last executing test programs:

8.381734117s ago: executing program 1 (id=979):
socket$netlink(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_open_dev$vcsn(&(0x7f0000000040), 0x5, 0x541940)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x10, 0x3a, 0x0, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0xff, 0x0, 0x2}}}}}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
readv(r2, &(0x7f0000000240)=[{&(0x7f00000000c0)=""/15, 0xf}, {&(0x7f0000000180)=""/172, 0x2000022c}], 0x3)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv4_newrule={0x24, 0x20, 0x301, 0x0, 0x0, {}, [@FRA_GENERIC_POLICY=@FRA_PRIORITY={0x8}]}, 0x24}}, 0x0)
syz_open_dev$sndpcmc(0x0, 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(0xffffffffffffffff, 0xc2604110, &(0x7f0000000040)={0x0, [[], [0x0, 0x5], [0x6]], '\x00', [{0x0, 0x1}]})
io_uring_enter(r3, 0x24e, 0x5cca, 0x11, &(0x7f0000000300)={[0x3]}, 0x8)
io_uring_setup(0x0, &(0x7f0000000080))
r4 = dup(0xffffffffffffffff)
ioctl$PTP_EXTTS_REQUEST2(r4, 0x40603d07, &(0x7f0000000040))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=@gettaction={0xec, 0x32, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0xe519}, @action_gd=@TCA_ACT_TAB={0x38, 0x1, [{0xc, 0x1e, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7fffffff}}, {0xc, 0x7, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xfc}}, {0x10, 0xe, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0xc, 0x15, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0x14, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}]}, @action_gd=@TCA_ACT_TAB={0x40, 0x1, [{0xc, 0x1b, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0xc, 0xf, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1e4}}, {0xc, 0xd, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0xc, 0x6, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}, {0xc, 0x4, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5e}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x0, 0x1}}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x7}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x7f}]}, 0xec}}, 0x0)

7.617720826s ago: executing program 0 (id=984):
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="940000001300290a000000000000000007000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\f\x00\x00N\a\x00'], 0x94}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x200000000000011, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2ca1ff0010000100"/20, @ANYRES32=r3, @ANYBLOB="0000000019"], 0x2c}}, 0x0)

7.424652329s ago: executing program 1 (id=985):
r0 = socket$inet_dccp(0x2, 0x6, 0x0)
setsockopt(r0, 0x800000010d, 0x2, &(0x7f0000000000)="c94e2f1099", 0x1e)
r1 = socket(0x840000000002, 0x3, 0xfa)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x80080, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000380)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x275a, 0x0)
r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
dup2(r6, r5)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12, r5, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0', [{0x20, '\\@'}, {0x20, '@-$('}, {}], 0xa, "3d86741041258553f4b253012698ed2040c30f4bb4ca922a9d59a97ab23b6d62dc4a6f75b471deab90bac671b552f3e125e145474e2f662e519f117163cd4bfc31af59cc010345d873f98a8687508debb0f511839f49d53e366c88c9e8c5a319649d9e4e4aa6f3480d6826e0892279f0ae7e769648a30b77d3de71"}, 0x8f)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x1, 0x1, 0xffff1102, 0xfdbae57f65633bcb, 0xffffffffffffffff, 0x7f000000, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x5, 0x0, 0xc}, 0x48)
r7 = socket(0x2, 0x3, 0xff)
bind$inet(r7, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x37}}, 0x10)
connect$inet(r7, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10)
write$binfmt_elf32(r7, &(0x7f0000000180)=ANY=[], 0x58)
sendmmsg$inet(r1, &(0x7f0000000d80), 0x0, 0x0)

7.29081156s ago: executing program 0 (id=986):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000940)={{}, 'syz0\x00', 0x4})
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x12)
ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x1)
ioctl$UI_DEV_CREATE(r0, 0x5501)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r2 = dup(r1)
write$uinput_user_dev(r2, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x180, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x45c)

7.179490777s ago: executing program 4 (id=987):
r0 = socket(0x1e, 0x4, 0x0)
socket(0x1e, 0x4, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={0x0}, 0x10)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})
bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet6(0xa, 0xa, 0x200)
socket$alg(0x26, 0x5, 0x0)
r3 = syz_io_uring_setup(0x1911, &(0x7f00000003c0)={0x0, 0x4bf1, 0x10100, 0x2000}, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r3, 0xa3a, 0x0, 0x2, 0x0, 0xffffffffffffffb3)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
quotactl$Q_QUOTAON(0x0, 0x0, 0x0, 0x0)
listen(r2, 0x3)
r6 = socket$inet_dccp(0x2, 0x6, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4008040)
connect$inet(r6, &(0x7f0000772000)={0x2, 0x4e23}, 0x10)
r7 = accept4(r2, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000440)={0xe, 0x18, 0xfa00, @id_resuseaddr={0x0}}, 0x20)
sendmmsg(r7, &(0x7f0000001500), 0x588, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000080)={<r8=>0x0, 0x32, "2f0d0575a8155dfa8b180cd0da5f1e173f1100abfb6dfa105267ab747e7a02f73cc0980b56a205614892fbfa882161b7c166"}, &(0x7f00000000c0)=0x3a)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000140)={r8, 0x10, 0x7, 0x2, 0xa, 0xff}, 0x14)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff)
socket$pppl2tp(0x18, 0x1, 0x1)

6.994098119s ago: executing program 0 (id=988):
ioprio_set$pid(0x1, 0x0, 0x2000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$inet6(0xa, 0x6, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0xfffffffffffffff0)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='ext4_sync_fs\x00', r1}, 0x10)
listen(0xffffffffffffffff, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0x3, 0x2)
preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f000001b080)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r5 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt(r5, 0x65, 0x1, &(0x7f0000000080), 0x1d0)
bind$can_raw(r5, &(0x7f0000000000), 0x10)
close(r5)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x8, 0x0, 0x0}}, 0x10)
setsockopt$inet6_tcp_int(r3, 0x6, 0x19, 0x0, 0x0)
listen(r3, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)

6.864419695s ago: executing program 1 (id=989):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000240)=ANY=[@ANYBLOB="1201000059d360205f0501d09288000000010902120001000000000904"], 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000900)={0x41, 0x3}, 0x10) (async)
r2 = socket$tipc(0x1e, 0x2, 0x0) (async)
r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000a40)=ANY=[@ANYBLOB="12010000c99dc510d6124404de6c010203010902120001000000000904001400fcaeb400"], 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x41, 0x0, 0x1}, 0x10) (async)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) (async)
sendmsg$tipc(r4, &(0x7f0000000240)={&(0x7f0000000080), 0x10, 0x0}, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r3, 0x0, 0x0)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) (async)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r5)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)={0x30, r8, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_TX_RATES={0x14, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x10, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_HT={0x5, 0x2, [{0x0, 0x4}]}]}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x2048080}, 0x0) (async)
sendmsg$NL80211_CMD_DEL_STATION(r5, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="30010000", @ANYRES16=r6, @ANYBLOB="020007000000fbdbdf255c6c393dffb46fe6", @ANYRES32=r9, @ANYBLOB="0800a40002000000050029000c0000001400bd00090008000004020003005b00ff0301800500e40001000000de00be001f721f3de786a5461b5f4e4f8c63a33ed929ea6c43cb4a44674be31cd7a2559c587d6a1cfd6405b53e07aa94ca51dfca693a1b791609400b2578e8329936f2b15f7c538f23c14e74a4b60d8044efe527f0a3ec361e0cf3c50ed74e3d73856594ac881812f0603bc1df1b5bbb28093c863f4128b8e6fa3c6a19bd7b8cde3be3d55cb679527289f526194c4262cf317ef86178fbd27d6d5cc6dbdf94b15ac66b11df097bc9f4c624c4aba058d0fe556e24fd53e25cb317870a22a8b7f2d0aa6f974588697473c9886b26143b70e29566d49c34b8ffb530f5fffdb800000600ed00e7060000"], 0x130}, 0x1, 0x0, 0x0, 0x20000040}, 0x40)
readlinkat(r5, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)=""/14, 0xe)

5.461149247s ago: executing program 1 (id=991):
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
socket$pppoe(0x18, 0x1, 0x0)
socket$pppoe(0x18, 0x1, 0x0)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x101100, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="120100009e173610ef171e7206de0102030109021200010000000009040000000206"], 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x378, 0xffffffff, 0x1c0, 0xf8, 0x1c0, 0xffffffff, 0xffffffff, 0x2e0, 0x2e0, 0x2e0, 0xffffffff, 0x4, 0x0, {[{{@ip={@empty, @loopback, 0x0, 0x0, 'veth0_to_batadv\x00', 'wlan0\x00', {}, {}, 0x11}, 0x0, 0xd0, 0xf8, 0x0, {0x100000000000000}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x2, 0x0, 0xf}}, @common=@unspec=@connmark={{0x30}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}}]}, @common=@inet=@SET1={0x28}}, {{@ip={@rand_addr, @loopback, 0x0, 0x0, 'batadv_slave_0\x00', 'veth1\x00'}, 0x0, 0xe0, 0x120, 0x0, {}, [@common=@osf={{0x50}, {'syz0\x00'}}, @common=@socket0={{0x20}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000480)={0x2c, &(0x7f0000000000)=ANY=[@ANYBLOB="00000700000035da08"], 0x0, 0x0, 0x0, 0x0})
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000c40), 0x12)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200)=0x1, 0x12)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000440), 0x1c)
name_to_handle_at(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x800)
socket$qrtr(0x2a, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
epoll_create1(0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)

5.380936895s ago: executing program 0 (id=992):
syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_mount_image$fuse(0x0, 0x0, 0x200b012, 0x0, 0x80, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(0xffffffffffffffff, 0x84, 0x23, &(0x7f0000000140)={0x0, 0x800}, 0x8)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x38}}, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f00000000c0)={0x0, 0x0, <r3=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r3, 0xc05064a7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000100)=[0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x3, 0x0, 0x0, r2})
syz_usb_connect(0x0, 0x3c3, &(0x7f0000000680)=ANY=[], 0x0)

5.363098842s ago: executing program 2 (id=993):
fsopen(&(0x7f00000000c0)='virtiofs\x00', 0x0)
r0 = epoll_create1(0x0)
r1 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000080)={0x20000014})
epoll_pwait(r0, &(0x7f0000000040)=[{}], 0x1, 0x2000000, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prctl$PR_SCHED_CORE(0x3e, 0x3, 0x0, 0x2, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
gettid()
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r2, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYRESHEX=r1, @ANYRES16=0x0, @ANYBLOB="080027bd7000fedbdf250b0000000800040008000000540001800600010000000000050002000d00000014000400fc0100000000000000000000000000000600010002000000080006000600000014000400fe8000000000000000000000000000aa080006000800000008000300030000001400068006000100020000000500020004000000"], 0x8c}, 0x1, 0x0, 0x0, 0x81}, 0x4000)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x0, @thr={0x0, &(0x7f0000000300)="adfb8104df42ae2d2cd9fb54b937589dab18078215d2265cefac603b86d00d31da14bd00397a5a131b1e2982438fb6689139c5924042335732c461f47b1a8dac41fb897988d66207a8ff3d342a379b40c96c96cb"}}, 0x0)
socket$inet(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000b40)=@filter={'filter\x00', 0x42, 0x4, 0x338, 0xffffffff, 0x0, 0xa8, 0x1e8, 0xffffffff, 0xffffffff, 0x2a0, 0x2a0, 0x2a0, 0xffffffff, 0x4, 0x0, {[{{@ip={@local, @remote, 0x0, 0x0, 'syzkaller1\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0xa8, 0x0, {0x88000000}}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff}, {0xffffffffffffffff}, {0xffffffffffffffff}}}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'bridge_slave_0\x00'}, 0x0, 0x118, 0x140, 0x0, {0x122}, [@common=@set={{0x40}, {{0xffffffffffffffff, [0x0, 0x4, 0x2, 0x7], 0x0, 0x4}}}, @common=@unspec=@rateest={{0x68}, {'wlan1\x00', 'team_slave_1\x00'}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x2}}}, {{@uncond, 0x0, 0x90, 0xb8, 0x0, {}, [@common=@socket0={{0x20}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x1}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x398)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="020a000307000000000000000000000005001a00ff020000000000000000000000000001ac1414bb0000000000000000000000000046c3"], 0x38}}, 0x0)
openat$sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400))
socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000640)={0x0, @in={{0x2, 0x4e21, @multicast2}}, 0x2, 0xf}, 0x90)
bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e21, @broadcast}, 0x10)
io_uring_setup(0x1b80, &(0x7f0000000180)={0x0, 0x2, 0x800})
syz_io_uring_setup(0x1c68, &(0x7f0000000080)={0x0, 0x7c40, 0x0, 0x0, 0x1b9}, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000380)={0x0, 0x0, 0x5}, 0x0, &(0x7f0000000140)={0xb, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, 0x0)
sendto$inet(r5, 0x0, 0x0, 0x200408c4, &(0x7f0000000200)={0x2, 0x4e21, @local}, 0x10)
shutdown(r5, 0x1)

5.362298905s ago: executing program 4 (id=994):
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$netlink(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000003a00)=ANY=[], 0x13cc}], 0x1, 0x0, 0x0, 0x24008840}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x34, &(0x7f0000000040)=0x10001)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$MRT6_DEL_MFC(r1, 0x29, 0x24, 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000e40)=ANY=[@ANYBLOB="04030b00e5ae57c43ec78b8e0100"], 0xe)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58)
accept(r3, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0)
open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0)
r4 = gettid()
ptrace$peek(0xffffffffffffffff, r4, &(0x7f00000000c0))
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x43}}, 0x10)
ioctl$BTRFS_IOC_GET_FEATURES(r3, 0x80189439, &(0x7f0000000280))
connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10)
syz_open_dev$dri(&(0x7f0000000080), 0x6f8, 0x80)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@deltfilter={0x2c, 0x2d, 0x2, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x8, 0x9}, {0xfff3, 0xe}, {0xb, 0xf}}, [@TCA_CHAIN={0x8, 0xb, 0xbb}]}, 0x2c}, 0x1, 0x0, 0x0, 0x844}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendto$packet(0xffffffffffffffff, &(0x7f0000000080)="e7feeeb53d72", 0x6, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r5, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x2d, 0x0)

4.840459421s ago: executing program 3 (id=964):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x0, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="00000000081db122d1aa26804daa36000a690000"], 0x0}, 0x90)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x112, r4, 0x1031a000)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$fou(&(0x7f0000001380), 0xffffffffffffffff)
sendmsg$FOU_CMD_GET(r8, &(0x7f0000001440)={0x0, 0x0, &(0x7f0000001400)={&(0x7f00000013c0)={0x1c, r9, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_IFINDEX={0x8}]}, 0x1c}}, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="f8000000160001000000000000000000fc000000000000000000000000000000fe8000000000000000000000000000bb0000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000001000004d36c00000000000000000000000000000000000000000000000000000000000000ff07000000000000ef0600000000000009000000000000000000000000000000771bffffffffffff5501000000000000000000000000007081000000000000000100000000"], 0xf8}}, 0x800)
clock_adjtime(0x0, &(0x7f0000000140)={0x930b})
syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000340)="3681ba0eed04000f20e06635000010000f22e0260f115ffdbaf80c66b8a447cb8866efbafc0c66b80028000066efbad004b009eebaf80c66b8fb2b2c8066efbafc0cec663ed9f3b86b078ed82b380f02759a", 0x52}], 0x1, 0x10, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000500)=ANY=[@ANYRES64=r1, @ANYBLOB='v:'], 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r10 = bpf$ITER_CREATE(0x21, &(0x7f0000000300)={r2}, 0x8)
copy_file_range(r8, &(0x7f00000002c0)=0x6, r10, &(0x7f00000003c0)=0x889, 0xffffffff00000000, 0x0)

4.306694775s ago: executing program 2 (id=995):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x915d)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_open_dev$admmidi(0x0, 0x20, 0x0)
ioctl$SNDCTL_SEQ_PANIC(0xffffffffffffffff, 0x5100)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r3 = dup(r2)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00')
pread64(r5, &(0x7f000001a240)=""/102400, 0x19000, 0x800000100008)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
capset(&(0x7f0000000080)={0x20071026, 0xffffffffffffffff}, &(0x7f0000000040)={0x200000, 0x200000, 0x6})
r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x580}, 0x48)
write$P9_RLOPEN(r6, &(0x7f0000000180)={0x18}, 0x18)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/config', 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
getdents(r6, 0x0, 0x0)
close(0xffffffffffffffff)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
syz_io_uring_setup(0x24f9, 0x0, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)={0x0, 0x0, 0x2}, 0x10)
userfaultfd(0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)

4.301415398s ago: executing program 4 (id=996):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_open_dev$ndb(&(0x7f0000000140), 0x0, 0x0)
add_key(&(0x7f0000000000)='big_key\x00', 0x0, &(0x7f0000000080)="ae", 0x1, 0xffffffffffffffff)
r3 = socket(0x2c, 0x4, 0xfffffffc)
ioctl$SIOCGETMIFCNT_IN6(r3, 0x89e0, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000a00)={@map=0x1, 0xffffffffffffffff, 0x20, 0x0, 0xffffffffffffffff, @prog_fd}, 0x20)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000680)={0x9, &(0x7f0000000600)=[{0x81, 0x61, 0x7, 0x2}, {0x9, 0x0, 0x6, 0x2}, {0x38, 0x5, 0x6}, {0x5, 0xb, 0x5, 0x3ff}, {0x80, 0x2c, 0x7, 0x40000000}, {0x1041, 0xfa, 0x4, 0x6b}, {0xa, 0x4, 0x7, 0x7}, {0x1, 0x1, 0x4, 0xffffffff}, {0x182, 0x40, 0x5, 0x9}]})
getsockopt$inet_buf(r4, 0x0, 0x2f, &(0x7f00000002c0)=""/182, &(0x7f00000000c0)=0xb6)
connect$inet(r4, &(0x7f00000006c0)={0x2, 0x0, @multicast1}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
getsockopt$bt_hci(r4, 0x0, 0x1, &(0x7f00000001c0)=""/216, &(0x7f0000000000)=0xd8)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000001140)={0x24, &(0x7f0000000ec0)={0x0, 0x0, 0x2, {0x2}}, 0x0, 0x0, 0x0}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000800)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_QOS_MAP(r3, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000480)={&(0x7f0000000540)={0xac, 0x0, 0x4, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_QOS_MAP={0x20, 0xc7, {[{0x9}, {0x2, 0x5}, {0x7, 0x1}, {0x6, 0x5}, {0xc4, 0x1}, {0x10}, {0x0, 0x3}, {0xf2}, {0xd}, {0xba, 0x1}], "a43c12a62b59f9c1"}}, @NL80211_ATTR_QOS_MAP={0x18, 0xc7, {[{0x3}, {0x3, 0x2}, {0x4, 0x2}, {0x4, 0x2}, {0x6, 0x4}, {0xf0, 0x2}], "792aeb5e08630cbe"}}, @NL80211_ATTR_QOS_MAP={0x2a, 0xc7, {[{0x0, 0x2}, {0xfe, 0x7}, {0x40, 0x7}, {0x6, 0x2}, {0x8, 0x4}, {0x2, 0x2}, {0x4, 0x2}, {0x2, 0x1}, {0x3, 0x4}, {0x0, 0x4}, {0x2, 0x6}, {0x7, 0x1}, {0x80}, {0x10, 0x5}, {0x6, 0x2}], "89d014d63a582882"}}, @NL80211_ATTR_QOS_MAP={0x2c, 0xc7, {[{0xe0}, {0x80, 0x4}, {0x5}, {0xfb, 0x6}, {0xd, 0x7}, {0x80, 0x1}, {0x81, 0x2}, {0x8, 0x4}, {0x6, 0x2}, {0x4, 0x2}, {0xf8, 0x3}, {0x80, 0x7}, {0x5}, {0x7, 0x7}, {0x8, 0x2}, {0x2, 0x2}], "0efdcdf9e865815e"}}]}, 0xac}, 0x1, 0x0, 0x0, 0x40001}, 0x0)
sendmmsg$inet(r4, 0x0, 0x0, 0x4004441)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_CLOCK(r7, 0xc048aec8, &(0x7f0000000100)={0x1})
r8 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r8, 0xc004743e, &(0x7f0000000140))
ioctl$BLKBSZSET(r2, 0x1265, &(0x7f0000000180))
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="2400000001010303000000000000000000000000080003400000000008000840000000009ecd5e37e6a062e1eeabdd27caf7d0f636796d5673d85ab372ec560014b01ef6711fe9220b2f9a386b369c17a6487b3fd3cd0d9d73b3d274d793ea61e9f0dde4e93da72e565b05cc326b4d8f00d9f794a5f81d32a6d50d3cb38ab2a5e0f856fe28c8fce7f82a2e9ee2a36aed81ca18f47d967aaa29a491632c3dbe2add88aa2793136a4839fa447fff411318935aaafb0ec71454147dd227f1ad6b7984bdd5f67b118be10cc92c9e5a850c485e27c5cd6b25412e5d54b91a9679dd99ab1001097c93f19f9d86316526"], 0x24}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newlink={0x50, 0x10, 0x439, 0xffffffff, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x16bf7}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @private1}]}}}, @IFLA_MTU={0x8, 0x4, 0x4}]}, 0x50}, 0x1, 0x0, 0x0, 0x20811}, 0x0)

3.852569637s ago: executing program 3 (id=997):
creat(&(0x7f0000000000)='./file0\x00', 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sched_setscheduler(0x0, 0x5, &(0x7f0000000100))
ioprio_set$pid(0x1, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
sendfile(r1, r1, 0x0, 0x548)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16, @ANYBLOB], 0x54}}, 0x0)
sendmsg$TIPC_NL_PUBL_GET(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)={0xe0, r2, 0x1, 0x0, 0x0, {0x2}, [@TIPC_NLA_BEARER={0xcc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0xfffff642, @ipv4={'\x00', '\xff\xff', @empty}, 0x8}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0xf7, @loopback, 0xbb1a}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @broadcast}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x2, @dev={0xfe, 0x80, '\x00', 0x20}, 0x2}}}}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x28000}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0xe0}}, 0x4000004)
syz_usb_connect$cdc_ecm(0x0, 0x5a, &(0x7f0000000840)=ANY=[@ANYBLOB="12010000020000402505a1a4400001020301090248000101570000090400000002060000052406000005240000000d240f010000000000000000000424020009058103275dd70700000009058202000008000009050302000000000020d8722d64d8ab9e62ec3ac612303a8c23642c46ea05f9c3fdb7d763298cbd28aa61b1acf07a646e5a125642b30014fa86c2e6972c4262bc3a61706e0c61d978218b0d4dc21dc5b08359a0d0148913ac4fe2f26b6215091f7fadeff0a4bee962b94af0f824accafce2e79bb76d1cf498f3dcd5b0f20a21f6662c32af0c1bfa74079df850e32ecafc032f60"], 0x0)

3.362815763s ago: executing program 1 (id=998):
r0 = socket$nl_route(0x10, 0x3, 0x0)
set_mempolicy(0x3, &(0x7f0000000040)=0x10000000005, 0x7)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000240)={0x2, 0x3, 0x0, 0x3, 0xb, 0x0, 0x0, 0x0, [@sadb_key={0x4, 0x9, 0xa0, 0x0, "e9257fb792464e730df1194699dec293ed461dfe"}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xd}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev}}]}, 0x58}, 0x1, 0x7}, 0x0)
r3 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card0/oss_mixer\x00', 0x121401, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x10)
r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32=r5], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000000c0)=r6, 0x4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xb, &(0x7f0000000000)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0xa0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r5}, &(0x7f0000000100), &(0x7f0000000140)=r7}, 0x20)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_INFO(r8, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14, r9, 0x100, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x98bd81c42858a6bc}, 0x1)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)}], 0x1}, 0x0)
write$proc_mixer(r3, &(0x7f0000000180)=ANY=[@ANYBLOB='VOLUME \'Line\' 1D'], 0x23)
close_range(r1, 0xffffffffffffffff, 0x0)
gettid()
r10 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x141102)
syz_usb_connect(0x0, 0x24, &(0x7f0000000c80)={{0x12, 0x1, 0x0, 0x6e, 0x8f, 0x4a, 0x8, 0x4e6, 0x5591, 0x5836, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x60, 0xcc, 0x86}}]}}]}}, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r10, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='rdma.current\x00', 0x100002, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c00000010000104000000000000000000000000fb91ded61005d5f523de3ef681a7c407d51ca1f391d219900c825b32433282fad9bf87075f754a7d3ff7e24d9fe3bd80da7973009c1a4fc5676740b73d00f756a4bcb5776ed1c972df77860210d69ac491c04cd6e30703a3bf30b29bb3b13035dfccf46fc18703a6b64442ec2dcf3dee1eb12b1edb5be367827d8864ea6c009a9b60e0610ce9c0a41117392c844ff3e37500f8ecc8093a48d2854b91eb3a3eec8f22d4dfb575e40c13c85dd4dbd71a8069116aa38e13143145cbcca44a7067710033357acfb3dbddd2b921d9e6581e316abf85ad1fbaee7c561b0f771b8410a630", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028008000200e0000002"], 0x3c}}, 0x0)

3.27955758s ago: executing program 4 (id=999):
socket$pppl2tp(0x18, 0x1, 0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r0 = socket$alg(0x26, 0x5, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x300, 0x0)
r1 = socket$l2tp(0x2, 0x2, 0x73)
getsockname$l2tp(r1, 0x0, &(0x7f0000000140))
bind$alg(r0, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0), 0x4)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0)
dup(0xffffffffffffffff)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, 0x0, 0x20000010)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r4 = socket(0x0, 0x3, 0x100)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
setsockopt$sock_timeval(r4, 0x1, 0x0, 0x0, 0x0)
socket$inet(0x2, 0x0, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000740)=ANY=[@ANYBLOB="540100001a0013070000000000000000ac141400"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffffff0000000000000000000000000000000032000000ac14141700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001c"], 0x154}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000640)={'wlan0\x00'})
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)

3.145090431s ago: executing program 2 (id=1000):
socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000080)={0x5, 0xffff843d, {}, {0xee01}, 0xffffffffffffffff, 0x1})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x300, 0x0)
r2 = socket$l2tp(0x2, 0x2, 0x73)
getsockname$l2tp(r2, 0x0, &(0x7f0000000140))
bind$alg(0xffffffffffffffff, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, &(0x7f00000000c0), 0x4)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0)
dup(0xffffffffffffffff)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, 0x0, 0x20000010)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="04230d00c9001a004cf8eb0831bff1911bf2611d76d3309077234b78b82604d7de14af5b56050ced3cc3bc00db487f0697"], 0x10)
r4 = socket(0x0, 0x3, 0x100)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
setsockopt$sock_timeval(r4, 0x1, 0x0, 0x0, 0x0)
socket$inet(0x2, 0x0, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000740)=ANY=[@ANYBLOB="540100001a0013070000000000000000ac141400"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffffff0000000000000000000000000000000032000000ac141417000000000000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001c"], 0x154}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)={0x2c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random="8b"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1608}]]}, 0x2c}}, 0x0)

2.218675379s ago: executing program 4 (id=1001):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="b80000001900674c0000000000000000ff010000000000000000000000000001e000000100000000000000000000000000000000000000000a"], 0xb8}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000700)=@updpolicy={0x36c, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@mcast1, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x8000}, [@encap={0x1c, 0x4, {0xfffffffffffffffd, 0x4e20, 0x4e20, @in6=@private2={0xfc, 0x2, '\x00', 0x1}}}, @tfcpad={0x8, 0x16, 0xb}, @policy_type={0xa, 0x10, {0x1}}, @user_kmaddress={0x2c, 0x13, {@in=@loopback, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0xa}}, @policy_type={0xa}, @algo_crypt={0xfe, 0x2, {{'chacha20-arm\x00'}, 0x5b0, "28fee04aec197e964d1f996f17c4f3ea2c384e37c7868c116c9b65254721bc083c04bfcf9b4a4c7e659619b68554897b4ce4f7362cbf6eb281923b3504d211c8822cf1f7186c2917160e885f4aa30744f5ae02cbafe0fa65a9b036034db5b429aee2000626aa13e55db02777167f8f50f36feee6743c6ebf33b772b956aae1ecbac814cab6da8c6190c5c49fdc7cf16b7161c0140a9b3cd4a3eba65500f3bd320baa5ce27cf6a1f1092ac6f44c710852a0b72e3bd44e"}}, @algo_auth={0x122, 0x1, {{'rmd160-generic\x00'}, 0x6d0, "c5e2659c5220a19e67e597274ecc741293b91df30a061dbd35ac2bef6dd2537d62d9b9aa5719171f98ccbc6d5875ebe71e0209ddf28c79f05ec268897fde36128e3d5544a66e42f59bdde56374ad06d659762b2e2e1c772f6bf5504fe38316a024a5ddcbbfed6871c3652e42ed1a59216bd9bbb7dba0fbd82f48850039631b3f5e4ec00d8976227f5d494499aedaede283f1873b50fc13044f248ef9f43f013949142600b21d0cbdaf51addb717decf24221da58579366a088308e057c5f5a04453977f3760937b2cd9fbf8c73bc702b3ffbe1b49128c8fc8393"}}, @coaddr={0x14, 0xe, @in=@multicast1}, @tfcpad={0x8, 0x16, 0x5}, @lastused={0xc, 0xf, 0x3}]}, 0x36c}}, 0x40800)
sendmsg$nl_xfrm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="b80000001900674c0000000000000000ff010000000000000000000000000001e000000100000000000000000000000000000000000000000a00000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e2ffffffffffffff000000000000000000000000000000000000000000000300000000000000000040"], 0xb8}, 0x1, 0x0, 0x3000}, 0x0)

2.161170728s ago: executing program 0 (id=1002):
io_uring_setup(0x354a, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x258})
r0 = socket$inet(0x2, 0x80001, 0x84)
sendmmsg$inet(r0, &(0x7f0000000ac0)=[{{&(0x7f0000000200)={0x2, 0x0, @rand_addr=0x64010102}, 0x10, &(0x7f0000000280)=[{&(0x7f00000003c0)='}', 0x1}], 0x1}}, {{&(0x7f00000002c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000008c0)=[{0x0}], 0x1}}], 0x2, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$UI_SET_FFBIT(0xffffffffffffffff, 0x4004556b, 0x0)
syz_emit_vhci(0x0, 0x11)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000002a000107000000000000000006000000ab7d693fbd523147aef47c26383826eba9d2"], 0x14}}, 0x0)
recvmmsg(r3, &(0x7f0000001e40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x10)
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
fsopen(&(0x7f00000004c0)='jffs2\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000140)='source', 0x0, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x30, r4, 0x8000000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = fsopen(&(0x7f0000000180)='ufs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r5, 0x6, 0x0, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r5, 0x7, 0x0, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

2.109284295s ago: executing program 2 (id=1003):
openat$uinput(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0)
socket(0xa, 0x3, 0x4)
memfd_create(&(0x7f0000000140)='\x1aj~\x97\xc1\x00\x00\x00\xff\x00\x00\x00\x7f\xef_\xd3\xdc=f.z=\x80=8\x1f\x14\xa2&\xbam\v\xa9\f\xf5\x17t\xc9\x80\xf4\xa1\xeb\x907L\x7f \xe3\x19\xcb\xbf\xfc\x00\x00\x00\x00\x15\x00\x00\x00\x00\x00\x00\x00\x00h}\x00\x135V\xd9\xe0\xb0\x17\x01g\xff?\xc8\xfb3\x93\xbc\xcf\xf2\x95\xbeYd,\xb3\x17\xb0L\xe841(\"\xc2K\x11\x81\xef.m\xf7@\xb1\xf9\xee\xce\\\xd9\x03\nHNzF``\xa0\xc4}P\xb3\b\x0e\xcd\x86\'qb\x9a\xce\"\xfb\xd6\x91\'\x9b~\xcd\xfd\xaa\n\xea\x8dC\x9aQ\n\xce\"\x9cN\xed0\xf0\xc2x\x93h\xe8\\\x18\xd26\xe7\x8d4\x06\xf0\xe3M\xe5\x91\x0f\x85\x97gla\x06\xe1\xba\x1a\x1d \n\fr\xae\x12M\xcb6\xe0\x15\xd5d\x16\xc3\xdf\xa2\x04wB\xd0\x18\xa4\x17|\vH\xf5\xb0\xb5\xc7\x9f`Fz\xa3x\x99\xe17\xd2vAW\xe5\x18)9\xba\xa68A\xf8y\xe6\xac\xda\xc7u\xa9\x00{:\x01\xee,\a:\x06\xad{\x80\xfd\xc7\"\x95\x0f\xe3\x86\x19\xc3\xd2\xf7\x18\xf8\xed\x8b\"\xd8\x8f\xde`\xb0D\xfd\x84\xa3\xd7\xf3R\x8d\x88\xdaJ\xb0\xf8^\xd4>\xc7e\xab\x8f+\xda\x9b\xae\xf2\xca\xb9\xde\xb5\x8f\xdb\xba}\x7f\xf8\xe5i,m\b\xf0\xc7\xe9R\x9cY$\xcb\x00/!Z\xeb\x9bE\xf2\xb9\xcc\xf0\x9c\x02\xfc\x9c\x91q\xba|\x80n\x1f\xffG\xc3\x13\xe7v\xa7\x95md\x0f\xa5\x06\v^n\x84d5o\x02\xb3.\x8dc\x18\xe0\xc2\x9b\xe1D\x0fB] \xdfJGr\xdbc,\xef82%\x97\xe4;u\xa9\xe5\xef*n\xf613\x17\x80[\x90]\xef\xc1\x8e\rD\xd2\xe0\x8c\xf2\x00\x00\x00\x00\x00\x00\x00Gs\xab\x1e\xa13\x93\x8d\x04U\xf5\xb8Th9s3\xc9\xbf\xe5My$\x99.\xf0\xd5\xc8\xb1\xfc4\xe7\x83z\x11a\xb7\xebY\x1d\xcd\x81N\xed\xbd\xa5\xce\xa0f\xe5q2\xbc#w\xe4_\x8a-\xad\xc2/_\xe6\nE\xeb\x9c\x96\xf4`\xa2\x06\xe0^\xfb\x99\xbb}\xfb\x052_\x83*B\xf1\xf0\x95\xd2K\xd6\xe5\xb1\x1a\x02,\xbe\xf5\xd0\xd4\xa1A\xf3!\n\xc6b\xeb\x92\xea\xd8\xe1$\xbbUO\x1fS\x02\x9e\xa7|i:\xb1\xf60\xf6M\xe6,\x81=F\xa1\xca\x06\x0e\x14\x89/\xa7\"\x17-h9\x176\x9d\x04\x1el\xdcp\x89\x1b \x93f\x9a\x10\xd9\xa2Y\b\xfalA\xe1\x1bI\xb9\xf8\xa0\xb0\xc2\x04\xedO\n\vj&\xb5\x04\xc3{Yt\xf4rS^\x0e$\xe9\x05\xcd\x9b\x84\x14`\xed\x9e\xbbh\x81h\xf2\xe7\xe2DO\x1a\xe9\xc1\x1cu\xa5\xbd\x90\xbb\x03\xd5\x00\xf2\x83T\xe4\x0eF\x7f\x85\xb5\xe9CJ<F<\xb2a', 0x1)
syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00')
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet(0x2, 0x4000000000000001, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r2)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
pipe(&(0x7f0000000140))
r3 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
syz_usb_connect$cdc_ncm(0x2, 0x85, &(0x7f0000000440)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x73, 0x2, 0x1, 0xf, 0x80, 0x4, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x7, 0x24, 0x6, 0x0, 0x1, "1ce9"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x9, 0x614, 0xd, 0x80}, {0x6, 0x24, 0x1a, 0x9, 0xa}, [@mdlm={0x15}]}, {{0x9, 0x5, 0x81, 0x3, 0x200, 0x3, 0x8, 0xff}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0x4, 0x81, 0x81}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0x1, 0x7, 0x5}}}}}}}]}}, &(0x7f0000000780)={0xa, &(0x7f0000000500)={0xa, 0x6, 0x300, 0x25, 0x9, 0xff, 0x8, 0x40}, 0x1a, &(0x7f0000000540)={0x5, 0xf, 0x1a, 0x2, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x8, 0x40, 0x64, 0x1}, @wireless={0xb, 0x10, 0x1, 0xc, 0x11, 0x7, 0x5, 0xfffb, 0xff}]}, 0x4, [{0x4, &(0x7f0000000580)=@lang_id={0x4, 0x3, 0x4c0a}}, {0x4, &(0x7f00000005c0)=@lang_id={0x4, 0x3, 0x2403}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x40a}}, {0xef, &(0x7f0000000680)=@string={0xef, 0x3, "dbee10d6a0c2a5dab7814b6100e1135b7d0860bd445324f45e68cfeb4cd78b7e3371d80df6b502cb21cb4633deffcfe4eb09261f94a0d34c09830e2c7312cdef521c0ec09188bb4327d63f94ea749a57b93a6e8c2eeeb14f7a06c1cbfb17dc66ad5e8b985661fcfd9081c3ced51505ccc6f3f0f0ed06b97acaedc227f4fbca89d5ebf023c06d7bfdf51d11a15d01f63ef0520d882d65b52a72a9551c14c4a75616a56e1f5be3cfb691cecdc27cabea3d439fc4a93bf9b37c2a2617c77e5b8bf3f5b465045e1bafd3c6e83ad0e91d1bcfc2bd8781767c1d24f0918a240e1c8b0bbde55f7f8a18782051e9ca48b2"}}]})
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000400)=0x2)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
pipe2(&(0x7f0000000040)={<r4=>0xffffffffffffffff}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth0_to_hsr\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x30, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x4}]}], {0x14, 0x10}}, 0xd0}}, 0x0)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r0, @ANYBLOB="05", @ANYRES16=r0, @ANYRES8, @ANYRES16=r1, @ANYRES16=r4], 0x0)

2.022680548s ago: executing program 4 (id=1004):
r0 = socket$inet6(0xa, 0x6, 0x0) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x0) (async)
bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @empty}, 0x1c) (async)
socket$inet_dccp(0x2, 0x6, 0x0) (async)
listen(r0, 0x5) (async)
r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_FREE_STREAMS(r2, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002301060010000500000002000020d3"]) (async)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100000000000858041350000000000001090024000100000000090400000203000000092100000001220700090581030000000000ebeb30b53b56962dbad65e794e8383311a0b5411bc493b1f108eea007b00ff0a06a6ba4a789b460d10b665b448593e00986c339c94a21f4c0115c6fbede13185fb77855935e7310d736e899ca9bf1cd46ed79ed653b4391694bc98f08801236272b4b25faadff690e6b99a7aaf74b19fc40358a555884de7a054d4b9f999a43d92767bf6cd08c2f9527279cec2300965ae577ad0a6b91fed5b16ef1cf3e26a1d4ee370cb5cb0fb787dd0105a8672"], 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0) (async)
syz_usb_control_io(r3, &(0x7f0000000900)={0x18, &(0x7f0000000940)=ANY=[@ANYBLOB="00000f"], 0x0, 0x0, 0x0, 0x0}, 0x0) (async)
r4 = socket(0x848000000015, 0x805, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, 0x0, 0x0) (async)
io_uring_setup(0x17ba, &(0x7f00000004c0)) (async)
close_range(r0, 0xffffffffffffffff, 0x0)

1.872817074s ago: executing program 3 (id=1005):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000044ffffff000000000af2ff0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bc89000000000000350901000000000095000000040004002f9800000000000056080000000000008500000005000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x102, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

1.74820943s ago: executing program 3 (id=1006):
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$netlink(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000003a00)=ANY=[], 0x13cc}], 0x1, 0x0, 0x0, 0x24008840}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x34, &(0x7f0000000040)=0x10001)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$MRT6_DEL_MFC(r1, 0x29, 0x24, 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000e40)=ANY=[@ANYBLOB="04030b00e5ae57c43ec78b8e0100"], 0xe)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58)
accept(r3, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0)
open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0)
r4 = gettid()
ptrace$peek(0xffffffffffffffff, r4, &(0x7f00000000c0))
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x43}}, 0x10)
ioctl$BTRFS_IOC_GET_FEATURES(r3, 0x80189439, &(0x7f0000000280))
connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10)
syz_open_dev$dri(&(0x7f0000000080), 0x6f8, 0x80)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@deltfilter={0x2c, 0x2d, 0x2, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x8, 0x9}, {0xfff3, 0xe}, {0xb, 0xf}}, [@TCA_CHAIN={0x8, 0xb, 0xbb}]}, 0x2c}, 0x1, 0x0, 0x0, 0x844}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendto$packet(0xffffffffffffffff, &(0x7f0000000080)="e7feeeb53d72", 0x6, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r5, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x2d, 0x0)

1.060528401s ago: executing program 0 (id=1007):
syz_usb_connect(0x1, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000009a65d0860040800dec30102030109021b050000000000090400000178eaf50009058402"], &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x4, [{0x2, &(0x7f0000000000)=@string={0x2}}, {0x4, &(0x7f0000000180)=@string={0x4, 0x3, "46f9"}}, {0x0, 0x0}, {0x0, 0x0}]})
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0xb05, 0x1866, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x9, 0x60, 0xfc, [{{0x9, 0x4, 0x0, 0xc0, 0x2, 0x3, 0x1, 0x2, 0x8, {0x9, 0x21, 0x9, 0xc, 0x1, {0x22, 0xd0d}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x1}}}}}]}}]}}, &(0x7f0000000500)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x200, 0xc2, 0x10, 0x7, 0x40, 0xb}, 0x150, &(0x7f00000001c0)={0x5, 0xf, 0x150, 0x6, [@ss_container_id={0x14, 0x10, 0x4, 0x6f, "8637ff1ad5e13833cbbf5b0f17c636d5"}, @ssp_cap={0x24, 0x10, 0xa, 0x3, 0x6, 0x81, 0xf0f, 0x7, [0xc000, 0xc0, 0xff0000, 0x0, 0x80bf6f, 0x0]}, @generic={0x103, 0x10, 0x3, "0eeaba7b406ad03352cada13892e8433d2dca85711e455afee6313b8d3fff3ce0a12106dd1043f7599ebcd5ed680dab8fb43e2573b028af35550dabeda2f845c85a248dcc35d49e79a62bd00afc8df7bc519471cbc4bcd6d5d22e26f4e4099eb82104f4bd61262bb8b5fb2785c44b0699a318b096fb679dea20e5a74d9a7a156214a9707e2c06260c7a498fb79e88d999903b014a19effc38fec98360dc8f6223b08d1a57688ab38fc022e87d8489a0a5a0eab9384f1f38a01b673c6b975ca1b1d25954ca431664fe8c2ec6c68e94027eff0aa00adf316a0795f6de06ee241be5d932931abe1f05ccc0581da050437975ed060062df2c0e208671a61b83af573"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x1, 0x5, 0x6, 0x4}, @ptm_cap={0x3}, @ptm_cap={0x3}]}, 0x4, [{0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x380a}}, {0xc2, &(0x7f0000000380)=@string={0xc2, 0x3, "78386721aab8a93cec33b1b971b66aca511dfdbfa24ad6e6ad3471c1f8e7f808cf729b6e0357be9fb8b7bd300f1e74b42d7d5ebdaca53914efd0ce0dd257a48c918ad776d518b38f97bda7132141d619c021f863b86d60bfb5858826261e35fdc78b72552827599c1d62a9eeb521a00d12dfa6e78c4bbc46c3ad2cbef65a80c814ce6f73e5afdbbccef5d95d072138cc06e4d1bf2339490716a2cd25c3f1131e26534e2c31d1a5f65f43109f373981c98d22c17495553c4be790b9502f93a73d"}}, {0x5, &(0x7f0000000480)=@string={0x5, 0x3, "87caf4"}}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0x480a}}]})

857.11885ms ago: executing program 1 (id=1008):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@ipv4_delroute={0x2c, 0x19, 0x1, 0x0, 0x0, {}, [@RTA_OIF={0x8}, @RTA_DST={0x8, 0x1, @private=0xa010102}]}, 0x2c}}, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
sendto$inet(r1, 0x0, 0x0, 0x20000000, &(0x7f0000000240)={0x2, 0x0, @local}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000040)={'vxcan1\x00', <r3=>0x0})
r4 = socket$inet6_dccp(0xa, 0x6, 0x0)
r5 = socket$packet(0x11, 0x0, 0x300)
setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62)
recvmmsg(r5, &(0x7f0000005bc0), 0x0, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)={0x30, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_TX_RATES={0x14, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x10, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_HT={0x5, 0x2, [{0x0, 0x4}]}]}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x2048080}, 0x0)
r9 = socket$netlink(0x10, 0x3, 0xc)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000900)=@getqdisc={0x24, 0x26, 0x707}, 0x24}}, 0x0)
recvmmsg(r10, &(0x7f0000001100)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0)
ioctl$MON_IOCX_GETX(r4, 0x4018920a, &(0x7f0000000180)={&(0x7f0000000140), &(0x7f0000000580)=""/196, 0xc4})
socket$igmp(0x2, 0x3, 0x2)
bind$netlink(r9, &(0x7f0000000440)={0x10, 0x0, 0x0, 0x1}, 0xc)
ioctl$FICLONERANGE(r9, 0x4020940d, &(0x7f0000000400)={{}, 0x7f, 0x7fffffffffffffff, 0x1})
connect$inet6(r4, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newqdisc={0x2c, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0xfff3}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x7f}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
recvfrom$inet(0xffffffffffffffff, &(0x7f0000000340)=""/79, 0x4f, 0x2001, &(0x7f0000000200)={0x2, 0x1, @empty}, 0x10)
recvmmsg(0xffffffffffffffff, &(0x7f0000002dc0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0)
sendmsg$inet(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0}, 0x24000000)
openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x101042, 0x0)

714.707558ms ago: executing program 3 (id=1009):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_open_dev$ndb(&(0x7f0000000140), 0x0, 0x0)
add_key(&(0x7f0000000000)='big_key\x00', 0x0, &(0x7f0000000080)="ae", 0x1, 0xffffffffffffffff)
bind$unix(0xffffffffffffffff, &(0x7f00000001c0)=@abs={0x1}, 0x6e)
ioctl$SIOCGETMIFCNT_IN6(0xffffffffffffffff, 0x89e0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000a00)={@map=0x1, 0xffffffffffffffff, 0x20, 0x0, 0xffffffffffffffff, @prog_fd}, 0x20)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000680)={0x9, &(0x7f0000000600)=[{0x81, 0x61, 0x7, 0x2}, {0x9, 0x0, 0x6, 0x2}, {0x38, 0x5, 0x6}, {0x5, 0xb, 0x5, 0x3ff}, {0x80, 0x2c, 0x7, 0x40000000}, {0x1041, 0xfa, 0x4, 0x6b}, {0xa, 0x4, 0x7, 0x7}, {0x1, 0x1, 0x4, 0xffffffff}, {0x182, 0x40, 0x5, 0x9}]})
getsockopt$inet_buf(r3, 0x0, 0x2f, &(0x7f00000002c0)=""/182, &(0x7f00000000c0)=0xb6)
connect$inet(r3, &(0x7f00000006c0)={0x2, 0x0, @multicast1}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
getsockopt$bt_hci(r3, 0x0, 0x1, &(0x7f00000001c0)=""/216, &(0x7f0000000000)=0xd8)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000001140)={0x24, &(0x7f0000000ec0)={0x0, 0x0, 0x2, {0x2}}, 0x0, 0x0, 0x0}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000800)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000480)={&(0x7f0000000540)={0xac, 0x0, 0x4, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_QOS_MAP={0x20, 0xc7, {[{0x9}, {0x2, 0x5}, {0x7, 0x1}, {0x6, 0x5}, {0xc4, 0x1}, {0x10}, {0x0, 0x3}, {0xf2}, {0xd}, {0xba, 0x1}], "a43c12a62b59f9c1"}}, @NL80211_ATTR_QOS_MAP={0x18, 0xc7, {[{0x3}, {0x3, 0x2}, {0x4, 0x2}, {0x4, 0x2}, {0x6, 0x4}, {0xf0, 0x2}], "792aeb5e08630cbe"}}, @NL80211_ATTR_QOS_MAP={0x2a, 0xc7, {[{0x0, 0x2}, {0xfe, 0x7}, {0x40, 0x7}, {0x6, 0x2}, {0x8, 0x4}, {0x2, 0x2}, {0x4, 0x2}, {0x2, 0x1}, {0x3, 0x4}, {0x0, 0x4}, {0x2, 0x6}, {0x7, 0x1}, {0x80}, {0x10, 0x5}, {0x6, 0x2}], "89d014d63a582882"}}, @NL80211_ATTR_QOS_MAP={0x2c, 0xc7, {[{0xe0}, {0x80, 0x4}, {0x5}, {0xfb, 0x6}, {0xd, 0x7}, {0x80, 0x1}, {0x81, 0x2}, {0x8, 0x4}, {0x6, 0x2}, {0x4, 0x2}, {0xf8, 0x3}, {0x80, 0x7}, {0x5}, {0x7, 0x7}, {0x8, 0x2}, {0x2, 0x2}], "0efdcdf9e865815e"}}]}, 0xac}, 0x1, 0x0, 0x0, 0x40001}, 0x0)
sendmmsg$inet(r3, 0x0, 0x0, 0x4004441)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_CLOCK(r6, 0xc048aec8, &(0x7f0000000100)={0x1})
r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r7, 0xc004743e, &(0x7f0000000140))
ioctl$BLKBSZSET(r2, 0x1265, &(0x7f0000000180))
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="2400000001010303000000000000000000000000080003400000000008000840000000009ecd5e37e6a062e1eeabdd27caf7d0f636796d5673d85ab372ec560014b01ef6711fe9220b2f9a386b369c17a6487b3fd3cd0d9d73b3d274d793ea61e9f0dde4e93da72e565b05cc326b4d8f00d9f794a5f81d32a6d50d3cb38ab2a5e0f856fe28c8fce7f82a2e9ee2a36aed81ca18f47d967aaa29a491632c3dbe2add88aa2793136a4839fa447fff411318935aaafb0ec71454147dd227f1ad6b7984bdd5f67b118be10cc92c9e5a850c485e27c5cd6b25412e5d54b91a9679dd99ab1001097c93f19f9d86316526"], 0x24}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newlink={0x50, 0x10, 0x439, 0xffffffff, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x16bf7}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @private1}]}}}, @IFLA_MTU={0x8, 0x4, 0x4}]}, 0x50}, 0x1, 0x0, 0x0, 0x20811}, 0x0)

340.887497ms ago: executing program 2 (id=1010):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="b80000001900674c0000000000000000ff010000000000000000000000000001e000000100000000000000000000000000000000000000000a"], 0xb8}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, 0x0, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="b80000001900674c0000000000000000ff010000000000000000000000000001e000000100000000000000000000000000000000000000000a00000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e2ffffffffffffff0000000000000000000000000000000000000000000003000000000080ffffff40"], 0xb8}}, 0x0)

217.096312ms ago: executing program 2 (id=1011):
syz_emit_ethernet(0xaa, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000008004500009c000000000021907800000000ffffffff05009078ac1414bb400000000000000000000000ac1414bbac141400070b000000000000000000000000000000000000000000000000000000000000000000000083030044240001ffffffff00000000abfd14aa000000000000000000000000ac1414bb00000000860c0000000000068e281690000200"/170], 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/tty/ldiscs\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000140)=[{&(0x7f0000000040)=""/255, 0xff}], 0x1, 0xffffffff, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFCONF(r1, 0x8912, &(0x7f0000000340)=@buf={0xa2, &(0x7f0000000240)="39ad121f875cddf13ebdf4cc744bdddd7dd3a8b2fe02d5719e905a66009d4ec81eb586e6aabe7b55a3f44250fc8a6c58ff7f994cbe7ab19d417db61ff11af1b5f085506e49c18960e3c28f5e4a80c6321c0b0c5a1bcf2f9c98bc3e521b182450f951b18cd1a5e0e6664e2fccbd564de05155878c16feb28558aa016fae30d6cd313759dcb4b6f54cbe7a0c3d17c714ab4a326b89b6c9b6a195335c1a8f9762f731ca"})
accept4$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000680), 0x800)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000008640), 0x0, 0x0)
openat$mixer(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
getpid()
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x101341)
ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000200)=@usbdevfs_disconnect={0xfffffffb})
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, 0x0, 0x15)
pipe(&(0x7f0000000000)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
tee(r5, r4, 0x80000001, 0x0)
vmsplice(r6, &(0x7f0000000380)=[{&(0x7f0000013580)="0dd2e7c8926dc6acd0ae6c178054e95986faff9544de5fc4c30adf404da41181a77466ac5075905ea5f50134fdd517a957fe2ee59b61f9fe8d7aabe595ea23de2723e437af0423a56686a4c2d957be1a0ab922fbbd3cb1d8c6ab0d58440a327c8eb05d445b4ac5f20abe449e4084f8b996268d0564f67980d3ed3479e0edfe5cec7b4f89bface391c9c4c58ad123b91c33173c72326d1df18804a9ea20f9ece48f784d8ca2318e3d2b316666b5dfb7295c4915989d5bcb120e8fedaa97b93a137c256c", 0xc3}, {&(0x7f0000013680)="c578381bf5113dad8319d9ea5294285ae9a90384ce23866477bef9de4399237d8b3522c9c194e71edaf3332a2f169682f9d8fa271683d4d441b710409e506333e0c3b64e52e8720734b6787f4a84f5bebb046649c6c697d978affd349031b2cd874c7a8961a586a9f2d62f945e7a5bf2f5f7a31684c0503704881d2578a2a98ac3ef4e4a4b0dcdb70db735d5c1652eed3848b2dd4131bb0eb7cfadfaf5", 0x9d}], 0x2, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[], 0x2c}}, 0x0)
r7 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_mtu(r7, 0x29, 0x17, &(0x7f0000003a00)=0x7, 0x4)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket(0xa, 0x6, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="6c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000003000128009000100766c616e00000000200002800c0002001c0000001f0000000600050088a80000060001000000000008000500", @ANYRES32=r9], 0x6c}}, 0x0)

0s ago: executing program 3 (id=1012):
syz_emit_ethernet(0x3e, &(0x7f0000001300)=ANY=[@ANYBLOB="aaaaaaaaaaaa0074d47f480086dd6000000000083a00fe800000004000000000000000000000fe8000000000000000000000000000aa8000907800000000"], 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x22, 0xe, 0xdf, 0x10, 0x54c, 0x6c1, 0xc287, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x4f, 0x69, 0x96, 0x0, [], [{{0x9, 0x5, 0xf, 0x2}}, {{0x9, 0x5, 0x2, 0x2}}]}}]}}]}}, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
clock_gettime(0x0, &(0x7f0000008400))
pipe2$watch_queue(&(0x7f0000000280)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80)
r5 = add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe)
keyctl$KEYCTL_WATCH_KEY(0x20, r5, r3, 0x0)
pipe2$watch_queue(&(0x7f0000000380)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r5, r6, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r5, r4, 0x0)
getsockopt$MISDN_TIME_STAMP(r4, 0x0, 0x1, &(0x7f0000000140), &(0x7f00000001c0)=0x4)
recvmmsg$unix(r2, &(0x7f00000082c0)=[{{&(0x7f0000002400), 0x6e, &(0x7f00000034c0)=[{&(0x7f0000002480)=""/4096, 0x1000}, {&(0x7f0000003480)=""/11, 0xb}], 0x2, &(0x7f0000003500)=[@cred={{0x1c}}], 0x20}}, {{0x0, 0x0, &(0x7f0000004ac0)=[{&(0x7f0000003700)=""/4096, 0x1000}, {&(0x7f0000004700)=""/210, 0xd2}, {&(0x7f0000004800)=""/38, 0x26}, {&(0x7f0000004840)=""/14, 0xe}, {&(0x7f0000004880)=""/155, 0x9b}, {&(0x7f0000004940)=""/101, 0x65}, {&(0x7f00000049c0)=""/240, 0xf0}], 0x7, &(0x7f0000004b40)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xb8}}, {{&(0x7f0000004c00), 0x6e, &(0x7f0000007ec0)=[{&(0x7f0000004c80)=""/154, 0x9a}, {&(0x7f0000004d40)=""/4096, 0x1000}, {&(0x7f0000005d40)=""/4096, 0x1000}, {&(0x7f0000006d40)=""/143, 0x8f}, {&(0x7f0000006e00)=""/191, 0xbf}, {&(0x7f0000006ec0)=""/4096, 0x1000}], 0x6, &(0x7f0000007f40)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x38}}, {{&(0x7f0000007f80)=@abs, 0x6e, &(0x7f0000008280)=[{&(0x7f0000008000)=""/220, 0xdc}, {&(0x7f0000008100)=""/156, 0x9c}, {&(0x7f00000081c0)=""/134, 0x86}], 0x3}}], 0x4, 0x40000000, 0x0)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="020028bd7000fbdbdf0300000000050038005066f0a8b195bb540100000008002b0024c40000080039004b050000fc31f7264ddd9b7ae20add83e0bb68ef0800340001000000"], 0x3c}, 0x1, 0x0, 0x0, 0x40801}, 0x8011)

kernel console output (not intermixed with test programs):

57] netlink: 16 bytes leftover after parsing attributes in process `syz.0.635'.
[  298.255912][ T1181] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  298.487492][ T1181] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  298.512026][ T1181] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  298.528961][ T1181] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  298.535013][ T8667] input: syz0 as /devices/virtual/input/input14
[  298.550693][ T1181] usb 3-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  298.604324][ T1181] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  298.636959][ T1181] usb 3-1: config 0 descriptor??
[  298.854170][ T1181] usbhid 3-1:0.0: can't add hid device: -71
[  298.873630][ T1181] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  298.941990][ T1181] usb 3-1: USB disconnect, device number 48
[  299.126539][ T8675] netlink: 528 bytes leftover after parsing attributes in process `syz.0.640'.
[  299.147573][ T8678] netlink: 20 bytes leftover after parsing attributes in process `syz.4.639'.
[  299.480374][ T8687] netlink: 'syz.3.644': attribute type 3 has an invalid length.
[  299.517188][ T8687] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.644'.
[  299.867436][ T5292] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  300.085185][ T5292] usb 4-1: Using ep0 maxpacket: 8
[  300.143826][ T5292] usb 4-1: New USB device found, idVendor=04e6, idProduct=5591, bcdDevice=58.36
[  300.160522][ T5292] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.178784][ T5292] usb 4-1: Product: syz
[  300.189077][ T5292] usb 4-1: Manufacturer: syz
[  300.195445][ T5292] usb 4-1: SerialNumber: syz
[  300.218313][ T5292] usb 4-1: config 0 descriptor??
[  300.229759][ T8696] program syz.4.646 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  300.253131][ T5292] pn533_usb 4-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint
[  300.456274][ T8687] netlink: 28 bytes leftover after parsing attributes in process `syz.3.644'.
[  300.517517][ T5326] usb 4-1: USB disconnect, device number 53
[  301.038271][ T8718] netlink: 24 bytes leftover after parsing attributes in process `syz.0.655'.
[  301.128397][ T8715] netlink: 16 bytes leftover after parsing attributes in process `syz.4.653'.
[  301.403799][ T8730] binder: 8726:8730 unknown command 33554432
[  301.410160][ T8730] binder: 8726:8730 ioctl c0306201 20000a80 returned -22
[  301.495321][ T5292] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  301.630879][ T8734] program syz.1.660 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  301.712931][ T5292] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  301.733549][ T5292] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  301.749083][ T5292] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  301.771987][ T5292] usb 1-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  301.782760][ T5292] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  301.802997][ T5292] usb 1-1: config 0 descriptor??
[  302.031339][ T5292] usbhid 1-1:0.0: can't add hid device: -71
[  302.052586][ T5292] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  302.076021][ T5292] usb 1-1: USB disconnect, device number 33
[  302.335232][ T8741] overlayfs: missing 'lowerdir'
[  302.889808][ T8758] netlink: 'syz.0.667': attribute type 3 has an invalid length.
[  302.899108][ T8758] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.667'.
[  303.195025][ T5293] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  303.467969][ T5293] usb 1-1: Using ep0 maxpacket: 8
[  303.487483][ T5293] usb 1-1: New USB device found, idVendor=04e6, idProduct=5591, bcdDevice=58.36
[  303.508996][ T5293] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  303.525794][ T5293] usb 1-1: Product: syz
[  303.533265][ T5293] usb 1-1: Manufacturer: syz
[  303.540252][ T5293] usb 1-1: SerialNumber: syz
[  303.566020][ T5293] usb 1-1: config 0 descriptor??
[  303.600032][ T5293] pn533_usb 1-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint
[  303.669055][ T8768] ip6tnl1: entered promiscuous mode
[  303.685509][ T8768] ip6tnl1: entered allmulticast mode
[  303.823811][ T8758] netlink: 28 bytes leftover after parsing attributes in process `syz.0.667'.
[  303.837372][ T5328] usb 1-1: USB disconnect, device number 34
[  303.911659][ T8745] loop0: detected capacity change from 0 to 7
[  303.925047][ T5326] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  303.965655][ T8745] Dev loop0: unable to read RDB block 7
[  303.992330][ T8745]  loop0: AHDI p1 p2
[  304.028550][ T8745] loop0: partition table partially beyond EOD, truncated
[  304.095772][ T8745] loop0: p1 start 6514546 is beyond EOD, truncated
[  304.155181][ T5326] usb 3-1: Using ep0 maxpacket: 16
[  304.178196][ T5326] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[  304.257438][ T5326] usb 3-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  304.271611][ T8775] program syz.3.672 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  304.281145][ T5326] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  304.295708][ T5326] usb 3-1: Product: syz
[  304.299895][ T5326] usb 3-1: Manufacturer: syz
[  304.310343][ T5326] usb 3-1: SerialNumber: syz
[  304.321778][ T5326] usb 3-1: config 0 descriptor??
[  304.331310][ T5326] hub 3-1:0.0: bad descriptor, ignoring hub
[  304.338986][ T5326] hub 3-1:0.0: probe with driver hub failed with error -5
[  304.367131][ T5326] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  304.570459][ T4687] Dev loop0: unable to read RDB block 7
[  304.595111][ T4687]  loop0: AHDI p1 p2
[  304.605339][ T4687] loop0: partition table partially beyond EOD, truncated
[  304.623337][ T4687] loop0: p1 start 6514546 is beyond EOD, truncated
[  304.663614][ T5328] usb 3-1: USB disconnect, device number 49
[  304.969171][ T8788] input: syz0 as /devices/virtual/input/input15
[  305.115021][ T5289] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  305.184098][ T8791] netlink: 24 bytes leftover after parsing attributes in process `syz.1.677'.
[  305.337427][ T5289] usb 1-1: Using ep0 maxpacket: 16
[  305.356196][ T5289] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  305.401926][ T5289] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  305.414087][ T8793] netlink: 12 bytes leftover after parsing attributes in process `syz.3.678'.
[  305.428595][ T5289] usb 1-1: Product: syz
[  305.437344][ T5289] usb 1-1: Manufacturer: syz
[  305.455867][ T5289] usb 1-1: SerialNumber: syz
[  305.473634][ T5289] r8152-cfgselector 1-1: Unknown version 0x0000
[  305.495319][ T5289] r8152-cfgselector 1-1: config 0 descriptor??
[  305.595171][ T5293] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  305.741636][ T5289] r8152-cfgselector 1-1: Unknown version 0x0000
[  305.784803][ T5289] r8152-cfgselector 1-1: bad CDC descriptors
[  305.807247][ T5293] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  305.844625][ T5293] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  305.878841][ T5293] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  305.923383][ T5293] usb 2-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  305.962478][ T5293] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  305.987856][ T8798] netlink: 16 bytes leftover after parsing attributes in process `syz.3.679'.
[  306.009755][ T5293] usb 2-1: config 0 descriptor??
[  306.153124][ T5247] Bluetooth: Fragment is too long (len 24, expected 0)
[  306.241132][ T5293] usbhid 2-1:0.0: can't add hid device: -71
[  306.247631][ T5293] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  306.268739][ T5293] usb 2-1: USB disconnect, device number 31
[  306.979820][ T8823] netlink: 'syz.3.684': attribute type 3 has an invalid length.
[  306.999238][ T8823] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.684'.
[  307.263997][ T8827] program syz.2.686 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  307.305013][ T5293] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  307.389739][ T8829] netlink: 528 bytes leftover after parsing attributes in process `syz.2.687'.
[  307.471821][ T1181] hid-generic 0009:0000:0000.0008: unknown main item tag 0x0
[  307.491870][ T1181] hid-generic 0009:0000:0000.0008: unknown main item tag 0x0
[  307.500560][ T5293] usb 4-1: Using ep0 maxpacket: 8
[  307.510398][ T1181] hid-generic 0009:0000:0000.0008: unknown main item tag 0x0
[  307.518270][ T1181] hid-generic 0009:0000:0000.0008: unknown main item tag 0x0
[  307.539869][ T1181] hid-generic 0009:0000:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  307.551755][ T5293] usb 4-1: New USB device found, idVendor=04e6, idProduct=5591, bcdDevice=58.36
[  307.561962][ T5293] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  307.570227][ T5293] usb 4-1: Product: syz
[  307.574551][ T5293] usb 4-1: Manufacturer: syz
[  307.625922][ T5293] usb 4-1: SerialNumber: syz
[  307.633227][ T5293] usb 4-1: config 0 descriptor??
[  307.662692][ T5293] pn533_usb 4-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint
[  307.828285][ T1181] r8152-cfgselector 1-1: USB disconnect, device number 35
[  307.844984][ T5292] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  307.846332][ T8834] netlink: 12 bytes leftover after parsing attributes in process `syz.1.689'.
[  307.904647][ T8823] netlink: 28 bytes leftover after parsing attributes in process `syz.3.684'.
[  307.991705][ T5289] usb 4-1: USB disconnect, device number 54
[  308.025781][ T5326] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  308.083401][ T5292] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  308.104609][ T5292] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  308.114565][ T5292] usb 3-1: Product: syz
[  308.122363][ T5292] usb 3-1: Manufacturer: syz
[  308.131581][ T5292] usb 3-1: SerialNumber: syz
[  308.153803][ T5292] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  308.242181][ T5293] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  308.277753][ T5326] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  308.323772][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  308.324936][ T5326] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  308.376551][ T5326] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  308.392651][ T5326] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  308.403350][ T5326] usb 5-1: Product: syz
[  308.423270][ T5326] usb 5-1: Manufacturer: syz
[  308.433559][ T5326] usb 5-1: SerialNumber: syz
[  308.493314][ T8832] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[  308.687690][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  308.765194][ T5326] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22
[  308.822632][ T5326] usb 5-1: USB disconnect, device number 32
[  308.890027][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  309.135338][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  309.285606][ T5293] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  309.314410][ T5293] ath9k_htc: Failed to initialize the device
[  309.395942][ T5293] usb 3-1: ath9k_htc: USB layer deinitialized
[  309.566231][   T35] bridge_slave_1: left allmulticast mode
[  309.595845][   T35] bridge_slave_1: left promiscuous mode
[  309.625958][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  309.663901][   T35] bridge_slave_0: left allmulticast mode
[  309.673099][   T35] bridge_slave_0: left promiscuous mode
[  309.686804][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  309.715120][   T48] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[  309.722384][ T8848] program syz.1.697 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  309.978034][   T48] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  310.021736][   T48] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  310.068792][   T48] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  310.126432][   T48] usb 4-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  310.166071][   T48] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  310.184725][   T48] usb 4-1: config 0 descriptor??
[  310.193584][ T5244] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  310.204727][ T5244] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  310.213028][ T5244] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  310.284327][ T5244] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  310.296774][ T5244] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  310.304387][ T5244] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  310.400254][ T5326] usb 3-1: USB disconnect, device number 50
[  311.252643][   T35] bond0 (unregistering): left promiscuous mode
[  311.259181][   T35] bond_slave_0: left promiscuous mode
[  311.265074][   T35] bond_slave_1: left promiscuous mode
[  311.292228][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  311.305022][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  311.319120][   T35] bond0 (unregistering): Released all slaves
[  311.361277][   T48] usbhid 4-1:0.0: can't add hid device: -71
[  311.386404][   T48] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  311.410862][ T8860] ip6tnl1: entered promiscuous mode
[  311.427618][   T48] usb 4-1: USB disconnect, device number 55
[  311.438931][ T8860] ip6tnl1: entered allmulticast mode
[  311.465075][ T8865] netlink: 12 bytes leftover after parsing attributes in process `syz.4.701'.
[  311.985009][   T48] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  312.053640][   T35] hsr_slave_0: left promiscuous mode
[  312.074226][   T35] hsr_slave_1: left promiscuous mode
[  312.092312][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  312.103355][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  312.122914][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  312.152502][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  312.175134][   T48] usb 2-1: Using ep0 maxpacket: 8
[  312.188770][   T48] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  312.204993][   T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  312.240981][   T48] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  312.251578][   T35] veth1_macvtap: left promiscuous mode
[  312.284357][   T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  312.290132][   T35] veth0_macvtap: left promiscuous mode
[  312.322812][   T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  312.359682][   T35] veth1_vlan: left promiscuous mode
[  312.363960][   T48] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  312.391950][   T35] veth0_vlan: left promiscuous mode
[  312.405272][ T5244] Bluetooth: hci0: command tx timeout
[  312.419299][   T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  312.441062][   T48] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  312.446789][ T8891] input: syz0 as /devices/virtual/input/input16
[  312.453574][   T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  312.478202][   T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  312.499126][   T48] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  312.514022][   T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  312.541463][   T48] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  312.563757][   T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  312.620085][   T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  312.660546][   T48] usb 2-1: string descriptor 0 read error: -22
[  312.673885][   T48] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  312.688547][   T48] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  312.719881][   T48] adutux 2-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  313.000258][    T9] usb 2-1: USB disconnect, device number 32
[  313.178626][ T5289] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  313.381609][ T5289] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  313.393104][ T5289] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  313.450132][ T5289] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  313.469021][ T5289] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  313.501195][ T5289] usb 3-1: Product: syz
[  313.505562][ T5289] usb 3-1: Manufacturer: syz
[  313.519008][ T5289] usb 3-1: SerialNumber: syz
[  313.566977][ T8894] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  313.625373][    T9] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  313.808351][   T35] team0 (unregistering): Port device team_slave_1 removed
[  313.850843][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  313.867943][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  313.882908][    T9] usb 2-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00
[  313.901277][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  313.950574][    T9] usb 2-1: config 0 descriptor??
[  313.952407][   T35] team0 (unregistering): Port device team_slave_0 removed
[  314.250731][ T5244] Bluetooth: hci2: command 0x0406 tx timeout
[  314.375867][ T8875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  314.411737][ T8875] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  314.485263][ T5247] Bluetooth: hci0: command tx timeout
[  315.138426][ T5289] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  315.195958][ T5289] usb 3-1: USB disconnect, device number 51
[  315.510633][ T8900] program syz.3.707 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  315.603613][ T8902] netlink: 20 bytes leftover after parsing attributes in process `syz.4.708'.
[  315.737560][ T8902] vlan3: entered promiscuous mode
[  315.767260][ T8902] bridge0: entered promiscuous mode
[  315.792584][ T8855] chnl_net:caif_netlink_parms(): no params data found
[  315.832596][    T9] usbhid 2-1:0.0: can't add hid device: -71
[  315.861859][    T9] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  315.968072][    T9] usb 2-1: USB disconnect, device number 33
[  316.185131][ T8906] capability: warning: `syz.3.709' uses 32-bit capabilities (legacy support in use)
[  316.402413][ T8906] mmap: syz.3.709 (8906) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  316.566676][ T8855] bridge0: port 1(bridge_slave_0) entered blocking state
[  316.573911][ T5247] Bluetooth: hci0: command tx timeout
[  316.622728][ T8855] bridge0: port 1(bridge_slave_0) entered disabled state
[  316.647826][ T8855] bridge_slave_0: entered allmulticast mode
[  316.714278][ T8855] bridge_slave_0: entered promiscuous mode
[  316.751597][ T8855] bridge0: port 2(bridge_slave_1) entered blocking state
[  316.770907][ T8855] bridge0: port 2(bridge_slave_1) entered disabled state
[  316.782307][ T8855] bridge_slave_1: entered allmulticast mode
[  316.793548][ T8855] bridge_slave_1: entered promiscuous mode
[  316.889831][ T8930] netlink: 12 bytes leftover after parsing attributes in process `syz.4.712'.
[  317.143546][ T8855] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  317.170110][ T8855] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  317.288953][ T1270] ieee802154 phy0 wpan0: encryption failed: -22
[  317.296689][ T1270] ieee802154 phy1 wpan1: encryption failed: -22
[  317.363051][ T8943] binder: 8940:8943 ioctl c0306201 20000380 returned -14
[  317.398035][ T8943] binder: 8940:8943 ioctl c0306201 20000a80 returned -14
[  317.401269][ T8855] team0: Port device team_slave_0 added
[  317.416788][ T8855] team0: Port device team_slave_1 added
[  317.560530][ T8855] batman_adv: batadv0: Adding interface: batadv_slave_0
[  317.563588][  T940] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  317.575000][ T8855] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  317.665288][ T8855] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  317.702377][ T8958] program syz.4.718 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  317.728662][ T8855] batman_adv: batadv0: Adding interface: batadv_slave_1
[  317.746431][ T8855] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  317.778684][ T8855] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  317.817082][  T940] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  317.859623][  T940] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  317.899139][  T940] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  317.903874][ T8855] hsr_slave_0: entered promiscuous mode
[  317.912626][  T940] usb 2-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  317.955729][  T940] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  317.982985][  T940] usb 2-1: config 0 descriptor??
[  317.990186][ T8855] hsr_slave_1: entered promiscuous mode
[  318.003047][ T8855] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  318.032479][ T8855] Cannot create hsr debugfs directory
[  318.045169][   T48] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[  318.228846][  T940] usbhid 2-1:0.0: can't add hid device: -71
[  318.237312][   T48] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  318.266581][  T940] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  318.276017][   T48] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  318.303313][  T940] usb 2-1: USB disconnect, device number 34
[  318.334474][   T48] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  318.348506][   T48] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  318.398736][   T48] usb 4-1: Product: syz
[  318.417429][   T48] usb 4-1: Manufacturer: syz
[  318.436323][   T48] usb 4-1: SerialNumber: syz
[  318.467298][ T8960] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  318.566401][    T9] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  318.645457][ T5247] Bluetooth: hci0: command tx timeout
[  318.719269][   T48] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  318.767599][   T48] usb 4-1: USB disconnect, device number 56
[  318.800213][    T9] usb 5-1: Using ep0 maxpacket: 8
[  318.849059][    T9] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  318.894989][    T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  318.953978][ T8976] netlink: 20 bytes leftover after parsing attributes in process `syz.2.721'.
[  318.965031][    T9] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  319.006906][ T8976] vlan3: entered promiscuous mode
[  319.007026][    T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  319.023646][ T8976] bridge0: entered promiscuous mode
[  319.085887][    T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  319.100902][    T9] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  319.108864][    T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  319.145284][    T9] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  319.209364][ T8981] fuse: Bad value for 'group_id'
[  319.211021][    T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  319.233794][ T8981] fuse: Bad value for 'group_id'
[  319.282183][    T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  319.337320][    T9] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  319.353375][    T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  319.385435][    T9] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  319.425040][    T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  319.551571][    T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  319.636538][    T9] usb 5-1: string descriptor 0 read error: -22
[  319.684142][    T9] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  319.701521][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  319.796994][    T9] adutux 5-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  319.840099][ T8987] netlink: 12 bytes leftover after parsing attributes in process `syz.3.723'.
[  320.140950][    T9] usb 5-1: USB disconnect, device number 33
[  320.257817][ T5247] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  320.266786][ T5247] Bluetooth: hci3: Injecting HCI hardware error event
[  320.275605][ T5247] Bluetooth: hci3: hardware error 0x00
[  320.321193][ T8855] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  320.362837][ T8997] loop6: detected capacity change from 0 to 524287999
[  320.375683][    C0] blk_print_req_error: 7 callbacks suppressed
[  320.375702][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  320.386054][ T8855] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  320.391016][    C0] buffer_io_error: 7 callbacks suppressed
[  320.391032][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  320.416600][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  320.425800][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  320.443821][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  320.453013][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  320.462264][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  320.471468][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  320.489530][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  320.498935][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  320.514148][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  320.523331][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  320.535327][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  320.544520][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  320.554799][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  320.564041][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  320.571970][ T8997] ldm_validate_partition_table(): Disk read failed.
[  320.578932][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  320.588117][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  320.601672][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  320.610879][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  320.620186][ T8997] Dev loop6: unable to read RDB block 0
[  320.640263][ T8997]  loop6: unable to read partition table
[  320.660451][ T8997] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  320.735780][ T8855] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  320.845152][    T9] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  320.864741][ T8855] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  321.075346][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  321.114975][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  321.138492][    T9] usb 5-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00
[  321.196920][ T9003] xt_ipvs: protocol family 7 not supported
[  321.228425][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  321.291346][    T9] usb 5-1: config 0 descriptor??
[  321.444280][ T8855] 8021q: adding VLAN 0 to HW filter on device bond0
[  321.476051][ T9012] program syz.2.729 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  321.543620][ T8855] 8021q: adding VLAN 0 to HW filter on device team0
[  321.603075][ T2548] bridge0: port 1(bridge_slave_0) entered blocking state
[  321.610361][ T2548] bridge0: port 1(bridge_slave_0) entered forwarding state
[  321.672857][    T9] usbhid 5-1:0.0: can't add hid device: -71
[  321.693087][ T2548] bridge0: port 2(bridge_slave_1) entered blocking state
[  321.694571][    T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  321.700342][ T2548] bridge0: port 2(bridge_slave_1) entered forwarding state
[  321.826420][    T9] usb 5-1: USB disconnect, device number 34
[  322.108136][ T8855] 8021q: adding VLAN 0 to HW filter on device batadv0
[  322.284668][ T8855] veth0_vlan: entered promiscuous mode
[  322.333069][ T8855] veth1_vlan: entered promiscuous mode
[  322.340314][ T5247] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  322.347126][    T9] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  322.486623][   T48] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  322.518525][ T8855] veth0_macvtap: entered promiscuous mode
[  322.577993][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  322.612558][ T8855] veth1_macvtap: entered promiscuous mode
[  322.636612][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  322.658265][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  322.700397][ T8855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  322.717108][   T48] usb 3-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4
[  322.754969][   T48] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  322.768768][    T9] usb 5-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  322.783494][ T8855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  322.793394][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  322.815935][    T9] usb 5-1: config 0 descriptor??
[  322.825946][   T48] usb 3-1: config 0 descriptor??
[  322.850465][ T8855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  322.896457][ T8855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  322.944060][ T8855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  322.982970][ T8855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.009934][ T8855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  323.041333][ T8855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.074451][ T8855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  323.179728][ T8855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.241000][ T8855] batman_adv: batadv0: Interface activated: batadv_slave_0
[  323.277586][   T48] gs_usb 3-1:0.0: Configuring for 1 interfaces
[  323.312352][ T9032] netlink: 20 bytes leftover after parsing attributes in process `syz.1.733'.
[  323.443493][ T9032] vlan2: entered promiscuous mode
[  323.459498][ T9032] bond0: entered promiscuous mode
[  323.486666][ T9032] bond_slave_0: entered promiscuous mode
[  323.507572][ T9032] bond_slave_1: entered promiscuous mode
[  323.572507][ T8855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  323.610836][    T9] usbhid 5-1:0.0: can't add hid device: -71
[  323.620339][ T8855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.625010][    T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  323.682762][ T8855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  323.692838][    T9] usb 5-1: USB disconnect, device number 35
[  323.747858][ T8855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.786746][ T8855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  323.834956][ T8855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.851967][ T9042] netlink: 'syz.1.734': attribute type 3 has an invalid length.
[  323.866282][ T9042] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.734'.
[  323.904814][ T8855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  323.965626][ T8855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  324.001252][ T8855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  324.021640][ T8855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  324.046226][ T8855] batman_adv: batadv0: Interface activated: batadv_slave_1
[  324.131266][ T8855] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  324.188460][ T8855] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  324.235210][ T8855] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  324.274967][ T8855] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  324.568962][ T9026] fuse: Bad value for 'group_id'
[  324.596551][ T9026] fuse: Bad value for 'group_id'
[  324.623225][ T2969] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  324.640343][ T2969] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  324.786175][ T2548] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  324.830264][ T2548] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  325.480010][ T9076] netlink: 12 bytes leftover after parsing attributes in process `syz.0.739'.
[  325.541721][ T9076] netlink: 44 bytes leftover after parsing attributes in process `syz.0.739'.
[  325.814696][ T5293] usb 3-1: USB disconnect, device number 52
[  325.945218][   T48] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  326.140914][ T9099] program syz.2.741 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  326.155221][   T48] usb 5-1: Using ep0 maxpacket: 8
[  326.193034][   T48] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  326.248322][   T48] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  326.323855][   T48] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  326.455019][   T48] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  326.510512][   T48] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  326.549034][   T48] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  326.582190][   T48] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  326.616305][   T48] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  326.689562][   T48] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  326.712288][   T48] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  326.734029][   T48] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  326.787390][   T48] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  326.812232][   T48] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  326.843623][ T9110] netlink: 20 bytes leftover after parsing attributes in process `syz.0.743'.
[  326.874660][   T48] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  326.907389][   T48] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  326.929903][ T9110] vlan2: entered promiscuous mode
[  326.940739][ T9110] bond0: entered promiscuous mode
[  326.949272][ T9110] bond_slave_0: entered promiscuous mode
[  327.000179][ T9110] bond_slave_1: entered promiscuous mode
[  327.004584][   T48] usb 5-1: string descriptor 0 read error: -22
[  327.024480][   T48] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  327.084307][   T48] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  327.128133][   T48] adutux 5-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  327.435598][   T48] usb 5-1: USB disconnect, device number 36
[  327.779997][ T9132] netlink: 'syz.1.748': attribute type 3 has an invalid length.
[  327.789175][ T9133] vcan0: tx drop: invalid da for name 0x0000000000000003
[  327.816623][ T9132] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.748'.
[  327.845460][ T9133] binder: 9131:9133 ioctl c0306201 20000000 returned -14
[  327.939111][ T9138] binder_alloc: 9131: binder_alloc_buf size 4096 failed, no address space
[  327.948729][ T9138] binder_alloc: allocated: 8 (num: 1 largest: 8), free: 4088 (num: 1 largest: 4088)
[  327.960761][  T940] usb 4-1: new high-speed USB device number 57 using dummy_hcd
[  328.106100][   T48] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  328.197473][  T940] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  328.205496][ T5292] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  328.214897][  T940] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  328.254982][  T940] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  328.312136][  T940] usb 4-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  328.327538][   T48] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  328.330123][  T940] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  328.354516][   T48] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  328.359032][  T940] usb 4-1: config 0 descriptor??
[  328.405775][   T48] usb 5-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00
[  328.425775][ T5292] usb 2-1: Using ep0 maxpacket: 8
[  328.435304][   T48] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  328.456861][ T5292] usb 2-1: New USB device found, idVendor=04e6, idProduct=5591, bcdDevice=58.36
[  328.474932][ T5292] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  328.504137][   T48] usb 5-1: config 0 descriptor??
[  328.520119][ T5292] usb 2-1: Product: syz
[  328.538386][ T5292] usb 2-1: Manufacturer: syz
[  328.572138][ T5292] usb 2-1: SerialNumber: syz
[  328.608425][ T5292] usb 2-1: config 0 descriptor??
[  328.630124][  T940] usbhid 4-1:0.0: can't add hid device: -71
[  328.651361][ T5292] pn533_usb 2-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint
[  328.665109][  T940] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  328.737057][  T940] usb 4-1: USB disconnect, device number 57
[  328.829205][ T9154] loop6: detected capacity change from 0 to 524287999
[  328.863739][   T48] usbhid 5-1:0.0: can't add hid device: -71
[  328.874183][    C0] blk_print_req_error: 7 callbacks suppressed
[  328.874204][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  328.889549][    C0] buffer_io_error: 7 callbacks suppressed
[  328.889564][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  328.910584][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  328.919822][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  328.935181][   T48] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  328.963391][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  328.972689][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  329.001812][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  329.011152][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  329.021219][   T48] usb 5-1: USB disconnect, device number 37
[  329.031004][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  329.040223][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  329.048414][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  329.057709][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  329.070169][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  329.079404][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  329.088640][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  329.097843][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  329.105815][ T9154] ldm_validate_partition_table(): Disk read failed.
[  329.115708][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  329.124978][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  329.155253][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  329.164514][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  329.188149][ T9154] Dev loop6: unable to read RDB block 0
[  329.213192][ T9154]  loop6: unable to read partition table
[  329.225223][ T9136] netlink: 28 bytes leftover after parsing attributes in process `syz.1.748'.
[  329.238458][ T9154] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  329.279285][ T9163] program syz.2.755 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  329.303897][ T5292] usb 2-1: USB disconnect, device number 35
[  330.982195][ T9203] netlink: 16 bytes leftover after parsing attributes in process `syz.0.761'.
[  331.014155][ T9195] fuse: Bad value for 'fd'
[  331.565006][ T1181] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  331.615413][ T5326] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  331.767000][ T9212] input: syz0 as /devices/virtual/input/input17
[  331.797456][ T1181] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  331.817437][ T5326] usb 2-1: Using ep0 maxpacket: 8
[  331.825761][ T1181] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  331.825831][ T1181] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  331.825879][ T1181] usb 3-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  331.825904][ T1181] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  331.854964][ T1181] usb 3-1: config 0 descriptor??
[  331.871357][ T5326] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  331.871416][ T5326] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  331.871448][ T5326] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  331.871477][ T5326] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  331.871506][ T5326] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  331.887858][ T5326] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  331.887912][ T5326] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  331.887942][ T5326] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  331.887969][ T5326] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  331.887996][ T5326] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  331.889052][ T5326] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  331.889099][ T5326] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  331.889128][ T5326] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  331.889155][ T5326] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  331.889182][ T5326] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  331.901789][ T5326] usb 2-1: string descriptor 0 read error: -22
[  332.061102][ T1181] usbhid 3-1:0.0: can't add hid device: -71
[  332.225818][ T5326] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  332.254128][ T5326] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  332.321207][ T1181] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  332.353724][ T1181] usb 3-1: USB disconnect, device number 53
[  332.406822][ T5326] adutux 2-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  332.496352][ T9219] program syz.0.769 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  332.623639][ T5326] usb 2-1: USB disconnect, device number 36
[  333.288428][ T5326] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  333.338249][ T9233] xt_ipvs: protocol family 7 not supported
[  333.552200][ T5326] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  333.589329][ T5326] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  333.636653][ T5326] usb 2-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00
[  333.668922][ T5326] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  333.731468][ T5326] usb 2-1: config 0 descriptor??
[  334.101013][ T9242] IPv6: Can't replace route, no match found
[  334.252012][ T9210] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  334.265809][ T9242] netlink: 32 bytes leftover after parsing attributes in process `syz.2.775'.
[  334.288372][ T9210] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  335.376058][ T5328] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  335.416270][ T1181] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[  335.575002][ T5328] usb 5-1: Using ep0 maxpacket: 8
[  335.605759][ T5328] usb 5-1: no configurations
[  335.610401][ T5328] usb 5-1: can't read configurations, error -22
[  335.628359][ T1181] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  335.668573][ T1181] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  335.710554][ T1181] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  335.769532][ T1181] usb 4-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  335.824711][ T1181] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  335.825598][ T5326] usbhid 2-1:0.0: can't add hid device: -71
[  335.839233][ T5328] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  335.899004][ T1181] usb 4-1: config 0 descriptor??
[  335.926067][ T9266] program syz.2.783 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  335.960080][ T5326] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  335.989382][ T5326] usb 2-1: USB disconnect, device number 37
[  336.102921][ T9271] netlink: 'syz.1.784': attribute type 12 has an invalid length.
[  336.124943][ T5328] usb 5-1: Using ep0 maxpacket: 8
[  336.133929][ T5328] usb 5-1: no configurations
[  336.147305][ T1181] usbhid 4-1:0.0: can't add hid device: -71
[  336.163867][ T5328] usb 5-1: can't read configurations, error -22
[  336.181070][ T1181] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  336.183843][ T5328] usb usb5-port1: attempt power cycle
[  336.239028][ T1181] usb 4-1: USB disconnect, device number 58
[  336.654817][ T5328] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  336.720872][ T5328] usb 5-1: Using ep0 maxpacket: 8
[  336.785717][ T5328] usb 5-1: no configurations
[  336.790370][ T5328] usb 5-1: can't read configurations, error -22
[  336.965166][ T5328] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  337.058597][ T5328] usb 5-1: Using ep0 maxpacket: 8
[  337.095376][ T5328] usb 5-1: no configurations
[  337.133438][ T5328] usb 5-1: can't read configurations, error -22
[  337.171100][ T5328] usb usb5-port1: unable to enumerate USB device
[  338.655125][   T48] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  338.741111][ T9312] program syz.0.795 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  338.865218][   T48] usb 2-1: Using ep0 maxpacket: 8
[  338.881096][   T48] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  338.891819][   T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  338.958087][   T48] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  339.011714][   T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  339.073045][   T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  339.105169][   T48] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  339.113022][   T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  339.143685][   T48] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  339.164665][   T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  339.177528][   T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  339.224114][   T48] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  339.244141][   T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  339.282424][   T48] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  339.303516][   T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  339.334285][   T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  339.380602][   T48] usb 2-1: string descriptor 0 read error: -22
[  339.402908][   T48] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  339.425584][ T5292] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  339.464024][   T48] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  339.521856][   T48] adutux 2-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  339.657660][ T5292] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  339.674613][ T5292] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  339.687321][ T5292] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  339.705382][ T5292] usb 5-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  339.739918][ T5292] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  339.775679][ T5292] usb 5-1: config 0 descriptor??
[  339.801652][ T5328] usb 2-1: USB disconnect, device number 38
[  340.085602][ T5292] usbhid 5-1:0.0: can't add hid device: -71
[  340.117968][ T5292] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  340.146174][ T5292] usb 5-1: USB disconnect, device number 42
[  340.349448][   T52] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  340.444993][ T5328] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  340.738338][ T5328] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  340.759972][   T52] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  340.791638][ T5328] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  340.802175][ T5328] usb 2-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00
[  340.834290][ T5328] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  340.877336][ T5328] usb 2-1: config 0 descriptor??
[  341.011831][   T52] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  341.224030][   T52] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  341.312375][ T9309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  341.347349][ T9309] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  341.649140][   T52] bridge_slave_1: left allmulticast mode
[  341.679471][   T52] bridge_slave_1: left promiscuous mode
[  341.710071][   T52] bridge0: port 2(bridge_slave_1) entered disabled state
[  341.724156][ T5244] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  341.735916][ T5244] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  341.744556][ T5244] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  341.758292][ T5244] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  341.771614][ T5244] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  341.779162][ T5244] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  341.828043][   T52] bridge_slave_0: left allmulticast mode
[  341.853965][   T52] bridge_slave_0: left promiscuous mode
[  341.880618][   T52] bridge0: port 1(bridge_slave_0) entered disabled state
[  342.309284][ T9353] program syz.0.810 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  342.327820][ T9352] netlink: 4104 bytes leftover after parsing attributes in process `syz.4.811'.
[  342.775442][ T5328] usbhid 2-1:0.0: can't add hid device: -71
[  342.807850][ T5328] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  342.858044][ T5328] usb 2-1: USB disconnect, device number 39
[  343.083079][   T52] bridge0 (unregistering): left promiscuous mode
[  343.405002][  T940] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  343.476486][   T52] bond0 (unregistering): left promiscuous mode
[  343.492473][   T52] bond_slave_0: left promiscuous mode
[  343.500136][   T52] bond_slave_1: left promiscuous mode
[  343.526004][ T5292] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  343.571626][   T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  343.585038][  T940] usb 5-1: Using ep0 maxpacket: 32
[  343.610001][  T940] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  343.629831][   T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  343.647646][  T940] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  343.675783][  T940] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  343.693981][  T940] usb 5-1: Product: syz
[  343.695920][   T52] bond0 (unregistering): Released all slaves
[  343.709874][  T940] usb 5-1: Manufacturer: syz
[  343.714686][  T940] usb 5-1: SerialNumber: syz
[  343.731368][ T5292] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  343.764183][  T940] usb 5-1: config 0 descriptor??
[  343.764273][ T5292] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  343.790327][   T52] bond1 (unregistering): Released all slaves
[  343.805817][ T9363] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  343.817010][ T5292] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  343.845289][ T5247] Bluetooth: hci5: command tx timeout
[  343.881867][ T5292] usb 1-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  343.970280][ T5292] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  344.015548][ T5292] usb 1-1: config 0 descriptor??
[  344.228350][   T48] usb 5-1: USB disconnect, device number 43
[  344.310701][ T5292] usbhid 1-1:0.0: can't add hid device: -71
[  344.334513][ T5292] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  344.387028][ T5292] usb 1-1: USB disconnect, device number 36
[  344.677856][  T940] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  344.685671][   T52] hsr_slave_0: left promiscuous mode
[  344.705723][   T52] hsr_slave_1: left promiscuous mode
[  344.772973][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  344.825781][   T52] batman_adv: batadv0: Removing interface: batadv_slave_0
[  344.849902][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  344.874265][   T52] batman_adv: batadv0: Removing interface: batadv_slave_1
[  344.974981][  T940] usb 2-1: Using ep0 maxpacket: 16
[  344.997862][  T940] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  345.013344][   T52] veth1_macvtap: left promiscuous mode
[  345.037785][   T52] veth0_macvtap: left promiscuous mode
[  345.050118][  T940] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  345.062183][   T52] veth1_vlan: left promiscuous mode
[  345.076967][  T940] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  345.091036][   T52] veth0_vlan: left promiscuous mode
[  345.112742][  T940] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  345.158913][  T940] usb 2-1: config 0 descriptor??
[  345.634126][ T9403] input: syz0 as /devices/virtual/input/input18
[  345.925182][ T5247] Bluetooth: hci5: command tx timeout
[  346.558575][   T52] team0 (unregistering): Port device team_slave_1 removed
[  346.630944][   T52] team0 (unregistering): Port device team_slave_0 removed
[  347.431830][ T9406] netlink: 12 bytes leftover after parsing attributes in process `syz.0.822'.
[  347.599762][  T940] usb 2-1: string descriptor 0 read error: -71
[  347.662413][  T940] usb 2-1: USB disconnect, device number 40
[  347.865448][ T9421] program syz.0.825 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  347.981064][ T9417] xt_ipvs: protocol family 7 not supported
[  348.016425][ T5247] Bluetooth: hci5: command tx timeout
[  348.115019][ T5292] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[  348.233546][ T9346] chnl_net:caif_netlink_parms(): no params data found
[  348.345932][ T5292] usb 4-1: Using ep0 maxpacket: 8
[  348.379440][ T5292] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  348.388399][ T5292] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  348.410730][ T5292] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  348.448284][ T5292] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  348.468239][ T5292] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  348.486487][ T5292] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  348.509981][ T5292] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  348.590437][ T5292] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  348.647999][ T5292] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  348.684448][ T5292] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  348.706656][ T5292] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  348.725302][ T5292] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  348.739294][ T5292] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  348.754745][ T5292] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  348.757416][ T5328] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  348.766476][ T5292] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  348.801183][ T9346] bridge0: port 1(bridge_slave_0) entered blocking state
[  348.815010][ T5292] usb 4-1: string descriptor 0 read error: -22
[  348.835125][ T5292] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  348.851028][ T9346] bridge0: port 1(bridge_slave_0) entered disabled state
[  348.876919][ T5292] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  348.876985][ T9346] bridge_slave_0: entered allmulticast mode
[  348.922575][ T5292] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  348.964424][ T9346] bridge_slave_0: entered promiscuous mode
[  348.991866][ T9346] bridge0: port 2(bridge_slave_1) entered blocking state
[  348.999770][ T9346] bridge0: port 2(bridge_slave_1) entered disabled state
[  349.020213][ T9346] bridge_slave_1: entered allmulticast mode
[  349.038076][ T9346] bridge_slave_1: entered promiscuous mode
[  349.049402][ T5328] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  349.092064][ T5328] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  349.127072][ T5328] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  349.201943][ T5328] usb 1-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  349.238738][  T940] usb 4-1: USB disconnect, device number 59
[  349.248237][ T5328] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.303910][ T5328] usb 1-1: config 0 descriptor??
[  349.304517][ T9346] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  349.434127][ T9346] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  349.631468][ T9454] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  349.728307][ T5328] usbhid 1-1:0.0: can't add hid device: -71
[  349.739557][ T9456] binder: 9455:9456 unknown command 0
[  349.745134][ T5328] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  349.775732][ T5328] usb 1-1: USB disconnect, device number 37
[  349.775971][ T9456] binder: 9455:9456 ioctl c0306201 20000a80 returned -22
[  349.824287][ T9346] team0: Port device team_slave_0 added
[  349.845816][    T9] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[  349.847960][ T9346] team0: Port device team_slave_1 added
[  349.998570][ T9346] batman_adv: batadv0: Adding interface: batadv_slave_0
[  350.022001][ T9346] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  350.051514][ T9346] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  350.085507][ T5247] Bluetooth: hci5: command tx timeout
[  350.114207][ T9346] batman_adv: batadv0: Adding interface: batadv_slave_1
[  350.125966][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  350.135149][ T9346] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  350.194249][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  350.224407][    T9] usb 4-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00
[  350.224444][ T9346] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  350.271822][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  350.317392][    T9] usb 4-1: config 0 descriptor??
[  350.445204][ T9466] FAULT_INJECTION: forcing a failure.
[  350.445204][ T9466] name failslab, interval 1, probability 0, space 0, times 0
[  350.469934][ T9466] CPU: 1 UID: 0 PID: 9466 Comm: syz.4.834 Not tainted 6.11.0-rc6-syzkaller-00019-g67784a74e258 #0
[  350.480587][ T9466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  350.490686][ T9466] Call Trace:
[  350.493999][ T9466]  <TASK>
[  350.497138][ T9466]  dump_stack_lvl+0x241/0x360
[  350.501869][ T9466]  ? __pfx_dump_stack_lvl+0x10/0x10
[  350.507121][ T9466]  ? __pfx__printk+0x10/0x10
[  350.511756][ T9466]  ? ref_tracker_alloc+0x332/0x490
[  350.516915][ T9466]  should_fail_ex+0x3b0/0x4e0
[  350.521658][ T9466]  ? skb_clone+0x20c/0x390
[  350.526130][ T9466]  should_failslab+0xac/0x100
[  350.530852][ T9466]  ? skb_clone+0x20c/0x390
[  350.535306][ T9466]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  350.540720][ T9466]  skb_clone+0x20c/0x390
[  350.545022][ T9466]  __netlink_deliver_tap+0x3cc/0x7c0
[  350.550360][ T9466]  ? netlink_deliver_tap+0x2e/0x1b0
[  350.555594][ T9466]  netlink_deliver_tap+0x19d/0x1b0
[  350.560746][ T9466]  netlink_unicast+0x7c4/0x990
[  350.565569][ T9466]  ? __pfx_netlink_unicast+0x10/0x10
[  350.570894][ T9466]  ? __virt_addr_valid+0x183/0x530
[  350.576051][ T9466]  ? __check_object_size+0x49c/0x900
[  350.581376][ T9466]  ? bpf_lsm_netlink_send+0x9/0x10
[  350.586512][ T9466]  netlink_sendmsg+0x8e4/0xcb0
[  350.591309][ T9466]  ? __pfx_netlink_sendmsg+0x10/0x10
[  350.596617][ T9466]  ? __import_iovec+0x536/0x820
[  350.601493][ T9466]  ? aa_sock_msg_perm+0x91/0x160
[  350.606443][ T9466]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  350.611746][ T9466]  ? security_socket_sendmsg+0x87/0xb0
[  350.617229][ T9466]  ? __pfx_netlink_sendmsg+0x10/0x10
[  350.622527][ T9466]  __sock_sendmsg+0x221/0x270
[  350.627244][ T9466]  ____sys_sendmsg+0x525/0x7d0
[  350.632034][ T9466]  ? __pfx_____sys_sendmsg+0x10/0x10
[  350.637351][ T9466]  __sys_sendmsg+0x2b0/0x3a0
[  350.641958][ T9466]  ? __pfx___sys_sendmsg+0x10/0x10
[  350.647105][ T9466]  ? __pfx_sched_clock_cpu+0x10/0x10
[  350.652410][ T9466]  ? note_interrupt+0x579/0x9c0
[  350.657292][ T9466]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  350.663639][ T9466]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  350.669980][ T9466]  ? __irq_exit_rcu+0x100/0x1c0
[  350.674862][ T9466]  ? do_syscall_64+0xb6/0x230
[  350.679564][ T9466]  do_syscall_64+0xf3/0x230
[  350.684084][ T9466]  ? clear_bhb_loop+0x35/0x90
[  350.688871][ T9466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  350.694800][ T9466] RIP: 0033:0x7f22aeb79eb9
[  350.699237][ T9466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  350.718870][ T9466] RSP: 002b:00007f22ae5ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  350.727300][ T9466] RAX: ffffffffffffffda RBX: 00007f22aed16058 RCX: 00007f22aeb79eb9
[  350.735288][ T9466] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000009
[  350.743271][ T9466] RBP: 00007f22ae5ff090 R08: 0000000000000000 R09: 0000000000000000
[  350.751263][ T9466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  350.759251][ T9466] R13: 0000000000000000 R14: 00007f22aed16058 R15: 00007f22aee3fa28
[  350.767253][ T9466]  </TASK>
[  350.857532][ T9346] hsr_slave_0: entered promiscuous mode
[  350.983096][ T9346] hsr_slave_1: entered promiscuous mode
[  351.075663][    T9] usbhid 4-1:0.0: can't add hid device: -71
[  351.076695][ T9346] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  351.121920][    T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  351.154407][ T9346] Cannot create hsr debugfs directory
[  351.161163][    T9] usb 4-1: USB disconnect, device number 60
[  351.435368][ T9490] program syz.3.838 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  352.086255][ T9503] netlink: 104 bytes leftover after parsing attributes in process `syz.4.839'.
[  352.286879][ T5292] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  352.477050][ T5292] usb 2-1: Using ep0 maxpacket: 8
[  352.498413][ T5292] usb 2-1: New USB device found, idVendor=04e6, idProduct=5591, bcdDevice=58.36
[  352.525044][ T5292] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  352.565421][ T5292] usb 2-1: Product: syz
[  352.569636][ T5292] usb 2-1: Manufacturer: syz
[  352.592545][ T5292] usb 2-1: SerialNumber: syz
[  352.608608][ T5292] usb 2-1: config 0 descriptor??
[  352.616263][ T5292] pn533_usb 2-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint
[  352.681841][    T9] usb 4-1: new high-speed USB device number 61 using dummy_hcd
[  352.829324][ T9500] netlink: 28 bytes leftover after parsing attributes in process `syz.1.842'.
[  352.867991][ T5292] usb 2-1: USB disconnect, device number 41
[  352.901420][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  352.945278][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  352.978113][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  353.015195][    T9] usb 4-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  353.035712][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  353.077956][    T9] usb 4-1: config 0 descriptor??
[  353.111827][ T9346] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  353.147137][ T9346] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  353.172231][ T9346] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  353.202262][ T9346] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  353.337320][    T9] usbhid 4-1:0.0: can't add hid device: -71
[  353.354683][    T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  353.382886][    T9] usb 4-1: USB disconnect, device number 61
[  353.582384][ T9346] 8021q: adding VLAN 0 to HW filter on device bond0
[  353.678202][ T9346] 8021q: adding VLAN 0 to HW filter on device team0
[  353.732254][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[  353.739511][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[  353.829082][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[  353.836638][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[  354.092181][ T9346] 8021q: adding VLAN 0 to HW filter on device batadv0
[  354.166011][ T9544] program syz.4.852 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  354.214310][ T9546] trusted_key: encrypted_key: insufficient parameters specified
[  354.263480][ T9346] veth0_vlan: entered promiscuous mode
[  354.295339][ T9346] veth1_vlan: entered promiscuous mode
[  354.436982][ T9346] veth0_macvtap: entered promiscuous mode
[  354.528118][ T9346] veth1_macvtap: entered promiscuous mode
[  354.633306][ T9346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  354.673250][ T9346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  354.723783][ T9346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  354.757311][ T9346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  354.793265][ T9346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  354.839772][ T9346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  354.877921][ T9346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  354.920623][ T9346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  354.959009][ T9346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  354.970537][ T9346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  354.995069][ T9346] batman_adv: batadv0: Interface activated: batadv_slave_0
[  355.051716][ T9346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  355.101207][ T9346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  355.148450][ T9346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  355.172618][ T9346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  355.191392][ T9346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  355.221388][ T9346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  355.246004][ T9346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  355.257416][ T9346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  355.274969][ T9346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  355.318608][ T9346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  355.332078][ T9565] FAULT_INJECTION: forcing a failure.
[  355.332078][ T9565] name failslab, interval 1, probability 0, space 0, times 0
[  355.334791][ T9346] batman_adv: batadv0: Interface activated: batadv_slave_1
[  355.374048][ T9565] CPU: 1 UID: 0 PID: 9565 Comm: syz.0.857 Not tainted 6.11.0-rc6-syzkaller-00019-g67784a74e258 #0
[  355.384716][ T9565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  355.394779][ T9565] Call Trace:
[  355.398058][ T9565]  <TASK>
[  355.400991][ T9565]  dump_stack_lvl+0x241/0x360
[  355.405679][ T9565]  ? __pfx_dump_stack_lvl+0x10/0x10
[  355.410886][ T9565]  ? __pfx__printk+0x10/0x10
[  355.415528][ T9565]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[  355.421515][ T9565]  ? __pfx___might_resched+0x10/0x10
[  355.426936][ T9565]  should_fail_ex+0x3b0/0x4e0
[  355.431632][ T9565]  should_failslab+0xac/0x100
[  355.436330][ T9565]  ? __alloc_skb+0x1c3/0x440
[  355.440937][ T9565]  kmem_cache_alloc_node_noprof+0x71/0x320
[  355.446746][ T9565]  ? genl_rcv_msg+0x88c/0xec0
[  355.451428][ T9565]  __alloc_skb+0x1c3/0x440
[  355.455846][ T9565]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  355.461927][ T9565]  ? __pfx___alloc_skb+0x10/0x10
[  355.466878][ T9565]  netlink_dump+0x2cd/0xd80
[  355.471572][ T9565]  ? __pfx_netlink_dump+0x10/0x10
[  355.476612][ T9565]  ? __asan_memset+0x23/0x50
[  355.481219][ T9565]  ? genl_start+0x4a8/0x6d0
[  355.485736][ T9565]  __netlink_dump_start+0x5a2/0x790
[  355.490963][ T9565]  genl_rcv_msg+0x88c/0xec0
[  355.495469][ T9565]  ? mark_lock+0x9a/0x350
[  355.499811][ T9565]  ? __pfx_genl_rcv_msg+0x10/0x10
[  355.504858][ T9565]  ? __pfx_genl_start+0x10/0x10
[  355.509725][ T9565]  ? __pfx_genl_dumpit+0x10/0x10
[  355.514758][ T9565]  ? __pfx_genl_done+0x10/0x10
[  355.519541][ T9565]  ? __pfx_lock_acquire+0x10/0x10
[  355.524583][ T9565]  ? __pfx_ovs_dp_cmd_dump+0x10/0x10
[  355.529871][ T9565]  ? __pfx___might_resched+0x10/0x10
[  355.535171][ T9565]  netlink_rcv_skb+0x1e3/0x430
[  355.539943][ T9565]  ? __pfx_genl_rcv_msg+0x10/0x10
[  355.544986][ T9565]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  355.550280][ T9565]  ? __netlink_deliver_tap+0x77e/0x7c0
[  355.555747][ T9565]  genl_rcv+0x28/0x40
[  355.559729][ T9565]  netlink_unicast+0x7f6/0x990
[  355.564505][ T9565]  ? __pfx_netlink_unicast+0x10/0x10
[  355.569793][ T9565]  ? __virt_addr_valid+0x183/0x530
[  355.574913][ T9565]  ? __check_object_size+0x49c/0x900
[  355.580213][ T9565]  ? bpf_lsm_netlink_send+0x9/0x10
[  355.585351][ T9565]  netlink_sendmsg+0x8e4/0xcb0
[  355.590223][ T9565]  ? __pfx_netlink_sendmsg+0x10/0x10
[  355.595508][ T9565]  ? __import_iovec+0x536/0x820
[  355.600357][ T9565]  ? aa_sock_msg_perm+0x91/0x160
[  355.605311][ T9565]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  355.610611][ T9565]  ? security_socket_sendmsg+0x87/0xb0
[  355.616079][ T9565]  ? __pfx_netlink_sendmsg+0x10/0x10
[  355.621361][ T9565]  __sock_sendmsg+0x221/0x270
[  355.626051][ T9565]  ____sys_sendmsg+0x525/0x7d0
[  355.630824][ T9565]  ? __pfx_____sys_sendmsg+0x10/0x10
[  355.636123][ T9565]  __sys_sendmsg+0x2b0/0x3a0
[  355.640738][ T9565]  ? __pfx___sys_sendmsg+0x10/0x10
[  355.645950][ T9565]  ? vfs_write+0x7c4/0xc90
[  355.650397][ T9565]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  355.656732][ T9565]  ? do_syscall_64+0x100/0x230
[  355.661495][ T9565]  ? do_syscall_64+0xb6/0x230
[  355.666173][ T9565]  do_syscall_64+0xf3/0x230
[  355.670674][ T9565]  ? clear_bhb_loop+0x35/0x90
[  355.675373][ T9565]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  355.681269][ T9565] RIP: 0033:0x7faa15f79eb9
[  355.685682][ T9565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  355.705305][ T9565] RSP: 002b:00007faa16da4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  355.713722][ T9565] RAX: ffffffffffffffda RBX: 00007faa16116058 RCX: 00007faa15f79eb9
[  355.721721][ T9565] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000009
[  355.729694][ T9565] RBP: 00007faa16da4090 R08: 0000000000000000 R09: 0000000000000000
[  355.737663][ T9565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  355.745632][ T9565] R13: 0000000000000000 R14: 00007faa16116058 R15: 00007faa1623fa28
[  355.753623][ T9565]  </TASK>
[  355.774719][ T9346] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  355.783592][ T9346] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  355.792795][ T9346] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  355.805424][ T9346] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  356.215137][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  356.232475][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  356.510923][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  356.524723][ T5292] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  356.539361][ T5289] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[  356.546842][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  356.748424][ T5289] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  356.759208][ T5292] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  356.774376][ T5289] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  356.789888][ T5292] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  356.799145][ T5326] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  356.799783][ T5292] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  356.820527][ T5292] usb 1-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  356.832232][ T5289] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  356.841512][ T5289] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  356.854235][ T5292] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  356.862996][ T5289] usb 4-1: Product: syz
[  356.867661][ T5289] usb 4-1: Manufacturer: syz
[  356.872295][ T5289] usb 4-1: SerialNumber: syz
[  356.881256][ T5292] usb 1-1: config 0 descriptor??
[  356.903927][ T9578] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  357.044120][ T5326] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  357.092078][ T5326] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  357.095324][ T5292] usbhid 1-1:0.0: can't add hid device: -71
[  357.132589][ T5289] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  357.158242][ T5292] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  357.169241][ T5326] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  357.177382][ T5289] usb 4-1: USB disconnect, device number 62
[  357.203830][ T5292] usb 1-1: USB disconnect, device number 38
[  357.229169][ T5326] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  357.276748][ T5326] usb 2-1: Product: syz
[  357.292167][ T5326] usb 2-1: Manufacturer: syz
[  357.302472][ T5326] usb 2-1: SerialNumber: syz
[  357.433834][ T9582] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  357.713869][ T5326] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22
[  357.773562][ T5326] usb 2-1: USB disconnect, device number 42
[  358.008468][ T9609] netlink: 'syz.4.862': attribute type 9 has an invalid length.
[  358.010845][ T9611] program syz.0.863 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  358.063163][ T9609] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.862'.
[  358.193015][ T9618] loop6: detected capacity change from 0 to 524287999
[  358.244103][    C1] blk_print_req_error: 7 callbacks suppressed
[  358.244120][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  358.259494][    C1] buffer_io_error: 7 callbacks suppressed
[  358.259511][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  358.283722][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  358.292943][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  358.305146][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  358.314384][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  358.330382][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  358.339656][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  358.348542][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  358.357851][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  358.368746][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  358.378013][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  358.387759][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  358.396948][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  358.413694][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  358.422965][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  358.431203][ T9618] ldm_validate_partition_table(): Disk read failed.
[  358.438767][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  358.448075][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  358.463763][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  358.473010][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  358.485764][ T9618] Dev loop6: unable to read RDB block 0
[  358.495928][ T9618]  loop6: unable to read partition table
[  358.503779][ T9618] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  358.969183][ T9632] trusted_key: encrypted_key: insufficient parameters specified
[  359.075177][ T5289] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  359.277298][ T5289] usb 5-1: config index 0 descriptor too short (expected 45, got 36)
[  359.308606][ T5289] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  359.346767][ T5289] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  359.374415][ T5289] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  359.405649][ T5289] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  359.450079][ T5289] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  359.489670][ T5289] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  359.560186][ T5289] usb 5-1: config 0 descriptor??
[  359.590072][ T9628] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  360.208038][ T5289] plantronics 0003:047F:FFFF.0009: unknown main item tag 0xd
[  360.291357][ T5289] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving
[  360.452391][ T5289] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  360.814760][   T29] audit: type=1326 audit(1725342437.436:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9652 comm="syz.0.871" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7faa15f79eb9 code=0x0
[  360.905336][   T48] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  361.125132][   T48] usb 2-1: Using ep0 maxpacket: 8
[  361.138546][   T48] usb 2-1: New USB device found, idVendor=0681, idProduct=0010, bcdDevice=ab.e9
[  361.156337][   T48] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  361.195476][   T48] usb 2-1: config 0 descriptor??
[  361.342704][ T9684] program syz.3.876 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  361.661935][ T1181] usb 5-1: reset high-speed USB device number 44 using dummy_hcd
[  361.992392][ T9691] binder: 9690:9691 unknown command 0
[  362.013583][ T9691] binder: 9690:9691 ioctl c0306201 20000a80 returned -22
[  362.383575][ T9708] netlink: 16 bytes leftover after parsing attributes in process `syz.3.879'.
[  362.699187][ T5247] Bluetooth: Frame is too long (len 12, expected len 4)
[  362.793819][ T5289] usb 5-1: USB disconnect, device number 44
[  362.948344][ T9722] trusted_key: encrypted_key: insufficient parameters specified
[  363.606979][ T9740] netlink: 80 bytes leftover after parsing attributes in process `syz.3.886'.
[  363.710345][ T9740] netlink: 8 bytes leftover after parsing attributes in process `syz.3.886'.
[  363.772858][ T5326] usb 2-1: USB disconnect, device number 43
[  364.129417][ T9755] program syz.3.889 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  364.138879][   T29] audit: type=1326 audit(1725342440.766:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9748 comm="syz.4.887" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f22aeb79eb9 code=0x0
[  364.331919][ T9753] geneve2: entered promiscuous mode
[  364.363549][ T9753] geneve2: entered allmulticast mode
[  364.949212][    T9] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  365.176408][ T9771] xt_ipvs: protocol family 7 not supported
[  365.196989][    T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  365.354947][    T9] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  365.538557][    T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  365.552008][ T9788] netlink: 16 bytes leftover after parsing attributes in process `syz.3.894'.
[  365.581366][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  365.686647][ T9791] netlink: 32 bytes leftover after parsing attributes in process `syz.4.895'.
[  365.716104][    T9] usb 1-1: Product: syz
[  365.739252][ T9779] netlink: 'syz.3.894': attribute type 12 has an invalid length.
[  365.757304][    T9] usb 1-1: Manufacturer: syz
[  365.782649][    T9] usb 1-1: SerialNumber: syz
[  365.825232][ T9766] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  366.156071][ T9801] FAULT_INJECTION: forcing a failure.
[  366.156071][ T9801] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  366.211966][ T9801] CPU: 0 UID: 0 PID: 9801 Comm: syz.3.898 Not tainted 6.11.0-rc6-syzkaller-00019-g67784a74e258 #0
[  366.222620][ T9801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  366.232714][ T9801] Call Trace:
[  366.236000][ T9801]  <TASK>
[  366.238951][ T9801]  dump_stack_lvl+0x241/0x360
[  366.243649][ T9801]  ? __pfx_dump_stack_lvl+0x10/0x10
[  366.248858][ T9801]  ? __pfx__printk+0x10/0x10
[  366.253456][ T9801]  ? __pfx_lock_release+0x10/0x10
[  366.258511][ T9801]  ? __lock_acquire+0x137a/0x2040
[  366.263571][ T9801]  should_fail_ex+0x3b0/0x4e0
[  366.268296][ T9801]  _copy_from_user+0x2f/0xe0
[  366.272950][ T9801]  kstrtouint_from_user+0xc6/0x190
[  366.278104][ T9801]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  366.283848][ T9801]  ? __pfx_lock_acquire+0x10/0x10
[  366.288897][ T9801]  proc_fail_nth_write+0xaa/0x2d0
[  366.293930][ T9801]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  366.299844][ T9801]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  366.305490][ T9801]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  366.311130][ T9801]  vfs_write+0x2a2/0xc90
[  366.315406][ T9801]  ? __pfx_vfs_write+0x10/0x10
[  366.320210][ T9801]  ? __fget_files+0x29/0x470
[  366.324842][ T9801]  ? __fget_files+0x3f6/0x470
[  366.329563][ T9801]  ksys_write+0x1a0/0x2c0
[  366.333915][ T9801]  ? __pfx_ksys_write+0x10/0x10
[  366.338788][ T9801]  ? do_syscall_64+0x100/0x230
[  366.343571][ T9801]  ? do_syscall_64+0xb6/0x230
[  366.348392][ T9801]  do_syscall_64+0xf3/0x230
[  366.352909][ T9801]  ? clear_bhb_loop+0x35/0x90
[  366.357694][ T9801]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  366.363601][ T9801] RIP: 0033:0x7fd29af7899f
[  366.368028][ T9801] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48
[  366.387653][ T9801] RSP: 002b:00007fd29bdbe030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  366.396085][ T9801] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd29af7899f
[  366.404066][ T9801] RDX: 0000000000000001 RSI: 00007fd29bdbe0a0 RDI: 000000000000000a
[  366.412046][ T9801] RBP: 00007fd29bdbe090 R08: 0000000000000000 R09: 0000000000000000
[  366.420029][ T9801] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  366.428010][ T9801] R13: 0000000000000000 R14: 00007fd29b116058 R15: 00007fd29b23fa28
[  366.436008][ T9801]  </TASK>
[  366.462559][ T9800] trusted_key: encrypted_key: insufficient parameters specified
[  366.632939][    T9] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[  366.859235][    T9] usb 1-1: USB disconnect, device number 39
[  367.796232][    T9] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  368.006041][    T9] usb 1-1: Using ep0 maxpacket: 8
[  368.022367][    T9] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  368.040300][    T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  368.090138][    T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  368.111323][    T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  368.141846][    T9] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  368.194993][    T9] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  368.232381][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.447140][ T9829] netlink: 12 bytes leftover after parsing attributes in process `syz.2.904'.
[  368.454614][    T9] usb 1-1: usb_control_msg returned -32
[  368.489944][    T9] usbtmc 1-1:16.0: can't read capabilities
[  368.510440][ T9829] bridge0: port 2(bridge_slave_1) entered disabled state
[  368.518273][ T9829] bridge0: port 1(bridge_slave_0) entered disabled state
[  368.612790][ T9835] netlink: 100 bytes leftover after parsing attributes in process `syz.1.905'.
[  368.685302][ T9834] xt_ipvs: protocol family 7 not supported
[  368.978416][   T48] usb 1-1: USB disconnect, device number 40
[  369.216476][ T1181] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  369.313156][ T9843] ip6tnl1: entered promiscuous mode
[  369.326164][ T9843] ip6tnl1: entered allmulticast mode
[  369.449266][ T1181] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  369.486385][    C0] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:2. Sending cookies.
[  369.492476][ T1181] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  369.533225][ T1181] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  369.563646][ T1181] usb 5-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  369.592360][ T1181] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  369.618386][ T1181] usb 5-1: config 0 descriptor??
[  369.854798][ T1181] usbhid 5-1:0.0: can't add hid device: -71
[  369.879054][ T1181] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  369.905470][ T1181] usb 5-1: USB disconnect, device number 45
[  370.336519][ T9866] trusted_key: encrypted_key: insufficient parameters specified
[  370.614285][ T9875] netlink: 'syz.4.917': attribute type 6 has an invalid length.
[  370.632826][ T9875] netlink: 'syz.4.917': attribute type 21 has an invalid length.
[  370.641077][ T1181] usb 4-1: new high-speed USB device number 63 using dummy_hcd
[  370.655128][ T9875] netlink: 148 bytes leftover after parsing attributes in process `syz.4.917'.
[  370.735042][ T5326] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  370.835048][ T1181] usb 4-1: Using ep0 maxpacket: 16
[  370.849744][ T1181] usb 4-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=9a.1d
[  370.874273][ T1181] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  370.897329][ T1181] usb 4-1: Product: syz
[  370.902825][ T1181] usb 4-1: Manufacturer: syz
[  370.918932][ T1181] usb 4-1: SerialNumber: syz
[  370.923722][ T9878] xt_ipvs: protocol family 7 not supported
[  370.955044][ T5326] usb 1-1: Using ep0 maxpacket: 8
[  370.965721][ T1181] usb 4-1: config 0 descriptor??
[  370.971298][ T5326] usb 1-1: config index 0 descriptor too short (expected 1307, got 27)
[  371.002696][ T5326] usb 1-1: config 0 has an invalid interface number: 0 but max is -1
[  371.003901][ T1181] ims_pcu 4-1:0.0: Missing CDC union descriptor
[  371.033928][ T1181] ims_pcu 4-1:0.0: probe with driver ims_pcu failed with error -22
[  371.063318][ T5326] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 0
[  371.099957][ T5326] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x9C, changing to 0x8C
[  371.149370][ T5326] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 7
[  371.184123][ T5326] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8C has invalid maxpacket 42318, setting to 1024
[  371.249648][ T5326] usb 1-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de
[  371.249699][ T9864] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  371.265866][ T5326] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  371.286262][ T9884] netlink: 80 bytes leftover after parsing attributes in process `syz.1.920'.
[  371.299827][ T5326] usb 1-1: Product: syz
[  371.304125][ T5326] usb 1-1: Manufacturer: syz
[  371.316590][ T5326] usb 1-1: SerialNumber: syz
[  371.335973][ T5326] usb 1-1: config 0 descriptor??
[  371.341372][ T9864] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  371.355773][ T9869] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  371.389476][ T5326] hub 1-1:0.0: bad descriptor, ignoring hub
[  371.414548][ T5326] hub 1-1:0.0: probe with driver hub failed with error -5
[  371.445500][ T5326] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input20
[  371.457122][ T1181] usb 4-1: USB disconnect, device number 63
[  371.590689][ T5326] usb 1-1: USB disconnect, device number 41
[  371.688811][ T9891] netlink: 12 bytes leftover after parsing attributes in process `syz.1.921'.
[  372.306818][ T5292] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[  372.398649][ T9903] ip6tnl1: entered promiscuous mode
[  372.412493][ T9903] ip6tnl1: entered allmulticast mode
[  372.513224][ T9906] netlink: 'syz.1.927': attribute type 7 has an invalid length.
[  372.515129][ T5292] usb 3-1: Using ep0 maxpacket: 8
[  372.530714][ T9906] netlink: 192620 bytes leftover after parsing attributes in process `syz.1.927'.
[  372.547624][ T5292] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  372.579396][ T5292] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  372.593291][ T5292] usb 3-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3
[  372.627100][ T5292] usb 3-1: Manufacturer: syz
[  372.631886][ T5292] usb 3-1: SerialNumber: syz
[  373.151126][ T9912] netlink: 16 bytes leftover after parsing attributes in process `syz.4.928'.
[  373.506480][ T9919] xt_ipvs: protocol family 7 not supported
[  373.516895][ T9928] netlink: 20 bytes leftover after parsing attributes in process `syz.0.931'.
[  373.596918][ T9930] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_macvtap, syncid = 0, id = 0
[  373.625004][ T9923] trusted_key: encrypted_key: insufficient parameters specified
[  373.688561][ T5292] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42
[  373.732538][ T5292] cdc_ncm 3-1:1.0: setting tx_max = 16384
[  373.916209][ T9939] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_macvtap, syncid = 0, id = 0
[  373.928476][ T9935] IPVS: stopping backup sync thread 9939 ...
[  374.058301][ T5292] cdc_ncm 3-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  374.152231][ T5292] usb 3-1: USB disconnect, device number 54
[  374.220665][ T5292] cdc_ncm 3-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM (NO ZLP)
[  375.006908][ T9955] random: crng reseeded on system resumption
[  375.245639][   T48] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[  375.329421][ T9958] netlink: 4 bytes leftover after parsing attributes in process `syz.1.937'.
[  375.496985][   T48] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  375.514945][   T48] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  375.560665][   T48] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  375.560703][   T48] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  375.560728][   T48] usb 4-1: Product: syz
[  375.560746][   T48] usb 4-1: Manufacturer: syz
[  375.560764][   T48] usb 4-1: SerialNumber: syz
[  375.579550][ T9954] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  375.795568][   T48] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  375.810026][   T48] usb 4-1: USB disconnect, device number 64
[  376.130548][ T9955] netlink: 'syz.2.936': attribute type 21 has an invalid length.
[  376.148784][ T9955] netlink: 152 bytes leftover after parsing attributes in process `syz.2.936'.
[  377.028440][ T9969] delete_channel: no stack
[  377.420760][ T9980] trusted_key: encrypted_key: insufficient parameters specified
[  377.656451][ T5326] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  377.858111][ T5326] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  377.865131][   T48] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[  377.906916][ T5326] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  377.970513][ T5326] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  377.983041][ T5326] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  378.012466][ T5326] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  378.065134][   T48] usb 4-1: Using ep0 maxpacket: 16
[  378.077433][ T5326] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  378.092221][   T48] usb 4-1: config 0 has an invalid interface number: 53 but max is 0
[  378.124760][ T5326] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  378.132785][   T48] usb 4-1: config 0 has no interface number 0
[  378.138523][   T48] usb 4-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=ed.e2
[  378.167021][   T48] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  378.186484][   T48] usb 4-1: Product: syz
[  378.196430][   T48] usb 4-1: Manufacturer: syz
[  378.202807][   T48] usb 4-1: SerialNumber: syz
[  378.219118][   T48] usb 4-1: config 0 descriptor??
[  378.240661][ T5326] usb 2-1: Product: syz
[  378.314259][ T5326] usb 2-1: Manufacturer: syz
[  378.341952][ T5326] cdc_wdm 2-1:1.0: skipping garbage
[  378.349741][ T5326] cdc_wdm 2-1:1.0: skipping garbage
[  378.358253][ T5326] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  378.364279][ T5326] cdc_wdm 2-1:1.0: Unknown control protocol
[  378.545962][ T9982] cdc_wdm 2-1:1.0: Error submitting int urb - -90
[  378.586599][ T5326] usb 2-1: USB disconnect, device number 44
[  378.737367][ T1270] ieee802154 phy0 wpan0: encryption failed: -22
[  378.751378][ T1270] ieee802154 phy1 wpan1: encryption failed: -22
[  379.423767][T10014] input: syz0 as /devices/virtual/input/input21
[  379.554332][T10018] binder: 10015:10018 unknown command 0
[  379.567360][T10018] binder: 10015:10018 ioctl c0306201 20000a80 returned -22
[  379.997424][T10026] netlink: 16 bytes leftover after parsing attributes in process `syz.2.955'.
[  380.559731][T10033] netlink: 16 bytes leftover after parsing attributes in process `syz.1.957'.
[  380.575119][ T1181] usb 4-1: USB disconnect, device number 65
[  380.972332][   T29] audit: type=1326 audit(1725342457.606:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10038 comm="syz.1.961" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe8f7b79eb9 code=0x0
[  381.027931][T10037] trusted_key: encrypted_key: insufficient parameters specified
[  381.440428][ T1181] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[  381.655150][ T1181] usb 3-1: Using ep0 maxpacket: 8
[  381.667277][ T1181] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  381.702199][ T1181] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  381.713280][ T1181] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  381.740599][ T1181] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  381.782358][ T1181] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  381.815387][ T1181] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.990577][T10057] binder: 10056:10057 unknown command 0
[  382.002541][T10057] binder: 10056:10057 ioctl c0306201 20000a80 returned -22
[  382.166703][ T1181] usb 3-1: GET_CAPABILITIES returned 0
[  382.172220][ T1181] usbtmc 3-1:16.0: can't read capabilities
[  382.255863][ T5244] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  382.279342][ T5244] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  382.289953][ T5244] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  382.300088][ T5244] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  382.308194][ T5244] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  382.331162][ T5244] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  383.055252][   T48] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  383.071650][T10063] chnl_net:caif_netlink_parms(): no params data found
[  383.204625][T10063] bridge0: port 1(bridge_slave_0) entered blocking state
[  383.214356][T10063] bridge0: port 1(bridge_slave_0) entered disabled state
[  383.222156][T10063] bridge_slave_0: entered allmulticast mode
[  383.230409][T10063] bridge_slave_0: entered promiscuous mode
[  383.237289][ T1181] usb 1-1: new full-speed USB device number 42 using dummy_hcd
[  383.250463][T10063] bridge0: port 2(bridge_slave_1) entered blocking state
[  383.260177][T10063] bridge0: port 2(bridge_slave_1) entered disabled state
[  383.272901][T10063] bridge_slave_1: entered allmulticast mode
[  383.278984][   T48] usb 2-1: Using ep0 maxpacket: 32
[  383.286404][T10063] bridge_slave_1: entered promiscuous mode
[  383.303774][   T48] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  383.315130][   T48] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  383.325237][   T48] usb 2-1: New USB device found, idVendor=057e, idProduct=201e, bcdDevice= 0.00
[  383.334402][   T48] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  383.354355][   T48] usb 2-1: config 0 descriptor??
[  383.405177][ T1181] usb 1-1: device descriptor read/64, error -71
[  383.469054][T10063] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  383.518155][T10063] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  383.610412][T10086] netlink: 16 bytes leftover after parsing attributes in process `syz.4.972'.
[  383.676802][ T1181] usb 1-1: new full-speed USB device number 43 using dummy_hcd
[  383.731739][T10063] team0: Port device team_slave_0 added
[  383.765345][T10063] team0: Port device team_slave_1 added
[  383.809184][   T48] nintendo 0003:057E:201E.000A: unknown main item tag 0x0
[  383.830715][   T48] nintendo 0003:057E:201E.000A: unknown main item tag 0x0
[  383.851002][ T1181] usb 1-1: device descriptor read/64, error -71
[  383.860913][   T48] nintendo 0003:057E:201E.000A: unknown main item tag 0x0
[  383.872466][T10063] batman_adv: batadv0: Adding interface: batadv_slave_0
[  383.884121][   T48] nintendo 0003:057E:201E.000A: collection stack underflow
[  383.894151][T10063] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  383.927700][   T48] nintendo 0003:057E:201E.000A: item 0 1 0 12 parsing failed
[  383.971470][   T48] nintendo 0003:057E:201E.000A: HID parse failed
[  384.016288][ T1181] usb usb1-port1: attempt power cycle
[  384.018770][T10063] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  384.056716][ T5326] usb 3-1: USB disconnect, device number 55
[  384.064316][   T48] nintendo 0003:057E:201E.000A: probe - fail = -22
[  384.089484][   T48] nintendo 0003:057E:201E.000A: probe with driver nintendo failed with error -22
[  384.129638][   T48] usb 2-1: USB disconnect, device number 45
[  384.151222][T10063] batman_adv: batadv0: Adding interface: batadv_slave_1
[  384.214077][T10063] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  384.271412][T10063] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  384.276941][   T29] audit: type=1326 audit(1725342460.916:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10089 comm="syz.2.973" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f748c579eb9 code=0x0
[  384.333519][   T29] audit: type=1326 audit(1725342460.916:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10089 comm="syz.2.973" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f748c579eb9 code=0x0
[  384.392774][T10063] hsr_slave_0: entered promiscuous mode
[  384.407269][T10063] hsr_slave_1: entered promiscuous mode
[  384.421804][T10063] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  384.430742][T10063] Cannot create hsr debugfs directory
[  384.464961][ T1181] usb 1-1: new full-speed USB device number 44 using dummy_hcd
[  384.488199][ T5244] Bluetooth: hci3: command tx timeout
[  384.505564][ T1181] usb 1-1: device descriptor read/8, error -71
[  384.682913][T10098] binder: 10097:10098 unknown command 0
[  384.692471][T10098] binder: 10097:10098 ioctl c0306201 20000a80 returned -22
[  384.783167][T10099] trusted_key: encrypted_key: insufficient parameters specified
[  384.803309][ T1181] usb 1-1: new full-speed USB device number 45 using dummy_hcd
[  384.872713][ T1181] usb 1-1: device descriptor read/8, error -71
[  384.911233][T10063] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  385.010841][ T1181] usb usb1-port1: unable to enumerate USB device
[  385.071514][T10063] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  385.260709][T10063] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  385.398842][T10063] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  385.682614][T10063] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  385.700818][T10063] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  385.726424][T10063] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  385.761860][T10063] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  386.266845][T10063] 8021q: adding VLAN 0 to HW filter on device bond0
[  386.294234][T10063] 8021q: adding VLAN 0 to HW filter on device team0
[  386.386335][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[  386.393488][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[  386.456875][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  386.464122][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  386.565271][ T5244] Bluetooth: hci3: command tx timeout
[  386.571599][T10129] netlink: 16 bytes leftover after parsing attributes in process `syz.2.983'.
[  386.768797][T10063] 8021q: adding VLAN 0 to HW filter on device batadv0
[  386.824669][T10135] input: syz0 as /devices/virtual/input/input22
[  386.930744][   T29] audit: type=1326 audit(1725342463.566:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10136 comm="syz.4.987" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f22aeb79eb9 code=0x0
[  386.970740][T10063] veth0_vlan: entered promiscuous mode
[  387.037545][T10063] veth1_vlan: entered promiscuous mode
[  387.208221][T10063] veth0_macvtap: entered promiscuous mode
[  387.300172][T10063] veth1_macvtap: entered promiscuous mode
[  387.400351][T10063] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  387.429172][T10063] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  387.452322][T10063] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  387.464954][ T5326] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  387.486930][T10063] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  387.540985][T10063] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  387.561298][T10063] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  387.588268][T10063] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  387.601192][T10063] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  387.612194][T10063] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  387.642403][T10063] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  387.652846][T10063] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  387.687454][T10063] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  387.715065][ T5326] usb 2-1: Using ep0 maxpacket: 32
[  387.722084][T10063] batman_adv: batadv0: Interface activated: batadv_slave_0
[  387.723141][ T5326] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  387.743260][T10063] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  387.797006][T10063] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  387.816506][ T5326] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  387.818076][T10063] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  387.835984][T10063] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  387.876791][ T5326] usb 2-1: config 0 descriptor??
[  387.884953][T10063] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  387.910735][ T5326] gspca_main: nw80x-2.14.0 probing 055f:d001
[  387.944890][T10063] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  387.980084][T10063] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  388.014792][T10063] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  388.062913][T10063] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  388.088054][T10063] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  388.099672][T10063] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  388.126755][T10142] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  388.135397][T10063] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  388.155399][T10063] batman_adv: batadv0: Interface activated: batadv_slave_1
[  388.167991][T10142] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  388.294361][T10063] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  388.327687][T10063] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  388.349122][T10063] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  388.375216][T10063] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  388.468499][ T5326] gspca_nw80x: reg_r err -71
[  388.473279][ T5326] nw80x 2-1:0.0: probe with driver nw80x failed with error -71
[  388.518848][ T5326] usb 2-1: USB disconnect, device number 46
[  388.647953][ T5244] Bluetooth: hci3: command tx timeout
[  388.845557][  T140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  388.853609][  T140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  388.992005][ T2969] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  389.002513][ T2969] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  389.085045][ T5326] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  389.095099][ T5292] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  389.276280][ T5292] usb 1-1: device descriptor read/64, error -71
[  389.305677][ T5326] usb 2-1: Using ep0 maxpacket: 16
[  389.348445][ T5326] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  389.379712][ T5326] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  389.393996][ T5326] usb 2-1: Product: syz
[  389.398624][ T5326] usb 2-1: Manufacturer: syz
[  389.403480][ T5326] usb 2-1: SerialNumber: syz
[  389.430754][ T5326] r8152-cfgselector 2-1: Unknown version 0x0000
[  389.455166][ T5326] r8152-cfgselector 2-1: config 0 descriptor??
[  389.565030][ T5292] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  389.697506][T10158] x_tables: ip_tables: ah match: only valid for protocol 51
[  389.721621][ T5326] r8152-cfgselector 2-1: Unknown version 0x0000
[  389.738882][ T5326] r8152-cfgselector 2-1: bad CDC descriptors
[  389.746832][ T5292] usb 1-1: device descriptor read/64, error -71
[  389.885446][ T5292] usb usb1-port1: attempt power cycle
[  389.999384][    T9] r8152-cfgselector 2-1: USB disconnect, device number 47
[  390.315214][ T5292] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  390.369904][ T5292] usb 1-1: device descriptor read/8, error -71
[  390.651930][ T5292] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  390.691472][ T5291] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[  390.725404][ T5244] Bluetooth: hci3: command tx timeout
[  390.731217][ T5292] usb 1-1: device descriptor read/8, error -71
[  390.865259][ T5292] usb usb1-port1: unable to enumerate USB device
[  390.920091][ T5291] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  390.939438][ T5291] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  390.995850][ T5291] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  391.016974][T10188] netlink: 16 bytes leftover after parsing attributes in process `syz.4.999'.
[  391.031732][ T5291] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  391.078835][ T5291] usb 4-1: Product: syz
[  391.095430][    T9] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  391.105298][ T5291] usb 4-1: Manufacturer: syz
[  391.113161][ T5291] usb 4-1: SerialNumber: syz
[  391.124115][T10198] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1000'.
[  391.204630][T10183] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  391.305147][    T9] usb 2-1: Using ep0 maxpacket: 8
[  391.326138][    T9] usb 2-1: New USB device found, idVendor=04e6, idProduct=5591, bcdDevice=58.36
[  391.346103][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  391.370137][    T9] usb 2-1: Product: syz
[  391.380193][    T9] usb 2-1: Manufacturer: syz
[  391.391690][    T9] usb 2-1: SerialNumber: syz
[  391.450399][    T9] usb 2-1: config 0 descriptor??
[  391.485549][    T9] pn533_usb 2-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint
[  391.490601][ T5291] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  391.569892][ T5291] usb 4-1: USB disconnect, device number 66
[  391.781735][T10185] netlink: 28 bytes leftover after parsing attributes in process `syz.1.998'.
[  391.808927][ T5291] usb 2-1: USB disconnect, device number 48
[  391.963705][T10208] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  391.980105][T10208] vhci_hcd: invalid port number 16
[  391.985881][T10208] vhci_hcd: invalid port number 16
[  392.234957][    T9] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  392.286299][ T5289] usb 3-1: new full-speed USB device number 56 using dummy_hcd
[  392.455160][    T9] usb 5-1: Using ep0 maxpacket: 8
[  392.465871][    T9] usb 5-1: unable to read config index 0 descriptor/start: -61
[  392.487616][ T5289] usb 3-1: not running at top speed; connect to a high speed hub
[  392.496808][    T9] usb 5-1: can't read configurations, error -61
[  392.507095][ T5289] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  392.541605][ T5289] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  392.563795][ T5289] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  392.584581][ T5289] usb 3-1: Product: Њ
[  392.590179][ T5289] usb 3-1: Manufacturer: ␃
[  392.600716][ T5289] usb 3-1: SerialNumber: 혐슠膷態嬓ࡽ뵠卄桞흌纋焳ෘ뗶쬂쬡㍆￞৫ἦꂔ䳓茉Ⰾታ᱒쀎袑䎻혧鐿瓪垚㪹豮侱ٺ쯁៻曜庭颋慖﷼膐컃ᗕ찅ۭ窹⟂ﯴ觊⏰淀ﵻ᷵ꄑŝ㻶勰蠍攭⪵ꥲ᱕쐔嚧ꔖὮ뛏캑싍ꭼ㷪齃꧄碌粳☪윗孾듵ѥ᭞펯퀺ᷩ켛뷂膇籶␝釰⒊ᰎ஋罟ᢊ⁸䣊
[  392.652264][T10206] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  392.732800][    T9] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  392.896497][T10206] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  392.925791][T10206] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  392.935190][    T9] usb 5-1: Using ep0 maxpacket: 8
[  392.953094][ T5289] cdc_ncm 3-1:1.0: bind() failure
[  392.977897][ T5289] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  393.004188][    T9] usb 5-1: unable to read config index 0 descriptor/start: -61
[  393.013897][    T9] usb 5-1: can't read configurations, error -61
[  393.029926][    T9] usb usb5-port1: attempt power cycle
[  393.045596][ T5289] cdc_ncm 3-1:1.1: bind() failure
[  393.085277][ T5289] usb 3-1: USB disconnect, device number 56
[  393.272679][   T48] usb 1-1: new low-speed USB device number 50 using dummy_hcd
[  393.314300][T10224] ip6tnl1: entered promiscuous mode
[  393.319913][T10224] ip6tnl1: entered allmulticast mode
[  393.455188][    T9] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  393.458570][   T48] usb 1-1: config index 0 descriptor too short (expected 1307, got 27)
[  393.471547][   T48] usb 1-1: config 0 has an invalid interface number: 0 but max is -1
[  393.479821][   T48] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 0
[  393.488937][   T48] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[  393.499067][   T48] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  393.508548][    T9] usb 5-1: Using ep0 maxpacket: 8
[  393.511990][   T48] usb 1-1: language id specifier not provided by device, defaulting to English
[  393.524538][    T9] usb 5-1: unable to read config index 0 descriptor/start: -61
[  393.536325][   T48] usb 1-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de
[  393.542933][    T9] usb 5-1: can't read configurations, error -61
[  393.551949][   T48] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  393.560205][   T48] usb 1-1: Manufacturer: 牢
[  393.567376][   T48] usb 1-1: config 0 descriptor??
[  393.578859][   T48] hub 1-1:0.0: bad descriptor, ignoring hub
[  393.585009][   T48] hub 1-1:0.0: probe with driver hub failed with error -5
[  393.611278][   T48] input: 牢 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input23
[  393.705033][    T9] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  393.755747][    T9] usb 5-1: Using ep0 maxpacket: 8
[  393.765286][    T9] usb 5-1: unable to read config index 0 descriptor/start: -61
[  393.772916][    T9] usb 5-1: can't read configurations, error -61
[  393.800232][    T9] usb usb5-port1: unable to enumerate USB device
[  393.824519][T10220] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  393.850111][T10220] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  393.862643][ T5289] usb 1-1: USB disconnect, device number 50
[  394.023266][T10231] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1011'.
[  394.054488][T10231] vlan2: entered promiscuous mode
[  394.060674][T10231] bond0: entered promiscuous mode
[  394.070704][T10231] bond_slave_0: entered promiscuous mode
[  394.079074][T10231] bond_slave_1: entered promiscuous mode
[  394.105342][   T30] INFO: task syz.2.414:7592 blocked for more than 143 seconds.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  394.153470][   T30]       Not tainted 6.11.0-rc6-syzkaller-00019-g67784a74e258 #0
[  394.186868][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  394.202996][   T30] task:syz.2.414       state:D stack:23856 pid:7592  tgid:7592  ppid:5731   flags:0x00000004
[  394.224784][   T30] Call Trace:
[  394.229182][   T30]  <TASK>
[  394.232163][   T30]  __schedule+0x1800/0x4a60
[  394.237888][   T30]  ? __pfx___schedule+0x10/0x10
[  394.268122][   T30]  ? __pfx_lock_release+0x10/0x10
[  394.298992][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  394.335881][   T30]  ? schedule+0x90/0x320
[  394.370869][   T30]  schedule+0x14b/0x320
[  394.375299][ T5292] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[  394.414981][   T30]  schedule_preempt_disabled+0x13/0x30
[  394.420590][   T30]  __mutex_lock+0x6a4/0xd70
[  394.447095][   T30]  ? __mutex_lock+0x527/0xd70
[  394.469918][   T30]  ? hugetlb_fault+0x56f/0x3770
[  394.477388][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  394.489207][   T30]  ? __lock_acquire+0x137a/0x2040
[  394.496550][   T30]  hugetlb_fault+0x56f/0x3770
[  394.501476][   T30]  ? __pfx_hugetlb_fault+0x10/0x10
[  394.507345][   T30]  ? reacquire_held_locks+0x3eb/0x690
[  394.512926][   T30]  ? lock_vma_under_rcu+0x2f9/0x6e0
[  394.521909][   T30]  ? __pfx_reacquire_held_locks+0x10/0x10
[  394.530124][   T30]  handle_mm_fault+0x1901/0x1bc0
[  394.544308][   T30]  ? mtree_range_walk+0x6fd/0x8e0
[  394.550758][   T30]  ? __pfx_lock_release+0x10/0x10
[  394.565449][   T30]  ? lock_vma_under_rcu+0x2f9/0x6e0
[  394.570812][   T30]  ? __pfx_handle_mm_fault+0x10/0x10
[  394.576849][   T30]  ? lock_vma_under_rcu+0x592/0x6e0
[  394.582148][   T30]  ? lock_vma_under_rcu+0x18a/0x6e0
[  394.588123][   T30]  ? __pfx_lock_vma_under_rcu+0x10/0x10
[  394.613294][   T30]  ? exc_page_fault+0x113/0x8c0
[  394.624269][   T30]  exc_page_fault+0x459/0x8c0
[  394.635686][   T30]  asm_exc_page_fault+0x26/0x30
[  394.640839][   T30] RIP: 0033:0x7fa1f634193c
[  394.645846][   T30] RSP: 002b:00007fa1f663fb88 EFLAGS: 00010246
[  394.651947][   T30] RAX: 0000000020000d00 RBX: 0000000000000004 RCX: 8000000000000010
[  394.661228][   T30] RDX: 0000000000000010 RSI: 00007fa1f5e005ca RDI: 0000000020000d00
[  394.665201][    T9] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  394.669917][   T30] RBP: 00007fa1f6517a80 R08: 00007fa1f6200000 R09: 0000000000000001
[  394.685462][   T30] R10: 0000000000000001 R11: 0000000000000009 R12: 00000000000386a9
[  394.693514][   T30] R13: 00007fa1f663fc90 R14: 0000000000000032 R15: fffffffffffffffe
[  394.701725][   T30]  </TASK>
[  394.707714][   T30] INFO: task syz.2.414:7593 blocked for more than 143 seconds.
[  394.715572][   T30]       Not tainted 6.11.0-rc6-syzkaller-00019-g67784a74e258 #0
[  394.723284][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  394.738355][   T30] task:syz.2.414       state:D stack:24720 pid:7593  tgid:7592  ppid:5731   flags:0x00004004
[  394.749646][   T30] Call Trace:
[  394.752992][   T30]  <TASK>
[  394.756597][   T30]  __schedule+0x1800/0x4a60
[  394.761256][   T30]  ? __pfx___schedule+0x10/0x10
[  394.766802][   T30]  ? __pfx_lock_release+0x10/0x10
[  394.771936][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  394.777833][   T30]  ? schedule+0x90/0x320
[  394.782214][   T30]  schedule+0x14b/0x320
[  394.786840][   T30]  schedule_preempt_disabled+0x13/0x30
[  394.792399][   T30]  __mutex_lock+0x6a4/0xd70
[  394.797048][   T30]  ? __mutex_lock+0x527/0xd70
[  394.801812][   T30]  ? hugetlb_wp+0x104d/0x3a90
[  394.814655][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  394.820020][   T30]  ? __pfx_up_write+0x10/0x10
[  394.824781][   T30]  ? do_raw_spin_unlock+0x13c/0x8b0
[  394.830389][   T30]  ? vma_interval_tree_iter_next+0x193/0x340
[  394.840301][   T30]  hugetlb_wp+0x104d/0x3a90
[  394.847614][   T30]  ? mark_lock+0x9a/0x350
[  394.852066][   T30]  ? __pfx_hugetlb_wp+0x10/0x10
[  394.857115][   T30]  ? __pfx___might_resched+0x10/0x10
[  394.862474][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  394.867759][   T30]  ? do_raw_spin_lock+0x14f/0x370
[  394.872903][   T30]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  394.879669][   T30]  ? __filemap_get_folio+0x769/0xc10
[  394.885894][   T30]  hugetlb_fault+0x27b2/0x3770
[  394.890747][   T30]  ? __pfx_hugetlb_fault+0x10/0x10
[  394.896093][   T30]  ? mt_find+0x226/0x850
[  394.900386][   T30]  ? __pfx_lock_release+0x10/0x10
[  394.905642][   T30]  handle_mm_fault+0x1901/0x1bc0
[  394.910671][   T30]  ? mt_find+0x62d/0x850
[  394.915392][   T30]  ? mt_find+0x226/0x850
[  394.919692][   T30]  ? __pfx_mt_find+0x10/0x10
[  394.924358][   T30]  ? __pfx_handle_mm_fault+0x10/0x10
[  394.929876][   T30]  ? find_vma+0xf9/0x170
[  394.934208][   T30]  ? __pfx_find_vma+0x10/0x10
[  394.941911][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  394.948513][   T30]  ? lock_mm_and_find_vma+0x9c/0x2f0
[  394.953875][   T30]  exc_page_fault+0x2b9/0x8c0
[  394.959284][   T30]  asm_exc_page_fault+0x26/0x30
[  394.964275][   T30] RIP: 0010:rep_movs_alternative+0x4a/0x70
[  394.971405][   T30] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 <f3> a4 c3 cc cc cc cc 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1
[  394.992084][   T30] RSP: 0000:ffffc90003b67ad0 EFLAGS: 00050246
[  394.998347][   T30] RAX: ffffffff84b28901 RBX: 0000000020037e00 RCX: 0000000000000040
[  395.006555][   T30] RDX: 0000000000000000 RSI: ffffc90003b67b60 RDI: 0000000020037dc0
[  395.014627][   T30] RBP: ffffc90003b67c10 R08: ffffc90003b67b9f R09: 1ffff9200076cf73
[  395.022924][   T30] R10: dffffc0000000000 R11: fffff5200076cf74 R12: 0000000000000040
[  395.031021][   T30] R13: 0000000000004340 R14: 0000000020037dc0 R15: ffffc90003b67b60
[  395.043464][   T30]  ? _copy_to_user+0x51/0xb0
[  395.048947][   T30]  _copy_to_user+0x86/0xb0
[  395.053480][   T30]  rng_dev_read+0x3be/0x6d0
[  395.058215][   T30]  ? __pfx_rng_dev_read+0x10/0x10
[  395.063314][   T30]  ? security_file_permission+0x7f/0xa0
[  395.071844][   T30]  ? rw_verify_area+0x52a/0x6b0
[  395.076860][   T30]  vfs_readv+0x6c2/0xa90
[  395.081205][   T30]  ? __pfx_rng_dev_read+0x10/0x10
[  395.086463][   T30]  ? __pfx_vfs_readv+0x10/0x10
[  395.091330][   T30]  ? __fget_files+0x29/0x470
[  395.096180][   T30]  __x64_sys_preadv+0x1c7/0x2d0
[  395.101144][   T30]  ? __pfx___x64_sys_preadv+0x10/0x10
[  395.106853][   T30]  ? do_syscall_64+0x100/0x230
[  395.111728][   T30]  ? do_syscall_64+0xb6/0x230
[  395.116699][   T30]  do_syscall_64+0xf3/0x230
[  395.121292][   T30]  ? clear_bhb_loop+0x35/0x90
[  395.127131][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.133094][   T30] RIP: 0033:0x7fa1f6379eb9
[  395.137608][   T30] RSP: 002b:00007fa1f7077038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  395.148346][   T30] RAX: ffffffffffffffda RBX: 00007fa1f6515f80 RCX: 00007fa1f6379eb9
[  395.156656][   T30] RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000004
[  395.164743][   T30] RBP: 00007fa1f63e793e R08: 0000000000000000 R09: 0000000000000000
[  395.172806][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  395.181031][   T30] R13: 0000000000000000 R14: 00007fa1f6515f80 R15: 00007fa1f663fa28
[  395.190614][   T30]  </TASK>
[  395.193801][   T30] INFO: task syz.2.414:7597 blocked for more than 144 seconds.
[  395.215012][   T30]       Not tainted 6.11.0-rc6-syzkaller-00019-g67784a74e258 #0
[  395.222715][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  395.260402][   T30] task:syz.2.414       state:D stack:25840 pid:7597  tgid:7592  ppid:5731   flags:0x00004006
[  395.314649][   T30] Call Trace:
[  395.334898][   T30]  <TASK>
[  395.337962][   T30]  __schedule+0x1800/0x4a60
[  395.342570][   T30]  ? __pfx___schedule+0x10/0x10
[  395.395019][   T30]  ? __pfx_lock_release+0x10/0x10
[  395.400180][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  395.445117][   T30]  ? schedule+0x90/0x320
[  395.464895][   T30]  schedule+0x14b/0x320
[  395.469172][   T30]  schedule_preempt_disabled+0x13/0x30
[  395.474708][   T30]  __mutex_lock+0x6a4/0xd70
[  395.553664][   T30]  ? __lock_acquire+0x137a/0x2040
[  395.595166][   T30]  ? __mutex_lock+0x527/0xd70
[  395.599947][   T30]  ? hugetlb_fault+0x56f/0x3770
[  395.667964][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  395.673226][   T30]  hugetlb_fault+0x56f/0x3770
[  395.724937][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  395.731424][   T30]  ? __pfx_hugetlb_fault+0x10/0x10
[  395.785269][   T30]  ? mt_find+0x226/0x850
[  395.789648][   T30]  ? __pfx_lock_release+0x10/0x10
[  395.794752][   T30]  handle_mm_fault+0x1901/0x1bc0
[  395.894891][   T30]  ? mt_find+0x62d/0x850
[  395.899443][   T30]  ? mt_find+0x226/0x850
[  395.903762][   T30]  ? __pfx_mt_find+0x10/0x10
[  395.984943][   T30]  ? __pfx_handle_mm_fault+0x10/0x10
[  395.997479][   T30]  ? find_vma+0xf9/0x170
[  396.001823][   T30]  ? __pfx_find_vma+0x10/0x10
[  396.034772][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  396.041408][   T30]  ? lock_mm_and_find_vma+0x9c/0x2f0
[  396.074888][   T30]  exc_page_fault+0x2b9/0x8c0
[  396.079728][   T30]  asm_exc_page_fault+0x26/0x30
[  396.084650][   T30] RIP: 0010:rep_movs_alternative+0x4a/0x70
[  396.094397][   T30] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 <f3> a4 c3 cc cc cc cc 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1
[  396.117213][   T30] RSP: 0018:ffffc90003b0fad0 EFLAGS: 00050246
[  396.123411][   T30] RAX: ffffffff84b28901 RBX: 0000000020003dc0 RCX: 0000000000000040
[  396.131569][   T30] RDX: 0000000000000000 RSI: ffffc90003b0fb60 RDI: 0000000020003d80
[  396.139739][   T30] RBP: ffffc90003b0fc10 R08: ffffc90003b0fb9f R09: 1ffff92000761f73
[  396.147932][   T30] R10: dffffc0000000000 R11: fffff52000761f74 R12: 0000000000000040
[  396.156029][   T30] R13: 0000000000003740 R14: 0000000020003d80 R15: ffffc90003b0fb60
[  396.170641][   T30]  ? _copy_to_user+0x51/0xb0
[  396.175607][   T30]  _copy_to_user+0x86/0xb0
[  396.180088][   T30]  rng_dev_read+0x3be/0x6d0
[  396.184703][   T30]  ? __pfx_rng_dev_read+0x10/0x10
[  396.189914][   T30]  ? security_file_permission+0x7f/0xa0
[  396.195591][   T30]  ? rw_verify_area+0x52a/0x6b0
[  396.200535][   T30]  vfs_readv+0x6c2/0xa90
[  396.205020][   T30]  ? __pfx_rng_dev_read+0x10/0x10
[  396.210285][   T30]  ? __pfx_vfs_readv+0x10/0x10
[  396.215276][   T30]  ? __fget_files+0x29/0x470
[  396.219958][   T30]  __x64_sys_preadv+0x1c7/0x2d0
[  396.227545][   T30]  ? __pfx___x64_sys_preadv+0x10/0x10
[  396.232997][   T30]  ? do_syscall_64+0x100/0x230
[  396.237861][   T30]  ? do_syscall_64+0xb6/0x230
[  396.242625][   T30]  do_syscall_64+0xf3/0x230
[  396.247366][   T30]  ? clear_bhb_loop+0x35/0x90
[  396.252140][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  396.258198][   T30] RIP: 0033:0x7fa1f6379eb9
[  396.262844][   T30] RSP: 002b:00007fa1f5dff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  396.274777][   T30] RAX: ffffffffffffffda RBX: 00007fa1f6516058 RCX: 00007fa1f6379eb9
[  396.285490][   T30] RDX: 0000000000000002 RSI: 0000000020000580 RDI: 0000000000000005
[  396.293524][   T30] RBP: 00007fa1f63e793e R08: 0000000000000000 R09: 0000000000000000
[  396.301705][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  396.309804][   T30] R13: 0000000000000000 R14: 00007fa1f6516058 R15: 00007fa1f663fa28
[  396.317997][   T30]  </TASK>
[  396.323065][   T30] INFO: task syz.2.414:7598 blocked for more than 145 seconds.
[  396.337708][   T30]       Not tainted 6.11.0-rc6-syzkaller-00019-g67784a74e258 #0
[  396.348556][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  396.357676][   T30] task:syz.2.414       state:D stack:23896 pid:7598  tgid:7592  ppid:5731   flags:0x00004006
[  396.373686][   T30] Call Trace:
[  396.377255][   T30]  <TASK>
[  396.380250][   T30]  __schedule+0x1800/0x4a60
[  396.385047][   T30]  ? __pfx___schedule+0x10/0x10
[  396.390069][   T30]  ? __pfx_lock_release+0x10/0x10
[  396.395363][   T30]  ? irqentry_exit+0x63/0x90
[  396.400010][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  396.405404][   T30]  ? schedule+0x90/0x320
[  396.409848][   T30]  schedule+0x14b/0x320
[  396.414070][   T30]  io_schedule+0x8d/0x110
[  396.418592][   T30]  folio_wait_bit_common+0x882/0x12b0
[  396.424071][   T30]  ? __pfx_folio_wait_bit_common+0x10/0x10
[  396.430127][   T30]  ? __pfx_wake_page_function+0x10/0x10
[  396.435925][   T30]  ? _raw_spin_unlock+0x28/0x50
[  396.440867][   T30]  ? __vma_reservation_common+0x498/0x7d0
[  396.446726][   T30]  __filemap_get_folio+0xb7/0xc10
[  396.451851][   T30]  hugetlb_fault+0x1b72/0x3770
[  396.459034][   T30]  ? __pfx_hugetlb_fault+0x10/0x10
[  396.464248][   T30]  ? mt_find+0x226/0x850
[  396.468591][   T30]  ? __pfx_lock_release+0x10/0x10
[  396.478755][   T30]  handle_mm_fault+0x1901/0x1bc0
[  396.483828][   T30]  ? mt_find+0x62d/0x850
[  396.488386][   T30]  ? mt_find+0x226/0x850
[  396.492728][   T30]  ? __pfx_mt_find+0x10/0x10
[  396.497538][   T30]  ? __pfx_handle_mm_fault+0x10/0x10
[  396.502988][   T30]  ? find_vma+0xf9/0x170
[  396.507356][   T30]  ? __pfx_find_vma+0x10/0x10
[  396.512147][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  396.518686][   T30]  ? lock_mm_and_find_vma+0x9c/0x2f0
[  396.524038][   T30]  exc_page_fault+0x2b9/0x8c0
[  396.528899][   T30]  asm_exc_page_fault+0x26/0x30
[  396.533849][   T30] RIP: 0010:__put_user_8+0x11/0x20
[  396.539189][   T30] Code: 84 00 00 00 00 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <48> 89 01 31 c9 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90
[  396.558839][    C0] vkms_vblank_simulate: vblank timer overrun
[  396.566130][   T30] RSP: 0018:ffffc9000479f778 EFLAGS: 00050202
[  396.572295][   T30] RAX: 0000000000800000 RBX: 0000000000000000 RCX: 0000000020000020
[  396.582993][   T30] RDX: 0000000000000000 RSI: ffffffff8c0ae6e0 RDI: ffffffff8c608d40
[  396.593234][   T30] RBP: ffffc9000479fec8 R08: ffffffff90186f2f R09: 1ffffffff2030de5
[  396.601429][   T30] R10: dffffc0000000000 R11: fffffbfff2030de6 R12: 1ffff920008f3f7d
[  396.609907][   T30] R13: 1ffff920008f3f08 R14: 0000000020800000 R15: 0000000000800000
[  396.618191][   T30]  userfaultfd_ioctl+0x28e7/0x70a0
[  396.623520][   T30]  ? stack_trace_save+0x118/0x1d0
[  396.628820][   T30]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  396.634383][   T30]  ? stack_depot_save_flags+0x29/0x830
[  396.639946][   T30]  ? kasan_save_track+0x51/0x80
[  396.646079][   T30]  ? kasan_save_track+0x3f/0x80
[  396.651047][   T30]  ? kasan_save_free_info+0x40/0x50
[  396.656452][   T30]  ? poison_slab_object+0xe0/0x150
[  396.661652][   T30]  ? __kasan_slab_free+0x37/0x60
[  396.666816][   T30]  ? kfree+0x149/0x360
[  396.670943][   T30]  ? tomoyo_path_number_perm+0x68d/0x880
[  396.678878][   T30]  ? security_file_ioctl+0x75/0xb0
[  396.684099][   T30]  ? __se_sys_ioctl+0x47/0x170
[  396.689185][   T30]  ? do_syscall_64+0xf3/0x230
[  396.693958][   T30]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  396.702785][   T30]  ? do_vfs_ioctl+0xf0e/0x2e50
[  396.707758][   T30]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  396.712895][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  396.719424][   T30]  ? tomoyo_path_number_perm+0x208/0x880
[  396.725269][   T30]  ? __pfx_lock_release+0x10/0x10
[  396.730378][   T30]  ? kfree+0x149/0x360
[  396.734519][   T30]  ? tomoyo_path_number_perm+0x208/0x880
[  396.740406][   T30]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  396.746811][   T30]  ? __fget_files+0x29/0x470
[  396.751499][   T30]  ? __fget_files+0x3f6/0x470
[  396.756279][   T30]  ? __fget_files+0x29/0x470
[  396.761002][   T30]  ? bpf_lsm_file_ioctl+0x9/0x10
[  396.766155][   T30]  ? security_file_ioctl+0x87/0xb0
[  396.771343][   T30]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  396.777009][   T30]  __se_sys_ioctl+0xfc/0x170
[  396.783904][   T30]  do_syscall_64+0xf3/0x230
[  396.788640][   T30]  ? clear_bhb_loop+0x35/0x90
[  396.793418][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  396.800427][   T30] RIP: 0033:0x7fa1f6379eb9
[  396.805616][   T30] RSP: 002b:00007fa1f5dde038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  396.814143][   T30] RAX: ffffffffffffffda RBX: 00007fa1f6516130 RCX: 00007fa1f6379eb9
[  396.822544][   T30] RDX: 0000000020000000 RSI: 00000000c028aa03 RDI: 0000000000000008
[  396.830999][   T30] RBP: 00007fa1f63e793e R08: 0000000000000000 R09: 0000000000000000
[  396.839145][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  396.847376][   T30] R13: 0000000000000000 R14: 00007fa1f6516130 R15: 00007fa1f663fa28
[  396.855492][   T30]  </TASK>
[  396.858776][   T30] 
[  396.858776][   T30] Showing all locks held in the system:
[  396.866742][   T30] 5 locks held by kworker/0:1/9:
[  396.872911][   T30]  #0: ffff88801ad68548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  396.887219][   T30]  #1: ffffc900000e7d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  396.899628][   T30]  #2: ffff888029428190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150
[  396.909186][   T30]  #3: ffff88802898f518 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x25b9/0x5150
[  396.922289][   T30]  #4: ffff888026dcc968 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x25f7/0x5150
[  396.932240][   T30] 3 locks held by kworker/u8:1/12:
[  396.937753][   T30] 1 lock held by khungtaskd/30:
[  396.942679][   T30]  #0: ffffffff8e938320 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[  396.954885][   T30] 2 locks held by getty/4993:
[  396.959653][   T30]  #0: ffff8880306f60a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  396.976944][   T30]  #1: ffffc9000311b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6ac/0x1e00
[  396.991321][   T30] 5 locks held by kworker/1:8/5292:
[  396.996865][   T30]  #0: ffff88801ad68548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  397.008470][   T30]  #1: ffffc9000482fd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  397.020856][   T30]  #2: ffff88802942f190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150
[  397.030381][   T30]  #3: ffff8880294f8518 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x25b9/0x5150
[  397.040832][   T30]  #4: ffff888027da0768 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x25f7/0x5150
[  397.053596][   T30] 2 locks held by syz.2.414/7592:
[  397.059436][   T30]  #0: ffff88807bc579b8 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x2f9/0x6e0
[  397.069982][   T30]  #1: ffff88801f694728 (&hugetlb_fault_mutex_table[i]){+.+.}-{3:3}, at: hugetlb_fault+0x56f/0x3770
[  397.081073][   T30] 2 locks held by syz.2.414/7593:
[  397.088283][   T30]  #0: ffff88807d3a9e18 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock_killable+0x1d/0x70
[  397.098684][   T30]  #1: ffff88801f694728 (&hugetlb_fault_mutex_table[i]){+.+.}-{3:3}, at: hugetlb_wp+0x104d/0x3a90
[  397.109502][   T30] 2 locks held by syz.2.414/7597:
[  397.114637][   T30]  #0: ffff88807d3a9e18 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock_killable+0x1d/0x70
[  397.125244][   T30]  #1: ffff88801f694728 (&hugetlb_fault_mutex_table[i]){+.+.}-{3:3}, at: hugetlb_fault+0x56f/0x3770
[  397.136358][   T30] 3 locks held by syz.2.414/7598:
[  397.141428][   T30]  #0: ffff88807d3a9e18 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock_killable+0x1d/0x70
[  397.151763][   T30]  #1: ffff88801f694728 (&hugetlb_fault_mutex_table[i]){+.+.}-{3:3}, at: hugetlb_fault+0x56f/0x3770
[  397.165645][   T30]  #2: ffff888032dddce8 (&resv_map->rw_sema){++++}-{3:3}, at: hugetlb_fault+0x675/0x3770
[  397.175781][   T30] 3 locks held by syz.4.1004/10208:
[  397.181037][   T30]  #0: ffff88806fb54d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510
[  397.194095][   T30]  #1: ffff88806fb54078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x572/0x11a0
[  397.204085][   T30]  #2: ffffffff8fdf7828 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240
[  397.215311][   T30] 3 locks held by syz.0.1007/10219:
[  397.220611][   T30]  #0: ffff888069cc4d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510
[  397.230723][   T30]  #1: ffff888069cc4078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x572/0x11a0
[  397.240704][   T30]  #2: ffffffff8fdf7828 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240
[  397.250917][   T30] 4 locks held by syz.2.1011/10231:
[  397.256338][   T30]  #0: ffff888063f90d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510
[  397.267954][   T30]  #1: ffff888063f90078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x572/0x11a0
[  397.279329][   T30]  #2: ffffffff8fdf7828 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240
[  397.292394][   T30]  #3: ffffffff8e93d6f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830
[  397.303687][   T30] 3 locks held by syz.3.1012/10234:
[  397.308970][   T30]  #0: ffff8880643ecd80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510
[  397.319294][   T30]  #1: ffff8880643ec078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x572/0x11a0
[  397.329131][   T30]  #2: ffffffff8fdf7828 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240
[  397.339399][   T30] 3 locks held by syz.1.1013/10236:
[  397.344907][   T30]  #0: ffff888011dccd80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510
[  397.355121][   T30]  #1: ffff888011dcc078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x572/0x11a0
[  397.365052][   T30]  #2: ffffffff8fdf7828 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240
[  397.376961][   T30] 
[  397.379406][   T30] =============================================
[  397.379406][   T30] 
[  397.395672][   T30] NMI backtrace for cpu 0
[  397.400044][   T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-rc6-syzkaller-00019-g67784a74e258 #0
[  397.410728][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  397.420797][   T30] Call Trace:
[  397.424091][   T30]  <TASK>
[  397.427030][   T30]  dump_stack_lvl+0x241/0x360
[  397.431726][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  397.436936][   T30]  ? __pfx__printk+0x10/0x10
[  397.441533][   T30]  ? vprintk_emit+0x667/0x7c0
[  397.446239][   T30]  ? __pfx_vprintk_emit+0x10/0x10
[  397.451287][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[  397.456288][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  397.461754][   T30]  ? _printk+0xd5/0x120
[  397.465914][   T30]  ? __pfx__printk+0x10/0x10
[  397.470514][   T30]  ? __wake_up_klogd+0xcc/0x110
[  397.475381][   T30]  ? __pfx__printk+0x10/0x10
[  397.479992][   T30]  ? __rcu_read_unlock+0xa1/0x110
[  397.485026][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  397.491022][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[  397.497034][   T30]  watchdog+0xff4/0x1040
[  397.501313][   T30]  ? watchdog+0x1ea/0x1040
[  397.505756][   T30]  ? __pfx_watchdog+0x10/0x10
[  397.510448][   T30]  kthread+0x2f0/0x390
[  397.514530][   T30]  ? __pfx_watchdog+0x10/0x10
[  397.519222][   T30]  ? __pfx_kthread+0x10/0x10
[  397.523857][   T30]  ret_from_fork+0x4b/0x80
[  397.528299][   T30]  ? __pfx_kthread+0x10/0x10
[  397.532902][   T30]  ret_from_fork_asm+0x1a/0x30
[  397.537695][   T30]  </TASK>
[  397.542590][   T30] Sending NMI from CPU 0 to CPUs 1:
[  397.548854][    C1] NMI backtrace for cpu 1
[  397.548868][    C1] CPU: 1 UID: 0 PID: 5291 Comm: kworker/1:7 Not tainted 6.11.0-rc6-syzkaller-00019-g67784a74e258 #0
[  397.548889][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  397.548900][    C1] Workqueue: events nsim_dev_trap_report_work
[  397.548926][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x18/0x70
[  397.548954][    C1] Code: 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 00 d7 03 00 65 8b 15 40 4a 70 7e <81> e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 1c 16 00 00
[  397.548969][    C1] RSP: 0018:ffffc9000481f500 EFLAGS: 00000296
[  397.548983][    C1] RAX: ffffffff81412dcc RBX: 0000000000000005 RCX: ffff88802f90da00
[  397.548996][    C1] RDX: 0000000080000002 RSI: ffffffff8135cb1a RDI: ffffffff8135cb49
[  397.549009][    C1] RBP: 1ffff92000903ebc R08: ffffffff81412c60 R09: ffffc9000481f6d0
[  397.549022][    C1] R10: 0000000000000003 R11: ffffffff817f2f80 R12: ffffffff902818f8
[  397.549035][    C1] R13: dffffc0000000000 R14: 1ffff92000903ebc R15: ffffffff909c90c6
[  397.549051][    C1] FS:  0000000000000000(0000) GS:ffff8880b8900000(0000) knlGS:0000000000000000
[  397.549067][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  397.549080][    C1] CR2: 0000001b3360dff8 CR3: 000000000e734000 CR4: 00000000003506f0
[  397.549095][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  397.549106][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  397.549117][    C1] Call Trace:
[  397.549124][    C1]  <NMI>
[  397.549131][    C1]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[  397.549154][    C1]  ? __pfx_lock_acquire+0x10/0x10
[  397.549182][    C1]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  397.549206][    C1]  ? nmi_handle+0x2a/0x5a0
[  397.549232][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  397.549254][    C1]  ? nmi_handle+0x14f/0x5a0
[  397.549270][    C1]  ? nmi_handle+0x2a/0x5a0
[  397.549288][    C1]  ? __sanitizer_cov_trace_pc+0x18/0x70
[  397.549312][    C1]  ? default_do_nmi+0x63/0x160
[  397.549338][    C1]  ? exc_nmi+0x123/0x1f0
[  397.549360][    C1]  ? end_repeat_nmi+0xf/0x53
[  397.549384][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  397.549407][    C1]  ? unwind_next_frame+0x510/0x2a00
[  397.549432][    C1]  ? unwind_next_frame+0x67c/0x2a00
[  397.549461][    C1]  ? ret_from_fork+0x4a/0x80
[  397.549507][    C1]  ? ret_from_fork+0x79/0x80
[  397.549546][    C1]  ? __sanitizer_cov_trace_pc+0x18/0x70
[  397.549569][    C1]  ? __sanitizer_cov_trace_pc+0x18/0x70
[  397.549593][    C1]  ? __sanitizer_cov_trace_pc+0x18/0x70
[  397.549620][    C1]  </NMI>
[  397.549626][    C1]  <TASK>
[  397.549632][    C1]  unwind_next_frame+0x67c/0x2a00
[  397.549661][    C1]  ? ret_from_fork+0x4a/0x80
[  397.549686][    C1]  ? ret_from_fork+0x4b/0x80
[  397.549709][    C1]  ? ret_from_fork+0x4b/0x80
[  397.549733][    C1]  ? __kernel_text_address+0xd/0x40
[  397.549752][    C1]  ? ret_from_fork+0x4b/0x80
[  397.549777][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  397.549800][    C1]  arch_stack_walk+0x151/0x1b0
[  397.549821][    C1]  ? ret_from_fork+0x4b/0x80
[  397.549848][    C1]  stack_trace_save+0x118/0x1d0
[  397.549870][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  397.549899][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  397.549926][    C1]  kasan_save_track+0x3f/0x80
[  397.549949][    C1]  ? kasan_save_track+0x3f/0x80
[  397.549970][    C1]  ? kasan_save_free_info+0x40/0x50
[  397.549989][    C1]  ? poison_slab_object+0xe0/0x150
[  397.550012][    C1]  ? __kasan_slab_free+0x37/0x60
[  397.550037][    C1]  ? kfree+0x149/0x360
[  397.550053][    C1]  ? skb_release_data+0x676/0x880
[  397.550074][    C1]  ? consume_skb+0xb1/0x160
[  397.550092][    C1]  ? nsim_dev_trap_report_work+0x765/0xaa0
[  397.550109][    C1]  ? process_scheduled_works+0xa2c/0x1830
[  397.550131][    C1]  ? worker_thread+0x86d/0xd10
[  397.550153][    C1]  ? kthread+0x2f0/0x390
[  397.550170][    C1]  ? ret_from_fork+0x4b/0x80
[  397.550234][    C1]  ? skb_release_data+0x676/0x880
[  397.550255][    C1]  kasan_save_free_info+0x40/0x50
[  397.550292][    C1]  poison_slab_object+0xe0/0x150
[  397.550322][    C1]  __kasan_slab_free+0x37/0x60
[  397.550346][    C1]  ? skb_release_data+0x676/0x880
[  397.550367][    C1]  kfree+0x149/0x360
[  397.550387][    C1]  skb_release_data+0x676/0x880
[  397.550417][    C1]  consume_skb+0xb1/0x160
[  397.550439][    C1]  nsim_dev_trap_report_work+0x765/0xaa0
[  397.550471][    C1]  ? process_scheduled_works+0x945/0x1830
[  397.550498][    C1]  process_scheduled_works+0xa2c/0x1830
[  397.550539][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  397.550568][    C1]  ? assign_work+0x364/0x3d0
[  397.550597][    C1]  worker_thread+0x86d/0xd10
[  397.550627][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  397.550657][    C1]  ? __kthread_parkme+0x169/0x1d0
[  397.550684][    C1]  ? __pfx_worker_thread+0x10/0x10
[  397.550709][    C1]  kthread+0x2f0/0x390
[  397.550728][    C1]  ? __pfx_worker_thread+0x10/0x10
[  397.550751][    C1]  ? __pfx_kthread+0x10/0x10
[  397.550768][    C1]  ret_from_fork+0x4b/0x80
[  397.550792][    C1]  ? __pfx_kthread+0x10/0x10
[  397.550808][    C1]  ret_from_fork_asm+0x1a/0x30
[  397.550843][    C1]  </TASK>
[  397.589000][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  397.589029][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-rc6-syzkaller-00019-g67784a74e258 #0
[  397.589057][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  397.589073][   T30] Call Trace:
[  397.589084][   T30]  <TASK>
[  397.589095][   T30]  dump_stack_lvl+0x241/0x360
[  397.589132][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  397.589159][   T30]  ? __pfx__printk+0x10/0x10
[  397.589180][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  397.589222][   T30]  ? vscnprintf+0x5d/0x90
[  397.589263][   T30]  panic+0x349/0x860
[  397.589289][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  397.589322][   T30]  ? __pfx_panic+0x10/0x10
[  397.589342][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[  397.589371][   T30]  ? __irq_work_queue_local+0x137/0x410
[  397.589405][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  397.589432][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  397.589462][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[  397.589496][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[  397.589536][   T30]  watchdog+0x1033/0x1040
[  397.589572][   T30]  ? watchdog+0x1ea/0x1040
[  397.589611][   T30]  ? __pfx_watchdog+0x10/0x10
[  397.589645][   T30]  kthread+0x2f0/0x390
[  397.589668][   T30]  ? __pfx_watchdog+0x10/0x10
[  397.589700][   T30]  ? __pfx_kthread+0x10/0x10
[  397.589724][   T30]  ret_from_fork+0x4b/0x80
[  397.589757][   T30]  ? __pfx_kthread+0x10/0x10
[  397.589780][   T30]  ret_from_fork_asm+0x1a/0x30
[  397.589830][   T30]  </TASK>
[  397.592539][   T30] Kernel Offset: disabled
[  398.199430][   T30] Rebooting in 86400 seconds..