setns(r12, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
syz_open_procfs(0x0, &(0x7f0000000000)='maps\x00')
ioctl$NS_GET_USERNS(0xffffffffffffffff, 0xb701, 0x0)

943.600135ms ago: executing program 4 (id=1938):
r0 = socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000900)=@base={0x12, 0xff, 0x4, 0xfff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x48)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
syz_emit_ethernet(0x44a, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaa00aaaaaaaaaa0086dd60cb653e04143a00fe800000000000000000000000000000ff0200000000000000000000000000018600907800000000000000000000000000087db4265c9f6aa3b46521199ea778d105c24ac1fd5315e8b977edb940e63f49a7129f45462e5eecc39f468544e3c13aa9017ccd638e784912ef2c2589d0d45cf0ed4bbe90921800000077130c3818a2eaac43f1a6efc4f7772852ea05bff405aa28758ba53e0f2060e4e027f24bb723a5571d0da2ebeb3fe47f34e606cb3987e3681841f511126b773758e143f6be25d6965fcca35155fec3f970e2067f5db8a5de787eaf96b5957e6b988c02ae9fe26ec3118d9fdcca129d1269b290f687cde5b4eaba737c806335ca0d1e43697d144c6df4dc0d31e84004bc22e87b6e2daab5674479c76a1be360d309e7e7e5fa089032b331a3ceea18d92124681c0b78a0f1665ffcba0bee11950f6b4912bb302b3e648fad7ff4862ccc823e720fdb20af8ab0a6a09dfcdacf69923d60a0efeacf81e1e7e17db9547a4962bdec794c013af7210e54d43f3fe7da2f88c674f4cfd818f6a7461368bf62f1d5f98fd9394eb74bf0559f1c6b1ebec57dba007f143108ca4be3fa330cc21a411b0b7af23ebd9282be17fb702a5ca61650b283eec78e0280e4f2713b42bd4e3615c48c55c1abe5827601038109736f9c6b7242e7c9c917309397b864eedf5ca71db1debb609b6381b54955706017731319e0cc41083f99bd11da748b47d8715080899eb15caf19df36632b73bb22596b8e16186a2e51e277f8c78df609ca44a83914e8f7a8b053210573941b560ff8b114326678c6851c74596300b1c2a1ddc0af5b4cb5f15fa61e42214341368152275070973f3063f35fded9eeb535a0837783921dc2b705e0a0ceacca1882ff23813bc9199a9be39559c9f82a7452ce6113780cd7d26f532b72603afbfe994f5baf7257c9a33b9ac1ecd0b69da263daa9ac7e6a8d4400341926ed1f0c0e9086009c7945c0b255716f5b0dac45a9af480dc1f17beba2a2cddeafed29ecc91ce704895e28d0c46e639591c667a7f34500ea98ef557801dccf733fa61f3cf6740e40418745a42a738440ba9fc2ec415ba0fbf34800e6987b902302d552cf869eb350a9a862cd946f8285b03f03067dc9bae653dc701d97c7e6f7c1f0767624ac9e48b041c51697968b1e1733921270e569ac0b1ac7c25d00936ad05f14d67d3225d6a8cecd9fb63205ab14131e2e742977860e4a38ec056cda185aa357a059d0180056816a7902bdc0951253005099039bd945a6a4e525123cd4fcb8c5b335626464707fc21e92039b9190020eb9ef84c61cddede466a4c3ea2572927153997c33433ce9de0a7d2ed0b5fb0dce9cc6630bd0635a66be0cb490689169618184e896233d49b8f0e0717ae5d557333d54887ed8d983ee01091326af86e76583131104c66753efd58c32e499be23a05249b98e505c4c0237e2e70506fed29a33169d02b74ba5cbefad267e1107f4468e1144ece9656d35b88e405405fbb143"], 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newlink={0x50, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FWMARK={0x8, 0x14, 0x3}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @local}}]}}}]}, 0x50}, 0x1, 0xba01}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000", @ANYRES32, @ANYBLOB="00000000000010006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0xe6, &(0x7f0000000140)=""/230, 0x0, 0x8}, 0x90)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, 0x0, 0x0)
socket$inet(0x2, 0x0, 0x0)
unshare(0x40400)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x4, &(0x7f0000001540)=ANY=[@ANYBLOB="18020000e2ffffff00000000000000c685000000360000009500001800000000922ae83713ab9600010000801b10fb54a8cb72d232ad558c46fff4208d4990ec11ce9413ac30e00bd0081f8504e19a5183d769676520e98a263345e44d5ad12bca35510100c4d86abeb12303ff1c9fe0d0020000d60400000007d3670000008aff66d6b3181ffc1d62a3954c1198bbc4fa13aee48ca9e8969faebf3183fe803ab3f5024b52dc265b36fc9dae00a09404f01f9504d0976d252bd8d24538556e5e57bee3b8cf464ef3c6a7def8bad3ca6e3abdb21696e340bb8e2a093add57196b40def3858ef569147fa4108328392d322ab5df10a2f69a6bdf72ee7944e810d0223917c3d042410f57466f59544047d6d8ac44060000000000ee16c729300d2301800000000000002b5a8b05fcc154ad5290a8cdb97c343f454ff69dd6cbde49b28a6cb5f4fc0001745cff6e00e7ffffff0000acf3209a08439f1ff01779b6f6df7e02aa6d7760525b595fe1f697bc114ed1778e97a3f0395f946974cfb458be2a34cf924dc37b5592bf17956f3547497aba814382ff67b345b677a9d6523d87008000000400000000003fe8613ca29ff92be0d8deffff7b68136b0046d535dd39c0f35408869e9b342b953f91447e6b9eab304f134306320600a44095254b45a6c1312a13696c7202df5f764713504facc532c5a6d44d99ec7530ed7b0311000000000000e54e9072a22d911f4a2c2e2fa806e63c5cd98a8569a6d6bcfb000064885117e2ad910eae67e0ebe380d0f648713e68153579e02d71c58d147b00821ab9a6475b31e1ebf1369a04000000fbf3983f283f2f00000000992774814d63c933912d000006000000a66acb0a38856929e7d8b1b06c9bd5d7e5490f3b8596b694ea9483bd4bd287c83dd998a74694d18bdd8ad0983bc90770bbd26a82b9d99d5fc04563b523c47ef8c33400e90d02000000000000000edf1147a7afe772cd45af8aeffe2753088e02ca6bb2feec446ce7dbce66f0a93a03371320980865c7c62ea4d8f8a864dce9fa85aeb0454349100296ee2dba39c3f6fd6cf96714e11fe03b5062809a7418b165dd0336d226bac1e1223be1c97b15175d0e664beb126000e96549e1a1228c686edb475b705eaa9515c96f4fc6b3c925ea404e0f1de61026dc6c6618580fd6ce9eac602c1756f6d1056712412131ed9925989e01eae489ec7052e0ed72c326c7a8aa63999e2297c54ce1822d14b7c7699a9d0600f11f2e7f474cffbc35bc8623cd5eb68af82275a940be0400000000000000bcc3fbe7d90de96d6a8e9f32f18d1f606b381e4903b500000000000000000000004a2357ba5f6000de1cfa88b7165dcf4f2aaee86d4802000000000000008fdb686d5da2a42e4b5024b6535811f362201d4f82012e6af704973d04ea923c19e6cb723c1923b3eea2d73e176dff383c9fbbac53dfdcb1a68c98e96fe39eec23963faf3ebed3409144c7c53d6318ced678a621450a9b01e9f2772e5f2999d3435da02556e36c3215d2bd4e96c93bff3ad04a82ff3cfadcf65eb92adc6c68d66b11cb2d7556414a86dfa94bb7aa52c7febb1e9b2efcbbc5bccf9d39bed802f4f056976a9a362ee9cc624ec454b90200fd9603f96908bddc14500000000000000000000000000044d917c62b27679913075731e8fddb07c10c82002d60181588ae63a440454287de9e340f611267f37bdd0f2d21cb06fcaf45a0a297e396f428d43371424b307eef82c5d6d19f3ef0d3b8f7fa51957e3099caab31133b34a1d3eebc0f0c9056df2e9667ba0b55695c78d4010079b07e7aef7785e2486472b5cba1f3346c1e8e23deb8c82bb6eb2c72c484241dc3b66da78260f800fffd39368b952f6f4a10295c50c887a31d8b543c5d10f2dbd4d0b84eaad43feb6e169a9f2fcff7000000000000000000e011bc6366f56fa787f212c1f8c0f47f50b1e9b5d841ea55fe569bb7bf1e78191c8a02ad436725771738a2a98891971e3b932352896e1ea10f62e8ef7a87e16151b39d6c27575714540d8c293a3fa4b5a825360423c1cbc8b5d19167152823ed853140edda002c16c842b168bb55f6bb713deb57d0aa78d6d4e5fc5be2c402bd246128f41bcb02000000892b135a92e8c844938aa98ba4839a1408a696454d40e5eed4d4dce481ca86bfac54c330331b7f2cde17cbaeb0377696faf546ecbe742d73d47d726a50f6e752f3325255bd7e8b5923aa3cfb6f7e06494f21ca450139c558000000000000000000000800000000000000000075aa0000000000000000000000005560bd9eb81e839e4992e64b074a66cccccf00334fa94da8477be7d99b558ec6a5b1596ac1e7617c6b32eed0cc70286caf2c5189a103f4b0b04aff171c4d388ccf67fea37e782f025c04fe8ba975cf616c7134d6934e2594c853cde330a193a967d907a8c88fcb033e680f559a72150cb900bafcd536f48797915a2fe9922ce27300009e1b36aa4730117d9b00000000003c630000000000008fbbd11b015c415ca04192fbfb1a8b0e3460af35771dbac10062835c9bab3ad09f7a022c52d800000000000000000000400000000000000000000000007be52c0d05b4cd120400000000000000000000000000006ec473c54399b7b8aa1ee46132fc45da8292631178cecf19550108b8b8423de42957ffe9bb6d752e68d2bc2ce777a17bf4dfdfee5de0f3e4dadf51ab03d2165ccc9562827b762fa611ba5f32861c19dffe1dc9fd5c41cd46cf131fd6b0c2ddad90ac33f768f9ecc70327c59918fa5a249befe98262f53c8182d95f6da3698a6a88c2c31d801a8f1f5e0ce05138d5422da0a6a62b9dfe1f39775d1d0c9186096415f544aaf76b0a1c877a6c826a5adcfb22c4a0e5a46271caa3eaf4f389dd5f3c20dbddc0377a4266d7b9fd61b9287e9b4be0a413ee31be0ddecab0ef7b25cba1fb3654ddf291ecb7768ac1e177042cb4c452fa6b396695000000000080ffffff87da23d6855500fe8510b51e13a890e394b84a6ea2cc8d42b97c697c29122298d55e2e1cca8e07abda2606a3f381c64b9fec0000000a7965e4854e8e3572ad5149b3872342dea9252132860c9af1bd5fe263c0313dea5d6e0c11a466d6892ed65f34667dd79b07b5cbdd8aa7dd561a26b5562d4861a7e1b0f48930e0b696ea3bee7eb72794e163d7aeac9a0fa5403ac9cb421eae283b0550f1d0d339cd7b96e71d3ab48ad9d7975e0c9b117f71d3ab80a0c9b0284ecc469fa6181c9c71fce07a6ffb23296a107763138e8d9876291af2076890c47925ac773d95d2ca42acb3e5f3a1550665b898462c139ffd0106bc8a61b6117d252efcab7106b4c3a3c13a70ff452e9d2096142c517b0e91b5cf88332faca5b3ee96363065c3ce32d3d39ec36e20d597e05664f2526bd918090649da11f7299789d00f5024df1e99d3efecb9b457642fe810370ba4fbe00fa60a28af966a27a1659e448bbe43a1dcd2ea760018b57a36ac41ef2051a7b703d55c0602540663016e20d50385766df4dac47802a55bd38dd767ee9960c6daa704fc5d01a1459134d1b9edfde3be9e25a110228c64253588ff420644dbc0854e69a7bdda72f93ceaccf92cfe7dd6296c950db10f6dd8a5ef9b73cf6a12a1ba16fdc7e35b805f4fd2fcff0a623722149c1465e4de2d53f0f10b14c21865027abc71a12cb1e9f8029c7a20000000eeb0d53a83e518c8d2052c08b515d9d0bde24ac4e798040c7db0bb03c019507d6377f3d5dd94a27abc6d6b120d61f772407e0d2cb50d29168b68aef9f176b4c3aa8b21279d4ea9c1f669aa8c2c17d5b3a8d1dda58d26f1019af04b7774c85d5bce8be010f27c5211938031c3404680b01279c778bd1fe1b48c4b5b8e0fe756e54a8d76b7cec5e3407d93b4eadc446440607de844acf5524a4657e33af2115547b735b57b5092d0bc8fa6acb832509abe0882d570ce400aaebd7baff88526608d6991aac95751671174129457e4a03aca69d82b64b89e6ad6ed1e275ec5002e48170e4c7b4f3971481098dedb88fba90770e44bf404d5a97fefe2fe8e459fe45933b78c7ab5fe985a480193a20fb07da1455fb283df68af569ac82aa6dc703e29bf158931fb79f2abfa6ff7eb8c4f381c9da58bea460e2ead969933e5391970ca4fddd64da2e5df9c4d82044068caaaab771b37bb06bbe673056d849825525f1120b2250fc48520381f7a74b1c687781cb6b23e67b918844b83dbaeeb559ec8520d710dd6d6b4e64838bd434a36ed03fc0c488b24571032ffbc9f8ce97041e1bc4729d539358dc9599c1266b9ce2cb6dd0ad57a6e9d3d4a11a27f70b2934c96237e2ba09c58eeda678d4d08b6da99b7a86e946215afb1b48792fde54492e306cb5342e2589874b603a1de972b1f09cc350096f5c3e814118af9ba0793cfdf20c77b34eacfdf63ce59ec4d2f867bf884e941559b068d908325667672b5e1cf71f4829c0493e8b141489ed926b822becead7a0a2b4a4c008ab16b616d60f347e4da54f06443507efe57ea62399ef4eb11b2f559e1b056456a53998bf1c6d13c92e75136147f91aecf020000eb1b51bf700b3c0bf54bc3745ff313c5e75dc66386897f6ee45429371b8d0878c442ad2fe9baf85c1390da13efc353ccbef950c29f39ddf436f0d9bf1be1515ed251d8b6f11ecb16b1e8d1ed04196e9b6c2f9e068b7749bb6c1f533e493f22c901662c65cb761dc2eeff2f698bd4dbae83e2dfdc4f1c7f918a00515c1bc189d10ec22b35c92725cbf0ba244fd029c4f026f68e000000060000ab0476c3fd7f7c1e5c000000000000000000000011e43e39d3f4394fbfa13c416b1c443c5e52eea726491ad75100ebad7c6d5a665c59a3fb158e43da904f19e7e8daa4e90390b8da945f6cd78536c0d2be07221f85ad46b180f256d4d84592811d15d65896b66b63a46705338b67b72dc1c3075fcdc5cbffb0366151632ba5be8ae815dfea9fadfd31c473a24a73d3e5116c3023b3563c72d26fbd59877132bde5ca4ef8d92fd3613c768b35223f6fd0b5e9a8b98cccf1e2b4612e620e3a159d6365c9045aaa826aa0ee6d26cf0397ce674c20824584b464ebdc2f3ea26a7aec4570b242a6677a4e9187f8591c3a9bdc14a31ae7c034bb19da845de69d1300e4a8b6e345c2e31cdf127f77102ef0e576ed1ff4133599882c14943558737da0ed246603d768933b36d8f8df3add2e17ce644347c419a7795b6308d4455dc680be6ee2ee7fae761292d67249baedbd6c03ec95dc0966ccdb319aaa9f8a35b24cc7b7c9c47934a261aeff831dc52d9e54fe0d54641b413298432427eaba265f3ecbffbd3b8465f1acf2073edb06f65241744909ead745c68b260803e7369beabb2740e55e48450c9c3399cb70434463"], &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001380)={r5, 0xfe, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd48175dc, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x38, 0x0}}, 0x10)
mkdir(&(0x7f0000001300)='./file0\x00', 0xa8)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
fchdir(r6)
creat(&(0x7f0000002000)='./file3aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, 0x0, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r7, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x200, 0x70bd27, 0x25dfdbfc, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
sendto$inet6(r7, &(0x7f0000000000)="eb", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

874.968686ms ago: executing program 0 (id=1939):
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000318616f60000000000"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440)={<r1=>0xffffffffffffffff}, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000000)={0x13, 0x10, 0x7, {0x0, r1}}, 0x18)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
sendmmsg$inet_sctp(r2, 0x0, 0x0, 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0))
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r3)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r4 = inotify_init1(0x0)
fcntl$setown(r4, 0x8, 0xffffffffffffffff)
fcntl$getownex(r4, 0x10, &(0x7f0000000140)={0x0, <r5=>0x0})
r6 = syz_open_procfs(r5, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r6, 0x4004662b, &(0x7f0000000180)={@desc={0x1, 0x2000000, @desc3}})

652.991312ms ago: executing program 0 (id=1940):
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0xffd8)
mkdir(0x0, 0x0)
chdir(0x0)
open(&(0x7f0000000040)='./file0\x00', 0x40c5, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file2\x00', 0x10001, 0x85)
socket$caif_stream(0x25, 0x1, 0x1)
r2 = socket$inet6(0xa, 0x3, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x10, &(0x7f0000000000), 0x4)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x0, 0x1)
r3 = open(&(0x7f0000000040)='./file2\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000000300), 0x0, 0x0)
r4 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_DQBUF(r4, 0xc0585611, &(0x7f0000000140)=@mmap={0x0, 0x9, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "d3f61e4a"}, 0x0, 0x1, {}, 0x4})
ioctl$BTRFS_IOC_DEFRAG(r3, 0x4c00, 0x3)
r5 = socket$nl_route(0x10, 0x3, 0x0)
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080), 0x8101, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0x14, 0x30, 0x871a15abc695fa3d}, 0x14}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000300)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @private, @loopback}, '\b\x00\x00\x00\x00\x00 \x00'}}}}}, 0x0)

48.631677ms ago: executing program 2 (id=1941):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
syz_emit_ethernet(0x3a, &(0x7f0000000240)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x6, 0x0, 0x0, 0x0, 0x0, {[@mss={0x2, 0x4}]}}}}}}}, 0x0)

14.77042ms ago: executing program 4 (id=1942):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=@newlink={0x40, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_IKEY={0x8, 0x4, 0xffff}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x40}}, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
set_mempolicy(0x3, &(0x7f0000000040)=0x9, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'bridge0\x00', <r4=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}]}}}]}, 0x40}}, 0x20044040)
syz_usb_connect(0x0, 0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000e8445a40ca0735a8fa21000000010902120001000060000904"], 0x0)
syz_usb_connect(0x0, 0x3d, &(0x7f0000001540)={{0x12, 0x1, 0x0, 0xd3, 0xc4, 0xad, 0x8, 0xf11, 0x1031, 0x7c0c, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0xff, 0xff, 0xff, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x7, 0x5, "8c9be78b85"}]}}, {{0x9, 0x5, 0x3}}]}}]}}]}}, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r5, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r6 = socket$inet6(0xa, 0x3, 0x84)
setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000100)={{{@in=@multicast2, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@mcast2, 0x0, 0x32}, 0x0, @in=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
syz_open_dev$mouse(0x0, 0x0, 0x0)
dup(0xffffffffffffffff)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write(r7, &(0x7f0000000000)="3f000000010040", 0x7)
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, 0x0)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
shmget$private(0x0, 0x2000, 0x100, &(0x7f0000002000/0x2000)=nil)
mmap(&(0x7f000097a000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

0s ago: executing program 0 (id=1943):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
io_uring_setup(0x497c, &(0x7f00000001c0)={0x0, 0x0, 0x2000, 0x0, 0x21f})
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000a80)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8}, 0x1c, &(0x7f0000000100)}}], 0x1, 0x0)
shutdown(0xffffffffffffffff, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, &(0x7f0000000340)=ANY=[@ANYBLOB="0000010040c3f2be96f36c88a50bc51cc1e42968f148337dedb747e6c68f6541a3387929b2"], 0x9)
creat(0x0, 0x1de)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000980)={0x23b, 0x7d, 0x0, {{0x500, 0xfa, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x04nodev{cvfox%\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x12, '\xcf\xab\x00\x10\x00\x00\x00\x16\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x5e, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x9d,;\x9e\x1dR\xc3\xd6\xda\x9b\xf6\x99\xfa\x88\xda\xcel\xde{\xa4\xa4\x00\xb4\xb0\xb4\xdb\xf6\xc6\x9ai\xd0\x17\xce\xc4Y\x06\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1a'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x23b)
writev(0xffffffffffffffff, &(0x7f0000003480)=[{0x0}, {&(0x7f00000034c0)="50bdc2efb8d0fecba7b9f07a11d112390f893112a87c4a10d97d6bd1cab082d5766613a937e7a6767af05b68c4338a3c306fec8bb9b83d8f28a04683cbd386d1d8e427b02d3ff427a0569c1682e4dcc4aa4757a01f0ec405b764df476ddc99387f04b96c82a87b3945b849965bf6320d38c85cbe36014658c0df25ec9415a444d6be387de48cac69f15b6b1d45c0f8e62b54f0ca13368cae0645969feb781db89a70463e42d3197672063faab45c46b5c3e621282991cdde50f9af1a12760812b23b29dd4fffe2a0cb4474e9fafdaf2083280a3be1f0a57329a984d2ef5e62186ac555a55e8a273c0834f2da14f0b8b6242a12cc1af203bc142cef6c0048d3e56fcb85e0deef0fa9f3c18f9a7c04caae4d57d3d4b139660a533aa9e25045e93e1be2261e166c6b7ac7855446fb863c0e6ef7c8137202ee7c52450c78c89d8a7aa278b5511e9b769209ac0747084b9c553150d8a6f060153252b4c5fe69a0ab271f85b7400358206e9d220b0065b3f94657afb4bf982e641cbe07c8f3e92b17e7e2c49174fd3bd89719d465f6de1708e1e25ad6185203cd51b939d485865504efc571ecc5915767c3b0dbd097e80c38532d7a322e48fab7a6811816d6247a644864248d635bd61b46ab09bfcebf86e06c08fb112d072365afa6bf1292f540586e16bc640f031c740a04bf61df1aa00b99ff99a49c73d5dffd1523c6d5c2d028ce3577110f15447cd87914a5534f45d9e69a8e51bfdf343f70c7c4a5ccbc62b4ad632d48f93a38361907ed686b76cda7ed98df7f04d881712280db912133fbbcef41e918e6cda8a1b25da503721e13bad3dee199f9357260c4aa7ebe23ec5c13ed13f33f9176ef2cbdec432fd6d07cdabbb051985fbd4d69f9eb09f3d6b1e78870ac6a59eba73fa5df0d1a708d2673684856cf504a2d3bcb0038605831c965e8e0c6090a0457462a6ea7564f57696219af371c120cd4565d1e278f233d738245b758e6e6b4d7c434fc5ecaaf72cc57889d10c1e2c465a12fdb25d0f653e464cab62a4179f5bab38c560a12dd5852ed2684c30787774690cb7b4f9b5f4c573759a60946d7e6708d4c520354cd7b310986ecb5569f3ba1e322ccd2282fb8ca57588b21c46ca0bfc1d50bb43cada0ca6c8337d66e6829eadfab60c38bbf58cad9e611b3ed84dd8f00be795673b5a611ebb1e11a54b533d9d064b5df4d1203bbf1f82a9f63c178e9441b538539193b28b70a6045e6c8f1cbddf97ff79525801bb9bbf59ed76fafcc29c8317f3f50ef5cedf5f767747ecbee95bbf7251a92382ab1ee0ac10c206ee6a4cdd4ac3fa8607c66ba19309fb0fb646c787d226d55b9f8158a3835ee5d1565f5c4fb41339088f06cc89c670da67fe33ce1f20327bd989de43e6a62a135e0ff3d3949b08bc6d46aec46ad100059cbf987054690de9764ad56dcecf5afcd19cfad537b571f324858908b86213b7420e12733cd6a192bf1f69651ea1043b9fb12bc29ced691f7ee3eaac4618732f173c424707bcac7cea3e023da9af43a7e6c465feab01f246adaf8d573e5aa578af8b36ffdd39c1d48787739bae6582b63cb7755a9ddca85a0614994d793b8f023a0ad28b5e2172a06d59ddd646e8e8de0022902f6016d60019c4ec2a753d41ddc47303d4b490c116083eb19dc36e0805b4b748f47189d288db04be485cceb5a0656e0466877526b6395bc9053cd0d703127eb912964c052442535d2d03b89cd4e1a63ceefaf043509416f79dc7507c0f84dbe881bee0d73b4e40c062d953ab2eb631bca3d71aa08bc903953cc0cb71b04b11123f5ac9ce03501c7c706130808bba16f2ccc7b0b7a5da5ca9e48e46d08f04be516249298198cf8487e3361abf2071f9d41974e9ecde5db520960eea20028ab27517b7a8ea820209107a79da17bb2c4fd11da3a4b7f71c211517c7c2c823efa85ffc100286a987a81fd266f3df86704af9a227b06f93d6ab9a220f9572591e2628233691ec5cbd04220143bdcf6b7cae2d562b98c2db8cb7534d4774159fb6b47efb7a2bcc2b8726f9dfbf68b96b3341cd9452765af2c48a2430f242facd2ef9bfb99edb16ba68c4cc7f098b4d561fc04e51121fae6d25fdff1c86e13f97c1b432c006eef5424662f657143ea858ce7e3797f40089facdf96fa10eea15a20d107e89eeab1526939f6f46cfdac6717691d8aa01819f1992d1652ff3b02661e209633270dae9b024e11933ab0f11487d488c60927ba56b12add87e89503e1d2075cd68b48da65a150c798b671effccb21332c980b59250cce776df49d4d6e958172508d325a7dc7ca539dd89db8a0a22022b9cd2b1a545c8e10d3e836b2f7f379c1d868f90dfde77c157d03a72c49985607d2fdfe31ec68acf31dba08755a63fe2acc8682ddf707b1a1e81a7fb1cc51aedb44c354bf053a2fac29845322ef612b89c5b70fac061075dd7ad7c715534d801850deb118b7414369b0357e2694d88bfffae67e82fc82202286459c8cef40ad588f750c7f50d8107f0c9c51c345d101772b921d69954ff8c41bc6fc49a8b101176f60f15515e726c94ac27a6ddd8f03fb47ef616b5d17cf00e78d8909518082ef86e32c42b8dd72c8ee084171ea61465ca3b4169b6e3abd300a1c2247ee45eed29948355096f6dba394a56d8df4addd4529d834ec8f27d4957d81fca5091004ad3ecc98acb72392689b8145a5a9ec8736464c6544a64ca40c44359429b91690bb592707c6f3d93a85766ca6a754f5bfa8824d8ca6510df9b39abb5c84281f61100507d2014eba19031e654601f0c7d7ae9c45ebbe587fbc2dd299c14c8af310c5ac41be08ea71ca18fe732eeca736af024bbafc77e38883647dec12", 0x7f0}], 0x2)
r1 = syz_open_dev$video(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_QUERYCTRL(r1, 0xc0445624, &(0x7f00000000c0)={0x8000001, 0x0, "679c51ecbc83d1e22e845e3ede57135adc714d432546da16827000"})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00'}, 0x10)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f00000010c0)={0x84, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x4e, &(0x7f0000000000)=0x1, 0x4)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0xfffe, 0x0, @loopback={0x0, 0xa8aaaafffeaaaa1e}}, 0x1c)
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f00000002c0)={0x34, &(0x7f0000000500)={0x0, 0x0, 0x2, "ef26"}, &(0x7f00000001c0)={0x0, 0xa, 0x1}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f00000007c0)={0x44, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x2000006, 0x10, r3, 0xffffe000)

kernel console output (not intermixed with test programs):

5130] usb 2-1: New USB device found, idVendor=07ca, idProduct=a835, bcdDevice=21.fa
[  393.133899][ T5130] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  393.161326][ T5130] usb 2-1: config 0 descriptor??
[  393.209806][ T9412] batman_adv: batadv0: Adding interface: batadv_slave_1
[  393.224315][ T9412] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  393.250346][    C0] vkms_vblank_simulate: vblank timer overrun
[  393.307237][ T9412] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  393.412478][ T9551] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  393.460320][ T5080] Bluetooth: hci4: SCO packet for unknown connection handle 0
[  393.517368][ T9551] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  393.606142][ T5130] usb 2-1: string descriptor 0 read error: -71
[  393.671881][ T5130] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  393.696992][ T5130] dvb_usb_af9035 2-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[  393.714047][ T5797] hsr_slave_0: left promiscuous mode
[  393.733644][ T5797] hsr_slave_1: left promiscuous mode
[  393.739728][ T5130] usb 2-1: USB disconnect, device number 13
[  393.761962][ T5797] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  393.772858][ T5797] batman_adv: batadv0: Removing interface: batadv_slave_0
[  393.789315][ T5126] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  393.836662][ T5797] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  393.863864][ T5797] batman_adv: batadv0: Removing interface: batadv_slave_1
[  393.927010][ T5797] veth1_macvtap: left promiscuous mode
[  393.965740][ T5797] veth0_macvtap: left promiscuous mode
[  393.972842][ T5797] veth1_vlan: left promiscuous mode
[  393.979699][ T5126] usb 3-1: Using ep0 maxpacket: 32
[  393.986569][ T5797] veth0_vlan: left promiscuous mode
[  393.993372][ T5126] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  394.014060][ T5126] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  394.036618][ T5126] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  394.067175][ T5126] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  394.097957][ T5126] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  394.107875][ T5126] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  394.132866][ T5126] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  394.148132][ T5126] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  394.162452][ T5126] usb 3-1: Product: syz
[  394.169897][ T5126] usb 3-1: Manufacturer: syz
[  394.187136][ T5126] usb 3-1: SerialNumber: syz
[  394.426091][ T5126] cdc_ncm 3-1:1.0: bind() failure
[  394.483679][ T5126] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  394.513764][ T5126] cdc_ncm 3-1:1.1: bind() failure
[  394.537438][ T5126] usb 3-1: USB disconnect, device number 27
[  394.959948][ T5797] team0 (unregistering): Port device team_slave_1 removed
[  395.065494][ T5797] team0 (unregistering): Port device team_slave_0 removed
[  395.592298][ T1801] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  395.664334][ T9412] hsr_slave_0: entered promiscuous mode
[  395.674737][ T9412] hsr_slave_1: entered promiscuous mode
[  395.788571][ T1801] usb 1-1: Using ep0 maxpacket: 8
[  395.820389][ T1801] usb 1-1: config 0 has an invalid interface number: 125 but max is 3
[  395.839188][ T1801] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  395.853901][ T1801] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 4
[  395.864226][ T1801] usb 1-1: config 0 has no interface number 0
[  395.883688][ T1801] usb 1-1: config 0 interface 125 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  395.900039][ T1801] usb 1-1: config 0 interface 125 has no altsetting 0
[  395.924545][ T1801] usb 1-1: string descriptor 0 read error: -22
[  395.966105][ T1801] usb 1-1: Dual-Role OTG device on HNP port
[  395.982499][ T1801] usb 1-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd
[  396.008643][ T1801] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  396.083357][ T1801] usb 1-1: config 0 descriptor??
[  396.113471][ T1801] hub 1-1:0.125: bad descriptor, ignoring hub
[  396.131196][ T1801] hub 1-1:0.125: probe with driver hub failed with error -5
[  396.142687][ T9607] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1049'.
[  396.145096][ T1801] usb 1-1: Found UVC 15.ff device <unnamed> (17dc:0202)
[  396.159528][ T1801] usb 1-1: No valid video chain found.
[  396.563396][ T9310] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  396.587627][ T9310] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  396.707551][ T9310] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  396.737825][ T9310] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  396.811777][ T9600] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  396.838429][ T9600] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  397.171340][ T9310] 8021q: adding VLAN 0 to HW filter on device bond0
[  397.205949][ T9310] 8021q: adding VLAN 0 to HW filter on device team0
[  397.219798][ T1801] bridge0: port 1(bridge_slave_0) entered blocking state
[  397.227035][ T1801] bridge0: port 1(bridge_slave_0) entered forwarding state
[  397.336708][ T5079] bridge0: port 2(bridge_slave_1) entered blocking state
[  397.343988][ T5079] bridge0: port 2(bridge_slave_1) entered forwarding state
[  397.416367][ T9310] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  397.429693][ T9310] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  397.565524][ T5080] Bluetooth: hci2: SCO packet for unknown connection handle 0
[  397.786978][ T9412] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  397.953340][ T9412] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  397.992566][ T9412] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  398.018672][ T9638] netlink: 'syz.1.1054': attribute type 1 has an invalid length.
[  398.098728][ T9412] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  398.220668][ T9310] 8021q: adding VLAN 0 to HW filter on device batadv0
[  398.445108][ T9310] veth0_vlan: entered promiscuous mode
[  398.450428][ T1801] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  398.484666][ T9310] veth1_vlan: entered promiscuous mode
[  398.557808][ T9310] veth0_macvtap: entered promiscuous mode
[  398.576956][ T9412] 8021q: adding VLAN 0 to HW filter on device bond0
[  398.597019][ T9310] veth1_macvtap: entered promiscuous mode
[  398.651372][ T9310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  398.665426][ T9310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  398.670866][ T1801] usb 2-1: New USB device found, idVendor=07ca, idProduct=a835, bcdDevice=21.fa
[  398.687410][ T9310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  398.697482][ T1801] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  398.698168][ T5134] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  398.716419][ T9310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  398.727012][ T9310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  398.738308][ T9310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  398.740955][ T1801] usb 2-1: config 0 descriptor??
[  398.755666][ T9310] batman_adv: batadv0: Interface activated: batadv_slave_0
[  398.777386][ T9412] 8021q: adding VLAN 0 to HW filter on device team0
[  398.792266][ T9310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  398.810190][ T9310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  398.830458][ T9310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  398.844852][ T9310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  398.857709][ T9310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  398.874977][ T9310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  398.887422][ T9310] batman_adv: batadv0: Interface activated: batadv_slave_1
[  398.919609][ T5125] bridge0: port 1(bridge_slave_0) entered blocking state
[  398.926839][ T5125] bridge0: port 1(bridge_slave_0) entered forwarding state
[  398.934648][ T5134] usb 3-1: Using ep0 maxpacket: 32
[  398.946632][ T5134] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  398.961969][ T5134] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  398.975433][ T9638] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  398.979959][ T9310] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  398.995550][ T5134] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  399.007494][ T5134] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  399.022168][ T9638] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  399.032959][ T9310] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  399.046063][ T5134] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  399.063542][ T9310] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  399.077085][ T1801] usb 2-1: string descriptor 0 read error: -71
[  399.079734][ T5134] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  399.093271][ T9310] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  399.098520][ T1801] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  399.122964][ T1801] dvb_usb_af9035 2-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[  399.123415][ T5134] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  399.159608][  T784] bridge0: port 2(bridge_slave_1) entered blocking state
[  399.161766][ T1801] usb 2-1: USB disconnect, device number 14
[  399.166839][  T784] bridge0: port 2(bridge_slave_1) entered forwarding state
[  399.193561][ T5134] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  399.204154][ T5134] usb 3-1: Product: syz
[  399.211000][ T5134] usb 3-1: Manufacturer: syz
[  399.215813][ T5134] usb 3-1: SerialNumber: syz
[  399.437055][ T5134] cdc_ncm 3-1:1.0: bind() failure
[  399.461274][  T130] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  399.476947][ T5134] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  399.498689][  T130] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  399.508534][ T5134] cdc_ncm 3-1:1.1: bind() failure
[  399.538193][  T784] usb 1-1: USB disconnect, device number 15
[  399.558382][ T5134] usb 3-1: USB disconnect, device number 28
[  399.643961][  T130] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  399.700967][  T130] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  399.974368][ T9684] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1059'.
[  400.163316][ T9412] 8021q: adding VLAN 0 to HW filter on device batadv0
[  401.044614][ T5080] Bluetooth: hci2: SCO packet for unknown connection handle 0
[  401.074479][ T9724] qrtr: Invalid version 48
[  401.193670][ T9412] veth0_vlan: entered promiscuous mode
[  401.206521][ T9724] ip6t_srh: unknown srh match flags  4000
[  401.235169][ T9412] veth1_vlan: entered promiscuous mode
[  401.312504][ T9412] veth0_macvtap: entered promiscuous mode
[  401.363923][ T9412] veth1_macvtap: entered promiscuous mode
[  401.484724][ T9412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  401.524250][ T9412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  401.566226][ T9412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  401.613639][ T9412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  401.645055][ T9412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  401.671792][ T9412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  401.695479][ T9412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  401.707745][ T9412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  401.744479][ T9412] batman_adv: batadv0: Interface activated: batadv_slave_0
[  401.800607][  T784] usb 4-1: new full-speed USB device number 23 using dummy_hcd
[  401.811973][ T9412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  401.896784][ T9412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  401.917550][ T9412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  401.933429][ T9412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  401.959236][ T9412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  401.995136][ T9412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  402.008660][ T9412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  402.027812][ T9412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  402.045831][  T784] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  402.089740][ T9412] batman_adv: batadv0: Interface activated: batadv_slave_1
[  402.097082][  T784] usb 4-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  402.151392][  T784] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  402.172364][ T9750] netlink: 'syz.1.1067': attribute type 1 has an invalid length.
[  402.184942][  T784] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  402.201075][  T784] usb 4-1: SerialNumber: syz
[  402.231716][  T784] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  402.273787][  T784] usb-storage 4-1:1.0: USB Mass Storage device detected
[  402.289489][ T9412] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  402.300942][ T9412] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  402.309951][ T9412] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  402.322182][ T9412] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  402.332994][  T784] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  402.408206][ T5125] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  402.444946][ T9732] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  402.489803][ T9732] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  402.503793][ T1801] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  402.572227][ T9772] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1070'.
[  402.615263][  T784] usb 4-1: USB disconnect, device number 23
[  402.632144][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  402.645996][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  402.665411][ T5125] usb 2-1: New USB device found, idVendor=07ca, idProduct=a835, bcdDevice=21.fa
[  402.697963][ T5125] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  402.723339][ T2464] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  402.734052][ T2464] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  402.744087][ T1801] usb 3-1: Using ep0 maxpacket: 32
[  402.750842][ T5125] usb 2-1: config 0 descriptor??
[  402.777606][ T1801] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  402.807759][ T1801] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  402.828323][ T1801] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  402.859950][ T1801] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  402.882732][ T1801] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  402.901644][ T1801] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  402.925854][ T1801] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  402.958170][ T1801] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  402.980238][ T1801] usb 3-1: Product: syz
[  402.984468][ T1801] usb 3-1: Manufacturer: syz
[  403.002382][ T9750] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  403.019981][ T1801] usb 3-1: SerialNumber: syz
[  403.055397][ T9750] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  403.124908][ T5125] usb 2-1: string descriptor 0 read error: -71
[  403.151923][ T5125] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  403.172650][ T5125] dvb_usb_af9035 2-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[  403.212696][ T5125] usb 2-1: USB disconnect, device number 15
[  403.235779][ T1801] cdc_ncm 3-1:1.0: bind() failure
[  403.267010][ T1801] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  403.298312][ T1801] cdc_ncm 3-1:1.1: bind() failure
[  403.350359][ T1801] usb 3-1: USB disconnect, device number 29
[  404.268296][ T1801] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  404.307347][ T5080] Bluetooth: hci4: SCO packet for unknown connection handle 0
[  404.800228][ T1801] usb 3-1: Using ep0 maxpacket: 8
[  404.832007][ T1801] usb 3-1: config 0 has an invalid interface number: 125 but max is 3
[  404.845902][ T1801] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  404.892000][ T1801] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 4
[  404.912197][ T1801] usb 3-1: config 0 has no interface number 0
[  404.924709][ T1801] usb 3-1: config 0 interface 125 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  404.958666][ T1801] usb 3-1: config 0 interface 125 has no altsetting 0
[  404.977500][ T1801] usb 3-1: string descriptor 0 read error: -22
[  404.988423][ T1801] usb 3-1: Dual-Role OTG device on HNP port
[  404.995749][ T1801] usb 3-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd
[  405.089500][ T1801] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  405.137563][ T1801] usb 3-1: config 0 descriptor??
[  405.167550][ T1801] hub 3-1:0.125: bad descriptor, ignoring hub
[  405.183509][ T9831] qrtr: Invalid version 48
[  405.195532][ T1801] hub 3-1:0.125: probe with driver hub failed with error -5
[  405.213913][ T1801] usb 3-1: Found UVC 15.ff device <unnamed> (17dc:0202)
[  405.224664][ T1801] usb 3-1: No valid video chain found.
[  405.290798][ T9831] ip6t_srh: unknown srh match flags  4000
[  405.427243][ T9810] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  405.478952][ T9810] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  405.684447][ T9847] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1081'.
[  406.428444][ T1801] usb 5-1: new full-speed USB device number 18 using dummy_hcd
[  406.588141][ T5079] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  406.650323][ T1801] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  406.676493][ T1801] usb 5-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  406.699517][ T1801] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  406.736779][ T1801] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  406.745157][ T1801] usb 5-1: SerialNumber: syz
[  406.754395][ T1801] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22
[  406.768617][ T1801] usb-storage 5-1:1.0: USB Mass Storage device detected
[  406.786475][ T1801] usb-storage 5-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  406.794483][ T5079] usb 4-1: Using ep0 maxpacket: 32
[  406.832991][ T5079] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  406.969860][ T5079] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  406.982447][ T9851] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  407.012644][ T9851] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  407.052881][ T5079] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  407.079692][ T5079] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  407.112453][ T5079] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  407.143233][ T5079] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  407.170040][ T5079] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  407.181660][   T50] usb 5-1: USB disconnect, device number 18
[  407.199678][ T5079] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  407.234746][ T5079] usb 4-1: Product: syz
[  407.252712][ T5079] usb 4-1: Manufacturer: syz
[  407.272677][ T5079] usb 4-1: SerialNumber: syz
[  407.463777][ T5130] usb 3-1: USB disconnect, device number 30
[  407.492680][ T9872] netlink: 1688 bytes leftover after parsing attributes in process `syz.3.1086'.
[  407.570310][ T5079] cdc_ncm 4-1:1.0: bind() failure
[  407.635731][ T5079] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  407.678138][ T5079] cdc_ncm 4-1:1.1: bind() failure
[  407.704464][ T5079] usb 4-1: USB disconnect, device number 24
[  408.525378][ T5080] Bluetooth: hci4: SCO packet for unknown connection handle 0
[  408.944971][ T5080] Bluetooth: hci2: SCO packet for unknown connection handle 0
[  409.072465][ T9935] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1095'.
[  409.122006][ T9940] qrtr: Invalid version 48
[  409.170482][ T9940] ip6t_srh: unknown srh match flags  4000
[  410.229640][ T1801] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  410.421428][ T5079] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  410.478358][ T1801] usb 4-1: Using ep0 maxpacket: 8
[  410.504972][ T1801] usb 4-1: config 0 has an invalid interface number: 125 but max is 3
[  410.530939][ T1801] usb 4-1: config 0 has an invalid interface number: 37 but max is 3
[  410.539784][ T1801] usb 4-1: config 0 has an invalid interface number: 162 but max is 3
[  410.569559][ T5130] usb 1-1: new full-speed USB device number 16 using dummy_hcd
[  410.585282][ T1801] usb 4-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config
[  410.605395][ T1801] usb 4-1: config 0 has 3 interfaces, different from the descriptor's value: 4
[  410.671464][ T1801] usb 4-1: config 0 has no interface number 0
[  410.691483][ T1801] usb 4-1: config 0 has no interface number 1
[  410.698618][ T5079] usb 5-1: Using ep0 maxpacket: 32
[  410.706117][ T1801] usb 4-1: config 0 has no interface number 2
[  410.722941][ T1801] usb 4-1: config 0 interface 125 altsetting 2 endpoint 0x5 has invalid maxpacket 1023, setting to 64
[  410.734862][ T1801] usb 4-1: config 0 interface 125 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  410.748384][ T5079] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  410.759554][ T1801] usb 4-1: config 0 interface 37 altsetting 5 has a duplicate endpoint with address 0xE, skipping
[  410.771264][ T5130] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  410.771762][ T5079] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  410.795545][ T1801] usb 4-1: config 0 interface 37 altsetting 5 has a duplicate endpoint with address 0xB, skipping
[  410.813235][ T1801] usb 4-1: config 0 interface 37 altsetting 5 bulk endpoint 0x3 has invalid maxpacket 16
[  410.833902][ T5079] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  410.843110][ T5130] usb 1-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  410.854727][ T1801] usb 4-1: config 0 interface 37 altsetting 5 endpoint 0x1 has invalid maxpacket 512, setting to 64
[  410.868985][ T5130] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  410.883280][ T5079] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  410.883285][ T5130] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  410.883315][ T5079] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  410.929545][ T5130] usb 1-1: SerialNumber: syz
[  410.935741][ T1801] usb 4-1: config 0 interface 162 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 10
[  410.959964][ T1801] usb 4-1: config 0 interface 125 has no altsetting 0
[  410.961767][ T5130] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[  410.967206][ T5079] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  410.996894][ T1801] usb 4-1: config 0 interface 37 has no altsetting 0
[  411.039223][ T1801] usb 4-1: config 0 interface 162 has no altsetting 0
[  411.042638][ T5130] usb-storage 1-1:1.0: USB Mass Storage device detected
[  411.076497][ T1801] usb 4-1: string descriptor 0 read error: -22
[  411.084263][ T1801] usb 4-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd
[  411.094006][ T5079] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  411.103514][ T5079] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  411.112399][ T1801] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  411.120671][ T5079] usb 5-1: Product: syz
[  411.125361][ T5079] usb 5-1: Manufacturer: syz
[  411.138189][ T5079] usb 5-1: SerialNumber: syz
[  411.184628][ T1801] usb 4-1: config 0 descriptor??
[  411.185591][ T9950] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  411.200483][ T1801] hub 4-1:0.125: bad descriptor, ignoring hub
[  411.206675][ T1801] hub 4-1:0.125: probe with driver hub failed with error -5
[  411.215703][ T1801] usb 4-1: Found UVC 15.ff device <unnamed> (17dc:0202)
[  411.224615][ T1801] usb 4-1: No valid video chain found.
[  411.234605][ T1801] hub 4-1:0.37: bad descriptor, ignoring hub
[  411.243125][ T1801] hub 4-1:0.37: probe with driver hub failed with error -5
[  411.244359][ T5130] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  411.261762][ T1801] hub 4-1:0.162: bad descriptor, ignoring hub
[  411.282805][ T1801] hub 4-1:0.162: probe with driver hub failed with error -5
[  411.298485][ T9950] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  411.380374][ T9954] netlink: 1688 bytes leftover after parsing attributes in process `syz.4.1101'.
[  411.419595][ T5079] cdc_ncm 5-1:1.0: bind() failure
[  411.441753][ T5130] usb 1-1: USB disconnect, device number 16
[  411.451369][ T5079] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  411.459001][ T9948] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  411.480847][ T5079] cdc_ncm 5-1:1.1: bind() failure
[  411.513014][ T9948] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  411.564964][ T5079] usb 5-1: USB disconnect, device number 19
[  411.820272][ T5092] Bluetooth: hci2: command 0x0406 tx timeout
[  412.151553][ T5080] Bluetooth: hci2: SCO packet for unknown connection handle 0
[  412.621143][T10001] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1109'.
[  412.642726][T10001] (unnamed net_device) (uninitialized): option ad_actor_system: mode dependency failed, not supported in mode balance-rr(0)
[  412.893578][T10014] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1112'.
[  413.320513][ T1801] usb 4-1: USB disconnect, device number 25
[  413.428339][ T5079] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  413.809086][ T5079] usb 5-1: Using ep0 maxpacket: 32
[  413.847104][ T5080] Bluetooth: hci2: SCO packet for unknown connection handle 0
[  413.862604][ T5079] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  413.983599][ T5079] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  414.058191][ T5079] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  414.163592][ T5079] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  414.238502][ T5079] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  414.344489][ T5079] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  414.411166][ T5079] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  414.439246][ T5079] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  414.495929][ T5079] usb 5-1: Product: syz
[  414.525387][ T5079] usb 5-1: Manufacturer: syz
[  414.544542][ T5079] usb 5-1: SerialNumber: syz
[  414.799012][T10020] netlink: 1688 bytes leftover after parsing attributes in process `syz.4.1116'.
[  414.830724][ T5079] cdc_ncm 5-1:1.0: bind() failure
[  414.884175][ T5079] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  414.898642][ T5079] cdc_ncm 5-1:1.1: bind() failure
[  414.944101][ T5079] usb 5-1: USB disconnect, device number 20
[  416.232032][T10064] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1126'.
[  416.518260][ T5125] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  416.538307][T10068] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1129'.
[  416.554792][T10068] (unnamed net_device) (uninitialized): option ad_actor_system: mode dependency failed, not supported in mode balance-rr(0)
[  416.628547][T10075] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1131'.
[  416.655905][T10075] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1131'.
[  416.708238][ T5125] usb 5-1: Using ep0 maxpacket: 8
[  416.717382][ T5125] usb 5-1: config 0 has an invalid interface number: 125 but max is 3
[  416.729558][ T5125] usb 5-1: config 0 has an invalid interface number: 37 but max is 3
[  416.738268][ T5125] usb 5-1: config 0 has an invalid interface number: 162 but max is 3
[  416.749848][ T5125] usb 5-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config
[  416.767668][ T5125] usb 5-1: config 0 has 3 interfaces, different from the descriptor's value: 4
[  416.780509][ T5125] usb 5-1: config 0 has no interface number 0
[  416.793405][ T5125] usb 5-1: config 0 has no interface number 1
[  416.808865][ T5125] usb 5-1: config 0 has no interface number 2
[  416.820184][ T5125] usb 5-1: config 0 interface 125 altsetting 2 endpoint 0x5 has invalid maxpacket 1023, setting to 64
[  416.833576][ T5125] usb 5-1: config 0 interface 125 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  416.880781][ T5125] usb 5-1: config 0 interface 37 altsetting 5 has a duplicate endpoint with address 0xE, skipping
[  416.989827][ T5125] usb 5-1: config 0 interface 37 altsetting 5 has a duplicate endpoint with address 0xB, skipping
[  417.029017][ T5125] usb 5-1: config 0 interface 37 altsetting 5 bulk endpoint 0x3 has invalid maxpacket 16
[  417.064912][ T5125] usb 5-1: config 0 interface 37 altsetting 5 endpoint 0x1 has invalid maxpacket 512, setting to 64
[  417.080423][ T5125] usb 5-1: config 0 interface 162 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 10
[  417.094078][ T5125] usb 5-1: config 0 interface 125 has no altsetting 0
[  417.136851][ T5125] usb 5-1: config 0 interface 37 has no altsetting 0
[  417.178472][ T5080] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  417.188738][ T5080] Bluetooth: hci4: Injecting HCI hardware error event
[  417.197224][ T5092] Bluetooth: hci4: hardware error 0x00
[  417.215425][ T5125] usb 5-1: config 0 interface 162 has no altsetting 0
[  417.233349][ T5125] usb 5-1: string descriptor 0 read error: -22
[  417.253329][ T5125] usb 5-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd
[  417.274510][ T5125] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  417.302829][ T5125] usb 5-1: config 0 descriptor??
[  417.322931][ T5125] hub 5-1:0.125: bad descriptor, ignoring hub
[  417.334148][ T5125] hub 5-1:0.125: probe with driver hub failed with error -5
[  417.356178][ T5125] usb 5-1: Found UVC 15.ff device <unnamed> (17dc:0202)
[  417.381298][ T5125] usb 5-1: No valid video chain found.
[  417.412739][ T5125] hub 5-1:0.37: bad descriptor, ignoring hub
[  417.445593][ T5125] hub 5-1:0.37: probe with driver hub failed with error -5
[  417.496050][ T5125] hub 5-1:0.162: bad descriptor, ignoring hub
[  417.543450][T10065] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  417.708937][T10065] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  417.717199][ T5125] hub 5-1:0.162: probe with driver hub failed with error -5
[  418.452730][   T29] audit: type=1326 audit(1720932823.405:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10091 comm="syz.2.1136" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe802775bd9 code=0x0
[  418.971384][ T5079] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  418.991664][T10109] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1140'.
[  419.110118][T10120] xt_hashlimit: overflow, try lower: 0/0
[  419.209436][ T5079] usb 1-1: Using ep0 maxpacket: 32
[  419.227488][ T5079] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  419.258869][ T5092] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  419.276422][ T5079] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  419.293403][ T5079] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  419.305090][ T5079] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  419.321513][ T5079] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  419.338761][ T5079] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  419.371230][ T5079] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  419.380698][ T5079] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  419.390226][ T5079] usb 1-1: Product: syz
[  419.396849][ T5079] usb 1-1: Manufacturer: syz
[  419.403604][ T5079] usb 1-1: SerialNumber: syz
[  419.651354][T10103] netlink: 'syz.0.1137': attribute type 72 has an invalid length.
[  419.739599][ T5079] cdc_ncm 1-1:1.0: bind() failure
[  419.773764][ T5079] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  419.810330][ T5079] cdc_ncm 1-1:1.1: bind() failure
[  419.840021][ T5079] usb 1-1: USB disconnect, device number 17
[  419.987290][ T5092] Bluetooth: hci0: SCO packet for unknown connection handle 0
[  420.341643][ T5125] usb 5-1: USB disconnect, device number 21
[  421.248171][   T29] audit: type=1326 audit(1720932826.225:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10142 comm="syz.4.1149" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4041375bd9 code=0x0
[  421.582055][T10161] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1155'.
[  421.726183][T10167] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1153'.
[  422.240858][T10187] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1159'.
[  422.525868][ T5092] Bluetooth: hci2: SCO packet for unknown connection handle 0
[  422.767782][ T5092] Bluetooth: hci3: SCO packet for unknown connection handle 0
[  422.862061][   T29] audit: type=1326 audit(1720932828.465:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10198 comm="syz.0.1162" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feda2775bd9 code=0x0
[  424.016811][T10217] fuse: Unknown parameter ''
[  424.046796][T10219] fuse: Unknown parameter ''
[  424.183490][ T5092] Bluetooth: hci1: unexpected subevent 0x0e length: 244 > 15
[  424.293207][T10225] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1169'.
[  424.508448][ T1801] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  424.748292][ T1801] usb 5-1: Using ep0 maxpacket: 8
[  424.762349][ T1801] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  424.783012][ T1801] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  424.806286][ T1801] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  424.849277][ T1801] usb 5-1: config 0 descriptor??
[  424.872978][ T1801] gspca_main: vc032x-2.14.0 probing 046d:0892
[  425.032408][T10245] FAULT_INJECTION: forcing a failure.
[  425.032408][T10245] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  425.052520][T10245] CPU: 1 PID: 10245 Comm: syz.3.1174 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0
[  425.062739][T10245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  425.072787][T10245] Call Trace:
[  425.076053][T10245]  <TASK>
[  425.078973][T10245]  dump_stack_lvl+0x241/0x360
[  425.083651][T10245]  ? __pfx_dump_stack_lvl+0x10/0x10
[  425.088841][T10245]  ? __pfx__printk+0x10/0x10
[  425.093418][T10245]  ? __pfx_lock_release+0x10/0x10
[  425.098437][T10245]  should_fail_ex+0x3b0/0x4e0
[  425.103105][T10245]  _copy_from_iter+0x1f6/0x1960
[  425.107952][T10245]  ? __virt_addr_valid+0x183/0x530
[  425.113083][T10245]  ? __pfx_lock_release+0x10/0x10
[  425.118132][T10245]  ? __alloc_skb+0x28f/0x440
[  425.122736][T10245]  ? __pfx__copy_from_iter+0x10/0x10
[  425.128041][T10245]  ? __virt_addr_valid+0x183/0x530
[  425.133184][T10245]  ? __virt_addr_valid+0x183/0x530
[  425.138294][T10245]  ? __virt_addr_valid+0x45f/0x530
[  425.143422][T10245]  ? __check_object_size+0x49c/0x900
[  425.148726][T10245]  netlink_sendmsg+0x743/0xcb0
[  425.153552][T10245]  ? __pfx_netlink_sendmsg+0x10/0x10
[  425.158882][T10245]  ? __import_iovec+0x536/0x820
[  425.163753][T10245]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  425.169059][T10245]  ? security_socket_sendmsg+0x87/0xb0
[  425.174520][T10245]  ? __pfx_netlink_sendmsg+0x10/0x10
[  425.179815][T10245]  __sock_sendmsg+0x221/0x270
[  425.184694][T10245]  ____sys_sendmsg+0x525/0x7d0
[  425.189458][T10245]  ? __pfx_____sys_sendmsg+0x10/0x10
[  425.194832][T10245]  __sys_sendmsg+0x2b0/0x3a0
[  425.199417][T10245]  ? __pfx___sys_sendmsg+0x10/0x10
[  425.204517][T10245]  ? vfs_write+0x7c4/0xc90
[  425.208959][T10245]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  425.215279][T10245]  ? do_syscall_64+0x100/0x230
[  425.220078][T10245]  ? do_syscall_64+0xb6/0x230
[  425.224787][T10245]  do_syscall_64+0xf3/0x230
[  425.229301][T10245]  ? clear_bhb_loop+0x35/0x90
[  425.233978][T10245]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.239890][T10245] RIP: 0033:0x7f250f375bd9
[  425.244313][T10245] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  425.264011][T10245] RSP: 002b:00007f251018b048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  425.272425][T10245] RAX: ffffffffffffffda RBX: 00007f250f503f60 RCX: 00007f250f375bd9
[  425.280389][T10245] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000008
[  425.288353][T10245] RBP: 00007f251018b0a0 R08: 0000000000000000 R09: 0000000000000000
[  425.296312][T10245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  425.304268][T10245] R13: 000000000000000b R14: 00007f250f503f60 R15: 00007ffee6b4e5b8
[  425.312248][T10245]  </TASK>
[  425.573843][ T1801] gspca_vc032x: reg_r err -71
[  426.115273][ T1801] vc032x 5-1:0.0: probe with driver vc032x failed with error -71
[  426.118562][   T29] audit: type=1326 audit(1720932831.275:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10246 comm="syz.2.1175" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe802775bd9 code=0x0
[  426.126349][ T1801] usb 5-1: USB disconnect, device number 22
[  426.554992][ T5092] Bluetooth: hci2: SCO packet for unknown connection handle 0
[  426.571621][ T5092] Bluetooth: hci3: SCO packet for unknown connection handle 0
[  426.791771][T10273] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1182'.
[  427.148813][ T5092] Bluetooth: hci3: SCO packet for unknown connection handle 0
[  427.315703][ T5130] usb 5-1: new full-speed USB device number 23 using dummy_hcd
[  428.001060][   T29] audit: type=1326 audit(1720932833.195:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10297 comm="syz.1.1188" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f73e2b75bd9 code=0x0
[  428.236024][ T5130] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  428.303843][ T5130] usb 5-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  428.326494][ T5130] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  428.356223][ T5130] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  428.398305][ T5130] usb 5-1: SerialNumber: syz
[  428.418575][ T5130] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22
[  428.434181][T10322] 9pnet_virtio: no channels available for device syz
[  428.452597][ T5130] usb-storage 5-1:1.0: USB Mass Storage device detected
[  428.504853][ T5130] usb-storage 5-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  428.650215][   T50] usb 1-1: new full-speed USB device number 18 using dummy_hcd
[  428.736769][T10278] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  428.759680][T10278] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  428.828528][ T5092] Bluetooth: hci2: unexpected event for opcode 0x203d
[  428.860319][   T50] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  428.980536][   T50] usb 1-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  429.012287][   T50] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  429.034805][   T50] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  429.038732][ T5130] usb 5-1: USB disconnect, device number 23
[  429.207112][   T50] usb 1-1: SerialNumber: syz
[  429.233613][   T50] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[  429.988892][T10306] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  430.000473][   T50] usb-storage 1-1:1.0: USB Mass Storage device detected
[  430.025556][T10306] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  430.104767][ T5092] Bluetooth: hci0: SCO packet for unknown connection handle 0
[  430.107350][   T50] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  430.207668][   T50] usb 1-1: USB disconnect, device number 18
[  431.885251][ T5092] Bluetooth: hci2: SCO packet for unknown connection handle 0
[  431.971631][ T5797] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  431.990363][ T5797] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  432.226047][ T5092] Bluetooth: hci1: unexpected event 0x09 length: 8 > 3
[  432.252737][ T5797] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  432.289082][ T5797] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  432.303396][ T5080] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  432.311884][ T5076] Bluetooth: hci3: SCO packet for unknown connection handle 0
[  432.316337][ T5080] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  432.338381][ T5080] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  432.350359][ T5080] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  432.358500][ T5080] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  432.365959][ T5080] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  432.749829][ T5797] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  433.539918][ T5080] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  433.548691][ T5080] Bluetooth: hci2: Injecting HCI hardware error event
[  433.557422][ T5080] Bluetooth: hci2: hardware error 0x00
[  433.567043][   T29] audit: type=1326 audit(1720932838.445:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10370 comm="syz.2.1204" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe802775bd9 code=0x0
[  433.598332][ T5797] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  433.679408][T10374] 9pnet_virtio: no channels available for device syz
[  433.944512][ T5797] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  433.977893][ T5797] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  434.035941][T10386] FAULT_INJECTION: forcing a failure.
[  434.035941][T10386] name failslab, interval 1, probability 0, space 0, times 0
[  434.093709][T10387] FAULT_INJECTION: forcing a failure.
[  434.093709][T10387] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  434.094921][T10386] CPU: 1 PID: 10386 Comm: syz.3.1208 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0
[  434.118231][T10386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  434.128294][T10386] Call Trace:
[  434.132095][T10386]  <TASK>
[  434.135020][T10386]  dump_stack_lvl+0x241/0x360
[  434.139696][T10386]  ? __pfx_dump_stack_lvl+0x10/0x10
[  434.144904][T10386]  ? __pfx__printk+0x10/0x10
[  434.149519][T10386]  should_fail_ex+0x3b0/0x4e0
[  434.154225][T10386]  ? __alloc_skb+0x1c3/0x440
[  434.158823][T10386]  should_failslab+0x9/0x20
[  434.163324][T10386]  kmem_cache_alloc_node_noprof+0x71/0x320
[  434.169123][T10386]  __alloc_skb+0x1c3/0x440
[  434.173531][T10386]  ? __pfx___alloc_skb+0x10/0x10
[  434.178457][T10386]  ? netlink_ack_tlv_len+0x6e/0x200
[  434.183647][T10386]  netlink_ack+0x13f/0xa30
[  434.188061][T10386]  ? __pfx_lock_acquire+0x10/0x10
[  434.193090][T10386]  ? __pfx_nl80211_set_tx_bitrate_mask+0x10/0x10
[  434.199404][T10386]  ? __pfx_nl80211_post_doit+0x10/0x10
[  434.204883][T10386]  netlink_rcv_skb+0x262/0x430
[  434.209668][T10386]  ? __pfx_genl_rcv_msg+0x10/0x10
[  434.214705][T10386]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  434.219998][T10386]  ? __netlink_deliver_tap+0x77e/0x7c0
[  434.225455][T10386]  genl_rcv+0x28/0x40
[  434.229421][T10386]  netlink_unicast+0x7ea/0x980
[  434.234178][T10386]  ? __pfx_netlink_unicast+0x10/0x10
[  434.239449][T10386]  ? __virt_addr_valid+0x183/0x530
[  434.244552][T10386]  ? __check_object_size+0x49c/0x900
[  434.249835][T10386]  ? bpf_lsm_netlink_send+0x9/0x10
[  434.254936][T10386]  netlink_sendmsg+0x8db/0xcb0
[  434.259716][T10386]  ? __pfx_netlink_sendmsg+0x10/0x10
[  434.264999][T10386]  ? __import_iovec+0x536/0x820
[  434.269836][T10386]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  434.275105][T10386]  ? security_socket_sendmsg+0x87/0xb0
[  434.280557][T10386]  ? __pfx_netlink_sendmsg+0x10/0x10
[  434.285827][T10386]  __sock_sendmsg+0x221/0x270
[  434.290495][T10386]  ____sys_sendmsg+0x525/0x7d0
[  434.295249][T10386]  ? __pfx_____sys_sendmsg+0x10/0x10
[  434.300534][T10386]  __sys_sendmsg+0x2b0/0x3a0
[  434.305115][T10386]  ? __pfx___sys_sendmsg+0x10/0x10
[  434.310214][T10386]  ? vfs_write+0x7c4/0xc90
[  434.314644][T10386]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  434.320971][T10386]  ? do_syscall_64+0x100/0x230
[  434.325744][T10386]  ? do_syscall_64+0xb6/0x230
[  434.330412][T10386]  do_syscall_64+0xf3/0x230
[  434.334898][T10386]  ? clear_bhb_loop+0x35/0x90
[  434.339559][T10386]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.345465][T10386] RIP: 0033:0x7f250f375bd9
[  434.349867][T10386] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  434.369464][T10386] RSP: 002b:00007f251018b048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  434.377861][T10386] RAX: ffffffffffffffda RBX: 00007f250f503f60 RCX: 00007f250f375bd9
[  434.385816][T10386] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000004
[  434.393774][T10386] RBP: 00007f251018b0a0 R08: 0000000000000000 R09: 0000000000000000
[  434.401763][T10386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  434.409723][T10386] R13: 000000000000000b R14: 00007f250f503f60 R15: 00007ffee6b4e5b8
[  434.417695][T10386]  </TASK>
[  434.422880][T10387] CPU: 1 PID: 10387 Comm: syz.1.1207 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0
[  434.433069][T10387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  434.443119][T10387] Call Trace:
[  434.446383][T10387]  <TASK>
[  434.449301][T10387]  dump_stack_lvl+0x241/0x360
[  434.453985][T10387]  ? __pfx_dump_stack_lvl+0x10/0x10
[  434.459169][T10387]  ? __pfx__printk+0x10/0x10
[  434.463833][T10387]  ? __pfx_lock_release+0x10/0x10
[  434.468843][T10387]  ? do_raw_spin_lock+0x14f/0x370
[  434.473887][T10387]  should_fail_ex+0x3b0/0x4e0
[  434.478398][ T5092] Bluetooth: hci4: command tx timeout
[  434.478565][T10387]  _copy_to_user+0x2f/0xb0
[  434.478593][T10387]  binder_ioctl_write_read+0x81e5/0x8d60
[  434.494209][T10387]  ? stack_trace_save+0x118/0x1d0
[  434.499235][T10387]  ? stack_depot_save_flags+0x29/0x830
[  434.504693][T10387]  ? __pfx_binder_ioctl_write_read+0x10/0x10
[  434.510660][T10387]  ? __lock_acquire+0x1346/0x1fd0
[  434.515693][T10387]  ? binder_get_thread+0x574/0x6c0
[  434.520788][T10387]  ? __pfx_lock_release+0x10/0x10
[  434.525892][T10387]  ? do_raw_spin_unlock+0x13c/0x8b0
[  434.531086][T10387]  ? _raw_spin_unlock+0x28/0x50
[  434.535919][T10387]  ? binder_get_thread+0x593/0x6c0
[  434.541018][T10387]  binder_ioctl+0x43d/0x1c70
[  434.545596][T10387]  ? tomoyo_path_number_perm+0x71a/0x880
[  434.551221][T10387]  ? tomoyo_path_number_perm+0x208/0x880
[  434.556928][T10387]  ? smack_log+0x123/0x540
[  434.561417][T10387]  ? __pfx_binder_ioctl+0x10/0x10
[  434.566427][T10387]  ? __pfx_smack_log+0x10/0x10
[  434.571176][T10387]  ? smk_access+0x4ab/0x4e0
[  434.575685][T10387]  ? smk_tskacc+0x300/0x370
[  434.580199][T10387]  ? smack_file_ioctl+0x2fa/0x3a0
[  434.585217][T10387]  ? __pfx_smack_file_ioctl+0x10/0x10
[  434.590593][T10387]  ? __fget_files+0x3f6/0x470
[  434.595255][T10387]  ? __fget_files+0x29/0x470
[  434.599832][T10387]  ? bpf_lsm_file_ioctl+0x9/0x10
[  434.604754][T10387]  ? security_file_ioctl+0x87/0xb0
[  434.609863][T10387]  ? __pfx_binder_ioctl+0x10/0x10
[  434.614897][T10387]  __se_sys_ioctl+0xfc/0x170
[  434.619477][T10387]  do_syscall_64+0xf3/0x230
[  434.623963][T10387]  ? clear_bhb_loop+0x35/0x90
[  434.628630][T10387]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.634530][T10387] RIP: 0033:0x7f73e2b75bd9
[  434.638929][T10387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  434.658516][T10387] RSP: 002b:00007f73e3934048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  434.666931][T10387] RAX: ffffffffffffffda RBX: 00007f73e2d04038 RCX: 00007f73e2b75bd9
[  434.674935][T10387] RDX: 0000000020000640 RSI: 00000000c0306201 RDI: 0000000000000006
[  434.682926][T10387] RBP: 00007f73e39340a0 R08: 0000000000000000 R09: 0000000000000000
[  434.690908][T10387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  434.698888][T10387] R13: 000000000000006e R14: 00007f73e2d04038 R15: 00007ffc8d25dbc8
[  434.706870][T10387]  </TASK>
[  434.715462][T10387] binder: 10382:10387 ioctl c0306201 20000640 returned -14
[  435.128418][ T5092] Bluetooth: hci2: unexpected event for opcode 0x003d
[  435.226976][T10402] x_tables: duplicate underflow at hook 1
[  435.352284][ T5797] bridge_slave_1: left allmulticast mode
[  435.410203][ T5797] bridge_slave_1: left promiscuous mode
[  435.441690][ T5797] bridge0: port 2(bridge_slave_1) entered disabled state
[  435.500515][ T5797] bridge_slave_0: left allmulticast mode
[  435.524404][ T5797] bridge_slave_0: left promiscuous mode
[  435.565866][ T5797] bridge0: port 1(bridge_slave_0) entered disabled state
[  435.658184][ T5080] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  436.539342][ T5080] Bluetooth: hci4: command tx timeout
[  436.748675][ T5797] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  436.766596][ T5797] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  436.797776][ T5797] bond0 (unregistering): Released all slaves
[  436.841406][T10364] chnl_net:caif_netlink_parms(): no params data found
[  436.905687][T10414] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1214'.
[  436.919936][T10414] (unnamed net_device) (uninitialized): option ad_actor_system: mode dependency failed, not supported in mode balance-rr(0)
[  437.585059][ T5797] hsr_slave_0: left promiscuous mode
[  437.885315][ T5797] hsr_slave_1: left promiscuous mode
[  438.696844][ T5080] Bluetooth: hci4: command tx timeout
[  438.708088][   T29] audit: type=1326 audit(1720932843.575:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10432 comm="syz.1.1215" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f73e2b75bd9 code=0x0
[  438.759304][ T5797] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  438.786952][ T5797] batman_adv: batadv0: Removing interface: batadv_slave_0
[  438.794496][ T5080] Bluetooth: hci0: SCO packet for unknown connection handle 0
[  438.829056][ T5797] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  439.597204][ T5080] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  439.606843][ T5080] Bluetooth: hci3: Injecting HCI hardware error event
[  439.615804][ T5080] Bluetooth: hci3: hardware error 0x00
[  439.661154][ T5797] batman_adv: batadv0: Removing interface: batadv_slave_1
[  439.773867][ T5797] veth1_macvtap: left promiscuous mode
[  439.829569][ T5797] veth0_macvtap: left promiscuous mode
[  439.835293][ T5797] veth1_vlan: left promiscuous mode
[  439.885281][ T5797] veth0_vlan: left promiscuous mode
[  440.088684][ T1249] ieee802154 phy0 wpan0: encryption failed: -22
[  440.095047][ T1249] ieee802154 phy1 wpan1: encryption failed: -22
[  440.778269][ T5092] Bluetooth: hci4: command tx timeout
[  441.257840][ T5092] Bluetooth: hci3: unexpected event for opcode 0x203d
[  441.290720][ T5797] team0 (unregistering): Port device team_slave_1 removed
[  441.393228][ T5797] team0 (unregistering): Port device team_slave_0 removed
[  441.834889][ T5080] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  442.474633][T10364] bridge0: port 1(bridge_slave_0) entered blocking state
[  442.488939][T10364] bridge0: port 1(bridge_slave_0) entered disabled state
[  442.505835][T10364] bridge_slave_0: entered allmulticast mode
[  442.528678][T10364] bridge_slave_0: entered promiscuous mode
[  442.556601][T10364] bridge0: port 2(bridge_slave_1) entered blocking state
[  442.572870][T10364] bridge0: port 2(bridge_slave_1) entered disabled state
[  442.587499][T10364] bridge_slave_1: entered allmulticast mode
[  442.604109][T10364] bridge_slave_1: entered promiscuous mode
[  443.028076][   T29] audit: type=1326 audit(1720932848.625:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10497 comm="syz.4.1227" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4041375bd9 code=0x0
[  443.750724][ T5080] Bluetooth: hci1: SCO packet for unknown connection handle 0
[  443.955216][T10364] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  444.012324][T10364] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  444.424534][T10510] 9pnet_virtio: no channels available for device syz
[  447.327911][T10364] team0: Port device team_slave_0 added
[  447.522211][T10364] team0: Port device team_slave_1 added
[  447.756960][T10364] batman_adv: batadv0: Adding interface: batadv_slave_0
[  447.918157][T10364] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  448.141085][T10364] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  448.177917][T10364] batman_adv: batadv0: Adding interface: batadv_slave_1
[  448.196084][T10364] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  448.226614][T10364] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  448.479095][ T5126] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  448.678176][ T5126] usb 4-1: Using ep0 maxpacket: 8
[  448.688309][ T5126] usb 4-1: config 0 has an invalid interface number: 125 but max is 3
[  448.696561][ T5126] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  448.714070][ T5126] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 4
[  448.723067][ T5126] usb 4-1: config 0 has no interface number 0
[  448.729450][ T5126] usb 4-1: config 0 interface 125 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  448.775397][ T5126] usb 4-1: config 0 interface 125 has no altsetting 0
[  448.811334][ T5126] usb 4-1: string descriptor 0 read error: -22
[  448.817852][ T5126] usb 4-1: Dual-Role OTG device on HNP port
[  448.825355][ T5126] usb 4-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd
[  448.845702][ T5126] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  448.865372][ T5126] usb 4-1: config 0 descriptor??
[  448.876386][T10364] hsr_slave_0: entered promiscuous mode
[  448.885216][ T5126] hub 4-1:0.125: bad descriptor, ignoring hub
[  448.893372][T10538] 9pnet_virtio: no channels available for device syz
[  448.901111][ T5126] hub 4-1:0.125: probe with driver hub failed with error -5
[  448.909450][T10364] hsr_slave_1: entered promiscuous mode
[  448.919639][ T5126] usb 4-1: Found UVC 15.ff device <unnamed> (17dc:0202)
[  448.939310][T10364] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  448.956561][ T5126] usb 4-1: No valid video chain found.
[  448.978538][T10364] Cannot create hsr debugfs directory
[  449.160418][T10531] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  449.208414][T10531] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  450.457107][T10364] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  450.484384][T10364] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  450.510502][T10364] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  450.542752][T10364] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  450.552670][T10565] 9pnet_fd: Insufficient options for proto=fd
[  450.851683][T10364] 8021q: adding VLAN 0 to HW filter on device bond0
[  450.935175][T10364] 8021q: adding VLAN 0 to HW filter on device team0
[  450.957828][ T5125] bridge0: port 1(bridge_slave_0) entered blocking state
[  450.957911][ T5125] bridge0: port 1(bridge_slave_0) entered forwarding state
[  450.971082][ T5125] bridge0: port 2(bridge_slave_1) entered blocking state
[  450.971150][ T5125] bridge0: port 2(bridge_slave_1) entered forwarding state
[  451.248426][   T25] usb 4-1: USB disconnect, device number 26
[  451.803421][T10364] 8021q: adding VLAN 0 to HW filter on device batadv0
[  452.234491][T10364] veth0_vlan: entered promiscuous mode
[  452.367683][T10364] veth1_vlan: entered promiscuous mode
[  453.028154][ T5125] usb 4-1: new full-speed USB device number 27 using dummy_hcd
[  453.201732][T10364] veth0_macvtap: entered promiscuous mode
[  453.233015][ T5125] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  453.258871][ T5080] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  453.268455][ T5080] Bluetooth: hci1: Injecting HCI hardware error event
[  453.278722][ T5080] Bluetooth: hci1: hardware error 0x00
[  453.368498][T10364] veth1_macvtap: entered promiscuous mode
[  453.396178][ T5125] usb 4-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  453.460440][ T5125] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  453.485867][ T5125] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  453.559012][ T5125] usb 4-1: SerialNumber: syz
[  453.580098][ T5125] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  453.597186][ T5125] usb-storage 4-1:1.0: USB Mass Storage device detected
[  453.627843][T10364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  453.652741][T10364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  453.793416][T10364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  453.812001][T10364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  453.827513][T10364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  453.855464][ T5125] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  453.872772][T10583] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  453.935930][T10364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  453.946248][T10583] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  453.974673][T10364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  454.088077][T10364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.129752][T10364] batman_adv: batadv0: Interface activated: batadv_slave_0
[  454.198788][T10364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  454.242792][T10364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.276946][T10364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  454.315069][T10364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.340929][T10364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  454.538930][T10364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.599346][T10364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  454.629072][T10364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.636476][   T25] usb 4-1: USB disconnect, device number 27
[  454.647482][T10364] batman_adv: batadv0: Interface activated: batadv_slave_1
[  454.767334][T10364] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  454.958177][T10364] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  454.969486][T10364] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  455.025444][T10364] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  455.338493][ T5080] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  455.539730][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  455.568186][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  455.641604][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  455.682910][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  455.708799][   T25] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  455.788194][ T5125] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  455.938387][   T25] usb 5-1: Using ep0 maxpacket: 8
[  455.952187][   T25] usb 5-1: config 0 has an invalid interface number: 125 but max is 3
[  455.977380][   T25] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  455.990052][ T5125] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  456.014985][   T25] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 4
[  456.031749][ T5125] usb 2-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.40
[  456.050769][ T5125] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  456.070902][   T25] usb 5-1: config 0 has no interface number 0
[  456.073030][ T5125] usb 2-1: Product: syz
[  456.077044][   T25] usb 5-1: config 0 interface 125 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  456.093371][ T5125] usb 2-1: Manufacturer: syz
[  456.098094][ T5126] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  456.118558][ T5125] usb 2-1: SerialNumber: syz
[  456.141370][ T5125] usbhid 2-1:1.0: couldn't find an input interrupt endpoint
[  456.186348][   T25] usb 5-1: config 0 interface 125 has no altsetting 0
[  456.211405][   T25] usb 5-1: string descriptor 0 read error: -22
[  456.231058][   T25] usb 5-1: Dual-Role OTG device on HNP port
[  456.256929][   T25] usb 5-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd
[  456.297164][   T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  456.342640][ T5125] usb 2-1: USB disconnect, device number 16
[  456.343965][ T5126] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  456.381513][   T25] usb 5-1: config 0 descriptor??
[  456.445141][   T25] hub 5-1:0.125: bad descriptor, ignoring hub
[  456.456179][ T5126] usb 4-1: config 1 interface 0 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  456.489903][   T25] hub 5-1:0.125: probe with driver hub failed with error -5
[  456.519833][   T25] usb 5-1: Found UVC 15.ff device <unnamed> (17dc:0202)
[  456.532272][ T5126] usb 4-1: config 1 interface 0 has no altsetting 0
[  456.583851][   T25] usb 5-1: No valid video chain found.
[  456.594921][ T5126] usb 4-1: config 1 interface 0 has no altsetting 1
[  456.632559][ T5126] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  456.664045][ T5126] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  456.686559][ T5126] usb 4-1: Product: syz
[  456.694173][T10658] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  456.706215][ T5126] usb 4-1: Manufacturer: syz
[  456.718498][T10658] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  456.735331][ T5126] usb 4-1: SerialNumber: syz
[  457.712623][   T29] audit: type=1326 audit(1720932862.645:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10684 comm="syz.2.1254" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe802775bd9 code=0x0
[  460.773068][ T5126] cdc_ether 4-1:1.0: skipping garbage
[  460.863824][ T5126] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  460.945846][ T5126] usb 4-1: USB disconnect, device number 28
[  460.998584][ T1801] usb 5-1: USB disconnect, device number 24
[  461.247806][T10719] 9pnet_virtio: no channels available for device syz
[  461.602522][T10724] 9pnet_virtio: no channels available for device syz
[  462.294727][   T25] IPVS: starting estimator thread 0...
[  462.408139][ T1801] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  462.429710][T10741] IPVS: using max 22 ests per chain, 52800 per kthread
[  462.584057][T10747] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1270'.
[  462.614322][ T1801] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  462.628816][ T1801] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  462.640829][ T1801] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  462.658377][ T1801] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  462.706476][ T1801] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  462.739822][ T1801] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  462.757559][ T1801] usb 2-1: Product: syz
[  462.775000][ T1801] usb 2-1: Manufacturer: syz
[  462.794725][ T1801] cdc_wdm 2-1:1.0: skipping garbage
[  462.808805][ T1801] cdc_wdm 2-1:1.0: skipping garbage
[  462.833683][ T1801] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  462.841196][ T1801] cdc_wdm 2-1:1.0: Unknown control protocol
[  463.307236][T10757] syz.3.1274: attempt to access beyond end of device
[  463.307236][T10757] loop3: rw=4096, sector=2, nr_sectors = 2 limit=0
[  463.327502][T10757] EXT4-fs (loop3): unable to read superblock
[  463.951204][T10776] tipc: Started in network mode
[  463.956222][T10776] tipc: Node identity f7, cluster identity 4711
[  463.997111][T10776] tipc: Node number set to 247
[  464.859930][T10791] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1287'.
[  464.995994][T10793] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1289'.
[  465.031108][ T5172] usb 2-1: USB disconnect, device number 17
[  465.221082][T10793] Êü�: entered promiscuous mode
[  465.762763][ T1801] IPVS: starting estimator thread 0...
[  465.823970][T10821] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1299'.
[  465.878207][T10817] IPVS: using max 26 ests per chain, 62400 per kthread
[  466.257166][T10835] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1306'.
[  467.571738][T10872] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1318'.
[  467.927601][T10880] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1320'.
[  468.648882][   T25] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  468.832035][T10896] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1327'.
[  468.878158][   T25] usb 5-1: config 0 has no interfaces?
[  468.906734][   T25] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[  468.966103][   T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  469.004357][   T25] usb 5-1: Product: syz
[  469.032414][   T25] usb 5-1: Manufacturer: syz
[  469.037748][   T25] usb 5-1: SerialNumber: syz
[  469.079111][   T25] usb 5-1: config 0 descriptor??
[  469.099958][T10904] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1330'.
[  469.335362][T10915] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1333'.
[  469.419972][ T5125] usb 5-1: USB disconnect, device number 25
[  469.797580][T10931] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1340'.
[  469.929301][T10937] netlink: 'syz.3.1342': attribute type 9 has an invalid length.
[  470.070511][T10938] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1343'.
[  470.402275][T10958] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1353'.
[  470.583285][T10972] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1354'.
[  471.028307][ T1801] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  471.320300][ T1801] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  471.320339][ T1801] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  471.320379][ T1801] usb 1-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[  471.320403][ T1801] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  471.343435][ T1801] usb 1-1: config 0 descriptor??
[  471.608096][ T1801] usbhid 1-1:0.0: can't add hid device: -71
[  471.648887][ T1801] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  471.670748][T10999] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1366'.
[  471.688806][ T1801] usb 1-1: USB disconnect, device number 19
[  471.701601][T11001] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1365'.
[  473.268025][T11028] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  473.296426][ T1801] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  473.518161][ T1801] usb 1-1: Using ep0 maxpacket: 8
[  473.545679][ T1801] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  473.589371][ T1801] usb 1-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d
[  473.640766][ T1801] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  473.673673][ T1801] usb 1-1: config 0 descriptor??
[  473.699563][ T1801] usb 1-1: Found UVC 0.00 device <unnamed> (05ac:8501)
[  473.717362][T11044] netlink: 'syz.2.1380': attribute type 12 has an invalid length.
[  473.725475][ T1801] usb 1-1: No valid video chain found.
[  473.778451][T11044] netlink: 'syz.2.1380': attribute type 11 has an invalid length.
[  473.807850][T11044] netlink: 190580 bytes leftover after parsing attributes in process `syz.2.1380'.
[  474.188361][ T5172] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  474.309638][T11064] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1384'.
[  474.438271][ T5172] usb 3-1: Using ep0 maxpacket: 16
[  474.454306][ T5172] usb 3-1: config 0 has an invalid descriptor of length 56, skipping remainder of the config
[  474.487386][ T5172] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  474.519440][ T5172] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  474.564045][ T5172] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  474.607848][ T5172] usb 3-1: config 0 descriptor??
[  474.633620][ T5172] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  474.934192][T11044] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1380'.
[  475.311552][T11051] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  475.341942][T11051] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  475.414697][ T1801] usb 1-1: USB disconnect, device number 20
[  475.836561][T11119] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1404'.
[  476.874924][ T1801] usb 3-1: USB disconnect, device number 31
[  477.691980][T11179] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  478.325801][   T29] audit: type=1326 audit(1720932883.315:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11167 comm="syz.3.1425" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f250f375bd9 code=0x0
[  478.531554][T11182] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  478.538251][ T5080] Bluetooth: hci0: unexpected event for opcode 0x0c22
[  478.538578][T11182] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  478.568160][T11182] vhci_hcd vhci_hcd.0: Device attached
[  478.754121][T11188] vhci_hcd: connection closed
[  478.764532][   T12] vhci_hcd: stop threads
[  478.796099][   T12] vhci_hcd: release socket
[  478.814811][   T12] vhci_hcd: disconnect device
[  478.828241][    T9] usb 11-1: new low-speed USB device number 2 using vhci_hcd
[  478.838057][    T9] usb 11-1: enqueue for inactive port 0
[  478.851819][T11197] tipc: Failed to obtain node identity
[  478.857681][T11197] tipc: Enabling of bearer <ib:ip_vti0> rejected, failed to enable media
[  478.928676][    T9] vhci_hcd: vhci_device speed not set
[  480.720530][T11256] netlink: 'syz.4.1449': attribute type 21 has an invalid length.
[  480.738258][    T9] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  480.893504][T11263] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1454'.
[  480.958521][    T9] usb 4-1: Using ep0 maxpacket: 8
[  480.981107][    T9] usb 4-1: config 0 has an invalid interface number: 125 but max is 3
[  481.040175][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  481.071400][    T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 4
[  481.096031][    T9] usb 4-1: config 0 has no interface number 0
[  481.105944][    T9] usb 4-1: config 0 interface 125 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  481.202856][    T9] usb 4-1: config 0 interface 125 has no altsetting 0
[  481.216207][    T9] usb 4-1: string descriptor 0 read error: -22
[  481.240728][    T9] usb 4-1: Dual-Role OTG device on HNP port
[  481.265251][    T9] usb 4-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd
[  481.308046][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  481.357824][    T9] usb 4-1: config 0 descriptor??
[  481.369280][    T9] hub 4-1:0.125: bad descriptor, ignoring hub
[  481.375986][    T9] hub 4-1:0.125: probe with driver hub failed with error -5
[  481.536315][    T9] usb 4-1: Found UVC 15.ff device <unnamed> (17dc:0202)
[  481.568311][    T9] usb 4-1: No valid video chain found.
[  482.465140][T11243] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  482.500266][T11243] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  482.848441][ T5172] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  482.880857][T11299] syz_tun: entered promiscuous mode
[  482.895909][T11299] syz_tun: left promiscuous mode
[  483.036225][T11302] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1467'.
[  483.062852][ T5172] usb 3-1: Using ep0 maxpacket: 32
[  483.092010][ T5172] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  483.109312][ T5172] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  483.140908][ T5172] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  483.161034][ T5172] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  483.201666][ T5172] usb 3-1: Product: syz
[  483.220511][ T5172] usb 3-1: Manufacturer: syz
[  483.234946][ T5172] hub 3-1:4.0: USB hub found
[  483.698728][ T5172] hub 3-1:4.0: config failed, can't read hub descriptor (err -22)
[  483.788458][ T5172] usb 3-1: USB disconnect, device number 32
[  483.966683][T11323] netlink: 'syz.1.1472': attribute type 21 has an invalid length.
[  484.018144][   T25] usb 5-1: new low-speed USB device number 26 using dummy_hcd
[  484.210098][   T25] usb 5-1: config index 0 descriptor too short (expected 1307, got 27)
[  484.230920][   T25] usb 5-1: config 0 has an invalid interface number: 0 but max is -1
[  484.264408][   T25] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 0
[  484.286533][   T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[  484.306922][   T25] usb 5-1: string descriptor 0 read error: -22
[  484.319379][   T25] usb 5-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de
[  484.366012][   T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  484.401470][ T5172] usb 4-1: USB disconnect, device number 29
[  484.414505][   T25] usb 5-1: config 0 descriptor??
[  484.918320][ T5080] Bluetooth: hci0: command 0x206a tx timeout
[  484.931028][T11319] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  485.082015][ T5092] Bluetooth: hci0: Opcode 0x206a failed: -110
[  485.094069][   T25] hub 5-1:0.0: bad descriptor, ignoring hub
[  485.102246][   T25] hub 5-1:0.0: probe with driver hub failed with error -5
[  485.215288][T11338] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  485.248910][   T25] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input12
[  485.360244][    C0] usb_acecad 5-1:0.0: can't resubmit intr, dummy_hcd.4-1/input0, status -1
[  485.398901][ T5126] usb 5-1: USB disconnect, device number 26
[  485.900573][T11365] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1487'.
[  485.921253][T11365] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  487.962703][T11411] IPVS: sync thread started: state = MASTER, mcast_ifn = bond0, syncid = 0, id = 0
[  487.973407][T11406] IPVS: stopping master sync thread 11411 ...
[  488.009637][T11405] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  488.178719][ T5126] usb 2-1: new low-speed USB device number 18 using dummy_hcd
[  488.346353][T11424] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1508'.
[  488.389967][ T5126] usb 2-1: config index 0 descriptor too short (expected 1307, got 27)
[  488.423642][ T5126] usb 2-1: config 0 has an invalid interface number: 0 but max is -1
[  488.448161][ T5126] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0
[  488.457240][ T5126] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[  488.481246][ T5126] usb 2-1: string descriptor 0 read error: -22
[  488.494075][ T5126] usb 2-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de
[  488.515101][ T5126] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  488.536575][ T5126] usb 2-1: config 0 descriptor??
[  488.549032][T11408] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  488.574431][ T5126] hub 2-1:0.0: bad descriptor, ignoring hub
[  488.597468][ T5126] hub 2-1:0.0: probe with driver hub failed with error -5
[  488.633945][ T5126] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input13
[  488.875483][ T5126] usb 2-1: USB disconnect, device number 18
[  490.158521][T11482] netlink: 'syz.1.1526': attribute type 21 has an invalid length.
[  490.298371][ T5126] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  490.508198][ T5126] usb 4-1: Using ep0 maxpacket: 8
[  490.527514][ T5126] usb 4-1: config 0 has an invalid interface number: 125 but max is 3
[  490.558478][ T5126] usb 4-1: config 0 has an invalid interface number: 162 but max is 3
[  490.592527][ T5126] usb 4-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config
[  490.627738][ T5126] usb 4-1: config 0 has 2 interfaces, different from the descriptor's value: 4
[  490.647157][ T5126] usb 4-1: config 0 has no interface number 0
[  490.696693][ T5126] usb 4-1: config 0 has no interface number 1
[  490.738403][ T5126] usb 4-1: config 0 interface 125 altsetting 2 endpoint 0x1 has invalid maxpacket 512, setting to 64
[  490.765489][ T5126] usb 4-1: config 0 interface 125 altsetting 2 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  490.898409][ T5126] usb 4-1: config 0 interface 162 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 10
[  490.931992][ T5126] usb 4-1: config 0 interface 125 has no altsetting 0
[  490.940433][ T5126] usb 4-1: config 0 interface 162 has no altsetting 0
[  490.950235][ T5126] usb 4-1: string descriptor 0 read error: -22
[  490.978485][ T5126] usb 4-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd
[  491.002297][ T5126] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  491.029328][ T5126] usb 4-1: config 0 descriptor??
[  491.046266][ T5126] hub 4-1:0.125: bad descriptor, ignoring hub
[  491.065067][ T5126] hub 4-1:0.125: probe with driver hub failed with error -5
[  491.099437][ T5126] usb 4-1: Found UVC 15.ff device <unnamed> (17dc:0202)
[  491.123280][ T5126] usb 4-1: No valid video chain found.
[  491.159138][ T5126] hub 4-1:0.162: bad descriptor, ignoring hub
[  491.173734][ T5126] hub 4-1:0.162: probe with driver hub failed with error -5
[  491.286390][T11480] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  491.307789][T11501] 9pnet_virtio: no channels available for device syz
[  491.315281][T11480] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  491.673265][T11511] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  491.857444][T11511] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  491.927307][  T784] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[  491.951494][  T784] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[  491.969409][T11511] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  491.979538][  T130] wlan1: authenticated
[  491.990375][ T1037] wlan1: associate with 08:02:11:00:00:00 (try 1/3)
[  492.056992][ T1037] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1)
[  492.067823][T11511] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  492.089475][ T1037] wlan1: associated
[  493.112643][T11533] netlink: 'syz.4.1546': attribute type 6 has an invalid length.
[  493.192333][T11533] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1546'.
[  493.212528][ T5172] usb 4-1: USB disconnect, device number 30
[  493.256398][T11543] 9pnet_virtio: no channels available for device syz
[  494.893850][T11563] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  495.246078][T11563] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  495.333208][T11563] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  495.438142][T11563] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  496.151026][T11590] block nbd4: shutting down sockets
[  501.512541][ T1249] ieee802154 phy0 wpan0: encryption failed: -22
[  501.518901][ T1249] ieee802154 phy1 wpan1: encryption failed: -22
[  501.568726][ T1801] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  501.939963][ T1801] usb 4-1: New USB device found, idVendor=07ca, idProduct=a835, bcdDevice=21.fa
[  501.957122][ T1801] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  502.217697][ T1801] usb 4-1: config 0 descriptor??
[  502.455894][T11620] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  502.568775][T11620] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  503.538335][ T1801] usb 4-1: string descriptor 0 read error: -71
[  503.647701][ T1801] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  503.689080][ T1801] dvb_usb_af9035 4-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[  503.782033][ T1801] usb 4-1: USB disconnect, device number 31
[  505.519373][T11682] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1589'.
[  507.593579][T11698] syz_tun: entered promiscuous mode
[  507.624413][T11698] syz_tun: left promiscuous mode
[  507.680788][T11713] block nbd1: shutting down sockets
[  508.178831][ T5172] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  509.239845][ T5172] usb 1-1: Using ep0 maxpacket: 8
[  509.251356][ T5172] usb 1-1: config 0 has an invalid interface number: 125 but max is 3
[  509.266560][ T5172] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  509.292009][T11728] 9pnet_fd: Insufficient options for proto=fd
[  509.319072][ T5172] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 4
[  509.349982][ T5172] usb 1-1: config 0 has no interface number 0
[  509.356125][ T5172] usb 1-1: config 0 interface 125 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  509.392419][ T5172] usb 1-1: config 0 interface 125 has no altsetting 0
[  509.396226][ T5172] usb 1-1: string descriptor 0 read error: -22
[  509.399619][ T5172] usb 1-1: Dual-Role OTG device on HNP port
[  509.418120][ T5172] usb 1-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd
[  509.418157][ T5172] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  509.421102][ T5172] usb 1-1: config 0 descriptor??
[  509.422646][ T5172] hub 1-1:0.125: bad descriptor, ignoring hub
[  509.422666][ T5172] hub 1-1:0.125: probe with driver hub failed with error -5
[  509.423716][ T5172] usb 1-1: Found UVC 15.ff device <unnamed> (17dc:0202)
[  509.423736][ T5172] usb 1-1: No valid video chain found.
[  509.598750][T11734] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1605'.
[  509.658187][T11712] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  509.681296][T11712] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  510.258193][ T5172] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  511.884188][ T5172] usb 5-1: Using ep0 maxpacket: 32
[  511.924419][ T5172] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  511.994264][ T5172] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  512.063928][ T5172] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  512.104344][ T5172] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  512.152441][ T5172] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  512.187912][ T5172] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  512.274226][ T5172] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  512.298144][ T5172] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  512.306233][ T5172] usb 5-1: Product: syz
[  512.328694][ T5126] usb 1-1: USB disconnect, device number 21
[  512.396569][ T5172] usb 5-1: Manufacturer: syz
[  512.420136][ T5172] usb 5-1: SerialNumber: syz
[  512.434248][ T5092] Bluetooth: hci4: SCO packet for unknown connection handle 0
[  512.650508][ T5172] cdc_ncm 5-1:1.0: bind() failure
[  512.670065][ T5172] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  512.677383][ T5172] cdc_ncm 5-1:1.1: bind() failure
[  512.699711][ T5172] usb 5-1: USB disconnect, device number 27
[  515.288411][T11806] 9pnet_virtio: no channels available for device syz
[  516.753785][T11828] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  517.891518][   T29] audit: type=1326 audit(1720932923.485:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11818 comm="syz.1.1632" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f73e2b75bd9 code=0x0
[  518.893001][T11858] 9pnet_virtio: no channels available for device syz
[  521.215884][T11882] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  521.395914][   T29] audit: type=1326 audit(1720932926.945:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11874 comm="syz.1.1649" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f73e2b75bd9 code=0x0
[  522.378545][T11902] 9pnet_virtio: no channels available for device syz
[  522.858800][ T5092] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  522.867570][ T5092] Bluetooth: hci4: Injecting HCI hardware error event
[  522.876244][ T5092] Bluetooth: hci4: hardware error 0x00
[  523.738492][T11923] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  524.132211][T11928] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1661'.
[  524.178136][ T5126] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  524.392465][ T5126] usb 5-1: New USB device found, idVendor=07ca, idProduct=a835, bcdDevice=21.fa
[  524.404094][ T5126] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  524.444908][ T5126] usb 5-1: config 0 descriptor??
[  524.528238][ T5127] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  524.671260][T11917] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  524.692236][T11917] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  524.719333][ T5127] usb 2-1: Using ep0 maxpacket: 8
[  524.761229][ T5127] usb 2-1: config 0 has an invalid interface number: 125 but max is 3
[  524.794795][ T5126] usb 5-1: string descriptor 0 read error: -71
[  524.814589][ T5127] usb 2-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  524.828731][ T5126] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  524.843373][ T5127] usb 2-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config
[  524.858191][ T5126] dvb_usb_af9035 5-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[  524.886230][ T5127] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 4
[  524.901181][ T5126] usb 5-1: USB disconnect, device number 28
[  524.907547][ T5127] usb 2-1: config 0 has no interface number 0
[  524.938571][ T5092] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  524.954820][ T5127] usb 2-1: config 0 interface 125 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  524.969559][ T5127] usb 2-1: config 0 interface 125 has no altsetting 0
[  525.005614][ T5127] usb 2-1: string descriptor 0 read error: -22
[  525.024788][ T5127] usb 2-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd
[  525.043706][ T5127] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  525.085937][ T5127] usb 2-1: config 0 descriptor??
[  525.110770][ T5127] hub 2-1:0.125: bad descriptor, ignoring hub
[  525.116928][ T5127] hub 2-1:0.125: probe with driver hub failed with error -5
[  525.156091][ T5127] usb 2-1: Found UVC 15.ff device <unnamed> (17dc:0202)
[  525.169575][ T5127] usb 2-1: No valid video chain found.
[  525.211269][T11951] 9pnet_virtio: no channels available for device syz
[  525.331312][T11937] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  525.362152][T11937] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  526.144680][T11959] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  526.320063][T11966] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1675'.
[  528.128309][    T9] usb 2-1: USB disconnect, device number 19
[  529.232142][T12010] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  529.596939][T12016] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1688'.
[  529.765562][ T5092] Bluetooth: hci0: SCO packet for unknown connection handle 0
[  529.798107][ T1801] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  530.044803][ T1801] usb 1-1: New USB device found, idVendor=07ca, idProduct=a835, bcdDevice=21.fa
[  530.132780][ T1801] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  530.178926][ T1801] usb 1-1: config 0 descriptor??
[  530.421021][T12012] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  530.445034][T12012] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  530.509254][ T1801] usb 1-1: string descriptor 0 read error: -71
[  530.529516][ T1801] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  530.537137][ T1801] dvb_usb_af9035 1-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[  530.732338][ T1801] usb 1-1: USB disconnect, device number 22
[  531.668631][T12053] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  533.189891][T12076] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  533.237293][T12079] 9pnet_virtio: no channels available for device syz
[  533.315770][T12076] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  534.157849][ T5126] libceph: connect (1)[c::]:6789 error -101
[  534.170926][ T5126] libceph: mon0 (1)[c::]:6789 connect error
[  534.400791][T12091] ceph: No mds server is up or the cluster is laggy
[  535.568282][    T9] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  535.710560][T12114] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1718'.
[  535.770120][    T9] usb 4-1: New USB device found, idVendor=07ca, idProduct=a835, bcdDevice=21.fa
[  535.783781][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  535.806865][    T9] usb 4-1: config 0 descriptor??
[  535.959234][T12120] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  536.007401][T12124] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  536.065020][T12102] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  536.118584][T12102] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  536.142415][T12120] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  536.330612][    T9] usb 4-1: string descriptor 0 read error: -71
[  536.339367][    T9] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  536.345922][    T9] dvb_usb_af9035 4-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[  536.371456][    T9] usb 4-1: USB disconnect, device number 32
[  536.496980][T12120] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  536.794541][T12120] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  537.856373][T12137] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  537.950580][T12135] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  537.993515][T12141] syz_tun: entered promiscuous mode
[  538.002568][T12141] syz_tun: left promiscuous mode
[  538.050048][T12135] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  538.779736][T12156] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1730'.
[  538.859493][ T5092] block nbd1: Receive control failed (result -32)
[  538.877732][T12142] block nbd1: shutting down sockets
[  540.050194][T12174] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  540.477156][T12179] syz_tun: entered promiscuous mode
[  541.242792][T12179] syz_tun: left promiscuous mode
[  543.026325][T12206] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1743'.
[  543.098893][T12207] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  543.178930][T12207] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  544.075708][T12223] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  548.106586][ T5092] block nbd0: Receive control failed (result -32)
[  548.161909][T12225] block nbd0: shutting down sockets
[  548.411332][T12247] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1756'.
[  549.562160][T12265] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  554.764273][ T5080] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  554.787650][ T5080] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  554.797334][ T5080] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  554.811104][ T5080] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  554.823110][ T5080] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  554.832139][ T5080] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  554.940988][T12298] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1768'.
[  556.065340][T12315] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  556.126625][T12300] chnl_net:caif_netlink_parms(): no params data found
[  556.365464][ T5126] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  559.174655][ T5080] Bluetooth: hci5: command tx timeout
[  559.391061][    C1] raw-gadget.0 gadget.1: ignoring, device is not running
[  559.417690][    C1] raw-gadget.0 gadget.1: ignoring, device is not running
[  559.425911][ T5126] usb 2-1: device descriptor read/all, error -71
[  559.437354][T12300] bridge0: port 1(bridge_slave_0) entered blocking state
[  559.464748][T12300] bridge0: port 1(bridge_slave_0) entered disabled state
[  559.491351][T12300] bridge_slave_0: entered allmulticast mode
[  559.525646][T12300] bridge_slave_0: entered promiscuous mode
[  560.338695][T12341] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  560.410969][T12300] bridge0: port 2(bridge_slave_1) entered blocking state
[  560.437549][T12300] bridge0: port 2(bridge_slave_1) entered disabled state
[  560.488382][T12300] bridge_slave_1: entered allmulticast mode
[  560.508649][T12300] bridge_slave_1: entered promiscuous mode
[  560.573381][T12350] 9pnet_fd: Insufficient options for proto=fd
[  560.775567][T12300] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  560.895083][T12300] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  561.142828][T12300] team0: Port device team_slave_0 added
[  561.358120][ T5080] Bluetooth: hci5: command tx timeout
[  561.913854][T12364] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  562.000570][T12300] team0: Port device team_slave_1 added
[  563.048542][ T1249] ieee802154 phy0 wpan0: encryption failed: -22
[  563.054886][ T1249] ieee802154 phy1 wpan1: encryption failed: -22
[  563.281796][T12300] batman_adv: batadv0: Adding interface: batadv_slave_0
[  563.293714][T12300] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  563.324027][T12300] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  563.345240][T12300] batman_adv: batadv0: Adding interface: batadv_slave_1
[  563.356024][T12300] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  563.399090][T12300] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  563.422624][ T5080] Bluetooth: hci5: command tx timeout
[  565.498139][ T5080] Bluetooth: hci5: command tx timeout
[  566.804327][T12300] hsr_slave_0: entered promiscuous mode
[  566.822463][T12300] hsr_slave_1: entered promiscuous mode
[  566.867797][T12300] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  566.889575][T12300] Cannot create hsr debugfs directory
[  567.938403][   T29] audit: type=1326 audit(1720932972.865:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12390 comm="syz.2.1791" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe802775bd9 code=0x0
[  568.249598][T12398] 9pnet_fd: Insufficient options for proto=fd
[  569.248129][T12408] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  570.570566][T12300] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  570.865659][T12300] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  571.026521][T12300] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  572.018272][   T29] audit: type=1326 audit(1720932976.975:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12439 comm="syz.2.1803" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe802775bd9 code=0x0
[  572.269634][T12300] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  573.195926][T12450] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  573.418169][T12456] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  574.102408][T12456] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  574.255272][T12464] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  574.291116][T12456] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  574.410182][T12300] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  574.455683][T12300] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  574.476938][T12300] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  574.497682][T12300] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  574.773502][T12474] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  574.794940][   T29] audit: type=1326 audit(1720932980.395:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12468 comm="syz.3.1810" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f250f375bd9 code=0x0
[  575.665936][T12300] 8021q: adding VLAN 0 to HW filter on device bond0
[  575.775532][T12300] 8021q: adding VLAN 0 to HW filter on device team0
[  575.861451][ T5127] bridge0: port 1(bridge_slave_0) entered blocking state
[  575.868690][ T5127] bridge0: port 1(bridge_slave_0) entered forwarding state
[  576.006163][ T1801] bridge0: port 2(bridge_slave_1) entered blocking state
[  576.013536][ T1801] bridge0: port 2(bridge_slave_1) entered forwarding state
[  576.301496][T12487] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1816'.
[  576.331791][T12494] 9pnet_fd: Insufficient options for proto=fd
[  577.119064][T12300] 8021q: adding VLAN 0 to HW filter on device batadv0
[  577.168792][ T5079] usb 2-1: new full-speed USB device number 22 using dummy_hcd
[  577.272177][T12300] veth0_vlan: entered promiscuous mode
[  577.289884][T12300] veth1_vlan: entered promiscuous mode
[  577.342599][T12300] veth0_macvtap: entered promiscuous mode
[  577.371844][ T5079] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  577.389864][T12300] veth1_macvtap: entered promiscuous mode
[  577.403482][ T5079] usb 2-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  577.418199][  T784] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  577.436997][ T5079] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  577.452923][T12300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  577.464232][ T5079] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  577.476461][ T5079] usb 2-1: SerialNumber: syz
[  577.481845][T12300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  577.504809][T12300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  577.521583][T12300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  577.542064][ T5079] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22
[  577.560042][ T5079] usb-storage 2-1:1.0: USB Mass Storage device detected
[  577.565437][T12300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  577.604247][T12300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  577.607491][ T5079] usb-storage 2-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  577.647353][T12300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  577.665462][  T784] usb 3-1: Using ep0 maxpacket: 32
[  577.668028][T12300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  577.672418][  T784] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  577.700412][T12300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  577.701788][  T784] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  577.725008][T12300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  577.749334][T12300] batman_adv: batadv0: Interface activated: batadv_slave_0
[  577.753035][T12504] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  577.784030][T12504] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  577.833285][  T784] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  577.833957][T12300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  577.856288][ T5079] usb 2-1: USB disconnect, device number 22
[  577.881622][T12300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  577.907514][  T784] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  577.935063][T12300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  577.955459][  T784] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  577.957203][T12300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  577.976293][T12300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  577.993208][T12300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  578.004285][T12300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  578.015688][T12300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  578.026781][T12300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  578.040732][T12300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  578.062932][  T784] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  578.063304][T12300] batman_adv: batadv0: Interface activated: batadv_slave_1
[  578.123137][ T5080] block nbd4: Receive control failed (result -32)
[  578.144649][T12300] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  578.156274][  T784] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  578.165638][  T784] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  578.173762][  T784] usb 3-1: Product: syz
[  578.181488][T12532] block nbd4: shutting down sockets
[  578.186995][  T784] usb 3-1: Manufacturer: syz
[  578.192379][  T784] usb 3-1: SerialNumber: syz
[  578.205255][T12300] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  578.214314][T12300] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  578.226163][T12300] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  578.408710][  T784] cdc_ncm 3-1:1.0: bind() failure
[  578.456606][  T784] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  578.478177][  T784] cdc_ncm 3-1:1.1: bind() failure
[  578.512560][  T784] usb 3-1: USB disconnect, device number 33
[  578.523830][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  578.576692][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  578.614274][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  578.642807][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  578.656144][T12541] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1827'.
[  578.694782][ T5080] Bluetooth: hci0: unexpected event for opcode 0x203d
[  578.780012][T12548] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  578.886962][T12548] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  580.411338][ T5079] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  580.678234][ T5079] usb 4-1: Using ep0 maxpacket: 8
[  580.713351][ T5079] usb 4-1: config 0 has an invalid interface number: 125 but max is 3
[  580.745839][ T5079] usb 4-1: config 0 has an invalid interface number: 162 but max is 3
[  580.763753][ T5079] usb 4-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config
[  580.865299][ T5079] usb 4-1: config 0 has 2 interfaces, different from the descriptor's value: 4
[  580.910069][ T5079] usb 4-1: config 0 has no interface number 0
[  580.929372][ T5079] usb 4-1: config 0 has no interface number 1
[  580.935990][ T5079] usb 4-1: config 0 interface 125 altsetting 2 endpoint 0x1 has invalid maxpacket 512, setting to 64
[  580.975063][ T5079] usb 4-1: config 0 interface 125 altsetting 2 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  581.050324][ T5079] usb 4-1: config 0 interface 162 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 10
[  581.109310][ T5079] usb 4-1: config 0 interface 125 has no altsetting 0
[  581.116729][ T5079] usb 4-1: config 0 interface 162 has no altsetting 0
[  581.124425][ T5079] usb 4-1: string descriptor 0 read error: -22
[  581.152982][ T5079] usb 4-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd
[  581.189205][ T5079] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  581.261839][ T5079] usb 4-1: config 0 descriptor??
[  581.275330][ T5079] hub 4-1:0.125: bad descriptor, ignoring hub
[  581.287207][T12584] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1840'.
[  581.308891][ T5079] hub 4-1:0.125: probe with driver hub failed with error -5
[  581.329496][ T5079] usb 4-1: Found UVC 15.ff device <unnamed> (17dc:0202)
[  581.336466][ T5079] usb 4-1: No valid video chain found.
[  581.402822][ T5079] hub 4-1:0.162: bad descriptor, ignoring hub
[  581.422028][ T5079] hub 4-1:0.162: probe with driver hub failed with error -5
[  581.479224][T12572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  581.519441][T12572] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  581.640488][T12602] qrtr: Invalid version 48
[  581.712899][T12602] ip6t_srh: unknown srh match flags  4000
[  582.318351][ T5079] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  582.609764][ T5079] usb 5-1: New USB device found, idVendor=07ca, idProduct=a835, bcdDevice=21.fa
[  582.701254][T12624] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  583.283760][ T5080] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  583.293391][ T5080] Bluetooth: hci0: Injecting HCI hardware error event
[  583.303627][ T5092] Bluetooth: hci0: hardware error 0x00
[  583.340125][ T5079] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  583.380657][ T5079] usb 5-1: config 0 descriptor??
[  583.548706][  T784] usb 4-1: USB disconnect, device number 33
[  583.619831][T12614] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  583.677794][T12614] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  583.779781][ T5079] usb 5-1: string descriptor 0 read error: -71
[  583.827214][ T5079] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  583.872081][ T5079] dvb_usb_af9035 5-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[  583.937907][ T5079] usb 5-1: USB disconnect, device number 29
[  584.309543][ T5080] Bluetooth: hci5: SCO packet for unknown connection handle 0
[  584.402729][T12642] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1855'.
[  584.664951][T12652] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1858'.
[  585.225521][T12663] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  585.338192][ T5092] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  585.518114][ T5127] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  585.558254][T12663] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  586.354476][   T29] audit: type=1326 audit(1720932991.235:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12665 comm="syz.2.1863" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe802775bd9 code=0x0
[  586.480503][ T5127] usb 5-1: Using ep0 maxpacket: 8
[  586.509530][ T5127] usb 5-1: config 0 has an invalid interface number: 125 but max is 3
[  586.528495][ T5127] usb 5-1: config 0 has an invalid interface number: 162 but max is 3
[  586.540386][ T5127] usb 5-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config
[  586.557805][ T5127] usb 5-1: config 0 has 2 interfaces, different from the descriptor's value: 4
[  586.567796][ T5127] usb 5-1: config 0 has no interface number 0
[  586.579027][ T5127] usb 5-1: config 0 has no interface number 1
[  586.585709][ T5127] usb 5-1: config 0 interface 125 altsetting 2 endpoint 0x1 has invalid maxpacket 512, setting to 64
[  586.601057][ T5127] usb 5-1: config 0 interface 125 altsetting 2 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  586.616359][ T5127] usb 5-1: config 0 interface 162 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 10
[  586.635585][ T5127] usb 5-1: config 0 interface 125 has no altsetting 0
[  586.651829][ T5127] usb 5-1: config 0 interface 162 has no altsetting 0
[  586.662779][ T5127] usb 5-1: string descriptor 0 read error: -22
[  586.673844][ T5127] usb 5-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd
[  586.685747][ T5127] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  586.774371][ T5127] usb 5-1: config 0 descriptor??
[  586.815344][ T5127] hub 5-1:0.125: bad descriptor, ignoring hub
[  586.830452][ T5127] hub 5-1:0.125: probe with driver hub failed with error -5
[  586.850988][ T5127] usb 5-1: Found UVC 15.ff device <unnamed> (17dc:0202)
[  586.897548][ T5127] usb 5-1: No valid video chain found.
[  586.921497][ T5127] hub 5-1:0.162: bad descriptor, ignoring hub
[  586.951820][ T5127] hub 5-1:0.162: probe with driver hub failed with error -5
[  587.013880][T12664] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  587.043091][T12664] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  587.438249][T12683] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1870'.
[  587.623505][T12687] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1871'.
[  588.868385][ T5127] usb 5-1: USB disconnect, device number 30
[  588.896170][ T5092] block nbd0: Receive control failed (result -32)
[  588.903019][T12685] block nbd0: shutting down sockets
[  589.104208][T12709] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  589.184820][T12712] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  589.275743][T12709] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  589.330170][T12712] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  590.331230][T12721] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  590.494599][T12724] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1882'.
[  590.755722][ T5079] libceph: connect (1)[c::]:6789 error -101
[  590.768732][ T5079] libceph: mon0 (1)[c::]:6789 connect error
[  591.446886][T12730] ceph: No mds server is up or the cluster is laggy
[  591.464386][ T5079] libceph: connect (1)[c::]:6789 error -101
[  591.500676][ T5079] libceph: mon0 (1)[c::]:6789 connect error
[  591.618910][T12733] qrtr: Invalid version 48
[  591.643501][T12733] ip6t_srh: unknown srh match flags  4000
[  591.924781][T12743] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  592.579560][ T5125] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  592.652442][ T5092] Bluetooth: hci5: SCO packet for unknown connection handle 0
[  592.958335][ T5125] usb 4-1: Using ep0 maxpacket: 8
[  592.975579][ T5125] usb 4-1: config 0 has an invalid interface number: 125 but max is 3
[  593.230644][ T5125] usb 4-1: config 0 has an invalid interface number: 162 but max is 3
[  593.240442][ T5125] usb 4-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config
[  593.335718][ T5125] usb 4-1: config 0 has 2 interfaces, different from the descriptor's value: 4
[  593.387916][ T5125] usb 4-1: config 0 has no interface number 0
[  593.423209][ T5079] libceph: connect (1)[c::]:6789 error -22
[  593.428779][ T5125] usb 4-1: config 0 has no interface number 1
[  593.435454][ T5125] usb 4-1: config 0 interface 125 altsetting 2 endpoint 0x1 has invalid maxpacket 512, setting to 64
[  593.438377][ T5079] libceph: mon0 (1)[c::]:6789 connect error
[  593.452452][ T5125] usb 4-1: config 0 interface 125 altsetting 2 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  593.452510][ T5125] usb 4-1: config 0 interface 162 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 10
[  593.452536][ T5125] usb 4-1: config 0 interface 125 has no altsetting 0
[  593.452555][ T5125] usb 4-1: config 0 interface 162 has no altsetting 0
[  593.453441][ T5125] usb 4-1: string descriptor 0 read error: -22
[  593.606880][ T5125] usb 4-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd
[  593.620078][T12765] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1894'.
[  593.639733][ T5125] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  593.749057][ T5125] usb 4-1: config 0 descriptor??
[  593.769954][ T5079] libceph: connect (1)[c::]:6789 error -22
[  593.779008][ T5125] hub 4-1:0.125: bad descriptor, ignoring hub
[  593.779355][ T5079] libceph: mon0 (1)[c::]:6789 connect error
[  593.815446][ T5125] hub 4-1:0.125: probe with driver hub failed with error -5
[  593.903936][ T5125] usb 4-1: Found UVC 15.ff device <unnamed> (17dc:0202)
[  593.951499][ T5125] usb 4-1: No valid video chain found.
[  593.995456][T12739] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  594.002653][T12769] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  594.014528][ T5125] hub 4-1:0.162: bad descriptor, ignoring hub
[  594.033393][T12739] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  594.039769][ T5125] hub 4-1:0.162: probe with driver hub failed with error -5
[  594.174617][T12761] ceph: No mds server is up or the cluster is laggy
[  594.217490][T12769] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  595.530416][T12790] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  595.639446][T12790] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  595.809449][ T5092] Bluetooth: hci5: SCO packet for unknown connection handle 0
[  596.273064][T12809] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1906'.
[  596.528472][ T5126] usb 4-1: USB disconnect, device number 34
[  596.785590][T12819] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1909'.
[  597.886615][T12829] qrtr: Invalid version 48
[  597.935365][T12829] ip6t_srh: unknown srh match flags  4000
[  599.982905][T12836] qrtr: Invalid version 48
[  600.085052][T12836] ip6t_srh: unknown srh match flags  4000
[  600.304669][T12848] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  600.524094][T12848] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  601.343480][   T29] audit: type=1326 audit(1720933006.235:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12849 comm="syz.1.1919" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f73e2b75bd9 code=0x0
[  601.654261][T12871] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  601.783026][T12871] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  601.804650][T12871] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  601.882685][T12871] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  602.703080][T12889] qrtr: Invalid version 48
[  602.763332][T12889] ip6t_srh: unknown srh match flags  4000
[  603.095614][ T5092] Bluetooth: hci5: SCO packet for unknown connection handle 0
[  604.039316][   T11] bridge_slave_1: left allmulticast mode
[  604.085750][   T11] bridge_slave_1: left promiscuous mode
[  604.104260][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  604.114607][   T11] bridge_slave_0: left allmulticast mode
[  604.122565][   T11] bridge_slave_0: left promiscuous mode
[  604.131625][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  604.141525][ T5127] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  604.261131][T12909] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  604.341704][ T5127] usb 2-1: New USB device found, idVendor=07ca, idProduct=a835, bcdDevice=21.fa
[  604.363164][T12913] 9pnet_virtio: no channels available for device syz
[  604.366669][ T5127] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  604.387396][T12909] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  604.436861][ T5127] usb 2-1: config 0 descriptor??
[  604.665036][T12897] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  604.709256][T12897] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  604.769075][ T5127] usb 2-1: string descriptor 0 read error: -71
[  604.797386][ T5127] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  604.827478][ T5127] dvb_usb_af9035 2-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[  604.859590][ T5127] usb 2-1: USB disconnect, device number 23
[  605.038187][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  605.062416][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  605.080177][   T11] bond0 (unregistering): Released all slaves
[  605.199181][   T11] tipc: Left network mode
[  605.258854][T12931] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1942'.
[  605.293096][   T11] ------------[ cut here ]------------
[  605.299564][   T11] WARNING: CPU: 0 PID: 11 at net/mac80211/iface.c:515 ieee80211_do_stop+0x18d2/0x1ec0
[  605.309353][   T11] Modules linked in:
[  605.313258][   T11] CPU: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0
[  605.323432][   T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  605.333979][   T11] Workqueue: netns cleanup_net
[  605.339329][   T11] RIP: 0010:ieee80211_do_stop+0x18d2/0x1ec0
[  605.345257][   T11] Code: fd ff ff e8 a0 9a a7 f6 4c 89 ef e8 f8 45 0c 00 48 8b 5c 24 60 e9 9f fd ff ff e8 89 9a a7 f6 e9 95 fd ff ff e8 7f 9a a7 f6 90 <0f> 0b 90 e9 e9 ea ff ff e8 71 9a a7 f6 90 43 0f b6 04 27 84 c0 0f
[  605.365135][   T11] RSP: 0018:ffffc90000107380 EFLAGS: 00010293
[  605.371311][   T11] RAX: ffffffff8aee8cb1 RBX: 0000000000000002 RCX: ffff8880176b3c00
[  605.379347][   T11] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  605.387321][   T11] RBP: ffffc900001074e8 R08: ffffffff8aee7790 R09: 1ffffffff1f58d25
[  605.395378][   T11] R10: dffffc0000000000 R11: fffffbfff1f58d26 R12: dffffc0000000000
[  605.403558][   T11] R13: ffff88806c808e20 R14: 0000000000000001 R15: ffff88802a436750
[  605.411619][   T11] FS:  0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
[  605.420787][   T11] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  605.427387][   T11] CR2: 000000110c3a7ba5 CR3: 000000006d6fc000 CR4: 00000000003506f0
[  605.435814][   T11] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  605.444074][   T11] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  605.452184][   T11] Call Trace:
[  605.455465][   T11]  <TASK>
[  605.458434][   T11]  ? __warn+0x163/0x4e0
[  605.462592][   T11]  ? ieee80211_do_stop+0x18d2/0x1ec0
[  605.467917][   T11]  ? report_bug+0x2b3/0x500
[  605.472497][   T11]  ? ieee80211_do_stop+0x18d2/0x1ec0
[  605.477798][   T11]  ? handle_bug+0x3e/0x70
[  605.482237][   T11]  ? exc_invalid_op+0x1a/0x50
[  605.486932][   T11]  ? asm_exc_invalid_op+0x1a/0x20
[  605.492043][   T11]  ? ieee80211_do_stop+0x3b0/0x1ec0
[  605.497260][   T11]  ? ieee80211_do_stop+0x18d1/0x1ec0
[  605.502645][   T11]  ? ieee80211_do_stop+0x18d2/0x1ec0
[  605.508013][   T11]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  605.514373][   T11]  ? __pfx_ieee80211_do_stop+0x10/0x10
[  605.519934][   T11]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  605.526289][   T11]  ? wiphy_work_cancel+0x15c/0x1f0
[  605.531496][   T11]  ieee80211_stop+0x436/0x4a0
[  605.536598][   T11]  ? __pfx_ieee80211_stop+0x10/0x10
[  605.542254][   T11]  __dev_close_many+0x219/0x300
[  605.547131][   T11]  ? __pfx___dev_close_many+0x10/0x10
[  605.552657][   T11]  dev_close_many+0x24e/0x4c0
[  605.557383][   T11]  ? __pfx_lock_acquire+0x10/0x10
[  605.562532][   T11]  ? __pfx_dev_close_many+0x10/0x10
[  605.567749][   T11]  ? __pfx_lock_release+0x10/0x10
[  605.572841][   T11]  ? do_raw_spin_lock+0x14f/0x370
[  605.577907][   T11]  dev_close+0x1c0/0x2c0
[  605.582306][   T11]  ? do_raw_spin_unlock+0x13c/0x8b0
[  605.587532][   T11]  ? __pfx_dev_close+0x10/0x10
[  605.592440][   T11]  cfg80211_shutdown_all_interfaces+0xbb/0x1d0
[  605.598102][ T5127] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  605.598679][   T11]  ieee80211_remove_interfaces+0x106/0x700
[  605.612015][   T11]  ? __pfx___mutex_lock+0x10/0x10
[  605.617048][   T11]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  605.622975][   T11]  ? __pfx_ieee80211_remove_interfaces+0x10/0x10
[  605.629343][   T11]  ieee80211_unregister_hw+0x5d/0x2c0
[  605.634716][   T11]  mac80211_hwsim_del_radio+0x2c2/0x4c0
[  605.640719][   T11]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[  605.646806][   T11]  hwsim_exit_net+0x5c1/0x670
[  605.651810][   T11]  ? __pfx_hwsim_exit_net+0x10/0x10
[  605.657023][   T11]  ? __ip_vs_dev_cleanup_batch+0x239/0x260
[  605.663027][   T11]  cleanup_net+0x802/0xcc0
[  605.667453][   T11]  ? __pfx_cleanup_net+0x10/0x10
[  605.672414][   T11]  ? process_scheduled_works+0x945/0x1830
[  605.678156][   T11]  process_scheduled_works+0xa2c/0x1830
[  605.683710][   T11]  ? __pfx_process_scheduled_works+0x10/0x10
[  605.689742][   T11]  ? assign_work+0x364/0x3d0
[  605.694327][   T11]  worker_thread+0x86d/0xd50
[  605.698988][   T11]  ? __kthread_parkme+0x169/0x1d0
[  605.704055][   T11]  ? __pfx_worker_thread+0x10/0x10
[  605.709225][   T11]  kthread+0x2f0/0x390
[  605.713314][   T11]  ? __pfx_worker_thread+0x10/0x10
[  605.718521][   T11]  ? __pfx_kthread+0x10/0x10
[  605.723124][   T11]  ret_from_fork+0x4b/0x80
[  605.727531][   T11]  ? __pfx_kthread+0x10/0x10
[  605.732183][   T11]  ret_from_fork_asm+0x1a/0x30
[  605.736971][   T11]  </TASK>
[  605.740408][   T11] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  605.747677][   T11] CPU: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0
[  605.757742][   T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  605.767795][   T11] Workqueue: netns cleanup_net
[  605.772585][   T11] Call Trace:
[  605.775894][   T11]  <TASK>
[  605.778819][   T11]  dump_stack_lvl+0x241/0x360
[  605.783548][   T11]  ? __pfx_dump_stack_lvl+0x10/0x10
[  605.788756][   T11]  ? __pfx__printk+0x10/0x10
[  605.793345][   T11]  ? vscnprintf+0x5d/0x90
[  605.797671][   T11]  panic+0x349/0x860
[  605.801581][   T11]  ? __warn+0x172/0x4e0
[  605.805731][   T11]  ? __pfx_panic+0x10/0x10
[  605.810150][   T11]  ? ret_from_fork_asm+0x1a/0x30
[  605.815096][   T11]  __warn+0x346/0x4e0
[  605.819074][   T11]  ? ieee80211_do_stop+0x18d2/0x1ec0
[  605.824352][   T11]  report_bug+0x2b3/0x500
[  605.828688][   T11]  ? ieee80211_do_stop+0x18d2/0x1ec0
[  605.833959][   T11]  handle_bug+0x3e/0x70
[  605.838099][   T11]  exc_invalid_op+0x1a/0x50
[  605.842674][   T11]  asm_exc_invalid_op+0x1a/0x20
[  605.847511][   T11] RIP: 0010:ieee80211_do_stop+0x18d2/0x1ec0
[  605.853388][   T11] Code: fd ff ff e8 a0 9a a7 f6 4c 89 ef e8 f8 45 0c 00 48 8b 5c 24 60 e9 9f fd ff ff e8 89 9a a7 f6 e9 95 fd ff ff e8 7f 9a a7 f6 90 <0f> 0b 90 e9 e9 ea ff ff e8 71 9a a7 f6 90 43 0f b6 04 27 84 c0 0f
[  605.872998][   T11] RSP: 0018:ffffc90000107380 EFLAGS: 00010293
[  605.879052][   T11] RAX: ffffffff8aee8cb1 RBX: 0000000000000002 RCX: ffff8880176b3c00
[  605.887006][   T11] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  605.894963][   T11] RBP: ffffc900001074e8 R08: ffffffff8aee7790 R09: 1ffffffff1f58d25
[  605.902922][   T11] R10: dffffc0000000000 R11: fffffbfff1f58d26 R12: dffffc0000000000
[  605.910894][   T11] R13: ffff88806c808e20 R14: 0000000000000001 R15: ffff88802a436750
[  605.918885][   T11]  ? ieee80211_do_stop+0x3b0/0x1ec0
[  605.924082][   T11]  ? ieee80211_do_stop+0x18d1/0x1ec0
[  605.929396][   T11]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  605.935715][   T11]  ? __pfx_ieee80211_do_stop+0x10/0x10
[  605.941187][   T11]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  605.947507][   T11]  ? wiphy_work_cancel+0x15c/0x1f0
[  605.952609][   T11]  ieee80211_stop+0x436/0x4a0
[  605.957273][   T11]  ? __pfx_ieee80211_stop+0x10/0x10
[  605.962477][   T11]  __dev_close_many+0x219/0x300
[  605.967316][   T11]  ? __pfx___dev_close_many+0x10/0x10
[  605.972680][   T11]  dev_close_many+0x24e/0x4c0
[  605.977353][   T11]  ? __pfx_lock_acquire+0x10/0x10
[  605.982456][   T11]  ? __pfx_dev_close_many+0x10/0x10
[  605.987638][   T11]  ? __pfx_lock_release+0x10/0x10
[  605.992647][   T11]  ? do_raw_spin_lock+0x14f/0x370
[  605.997662][   T11]  dev_close+0x1c0/0x2c0
[  606.001907][   T11]  ? do_raw_spin_unlock+0x13c/0x8b0
[  606.007090][   T11]  ? __pfx_dev_close+0x10/0x10
[  606.011848][   T11]  cfg80211_shutdown_all_interfaces+0xbb/0x1d0
[  606.018010][   T11]  ieee80211_remove_interfaces+0x106/0x700
[  606.023803][   T11]  ? __pfx___mutex_lock+0x10/0x10
[  606.028816][   T11]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  606.034692][   T11]  ? __pfx_ieee80211_remove_interfaces+0x10/0x10
[  606.041014][   T11]  ieee80211_unregister_hw+0x5d/0x2c0
[  606.046379][   T11]  mac80211_hwsim_del_radio+0x2c2/0x4c0
[  606.051925][   T11]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[  606.058016][   T11]  hwsim_exit_net+0x5c1/0x670
[  606.062700][   T11]  ? __pfx_hwsim_exit_net+0x10/0x10
[  606.067908][   T11]  ? __ip_vs_dev_cleanup_batch+0x239/0x260
[  606.073737][   T11]  cleanup_net+0x802/0xcc0
[  606.078151][   T11]  ? __pfx_cleanup_net+0x10/0x10
[  606.083122][   T11]  ? process_scheduled_works+0x945/0x1830
[  606.088844][   T11]  process_scheduled_works+0xa2c/0x1830
[  606.094415][   T11]  ? __pfx_process_scheduled_works+0x10/0x10
[  606.100426][   T11]  ? assign_work+0x364/0x3d0
[  606.105047][   T11]  worker_thread+0x86d/0xd50
[  606.109654][   T11]  ? __kthread_parkme+0x169/0x1d0
[  606.114671][   T11]  ? __pfx_worker_thread+0x10/0x10
[  606.119791][   T11]  kthread+0x2f0/0x390
[  606.123846][   T11]  ? __pfx_worker_thread+0x10/0x10
[  606.128944][   T11]  ? __pfx_kthread+0x10/0x10
[  606.133542][   T11]  ret_from_fork+0x4b/0x80
[  606.137957][   T11]  ? __pfx_kthread+0x10/0x10
[  606.142574][   T11]  ret_from_fork_asm+0x1a/0x30
[  606.147344][   T11]  </TASK>
[  606.150605][   T11] Kernel Offset: disabled
[  606.155026][   T11] Rebooting in 86400 seconds..